22 Dec Applying the ALARP Principle
In an earlier Blog, I explained that complying with standards and the use of ‘Reference Systems’ can play important roles in demonstrating that risks are As Low As Reasonably Practicable (ALARP). However, it is also necessary to consider new ways of managing risks and, inevitably, the question arises whether the cost of a new approach is justified by the safety benefit. How can you decide? In this Blog I consider some common approaches.
Risk Matrices
Risk matrices are arguably the most popular and user-friendly way of deciding whether a risk is acceptably low. The approach is to define likelihood and severity scales and decide, based on legal/contractual requirements or the organisation’s ‘risk appetite’ which combinations are considered to be intolerable (i.e. unacceptably high) or negligible. Intolerable risks must be reduced regardless of cost and negligible risks require no further analysis. Risks falling between these two regions are said to fall in the ‘ALARP region’. This means that risk reduction measures should be applied if they are ‘reasonably practicable’. Here is a typical example (taken from EN 50126).
Under English law, the ALARP principle should be applied to all risks. In practice, though, risk reduction measures for negligible risks would need to very effective and very cheap to be reasonably practicable; the risk matrix helps ensure that attention is focussed on higher risks. It is also important to note that risk matrices cannot determine whether a risk reduction measure is reasonably practicable.
Cost Benefit Analysis (CBA)
In many cases, new ways of managing risks will be implemented without further analysis but there will be times when the cost is high compared to the safety benefit. In such cases, the estimated costs (including project delay) and benefits should be assessed, and a suitably qualified person should state that in his/her professional opinion the risk reduction measure is not reasonably practicable.
Very often, this simple form of cost benefit analysis will be adequate but Safety Regulators or Independent Safety Assessors may disagree with the conclusion. If so, more detailed analysis of the costs and safety benefits will be required and, depending on the country, it may be necessary to convert the safety benefit into a financial equivalent. This is a controversial area but the value attributed to prevented fatalities and injuries could be based on society’s ‘willingness to pay’ as in the UK, or other approaches such as the cost of insurance claims.
Safety Integrity Levels (SILs)
Another approach is to determine the Safety Integrity Level (SIL) needed to ensure that safety risks are acceptable. The SIL depends on the architecture of the system (e.g. is it a failsafe design and are there levels of redundancy), the probability of failure on demand (or dangerous failures per hour for continuous operation) and the level of safety assurance that has been applied. The risks are considered to be ALARP if the system has been developed to an appropriate SIL.