Safety Culture for Responsible Computing and Software Development
The proliferation of technologies for the industrial Internet of things, unmanned vehicles and other cyber-physical systems that affect human security makes the compliance of programmable electronic devices with the requirements of international standards in the field of functional safety, in particular IEC 61508 and ISO 26262.
The developers of hardware and software have a lot of practical questions, the answer to which requires some comprehensive understanding, which will quickly catch the principles of solving many private questions and tasks that seem to be small but important part of the mosaic.
For a deep understanding of the development and certification of responsible hardware and software systems, you need to know the "three pillars" of functional safety:
- Safety Cultute
- Functional Safety Management (FSM);
- Safety Case.
This article will talk about the first of them, Safety Culture. More precisely, about the characteristic features of different types of safety culture and about the features of a safety culture for companies that develop electrical, electronic and software components of security systems.
The term “safety culture” is discussed in detail in .
Since the tragedies at the Chernbyl nuclear power plant and on the Piper Alpha oil platform, a safety culture can be said to have “absorbed into the DNA” of people working in dangerous sectors of the economy. But one thing is dangerous production, and another is the development of hardware or software for critical systems. By itself, the work of circuit designers and programmers is obviously not fraught with a risk to life either for developers or for residents of houses in the vicinity of the office. Safety issues relate to the scope of the product, as failures due to errors and miscalculations may occur, firstly, not immediately, and secondly, elsewhere.
At the same time, the place may already be very unsafe, and the failure to occur very wrong time...
A safety culture is part of an organizational culture. This question is perfectly revealed in his best-selling book by Jim Collins , here is a short quote:
“All companies have a culture, some have a discipline, but few have a culture of discipline. If employees are disciplined, no hierarchy is needed. If there is a discipline of thinking, bureaucracy is not needed. If there is a discipline of action, extra control is not needed. If you add a culture of discipline to ethical business conduct, you get a magic potion for outstanding achievements. ”In this passage, the author talks about the personal culture of employees, which he called the discipline culture . Other authors use different terms: Alexander Kirillovich Dianin-Havard talks about moral leadership , Guy Kawasaki, quoting Stephen Jobs, talks about first-rank players . These authors well disclose the fact that the organization’s activity is the activity of its employees in the whole variety of personal motivations and interpersonal relationships.
I would like to note one more thought before moving on to the essence. Of course, “safety” and “safety culture” can have different names: industrial, aviation, transport, medical activities. But, since the underlying essence of the matter is the same, in the methodological and normative literature there is a gradual rejection of "industry adjectives" used with the word "safety" or instead of it. For example, the IAEA glossary  has long ceased to use the word “nuclear” in the term “safety culture.”
Many methods have been created for auditing and analyzing a safety culture in world industry, healthcare, and transport: for example, a study by the British Health Association  lists more than 20 such methods, as well as links to 125 studies in this area. Similar studies are published by other organizations .In practice, the following methods of analyzing the safety culture of organizations are most common:
- Hearts & amp; Minds ("Hearts and Minds");
- Safety Culture Maturity Model (SCMM);
- Safety Culture Indicator Scale Measurement System (SCISMS).
The program of analysis and transformation of the safety culture "Hearts and Minds" is perhaps the most famous of these methods. It was developed for its own use by the Shell group of companies and has become, in fact, the de facto standard in the global oil and gas industry, and has also become widespread in the energy, mining, chemical, pharmaceutical, defense and other hazardous industries. Now the program is administered by the Energy Institute of Great Britain (Energy Institute), which accredits consulting companies to support implementation, training of internal trainers, etc. In Russia and the CIS, the Hearts and Minds program is officially unveiled by Jamnaska .
And finally, before moving on to considering types of crops, one cannot help but mention the detailed work  prepared under the auspices of the Neftegazstroyprofsoyuz of Russia.
The Westram Model
The Hearts and Minds method, as well as some others, is based on the evolutionary model of the safety culture, known as the Westrum model, which defines five types of safety culture (Fig. 1).
Fig. 1. The evolutionary model of the Vestrama safety culture
The Vestram model involves the evolution of a safety culture. Of course, the reverse process can also take place in the organization - degradation. To put it mildly, the stages of reducing the effectiveness of security are considered in the work mentioned above  and we will not discuss them: we will think positively. After all, our organizations are evolving, right?
Otherwise, why would we waste time working for them?
Of course, pathological and responsive cultures can hardly be called cultures in the full sense of the word. There is even a special name for this: negative cultures. This is the terminology from the category “lack of hairstyle - also hairstyle”. In such organizations, there may well be formal and superficial structures that do not penetrate real processes. For example, a quality/safety management system may exist and special employees may even be appointed to perform quality control and/or safety functions, that is, the organization seems to really allocate some resources, but their true purpose is to formally fulfill (or even just imitate fulfillment) requirements of regulators.
However, let's take a closer look at each type of safety culture.
1) The pathological "culture" of security
The leadership of such an organization refers to security as an external requirement, as a kind of interference in the work. It is considered sufficient only to comply with the mandatory requirements of regulatory documents, there is no willingness to independently study safety aspects.
A management organization of this type is confident that all troubles are due to their subordinates.
In Appendix A, we have placed a list of some signs that the organization’s culture is at a pathological level.
2) Responsive Security Culture
The English name of this level “reactive” in literature is often conveyed by the Russian word-tracing word “reactive”, but I find it not very successful.The management of this level organization considers safety an important element of product quality even in the absence of pressure from supervisory authorities, but believes that all problems lie at the lower levels of the corporate hierarchy. Safety is the goal and objective, along with other performance indicators. The organization begins to apply some methods and means by which security reaches a certain level, and seeks to use the experience of other organizations. When an incident occurs, action is taken.
In Appendix B, we list some signs that the organization’s culture is at a responsive level.
3) A prudent safety culture
The management of the prudent organization believes in the need for a systematic approach to managing safety indicators, uses various methods and tools for this, and conducts staff training. An organization with a calculating culture performs the correct, in general, actions, but does it mechanically, sometimes blindly following the procedures.
In Appendix B, we have placed a list of some signs that the organization’s culture is at a calculated level.
In the first version of the Westram model, this type was called bureaucratic
4) A proactive safety culture
Leadership of a proactive organization perceives security as a fundamental value. Leaders of all levels sincerely care about the quality and safety of products. All employees are fully involved in security management and consider it their duty to work efficiently. Fundamental security processes are well established, understood and used by the organization. Full incident reporting. Investigation of problems eliminates system defects. Potentially hazardous product defects are used as critical indicators of product quality.
5) Creative safety culture
The organization does not require the influence of regulatory authorities to ensure safety; it seeks to have a complete understanding of the conditions and environment for the use of products. Constant improvement of security involves all employees of the organization, as well as contractors. Workers are unknowingly competent. People understand the impact of their actions on security, each employee can contribute to the development of the organization. An atmosphere has been created that makes it possible to introduce improvements, there is a constant exchange of knowledge and the improvement of a safety culture. Safety and quality are integrated into everything the organization does.
You may notice that the applications that I cite at the end of this article deal only with the first three types of cultures. The fact is that the signs of cultures presented in them show, to one degree or another, what the organization needs to work on. The proactive level is a very high level, the organization works like a Swiss watch, each leader and each performer has high competence and personal responsibility. If I may say so, the signs of organizations of proactive and creative types are the lack of signs of lower levels.There is one unobvious but fundamental difference between proactive and creative organizations. The fact is that the bureaucratic, mechanistic style of work at a prudent level is very comfortable for many employees of the organization, especially if it is accompanied by success. There is a very strong temptation to “rest on our laurels” and, as Vestram’s colleague, Professor Patrick Hudson, writes in article , proactive organizations easily return to a calculated level. This is not characteristic of creative organizations, because, as Hudson writes, they have anti-bureaucratic properties, and their speed of action breaks down hierarchical structures.
Development of hardware and software
Discussing the organizational culture in general and the levels of safety culture in particular, we sought to present the material in reference to the peculiarities of the development of hardware and software for security systems. Appendix B of the standard GOST R ISO 26262-2 can also be used as a good methodological help in assessing and self-assessing the safety culture of organizations developing such components. Here is table B.1 from this application:
When developing your own safety culture development program, you can work out measures to overcome the signs of low culture and the formation of signs of high culture.
Appendix B of GOST R ISO 26262-2 contains a reference to INSAG-4 , a document that has largely laid the foundation for the dissemination of a safety culture worldwide.
The context of this document is described in detail in .
- The key to the safe development of hardware and software components is a high personal and collective safety culture. A safety culture is part of an organizational culture.
- Culture is a derivative of the qualifications and discipline of the entire staff of the organization, starting with senior management, as well as their attitude to their duties.
- A natural sign of a high culture is thoughtful, well understood, really executed and constantly measured work processes that make up the management system (quality or safety).
Appendix A. Signs of a pathological safety culture
Some signs that the organization is at this level are:
- No one is involved in security issues except specially designated personnel who perform the function of simulating activities for external auditors.
- The management and staff of the organization care less about security than about being caught in violations.
- Information about the problems by employees is hidden, information about the true state of affairs is not collected by the leadership ("A messenger who brings bad news is cut off his head").
- The staff is unknowingly incompetent, employees shirk responsibility ("Tell me, boss, what I have to do specifically - I will.")
- New ideas of employees fail, breaking against the wall of disinterest or even negative reaction of management and colleagues ("Why will we spend resources on this? What is the benefit in this?").
- The analysis of incidents is carried out not with the aim of finding systemic reasons, but with the aim of finding (or appointing) the perpetrator or to "untie" the regulatory authorities.
- The attitude towards the reviewers is hostile or cautious, as well as, incidentally, the relationship between the management and the executors, the attitude towards consumers and suppliers.
- People are considered as "cogs in the system", they are perceived and evaluated solely within the framework of their functions;
- People are encouraged for submission and short-term results of work, regardless of the long-term consequences - loyalty to leadership is more important than professionalism.
Appendix B. Signs of a Responsive Safety Culture
Some signs that the organization is at this level are:
- Security activities are aimed at an incident that has already occurred;
- Most employees are not involved in ensuring quality and safety - these tasks are assigned to a separate unit or employees;
- Decisions are often made based on cost (costs, expenses) and technical capabilities;
- The response of management to employee errors is expressed in strengthening control using administrative procedures and training, and not in finding the culprit;
- The organization is open to training from other entities, especially in technical matters and the transfer of experience;
- Only part of the security related processes is built. Or many processes, but formally or superficially.
- Relations between the organization and inspection bodies, consumers, suppliers, contractors are at a distance rather than close.
- Employees are rewarded for achieving short-term goals, fulfilling or exceeding the plan, without taking into account the delayed results and consequences.
- Relations between employees and management are hostile, there is only demonstrative trust and respect.
Appendix B. Signs of a prudent safety culture
Some signs that the organization is at this level are the following qualities:
- Security is the responsibility of not only the designated personnel, but also the management of the organization. The leadership is “strict but fair.”
- The importance and value of safety is well recognized by staff.
- Fundamental processes are established and work, such as risk assessment and incident analysis.
- Most employees are involved in the processes of ensuring quality and safety; they know how to apply fixed assets and methods.
- There is no conflict of goals between safety and product manufacturing, so safety is not ignored when meeting the goals of increasing productivity.
- There are links between the organization and supervisors, suppliers, consumers, and contractors.
- The organization seeks to assist other organizations in developing similar processes.
- The organization begins to act strategically, focusing on long-term issues. Short-term indicators are measured and analyzed to improve long-term indicators.
- People recognize and understand the need for collaboration between departments and services. It takes over both internal experience and the experience of other organizations. Time is given to acquire the necessary knowledge.
- People are aware of the organization’s production or economic problems and help management manage it.
- The relationship between management and employees is benevolent, based on respect and support. People are respected and appreciated for their contribution to the development of the organization.
However, there is work to do:
- Some status information may be ignored. At the same time, “messengers bringing bad news” are quite tolerant.
- There is a separation of responsibilities for safety. (“Do you have complaints about buttons?”) Interaction between those responsible for various aspects of security is not prohibited, but it is not encouraged.
- New ideas create inconvenience and problems.
List of sources used
- G. Z. Fainburg, A.A. Gavrikov. Safety culture as an integral element of production culture. Occupational Safety and Health Magazine, No. 2, 2017 URL -https://biota.ru/publishing/magazine/bezopasnost-i-oxrana-truda-№2,2017/kultura-bezopasnosti-kak-neotemlemyij-element.html [accessed 05/20/2020]
- D. Collins "From Good to Great." Ed. Mann, Ivanov and Ferber, 2017.
- Alexander Dianin-Havard Moral Leadership, 3rd ed., rev. M.: 2019. URL -http://hvli.org/upload/files/NL-2019.pdf [accessed 05.21.2020]
- Guy Kawasaki "Startup. 11 workshops from ex-evangelist Apple and Silicon Valley's most daring venture capitalist. ” Ed. "Mann, Ivanov and Ferber", 2012.
- IAEA Safety Glossary. 2007 edition. URL -https://pub.iaea.org/MTCD/publications/PDF/IAEASafetyGlossary2007/Glossary/SafetyGlossary_2007r.pdf [accessed 05/20/2020]
- Evidence scan: Measuring safety culture. The Health Foundation, 2011. URL-https://www.health.org.uk/sites/default/files/MeasuringSafetyCulture.pdf [accessed 05/20/2020]
- Occupational Safety and Health culture assessment - A review of main approaches and selected tools. European Agency for Safety and Health at Work, 2011. osha.europa.eu/en/publications/occupational-safety-and-health-culture-assessment-review-main-approaches-and-selected [accessed 05/20/2020]
- Safety Culture Navigator. Neftegazstroyprofsoyuz of Russia. URL-https://www.rogwu.ru/content/bl_files_docs/KB%2004.04.19%20on%2014.40%20 will finish.pdf [accessed 05/20/2020]
- International Nuclear Safety Advisory Group, Safety Culture, Safety Publication Series, No. 75-INSAG-4, IAEA, 1991. URL - www-pub.iaea.org/MTCD/Publications/PDF/Pub882r_web.pdf [accessed 05.25.2020]
- Mashin V.A. Modern foundations of safety culture concept. Ed. 2. URL - www.helicopter.su/assets/media_sources/ehest-ihts/2016/Safety%20Culture/Article_Rosatom/1%20-%20Safety%20Culture%20Article%20-% 20ROSATOM% 20-% 20Mashin_AV_PSY42.pdf [accessed 05.25.2020]
- Patrick Hudson. Safety Management and Safety Culture: The Long, Hard and Winding Road. URL - www.caa.lv/upload/userfiles/files/SMS/Read%20first%20quick%20overview/Hudson%20Long%20Hard%20Winding%20Road.pdf [access 21.05.2020]