A Roadmap to a Just Culture:
Enhancing the Safety Environment
Prepared by: GAIN Working Group E,
Flight Ops/ATC Ops Safety Information Sharing
First Edition • September 2004
Appendix A. Reporting Systems
This section describes attributes (not necessarily mutually exclusive) of
mandatory, voluntary, and confidential reporting systems (from Gordon, 2002).
A1. Mandatory accident and incident systems
The traditional method of recording accidents is by using a mandatory system
that companies and regulatory bodies manage. One of the main reasons for the
mandatory recording of accidents is for legal and insurance purposes, although
their purpose is also for learning and prevention of similar incidents. However,
a difficulty with learning from such types of information is that people are
possibly more reluctant to disclose the whole story, because of their reluctance
to take the blame for the incident. The other problem with such systems is
that because there are not large numbers of accidents to record, high potential
incidents are also included. Mandatory reporting of incidents means that few
will be reported because many incidents go unnoticed and therefore it is difficult
to enforce (Tamuz, 1994). Mandatory incident systems are reinforced through
automatic logging systems in aviation (e.g. the Black Box system) and the
railway industry (e.g. Signals Passed at Danger, SPD); however, the recording
of incidents still depends on reporting by the individual worker (Clarke,
1998).
A2. Voluntary incident systems
Voluntary reporting forms are submitted by the reporter without any legal,
administrative or financial requirement to do so (Chappell, 1994). In such
a system, incentives to report may be offered (such as fines and penalties
waived) and the reported information may not generally be used against the
reporters. The quality of information received from voluntary reports is generally
higher than from mandatory systems, mainly because people who report into
voluntary systems do so because they want to see a safety issue pursued. ASRS
is a voluntary system and the number of reports depends on the publicity;
politics; and perceived reporting incentives (Tamuz, 1994).
A3. Confidential accident and incident systems
In order for any workforce to feel 100% comfortable about reporting incidents
and accidents to management, an exemplary open reporting culture is required.
However, does such an organization exist? O'Leary (1995) believes that in
an environment in which the safety culture is not exemplary, for example where
a reporter may fear (rightly or wrongly) that they may be disciplined, confidentiality
is a necessity. So, how do companies know when they need a confidential system?
A3.1 The process of confidential reporting
The main purpose of confidential reporting systems is to allow companies
to collect larger quantities of information and more detailed accounts of
accidents and incidents. In addition, confidential reporting programmes allow
incidents and hazardous situations to be picked up early on, so that alerting
messages can be distributed to personnel on other installations. Furthermore,
this information can strengthen the foundation of human factors safety research,
which is particularly important since it is generally conceded that over two
thirds of accidents and incidents have their roots in human and organizational
errors.
Confidential reporting programmes allow personnel to report their errors
or safety concerns to an independent ‘safety broker’. This safety
middleman assesses a report, where appropriate draws it to the attention of
the operator and safety authority and over time, builds up a database which
can be used to detect safety trends or to change training or procedures. Companies
that recognize and support such data collection systems accept that human
beings do not like telling their superiors about their mistakes or those of
their workmates.
Confidential Accident Reporting Systems protect the identity of the reporter.
Reports may or may not be submitted anonymously to a confidential programmed.
If the identity of the reporter is known at the time of submission, it enables
further details to be collected if necessary. The identity of the reporter
is either removed or protected from distribution. Voluntary confidential incident
reporting programmes promote the disclosure of human errors, provide the benefit
of situations described with candid detail, and enable others to learn from
mistakes made. Voluntary systems may also produce a higher quality of reporting
from individuals motivated by a desire to see an issue pursued.
By protecting the identity of individuals or organizations, confidential
reporting systems make it possible to gain the support of the industry and
promote incident reporting. ASRS assures confidentiality by eliminating any
information that could identify the flight and the airline, allowing them
to gather valuable information about incidents, especially regarding the human
factors, which is normally difficult to obtain from other sources. Guarantees
of confidentiality are ineffective if the organizational conditions enable
supervisors or co-workers to deduce who reported a potentially hazardous situation
(Tamuz, 1994).
A3.2 Examples of confidential reporting systems
Since the ASRS system was developed in 1978, many aviation regulatory bodies
have followed suit in Britain (CHIRP), Australia (CAIR), Canada (CASRS) and
South Africa (SAASCo). The British confidential aviation system, CHIRP, which
is held by an independent charitable organization, was introduced after it
was found that pilot errors were significantly under-reported by pilots making
the reports. Pilots can make complaints into the system about unsafe or illegal
practices by their employers and it provides evidence of incidents which would
otherwise remain unreported, such as ergonomic deficiencies and breaches of
discipline.
Other industries, such as the UK railway industry, have introduced a confidential
reporting system (CIRAS) which is operated by the Centre for Applied Social
Psychology at the University of Strathclyde. In addition, the US Nuclear Regulatory
Commission (HPES), petrochemical processing and steel production (PRISMA),
US Navy and US Marines (HFACS) and health care (MERP) have confidential reporting
systems in place. Many of these confidential reporting systems have been found
to have a direct impact on changing the company’s systems, such as introducing
new training or redesigning equipment.
The Nuclear Regulatory Commission introduced a human factors confidential
reporting system (HPES) in which no penalties are associated with reporting
non-consequential events or ‘close calls’. In the highly charged,
political, financially accountable and legal environment of nuclear power,
this system was backed by communal pressure and became institutionalized and
effective across the industry. The intensified approach to process improvement
led to financial gains through more efficient power production (fewer outages,
shutdowns, reduction of capacity). The confidentiality and other protections
within the system increased in proportion to the sensitivity, value and difficulty
of obtaining the desired information (Barach & Small, 2000).
In addition, airline companies, such as British Airways, have implemented
their own inhouse confidential reporting systems (HFRP) into their overall
safety systems. In British Airways, the benefits of confidential reporting
systems have been demonstrated in the increase in information collected from
their confidential reporting form (Human Factors Report), compared to their
mandatory reporting form (ARS), where they believe the Human Factors Programmed
allows a freer and more complete level of reporting by flight crew.
Berman & Collier (1996) surveyed 50 companies (power generation; aviation;
rail; marine transportation; onshore and offshore oil & gas; petrochemical;
manufacturing; food & drink) incident reporting systems. The companies
used a range of reporting systems such as anonymous, no-blame reporting, ‘in-house’ and ‘third-party’ confidential
reporting schemes. The majority of organizations who had confidential reporting
systems used ‘in-house’ systems as opposed to ‘third-party’,
and where ‘third-party’ systems were used, they are usually used
in addition to the in-house systems (Berman & Collier, 1996). Anonymous
systems existed in many, but not all companies, and even though all of the
companies expressed a desire for a culture which obviated its need, they accepted
that it was probably not attainable. The majority accepted the need for a
hotline, such as the UK Health and Safety Executive Hazard Hotline.
In another survey of confidential reporting systems, two thirds of the 12
reporting systems examined by Barach & Small (2000) were mandated and
implemented by federal government with voluntary participation, over three
quarters were confidential and all used narrative descriptions; most offered
feedback to their respective communities; some offered legal immunity to reporters
as long as data were submitted promptly (e.g. up to 10 days after the event
for ASRS).
How can companies transform the current culture of blame and resistance to
one of learning and increasing safety? Barach & Small (2000) answered
this question with the following three points: (1) by understanding the barriers
and incentives to reporting; (2) by introducing norms that inculcate a learning
and non-punitive safety reporting culture in training programmes and (3) by
reinforcing legal protection for reporters. High risk industries have shown
that implementation of incident reporting systems are essential as they benefit
their organization more than they cost the organization.
A3.3 Disadvantages of confidential reporting systems
Not all companies and safety researchers believe that confidential reporting
systems are necessary. Berman & Collier (1996) criticized confidential
reporting systems by stating that the value of confidentiality or the need
for no-blame system may not be entirely appropriate, where an overemphasis
on confidentiality may hinder companies moving toward an open reporting culture,
as it implies that reporters may need to be protected from management.
In addition, other researchers have stated that confidential systems are
difficult to validate objectively and it can be difficult for management to
accept information from people who wish to remain anonymous (especially managers
who are not committed to human factors reporting). However, without such systems
organizations may miss the genuine concerns of crews (O'Leary, 1995). Other
limitations of confidential reporting systems are described within the following
section.
This section has described some of the ways of collecting detailed information
about accidents and incidents, particularly focusing on confidential reporting
systems. Industries have found that immunity; confidentiality; independent
outsourcing of report collection and analysis by peer experts; rapid meaningful
feedback to reporters and all interested parties; ease of reporting; and sustained
leadership support are important in determining the quality of reports and
the success of incident reporting systems. The following section describes
the steps that need to be taken to implement a confidential reporting system
and some of the pitfalls that can occur.
A3.4 Legal aspects of confidential systems
The rationale for any reporting system is that a valid feedback on the local
and organizational factors promoting errors and incidents is far more important
than assigning blame to individuals. To this end, it is essential to protect
reporters and their colleagues as far as practicable and legally acceptable
from disciplinary actions taken on the basis of their reports. But there have
to be limits applied to this indemnity. Some examples of where the line can
be drawn are to be found in: “Waiver of Disciplinary Action issued in
relation to NASA’s Aviation Safety Reporting System” (see FAA
Advisory Circular AC No. 00-46D Aviation Safety Reporting Program); FAA 14
CFR part 193 – Protection of Voluntarily Submitted Information.
One way of ensuring the confidentiality protection and fulfilling the EUROCONTROL
Confidentiality and Publication Policy is to be found in SRC WP.9.4 “Safety
Data Flow” Progress report submitted by SDF-TF. The experience gained
in the last three years showed that the EUROCONTROL Confidentiality and Publication
Policy is functioning and States have started to gain trust in SRU/SRC. This
has to be kept in mind and the reporting chains should not be jeopardized
and compromised by deviation from the mentioned policy.
<<< continue
reading—A Roadmap to a Just Culture, Appendix B. Constraints
to a Just Reporting Culture >>>
Reprinted by permission from the Global Aviation Information Network.
|
