Nondestructive Evaluation Engineering > Safe Design > Safety Engineering

Safety Engineering

In Chuck Palahniuk's 1996 novel Fight Club, the main character recounts:

"It's a story problem.
If a new car built by my company leaves Chicago traveling west at 60 miles per hour, and the rear differential locks up, and the car crashes and burns with everyone trapped inside, does my company initiate a recall?
You take the population of vehicles in the field (A) and multiple it by the probable rate of failure (B), then multiply the result by the average cost of an out-of-court settlement (C).
A times B times C equals X. This is what it will cost if we don't initiate a recall.
If X is greater than the cost of a recall, we recall the cars and no one gets hurt.
If X is less than the cost of a recall, then we don't recall."

So basically, they will do a recall when it's cheaper for the company to pay for the recall than to pay for the resultant deaths. While indeed an oversimplification, this is not a dystopian concept as to an extent it is necessary. There must be a balance between safety and economy. A car that is perfectly safe would either be impossibly expensive, or it would be a car that does not move (and therefore cannot wreck). A very similar real-life instance, which likely served at least in part as inspiration for this scene is a 1973 internal document from the Ford Motor Company "Fatalities Associated with Crash Induced Fuel Leakage and Fires". This document includes a cost benefit analysis where it was determined that the cost of a fuel tank safety feature was three times the benefit of lives saved (valued at $200,000 per life), discouraging implementation of the feature.^[5]. In reality, considerations similar to these must be made in industry. Since there is no way to have a perfectly safe system, there need to be systems in place to feasibly maximize safety.

Nondestructive evaluation is a crucial part of the field of Safety engineering. Safety engineering is a subset of systems engineering, that uses engineering principles to prevent, monitor, and reduce safety risks associated with the use or failure of safety critical systems. Systems are considered to be safety critical if their failure will likely result in significant physical consequences such as, injury, death or in some cases severe property or environmental damage. While there are a variety of safety engineering standards and handbooks used by different organizations^[2-4] they generally highlight similar principles.

Safety is in balance with project outcomes. There are monetary costs as well as costs to time and performance associated with implementing safety measures. Even if it was possible to identify every possible risk in a system, some risks are due to hazards that cannot be eliminated without fundamentally altering the project goal. Unfortunately, perfection in safety is not feasible. Instead, safety engineers attempt to find a balance and reduce the level of safety risk to an acceptable level, sometimes denoted by acronyms like ALARA, which stands for "as low as reasonably achievable". To maintain this balance, safety engineers focus on changes that will result in the greatest safety improvements with a low impact on the cost or performance of the project. Since faults may still be present, there is a need for "damage tolerant" designs which are reasonably safe, even in failure, and are still technically effective and cost efficient.
Risk assessment and management must be included in every step of the life cycle of the system, including design, construction, use, and maintenance. In early design stages, identifying potential safety issues may allow modification of the overall design in a way which does not impede project outcomes, such as adding redundancy to safety critical components. As risks are identified throughout the life cycle, they must be clearly identified, documented, and evaluated to determine what possible damages may occur. Any mitigation efforts deemed necessary to ensure the risk level is acceptable must be performed. Throughout the system's life cycle, risks should continuously be reassessed using qualitative and quantitative measures including: failure modes and effects analysis, fault tree analysis, destructive testing, and nondestructive evaluation.
Both engineers and managers play an important role in safety engineering. A plan for ensuring and maintaining the safety of a system is not effective unless it is adequately implemented. It is vital that safety engineers include the safety plan in the decision-making process and most importantly make sure that both engineers and managers take it seriously, playing into a larger discussion of safety culture. Identified safety risks must be documented along with how they are being managed within the acceptable risk. These documents should be clearly organized and updated by workers and inspectors that are properly trained or certified.

One example of a safety critical system requiring safety engineering is commercial aircraft. Cases such as the Sioux City Crash highlight the need for checks and balances to prevent catastrophic failures. The FAA specifies that for transportation aircraft, the probability of a catastrophic events like this resulting in significant loss of life should be extremely low, less than 10^-9 per flight hour.^[1] This probability of catastrophic failure must be monitored throughout the lifespan of the craft to ensure it meets the requirement, so the FAA mandates that manufacturers provide instructions for continued airworthiness, which specify inspection and maintenance procedures which include nondestructive evaluation of safety critical parts. While these remarkably low probabilities may seem unlikely to achieve for a given design, it is important to remember that the probability of failure for a system is determined by combining information from a variety of qualitative and quantitative sources. The intermediate probabilities obtained from each of these sources ensure some small part of the overall probability of failure.

References and Resources

AC 25-19A - Certification Maintenance Requirements, Federal Aviation Administration, (10-3-2011), https://www.faa.gov/regulations_policies/advisory_circulars/index.cfm/go/document.information/documentid/1019568
Air Force System Safety Handbook, Designing the Safest Possible Systems Consistent with Mission Requirements and Cost Effectiveness, ADA437098, (7-10-2000), https://apps.dtic.mil/sti/citations/ADA437098
Dezfuli, H., Benjamin, A.S., Everett, C., Feather, M.S., Rutledge, P., Sen, D.K., & Youngblood, R.W. NASA System Safety Handbook. Volume 2: System Safety Concepts, Guidelines, and Implementation Examples, 20150015500, (5-30-2015), https://ntrs.nasa.gov/citations/20150015500
MIL-STD-882E, Department of Defense Standard Practice: System Safety (5-11-2012)
Grush, E. S., & Saunby, C. S. (1973). Fatalities associated with crash induced fuel leakage and fires. Detroit, MI: Ford Motor Company, from Birsch, Douglas & Fielder, John H. (eds.) (1994). The Ford Pinto Case: A Study in Applied Ethics, Business, and Technology. State University of New York Press. pg 165-176