How to Argue Risk is Reduced 'So Far As Is Reasonably Practicable' SFAIRP in the Rail Industry
Under the Rail Safety National Law, designers have a duty to reduce risks So Far As Is Reasonably Practicable (SFAIRP). But what does that mean in practice? How do engineers provide an argument that they have fulfilled their obligations and reduced risk SFAIRP? Gathered from Acmena’s collective experience across a wide range of major rail infrastructure and technology projects, we have put together a brief guide on what strong and weak SFAIRP arguments might look like.
While there is already good guidance available on SFAIRP (notably from the Office of the National Safety Regulator (ONRSR) [1]), this article is intended to build on that guidance and show some practical steps that help to outline SFAIRP principles in a specific context. ‘So Far As Is Reasonably Practicable’ is a legal term that has been adopted as a shorthand for the act of demonstrating that the risks posed by a change to a railway (usually a project deliverable) have been reduced as far as is reasonably practicable.
What is ‘reasonably practicable’ is determined by several factors, including professional standards, industry knowledge and practice weighed against the disbenefits, for example, what we would sacrifice in time, effort, and money to reduce the risk further. Would the disbenefits be ‘grossly disproportionate’ to the safety benefits gained in terms of reducing loss?
Eliminating and Minimising Risk
Risk can never be completely absent, but the ONRSR guidance [1] and legislation requires that risks be eliminated or minimised SFAIRP. Hence there is no ‘acceptable level’ of risk, just an argument that risks have been minimised SFAIRP. Risks that are intolerable should be addressed (the red area in Fig. 1), and then other risks should be reduced until the disbenefits are grossly disproportionate to the benefit (the green area in Fig. 1).
This means that if there are practicable mitigations that could reasonably be adopted, then they should be shown to be in place. As Fig 1 illustrates, this involves reducing risks as far as possible into the green area and out of the yellow. It is considered the legal duty of the designers to understand industry context, technologies including advancements, and how these relate to methods to reduce risk.
Legal Duty
Under Rail Safety National Law RSNL [3] the organisation and individuals working on the system owe the users, operators, maintainers, and the public a duty of care relating to the risks associated with a system or product. The ONRSR guidance [1] and RNSL [3] provide full legal definitions of relevant terms that make up a SFAIRP case. Some of the relevant ideas include, but are not limited to:
- The likelihood and severity of the risk.
- What the designer ought to reasonably know about the risk and ways of eliminating or minimising the risk. For example:
- Professional standards
- Industry knowledge
- New and updated technologies
- The time, effort and money required to eliminate or mitigate the risk.
Hence, SFAIRP goes beyond ‘what has been done in the past’, ‘business as usual’ or a list of controls that are subjectively considered to address the risk. One of the difficulties with the SFAIRP idea is that there is no single argument template or approach that will always demonstrate SFAIRP in every case, as it depends on judgement and understanding of the specific context and situation.
As such, a simple formula cannot be provided for SFAIRP. The most illustrative approach is to present some claims representing strong and weak arguments to support SFAIRP and comment on their merits.
Strong Arguments
“The hazard has been eliminated“
The ideal position. It is often difficult in practice, as to eliminate a hazard completely often also removes a key benefit, or conflicts with basic principles of operations. For example, it may be viable to remove a fall hazard by relocating equipment to ground level; however, a gutter system to drain a roof is, by necessity, installed at height and will require periodic servicing.
Similarly, it is difficult to argue that the risk of trespass into the rail corridor can be eliminated, as rail networks pass through public land and protective fences around the world are shown to be overcome even where significant effort is taken to prevent entry. Nevertheless, should it be possible to eliminate the hazard and its associated risk, this will be a strong argument, assuming that other risks are not introduced as a side effect.
“The hazard has been reduced to a risk level that is tolerable and all viable treatments have been adopted”
No intolerable risks should be present, based on an objective measure (usually a risk matrix) and such risks should be mitigated through controls or the project cannot deliver the systems containing these risks. Remaining risk should then be minimised and a mature design process with competent personnel will, in our experience, undertake to do so through identification of suitable controls based on industry knowledge and understanding.
This leads to the question, ‘when has sufficient risk reduction been achieved to claim SFAIRP?’. Any attempted definition of an absolute test or acceptable level will likely not be defensible and not in the spirit of the ONRSR guidance. Hence, we offer some ideas to consider for the review of potential additional controls.
If one or several of the points below could be deemed valid for a control being considered, then there is an argument that it could be considered not reasonably practicable.
- Is not effective at eliminating or minimising the likelihood of the risk, hence not reasonably practicable as the safety benefit is negligible.
- Introduces a new and higher risk within the project context.
- Is not recognised within industry to be a reasonably practicable control. Typically, it has not been adopted in similar situations and is considered not to define an effective response to the risk.
- Is not technically, logistically or environmentally suitable. This would mean the adoption of the control is not consistent with the underlying context in some significant way and therefore would introduce significant additional problems or complexities sufficient to make a case for it being not reasonably practicable.
- Can be addressed as effectively by other controls that offer the same benefit at less cost and time to achieve the same benefit.
- If the cost benefit analysis shows that costs are grossly disproportionate to the safety benefit achieved (See Weak Arguments below).
The above is not a list of possible reasons to forgo risk minimisation. The various points are presented to show what considerations would need to be in place when considering whether further risk minimisation is appropriate using a specific control.
It is also not a definitive list. The intent is to provide an indication of a broader context that can assist in ensuring that design process considers all aspects in ensuring SFAIRP. They motivate questions relating to risks such as ‘what is the industry doing in this area?’, ‘what are other providers doing?’, ‘should a logistical constraint be addressed to permit this additional control?’.
This is the basis of a learning organisation adopting the spirit of SFAIRP. Also note that in comparing ourselves to industry and similar projects, any new enabling technologies should be considered that would enable a control that was previously not considered reasonably practicable.
Weak Arguments
“It will cost too much”
The cost of the associated accident should be considered. A ‘Value of Statistical Life’ (VoSL) or a ‘Value of Preventing a Fatality’ can be used to help weigh up the cost of a control with the safety benefit as a monetary value. An estimate for the cost of a fatality or ‘Value of Statistical Life’ [1] is currently considered to be around $6-$8m. Subsequently, the costs of the treatment are to be shown as ‘grossly disproportionate’ if the treatment costs 2-10 times the cost of the safety benefit, depending on the specific context.
This would mean to reduce the chance of a single fatality, mitigating treatments would need to cost roughly $12m-$80m over the life of the asset before they could be considered ‘grossly disproportionate’. It is worthwhile noting that the VoSL is often extrapolated such that a fatality approximates to 10 serious injuries and 100 minor (first aid) injuries. Therefore, cost may be a viable argument if the severity is low, i.e it relates to a small number (much less than 100) of minor injuries and a suitable argument can be made for SFAIRP as the safety benefit is reduced.
It is also worth noting that some costs are not considered relevant, for example:
- Costs associated with re-work/back tracking because the project had not noticed the issue earlier. Considered to be poor planning.
- Capacity to pay. The approach here dictates that if you cannot afford to pay for the mitigation/treatment, you should not be contemplating the work. [1]
“The control is not required by the standards”
Just because it is not a mandated control does not mean it is not a reasonably practicable control. The intent of SFAIRP is to demonstrate that it would be unreasonable to go further, rather than achieving merely all that was mandated.
“There is no time to implement controls”
It is not viable to suggest that there is not sufficient time left to implement a control.
The planning of the project should have provided for this during the early stages of development. This is a motivating argument for ensuring safety and assurance involvement early in the project (see Progressive Assurance below).
“It’s what has been done in the past/how we did it last time”
Arguments made in the past (even the recent past) may no longer be valid. Technology progresses, context changes that may alter what is considered ‘reasonably practicable’. The key principle here would be that reliance on a past precedent is evidence that the specific SFAIRP case has not been reconsidered.
“Multi-criteria analysis with safety as one of a broader set of criteria”
RSNL requires safety to have an elevated status over other criteria because of the ‘grossly disproportionate’ test, and therefore needs to be considered in a different way to other criteria. Therefore, an argument that equates safety relative to other criteria would be a weak argument.
“Listing all the treatments identified and claiming SFAIRP”
This is common with SFAIRP entries in hazard logs. It is not a SFAIRP argument to list all the treatments identified and imply they amount to SFAIRP, there should also be an argument why these treatments, taken together, represent SFAIRP explicitly.
Progressive Assurance/Risk-Based Decision Making
Having developed ideas of what SFAIRP means and some argument approaches, it is also important to consider that SFAIRP ideas and concepts be adopted through the project development, not merely at the end as a closing statement.
When a decision is made it should be identified if that decision has safety implications and it is at that stage that the SFAIRP argument is made. Not doing so risks arriving at the later stages of the project and realising too late the SFAIRP position will require significant time, cost and revisions to achieve.
Summary
The SFAIRP test is intended as a practical indicator of whether risks have been reduced sufficiently; that the duty of care to others has been considered, and practical steps taken in development to acknowledge that duty of care. The ability to demonstrate SFAIRP will also influence the decision to enter a contract. The buyer/asset owner should consider the SFAIRP implications of the contract specifications.
In the main, it would be preferable to follow standards, implement all practical measures and industry guidance, and keep up to date on any technologies that reduce risk and consider their application. In short, reach a sound engineering decision. Have we done all we could do? If we left something out that we could have done, then why? Would a technically competent person be able to identify additional controls we have not included? Perhaps most tellingly, could we explain to an accident investigation board why we did not do things?
References
- ONRSR Guidance: Meaning of duty to ensure safety so far as is reasonably practical – SFAIRP (onrsr.com.au)
- How To Determine What is Reasonably Practicable To Meet a Health And Safety Duty (safeworkaustralia.gov.au)
- Rail Safety National Law Section 4 (www.legislation.nsw.gov.au)