As today's engineering systems have become increasingly sophisticated, assessing the efficacy of their safety-critical systems has become much more challenging. The more classical methods of “failure” analysis by decomposition into components related by logic trees, such as fault and event trees, root cause analysis, and failure mode and effects analysis lead to models that do not necessarily behave like the real systems they are meant to represent. These models need to display similar emergent and unpredictable behaviors to sociotechnical systems in the real world. The question then arises as to whether a return to a simpler whole system model is necessary to understand better the behavior of real systems and to build confidence in the results. This question is more prescient when one considers that the causal chain in many serious accidents is not as deep-rooted as is sometimes claimed. If these more obvious causes are not taken away, why would the more intricate scenarios that emanate from more sophisticated models be acted upon. The paper highlights the advantages of modeling and analyzing these “normal” deviations from ideality, so called weak signals, versus just system failures and near misses as well as catastrophes. In this paper we explore this question.

The assumption that risk, represented as an expected value of the loss could be implied to be a measure of safety, in a cost benefit analysis, is firmly entrenched in economic risk analysis. However, this does not mean that without a marker, the value of a loss, can be established with any necessary level of certainty to make such a cost balancing act ethically possible. The appropriateness of using the Value of a Statistical Life (VOSL) at all in a safety analysis, is a matter of perspective, which renders attempts to establish a uniform value of a statistical life questionable. This makes it questionable whether decisions from which values for a VOSL were evaluated, really were based on consideration of saving lives, or whether other arguments, such as available budget, were much more dominant. Ethical considerations do not seem to be in the frame of corporate risk management, where loss-of-life catastrophes appear to be simply the cost of doing business. Because there is no real basis for any estimate of the value of a statistical life, the values employed in cost-benefit analyses therefore only seem to serve the purpose of dissembling, concealing that the decision is taken on grounds other than saving human lives, or even that potential harm to humans was not even considered. The strict meaning given to resilience as at most to make a plan for recovery and see if we can live with the consequences, seems just another step towards putting the economy before people.

Legacy risks from infrastructures and industrial installations often reveal themselves when a potential for failure has been discovered much later than at the stage of the design and construction of a structure. In which case, there might already be a problem with the legacy installation, or even a crisis, without having had an accident. When the hazard cannot be taken away, the question arises as to how much effort, if any, should be spent on improving the situation. The usefulness of the three archetypical approaches to this problem: setting a standard, the as low as reasonably practicable approach and a case-by-case discourse approach are discussed for their applicability for these legacy risks. Although it would be desirable to retrofit legacy risks to previously set legal requirements as is the case when acceptability limits are set in law or demonstration of ALARP (As Low As Reasonably Achievable) is demanded, it may be impossible to reduce the residual risk to an otherwise acceptable level without taking away or replacing the infrastructure, which is not acceptable either. Therefore in conclusion the only available solution to persistent legacy risk problems seems to be to have a thorough discussion with all relevant stakeholders until an agreement is in some way found.

Since Nassim Taleb coined black swan as an event that occurred as a complete surprise for everybody, the metaphor of the black swan has been applied to a much wider variety of events. Black swan events now comprise events that are a surprise for some but not for others, events that have a low likelihood, events that were not believed to be possible but still proved to be possible, events that were dismissed as being too improbable to worry about but happened anyway. For a decision maker the black swan problem is choosing where to put effort to prevent, or mitigate events for which there are warnings, or for which the possibility has been put forward. Does the fact that there are thousands of books written about fire breathing dragons warrant the development of an Anti-Dragon Defense Shield? The black swan may have been a surprise for Willem de Vlamingh in 1697, it was not a surprise for the inhabitants of Australia, for which the appearance of tall white humans was their “black swan event”. In this paper we explore the options available to decision makers when confronted with the various sorts of swan (or dragon) events.

In making decisions, rationality is often equated to economic rationality. This means that in every decision, the benefits should outweigh the costs, when both are expressed in monetary terms. Balancing of cost and benefits through monetary Cost Benefit Analysis (CBA), which is used more and more widely in health and safety decision-making, evokes the criticism that it leads to decisions in which only money counts; and all that cannot be expressed in money, or is perceived of no monetary value, is neglected. An important parameter in the CBA rationality, is the value of a statistical life (VOSL). Scientists serving decision makers in the attempts to monetize the VOSL have spent decades of research into what a reasonable value should be. These evaluations of the VOSL lead to widely varying results. This wide variation seems to move decisions on risks to life and health, from the political arena to the scientific laboratory. Scientists are required produce the right number after which politicians can then decide on the basis of CBA. In this paper it is argued that rather than attempting to harmonize on an average with large margins of uncertainty, the conclusion can be drawn that a consistent valuation of a human life cannot be expected. One should accept that standardization of the VOSL is limited by the – lack of – similarity in nature of the activity and the nature of the risk. In many cases one also has to accept the only available alternative not involving violence, which is a political debate, terminated by the more general rule of law or constitution on how to settle such a debate and then accept the decision.

This article provides support in organizing and implementing novel concepts for enhancing safety on a cluster level of chemical plants. The paper elaborates the requirements for integrating Safety Management Systems of chemical plants situated within a so-called chemical cluster. Recommendations of existing Plant Safety Management System Codes of Good Practice are analyzed in relation to the needs of cluster chemical safety. The paper establishes comprehensive guidelines for gradually standardizing Plant Safety Management Systems through the design, the development and the installation of a Cluster Safety Management System within a group of chemical companies. A cluster organization framework is proposed and a scheme for continuously improving cluster and plant safety management via communication and cooperation at plant department level as well as at cluster level is suggested.