Mere warning systems for hazards give a false sense of security; higher levels on the Hierarchy of Controls are ethically mandated for potentially catastrophic events.
How do we protect people and assets from hazards? Moreover, how do we protect against an unusual but catastrophic event, one that human nature tends to dismiss as a realistic threat on any given day? One way of framing the choices is the Hierarchy of Controls, commonly used in industrial safety. Within that framework, one of the lowest value choices is an administrative system requiring immediate human intervention. A warning system is one example. However, warning systems give a false sense of security because of the chance of human failure, and in the face of potential catastrophe, proper ethics mandate a higher-level response on the Hierarchy of Controls. Following is a discussion of issues and potential answers in this context.
Human nature with uncommon events.
If an event is uncommon, potentially catastrophic or not, human nature tends to dismiss it as a realistic possibility on any given day. For say a one in one hundred probability of an event, it is true that most days it will not occur. “It didn’t happen yesterday, so it probably won’t happen today.” However, the probability still exists. It is easy to continue a risky behavior when there are no immediate, significant consequences.
Circadian rhythm.
Between midnight and 5 A.M., the natural circadian rhythm has the body ready for sleep and not much else. In industry, the start of problems attributable to human error often starts between midnight and 5 A.M. Impaired thought leads to human failure, and this is magnified by circadian rhythm.
Alarm fatigue.
Humans design things such that if a system is perturbed from its normal state it goes into an alarm state. An alarm that occurs often enough to be familiar to those who receive it, but in which there are usually no immediate significant consequences, becomes a nuisance. In industry, this is known as “alarm fatigue”; in common usage, this is “the boy who cried wolf”. Thus, it can be counter-productive to add a new alarm system or any device that requires timely and correct human intervention, especially if it involves a remotely-probable catastrophic event. The addition may create more alarm fatigue. Additionally, the existence of a warning system can give a false sense of security, encouraging the assumption of proper and timely human intervention every time, when this is not realistic considering human failure.
Societal changes, example.
Seat belt usage has been legally mandated and has become much more common over the decades of automobile and airplane usage by the general public. This is in spite of a crash needing a seat belt being a rare event for any given person on any given day. The catastrophic nature of the event if it does occur has us buckling up routinely, and this is still hazard control only at the lowest level of protection: PPE.
Answers to issues raised.
The Hierarchy of Controls is a commonly accepted industry guideline to reduce hazard to people and assets. To avoid loss, the most powerful method is ELIMINATION of proximity to the hazard (remove the hazard or remove people and assets from the hazard). If this is not possible, then SUBSTITUTION of a less hazardous substance or situation is the choice, though less powerful than elimination of the hazard. Next in effectiveness come ENGINEERING CONTROLS: things like dust collectors at saws and sanders that do not do away with the hazard but do put some barrier of protection between the hazard and the person or asset. ADMINISTRATIVE CONTROLS are less effective still, but often are employed in the absence of the higher-level hazard controls listed above. These completely depend on human intervention in a timely and thoughtful manner, and they fail if the human(s) on the spot fail. A warning system is an example of an administrative control. While a sensor or device may produce a warning, it becomes the immediate responsibility of a human or a chain of humans to take appropriate action. This assumes proper functioning of the sensor, as well. PERSONAL PROTECTIVE EQUIPMENT (PPE) is the final and least effective control method for protection from hazards. It relies on the person recognizing the hazard and wearing a properly selected, clean, and functional piece of equipment that will restrict movement and possibly increase psychological stress, reducing the ability to respond to circumstances.
Recommendation.
Protections against an unusual but catastrophic event, say a one in one hundred probability of multiple fatalities or millions of dollars of asset loss, must be more robust, higher on the Hierarchy of Controls, than an administrative procedure, such as a warning system. Human nature and less than perfect performance on any given day or night (particularly when circadian rhythm is driving alertness) will defeat a mere warning system. Rather, the best approach is to redesign the system so that it does not go into a state of alarm for the protection of people or assets in spite of a perturbation, requiring no immediate intervention, but only regular procedure-driven maintenance. Moving up on the Hierarchy of Controls to the elimination level we face that the apparently expensive action of removing the hazard or removing people and assets from the hazard is the most effective level of protection, far more effective than an administrative procedure such as a warning system. This may appear draconian, but continuing tolerance of significant hazard answered only by an administrative procedure such as a warning system is arguably more draconian and of questionable ethics.