Policy and guidance on reducing risks as low as reasonably practicable in Design

Contents

• Introduction
• Policy
• Strategy
• Guidance on this page
• References

Introduction

1. HSE attaches particular importance to reducing risks to people as a result of appropriate consideration of health and safety in design. During the design stage, which covers concept selection through to detailed design specification (drawings, calculations, specifications, etc), there is the maximum potential for reducing risks, by application of the principles of inherently safer design.

2. This note gives guidance to HSE staff engaged in assessing designs and design concepts where it is a requirement that risks be reduced as low as reasonably practicable. It sets out HSE's policy and gives guidance on the procedures and principles to be used by staff in implementing that policy. It should be read in conjunction with the more general guidance in reference (1), the guidance on good practice in reference (2), and any more specific Directorate or Divisional guidance.

3. In this document, 'design' is taken to include:

• The design of items from equipment and systems through to complete facilities and installations, and
• The design of processes, eg different means of producing an end product.
• The mode of operation and the definition of operating parameters, eg safe limits of operation, and
• Consideration of human factors, including the man-machine interface - see reference (3) for more information

[back to top]

Policy

4. Reference (1) gives 'Principles and guidelines to assist HSE in its judgements that duty-holders have reduced risk as low as reasonably practicable'. These principles and guidelines apply equally to design, which should provide for safety throughout subsequent construction, commissioning, operation, maintenance and decommissioning.

5. HSE's intervention policy with respect to design is based on the following key principles:

1. It is for duty-holders to ensure that their chosen design or design concept reduces risks as low as reasonably practicable.
2. Inspectors may offer guidance to assist duty-holders. However, Inspectors will need to reach a judgement in specific cases as to whether duty-holders have met their legal obligations.
3. HSE should expect duty-holders to be able to provide evidence that demonstrates that a design reduces risks as low as reasonably practicable.
4. In certain situations, as a result of specific legislation, duty-holders must present a written, reasoned case for the safety of a facility or installation (including the design), and satisfy HSE that the case is satisfactory. This note should be read in conjunction with such legislation and any supporting documentation.
5. HSE involvement and intervention in considering a duty-holder's design proposals should be proportionate and risk-based, ie the effort spent should be in keeping with the risks which may arise from poor design.

[back to top]

Strategy

6. HSE's overall strategy for ensuring compliance during design embodies an appropriate mix of the following activities:

1. Education of those involved in the design process such as designers, clients and other duty-holders, so as to improve the knowledge and safety culture within relevant stakeholders.
2. Promulgation of good design principles, such as those in Schedule 1 to the MHSW Regulations (4), in publications such as 'Controlling the risks in the workplace' (6), and in numerous other documents.
3. Support to the development of codes, standards and guidance, to ensure that good practice is agreed for the generic use of repetitively-used items including components, equipment and discrete subsystems.
4. Regulation to require a written demonstration of a case for the safety (including the design) of a more complex facility or installation that consists of a number of interdependent systems or where there is the potential for a major accident or incident.
5. Targeted intervention in design processes, to ensure that relevant good practice is used and that facilities (particularly those of a complex nature) are subject to suitable and sufficient risk assessment.

7. Item 6a) is addressed through many promotional activities undertaken by HSE staff as well as specific initiatives such as Action point 34 in 'Revitalising health and safety' (7). This note deals primarily with items 6b) to e) above. Guidance on these items is given below.

[back to top]

Guidance

Good design principles

8. Schedule 1 to the MHSW Regulations identifies a number of good engineering principles that apply to design. It is good practice to apply these principles as a hierarchy (see also Ref 2), by aiming to eliminate a hazard in preference to controlling the hazard, and controlling the hazard in preference to providing personal protective equipment. In many cases, this hierarchy will automatically be realised if the duty-holder makes decisions which err on the side of safety and which take account of the integrity and effectiveness of various risk control measures. Other principles and hierarchies exist in specific regulations and guidance; these should be applied as appropriate.

9. An holistic approach is important in order to ensure that risk-reduction measures that are adopted to address one hazard do not disproportionately increase risks due to other hazards, or compromise the associated risk control measures. Where appropriate, consideration should also be given to the balance of risk between workers and the public, and to the increased risk due to action taken during normal operation which is intended to reduce risks during an emergency condition. Reference (1) gives general guidance regarding the transfer of risk.

Development of codes, standards and guidance

10. HSE aims to influence the development of appropriate codes, standards or guidance, through the provision of operational intelligence (from inspection and investigation) and expert advice. Reference (2) gives guidance on the link between recognised product standards, etc, and compliance.

Regulation of complex/high hazard facilities

11. Specific legislation requires HSE intervention at certain stages in the design of facilities or installations. These are described further in Directorate or Divisional guidance. The design of a complex/high hazard facility, whilst based on the adoption of appropriate good practice at component and system level, must also involve explicit consideration of the risks of the facility as a whole to both workforce and the public. This is because the integration of separate systems and subassemblies may increase the risks and further measures may be needed to reduces risks as low as reasonably practicable. The integration may also create opportunities for further reduction of risk.

Assessing compliance through intervention

12. As part of judging whether the proposed design will reduce risk to people as low as reasonably practicable, Inspectors will often examine a duty-holder's management system to see if it appears to be capable of delivering an appropriate design. This is a useful approach and can give confidence that the design will reduce risks as low as is reasonably practicable. However, a distinction is made here between the two aspects. Guidance on assessing whether risks have been reduced as low as reasonably practicable is given first. This is followed by guidance on assessing a duty holder's management system, including optimum points for intervention and the types of evidence that can be sought.

Demonstrating that risks to people are as low as reasonably practicable

General

13. Reference (1) indicates that the majority of judgements made by HSE are likely to involve a comparison of duty-holders' actual or proposed practice against relevant good practice; reference (2) discusses good practice further. 'Relevant' in this case means it should be appropriate to the activity and the associated risks, and should be up to date.

14. It is acknowledged in reference (1) that good practice covering all relevant risks may not be available, eg for major investments in safety measures or where hazards are regulated through safety case regimes. In these cases, difficulties are particularly likely when choosing between different options during the early stages of design, as there may be little information available that can be used to evaluate risks. There may also be a variety of practices in use so that which of these constitutes good practice may be open to debate. In these cases, the duty holder's design should be examined using a combination of:

• what relevant agreed good practice does exist, and
• good design principles, as discussed earlier.

This process may also take account of societal concerns, where required to do so.

15. However, it is expected that a new facility or installation would not give rise to a risk level greater than that achieved by the best of existing practice for comparable functions. This statement reflects HSE's general expectation for improvement in standards over time, and therefore the particular need to keep relevant good practice under review and the possibility that a higher standard may be achievable in due course. Where certain duty holders are achieving a higher standard ('best practice'), it is reasonable to challenge other duty holders engaged in similar activities whether such a standard is now, in effect, good practice.

16. The following table shows how this can be applied in the design of new major hazard facilities and of significant modifications to them:

Further actions expected of duty-holders

17. Risk assessment - The MHSW Regulations (3) require that a suitable and sufficient assessment is made of risks to people, and other more specific legislation has similar requirements. Such assessment is clearly important in helping to guide decisions made during the design process. General guidance on 'suitable and sufficient' is given in the ACOP to the MHSW Regulations. A number of assessment techniques are available, and these can be useful in appropriate circumstances. For complex facilities or installations, duty-holders should consider using a range of techniques to gain confidence in their findings rather than relying on one particular technique. Uncertainty should be recognised when using the results to inform decisions (eg by sensitivity analysis).

18. Optioneering - There is no explicit general duty to record the range of options that has been considered, although it is difficult to see how a duty-holder could show that risks are as low as reasonably practicable without making reference to other, discarded options. An effective approach for demonstrating that risks are as low as reasonably practicable is to start with the safest design option within the range of practicable solutions. This should be chosen by the duty holder unless they can show that this is not reasonably practicable; in which case attention should pass to the next safest option. The procedure is repeated until the lowest risk option is found which is reasonably practicable. This approach is particularly useful in identifying step changes in risk or sacrifice between the various options which will give a strong indication of the lowest risk option that is reasonably practicable.

19. Life cycle approach - The overall risk assessment and selection of options must have regard to the intended life cycle, including construction, commissioning, operation, maintenance, foreseeable modifications and eventual decommissioning or disposal. There is a duty in Section 6 of the HSW Act for 'any article for use at work', which applies 'at all times when it is being set, used cleaned or maintained'. Similar duties are required by certain specific regulations. Enforcement of these duties would need to take account of the foreseeability of the particular activity when carrying out design. It may be appropriate to 'trade-off' risks between different stages of the life cycle in order to obtain the safest solution overall.

Powers for intervention

20. Section 6 of the HSW Act allows intervention in the design of 'any article for use at work'. There may be facilities or installations which can not be considered as an 'article for use at work' and for which specific legislation does not require formal intervention during design. In such cases, intervention is justified by virtue of item paragraph 5(c) of the Policy described earlier using more general requirements (HSW Act and MHSW Regulations) as the legal basis. Although there may be no formal powers to halt the design if serious concerns arise in such a case, Inspectors should seek to persuade the duty-holder to consider the issues further by highlighting possible future enforcement problems when the facility is brought into use.

21. It should be noted that certain items of plant and equipment that are covered by European Article 95 (ex-100A) legislation are subject to Essential Health and Safety Requirements (EHSRs). These effectively define a maximum enforceable standard for a given item being used for a particular purpose. Inspectors can not expect a higher standard unless they can show that the application of the item is outside the scope of the EHSRs or that the EHSRs do not represent the current 'state of the art'. In the latter case, there are formal procedures which need to be followed to inform the European Commission about the deficiencies.

22. HSE Inspectors should be careful to explain the extent to which they are intervening in design. There may otherwise be an assumption by duty holders that HSE has given blanket approval to a design rather than consideration of a specific aspect.

23. When considering enforcement action in connection with design, the Enforcement Management Model framework should be followed. Directorate or Divisional guidance should assist in defining the risk gap and the authority of the appropriate standard(s).

Assessing duty holder's management systems for design

24. This section of guidance is intended to assist Inspectors when planning the extent and timing of intervention during design, although account should also be taken of all relevant aspects of the specific situation under consideration. Communicating any plan for intervention to duty-holders is encouraged.

25. The optimum points for intervention will depend on the nature of the article or equipment, the facility or installation being developed, and the past performance of the duty-holder. Inspectors should consider intervening when:

• early discussions are taking place about a possible development
• various options or concepts for the overall scheme have been reviewed and ranked
• alternatives within the detailed design of the chosen scheme have been considered
• further risk reduction measures are being considered for the completed detailed design
• construction or fabrication, assembly and commissioning are in progress, in order to check that the design philosophy is not being undermined

26. For major hazard facilities, the following table shows various stages of a new design or the design of significant modifications, with indications where intervention is likely to be appropriate and the aspects of the management systems which could be examined. This may also be appropriate for selective use when intervening in design in other areas.

27. Directorates and Divisions may find it helpful to identify particular legislation that applies to the various stages of the design, as indicated in the third column of the table above.

[back to top]

References

1. Principles and guidelines to assist HSE in its judgements that duty-holders have reduced risk as low as reasonably practicable. HSE internal draft.
2. Assessing compliance with the law in individual cases and the use of good practice. HSE internal draft.
3. Reducing error and influencing behaviour (HSG48). HSE Books
4. Management of Health and Safety at Work Regulations 1999: Approved code of practice and guidance L21.
5. Controlling the risks in the workplace. HSE leaflet INDG163(rev 1)
6. Revitalising health and safety - Strategy statement - June 2000. Department of the Environment, Transport and the Regions.

[back to top]

Updated on the HSE website 17 June 2003