Asset Integrity – Lessons from Hatfield
The railway has a number of assets whose function can be considered “safety critical”. They range from the mechanical integrity of the rails on which our trains run, to the structural integrity of the railway’s buildings and assets, and the electronics and software that control how and when trains safely stop.
There are a number of inherent problems which complicate the task of ensuring the integrity of these key railway assets. The first is that, as the safety consequences are so severe, the failures themselves thankfully rarely occur. This therefore creates a natural tendency, over time, for risk control measures to erode through lack of use, loss of awareness, or gradual complacency. Maintaining long term vigilance and focus is therefore the challenge.
Another conundrum is that, in order to achieve the very low levels of risk needed from safety critical assets “defences in depth” are needed. Many different individuals and organisations must undertake coordinated activity over the long term to mitigate risk. This means that the long-term focus and knowledge needs to be broadly spread and shared. The right competences need to be maintained in understanding potential accidents and their causes and controls. To achieve the levels of safety now expected this knowledge needs to be brought to bear from the time of the design of the asset right through its operation and maintenance to its eventual decommissioning.
To these well understood challenges we can now add another. The enhanced monitoring of the railway that is needed to provide key information is increasingly being delivered through complex digital technology. This approach provides great opportunity but also increases the complexity and competence requirements for ongoing risk management. Electronic communication also introduces security vulnerabilities that need to be assessed and managed.
The challenge for the industry is to understand its critical assets and to maintain awareness of the controls that we are all reliant on. An open, learning culture is essential to the maintenance of this knowledge. One way of maintaining our focus is to look at the lessons from other safety critical industries in addition to rail.
Six years after Hatfield, a fire on board a Hawker Siddeley Nimrod aircraft in Kandahar, Afghanistan, led to crash which killed all fourteen crew members. Review of that accident highlighted the need to retain design knowledge about critical assets and the need for clear safety accountabilities. More recently two crashes of the Boeing 737 Max airplane led to focus on its design flaws and how they had been missed. The initial investigation centred on the plane’s manoeuvring software and its associated sensors. The subsequent review raised questions about the effectiveness of safety regulation in the sector and the ability of the manufacturer to effectively undertake self-assurance. These are challenges that all similar sectors should regularly reflect on.
Rare catastrophic events, like these and the Hatfield accident suddenly expose the assurance gap and with that confidence in an industry can be immediately lost. Nowhere has this been demonstrated more dramatically than at Hatfield—where the railway came to a near standstill and economically collapsed due to the resulting loss of passenger faith.
Ensuring asset integrity requires constant focus and it’s a problem that is never solved. The only approach is to maintain long term, proportionate focus on risk to ensure that the chances of asset failure are minimised to as low a level as possible. And there is a responsibility to learn as much as we can from failures of these assets—wherever they occur—to ensure that those lessons are not forgotten and as an ongoing test of our arrangements.