ISO Withdraws Machinery Risk Assessment Standards

This entry is part 1 of 8 in the series Risk Assessment

ISO has with­drawn three long-​standing basic machinery safety stand­ards used inter­na­tion­ally and in the EU and replaced them with a single com­bined doc­u­ment. If you design, build or integ­rate machinery for sale inter­na­tion­ally or with­in the EU, this new stand­ard needs to be on your BUY list!

This entry is part 1 of 8 in the series Risk Assessment

ISO has with­drawn three long-​standing basic machinery safety stand­ards used inter­na­tion­ally and in the EU and replaced them with a single com­bined doc­u­ment. If you design, build or integ­rate machinery for sale inter­na­tion­ally or with­in the EU, this new stand­ard needs to be on your BUY list!

ISO 14121 – 1 Withdrawn, along with ISO 12100 – 1 and -2

As of 20-​Oct-​2010 three stand­ards, ISO 14121 – 1, Safety of Machinery – Risk Assessment – Part 1: Principles, ISO 12100 – 1, Safety of machinery – Basic con­cepts, gen­er­al prin­ciples for design – Part 1: Basic ter­min­o­logy and meth­od­o­logy and ISO 12100 – 2, Safety of machinery – Basic con­cepts, gen­er­al prin­ciples for design – Part 2: Technical prin­ciples, have been replaced by the new ISO 12100:2010, Safety of machinery – General prin­ciples for design – Risk assess­ment and risk reduc­tion blends togeth­er three fun­da­ment­al Type A machinery stand­ards into one coher­ent whole. This import­ant new doc­u­ment means that machinery design­ers have the fun­da­ment­al design require­ments for all machinery in one stand­ard. The only excep­tion is now ISO/​TR 14121 – 2:2007, Safety of machinery — Risk assess­ment — Part 2: Practical guid­ance and examples of meth­ods. This Technical Report stands as guid­ance for risk assess­ment and provides a num­ber of examples of the dif­fer­ent meth­ods used to assess machinery risk.


This abstract is taken from the ISO web cata­log page for the new stand­ard.

ISO 12100:2010 spe­cifies basic ter­min­o­logy, prin­ciples and a meth­od­o­logy for achiev­ing safety in the design of machinery. It spe­cifies prin­ciples of risk assess­ment and risk reduc­tion to help design­ers in achiev­ing this object­ive. These prin­ciples are based on know­ledge and exper­i­ence of the design, use, incid­ents, acci­dents and risks asso­ci­ated with machinery. Procedures are described for identi­fy­ing haz­ards and estim­at­ing and eval­u­at­ing risks dur­ing rel­ev­ant phases of the machine life cycle, and for the elim­in­a­tion of haz­ards or suf­fi­cient risk reduc­tion. Guidance is giv­en on the doc­u­ment­a­tion and veri­fic­a­tion of the risk assess­ment and risk reduc­tion pro­cess.

ISO 12100:2010 is also inten­ded to be used as a basis for the pre­par­a­tion of type-​B or type-​C safety stand­ards.

It does not deal with risk and/​or dam­age to domest­ic anim­als, prop­erty or the envir­on­ment.

Table of Contents

Here is the table of con­tents from the stand­ard as pub­lished.



1 Scope

2 Normative ref­er­ences

3 Terms and defin­i­tions

4 Strategy for risk assess­ment and risk reduc­tion

5 Risk assess­ment

5.1 General

5.2 Information for risk assess­ment

5.3 Determination of lim­its of machinery

5.3.1 General

5.3.2 Use lim­its

5.3.3 Space lim­its

5.3.4 Time lim­its

5.3.5 Other lim­its

5.4 Hazard iden­ti­fic­a­tion

5.5 Risk estim­a­tion

5.5.1 General

5.5.2 Elements of risk

5.5.3 Aspects to be con­sidered dur­ing risk estim­a­tion

5.6 Risk eval­u­ation

5.6.1 General

5.6.2 Adequate risk reduc­tion

5.6.3 Comparison of risks

6 Risk reduc­tion

6.1 General

6.2 Inherently safe design meas­ures

6.2.1 General

6.2.2 Consideration of geo­met­ric­al factors and phys­ic­al aspects

6.2.3 Taking into account gen­er­al tech­nic­al know­ledge of machine design

6.2.4 Choice of appro­pri­ate tech­no­logy

6.2.5 Applying prin­ciple of pos­it­ive mech­an­ic­al action

6.2.6 Provisions for sta­bil­ity

6.2.7 Provisions for main­tain­ab­il­ity

6.2.8 Observing ergo­nom­ic prin­ciples

6.2.9 Electrical haz­ards

6.2.10 Pneumatic and hydraul­ic haz­ards

6.2.11Applying inher­ently safe design meas­ures to con­trol sys­tems

6.2.12 Minimizing prob­ab­il­ity of fail­ure of safety func­tions

6.2.13 Limiting expos­ure to haz­ards through reli­ab­il­ity of equip­ment

6.2.14 Limiting expos­ure to haz­ards through mech­an­iz­a­tion or auto­ma­tion of load­ing (feed­ing) /​ unload­ing (remov­al) oper­a­tions

6.2.15 Limiting expos­ure to haz­ards through loc­a­tion of set­ting and main­ten­ance points out­side danger zones

6.3 Safeguarding and com­ple­ment­ary pro­tect­ive meas­ures

6.3.1 General

6.3.2 Selection and imple­ment­a­tion of guards and pro­tect­ive devices

6.3.3 Requirements for design of guards and pro­tect­ive devices

6.3.4 Safeguarding to reduce emis­sions

6.3.5 Complementary pro­tect­ive meas­ures

6.4 Information for use

6.4.1 General require­ments

6.4.2 Location and nature of inform­a­tion for use

6.4.3 Signals and warn­ing devices

6.4.4 Markings, signs (pic­to­grams) and writ­ten warn­ings

6.4.5 Accompanying doc­u­ments (in par­tic­u­lar – instruc­tion hand­book)

7 Documentation of risk assess­ment and risk reduc­tion

Annex A (inform­at­ive) Schematic rep­res­ent­a­tion of a machine

Annex B (inform­at­ive) Examples of haz­ards, haz­ard­ous situ­ations and haz­ard­ous events

Annex C (inform­at­ive) Trilingual look­up and index of spe­cif­ic terms and expres­sions used in ISO 12100


Buying Advice

This is a sig­ni­fic­ant change in these three stand­ards. Revision to the text of the stand­ards was sig­ni­fic­ant. at least from the per­spect­ive that the mater­i­al has been re-​organized into a single, coher­ent doc­u­ment. If you are basing a CE Mark on these stand­ards, you should strongly con­sider pur­chas­ing the har­mon­ized ver­sion when it becomes avail­able at your favour­ite retail­er. The ISO ver­sion is avail­able now in English and French as a hard copy or pdf doc­u­ment, priced at 180 CHF (Swiss Francs), or about CA$175.

As of this writ­ing CEN has adop­ted EN ISO 12100:2010, with a pub­lished “dow” (date of with­draw­al) of 30-​Nov-​2013. The “doc” (date of ces­sa­tion) will be pub­lished in a future list of har­mon­ized stand­ards in the Official Journal of the European Union under the Machinery Directive 2006/​42/​EC.

My recom­mend­a­tion is to BUY this stand­ard if you are a machine build­er. If you are CE mark­ing your product you may want to wait until the har­mon­ized edi­tion is pub­lished, how­ever it is worth know­ing that tech­nic­al changes to the norm­at­ive con­tent of the stand­ard are very unlikely when har­mon­iz­a­tion occurs.

How Risk Assessment Fails

This entry is part 2 of 8 in the series Risk Assessment

Fukushima Dai Ichi Power Plant after the explosionsThe events unfold­ing at Japan’s Fukushima Dai Ichi Nuclear Power plant are a case study in ways that the risk assess­ment pro­cess can fail or be abused. In an art­icle pub­lished on Bloomberg​.com, Jason Clenfield item­izes dec­ades of fraud and fail­ures in engin­eer­ing and admin­is­tra­tion that have led to the cata­stroph­ic fail­ure of four of six react­ors at the 40-​year-​old Fukushima plant. Clenfield’s art­icle, ‘Disaster Caps Faked Reports’, goes on to cov­er sim­il­ar fail­ures in the Japanese nuc­le­ar sec­tor.

Most people believe that the more ser­i­ous the pub­lic danger, the more care­fully the risks are con­sidered in the design and exe­cu­tion of pro­jects like the Fukushima plant. Clenfield’s art­icle points to fail­ures by a num­ber of major inter­na­tion­al busi­nesses involved in the design and man­u­fac­ture of com­pon­ents for these react­ors that may have con­trib­uted to the cata­strophe play­ing out in Japan. In some cases, the cor­rect actions could have bank­rup­ted the com­pan­ies involved, so rather than risk fin­an­cial fail­ure, these fail­ures were covered up and the work­ers involved rewar­ded for their efforts. As you will see, some­times the degree of care that we have a right to expect is not the level of care that is used.

How does this relate to the fail­ure and abuse of the risk assess­ment pro­cess? Read on!

Risk Assessment Failures

Earthquake and Tsunami damage - Fukushima Dai Ichi Power PlantThe Fukushima Dai Ichi nuc­le­ar plant was con­struc­ted in the late 1960’s and early 1970’s, with Reactor #1 going on-​line in 1971. The react­ors at this facil­ity use ‘act­ive cool­ing’, requir­ing elec­tric­ally powered cool­ing pumps to run con­tinu­ously to keep the core tem­per­at­ures in the nor­mal oper­at­ing range. As you will have seen in recent news reports, the plant is loc­ated on the shore, draw­ing water dir­ectly from the Pacific Ocean.

Learn more about Boiling Water Reactors used at Fukushima.

Read IEEE Spectrum’s “24-​Hours at Fukushima”, a blow-​by-​blow account of the first 24 hours of the dis­aster.

Japan is loc­ated along one of the most act­ive fault lines in the world, with plate sub­duc­tion rates exceed­ing 90 mm/​year. Earthquakes are so com­mon­place in this area that the Japanese people con­sider Japan to be the ‘land of earth­quakes’, start­ing earth­quake safety train­ing in kinder­garten.

Japan is the county that cre­ated the word ‘tsunami’ because the effects of sub-​sea earth­quakes often include large waves that swamp the shoreline. These waves affect all coun­tries bor­der­ing the worlds oceans, but are espe­cially pre­val­ent where strong earth­quakes are fre­quent.

In this envir­on­ment it would be reas­on­able to expect that con­sid­er­a­tion of earth­quake and tsunami effects would mer­it the highest con­sid­er­a­tion when assess­ing the risks related to these haz­ards. Remembering that risk is a func­tion of sever­ity of con­sequence and prob­ab­il­ity, the risk assessed from earth­quake and tsunami should have been crit­ic­al. Loss of cool­ing can res­ult in the cata­stroph­ic over­heat­ing of the react­or core, poten­tially lead­ing to a core melt­down.

The Fukushima Dai Ichi plant was designed to with­stand 5.7 m tsunami waves, even though a 6.4 m wave had hit the shore close by 10 years before the plant went on-​line. The wave gen­er­ated by the recent earth­quake was 7 m. Although the plant was not washed away by the tsunami, the wave cre­ated anoth­er prob­lem.

Now con­sider that the react­ors require con­stant forced cool­ing using elec­tric­ally powered pumps. The backup gen­er­at­ors installed to ensure that cool­ing pumps remain oper­a­tion­al even if the mains power to the plant is lost, are installed in a base­ment sub­ject to flood­ing. When the tsunami hit the sea­wall and spilled over the top, the flood­wa­ters poured into the backup gen­er­at­or room, knock­ing out the dies­el backup gen­er­at­ors. The cool­ing sys­tem stopped. With no power to run the pumps, the react­or cores began to over­heat. Although the react­ors sur­vived the earth­quakes and the tsunami, without power to run the pumps the plant was in trouble.

Learn more about the acci­dent.

Clearly there was a fail­ure of reas­on when assess­ing the risks related the loss of cool­ing cap­ab­il­ity in these react­ors. With sys­tems that are mis­sion crit­ic­al in the way that these sys­tems are, mul­tiple levels of redund­ancy bey­ond a single backup sys­tem are often the min­im­um required.

In anoth­er plant in Japan, a sec­tion of pip­ing car­ry­ing super­heated steam from the react­or to the tur­bines rup­tured injur­ing a num­ber of work­ers. The pipe was installed when the plant was new and had nev­er been inspec­ted since install­a­tion because it was left off the safety inspec­tion check­list. This is an example of a fail­ure that res­ul­ted from blindly fol­low­ing a check­list without look­ing at the lar­ger pic­ture. There can be no doubt that someone at the plant noticed that oth­er pipe sec­tions were inspec­ted reg­u­larly, but that this par­tic­u­lar sec­tion was skipped, yet no changes in the pro­cess res­ul­ted.

Here again, the risk was not recog­nized even though it was clearly under­stood with respect to oth­er sec­tions of pipe in the same plant.

In anoth­er situ­ation at a nuc­le­ar plant in Japan, drains inside the con­tain­ment area of a react­or were not plugged at the end of the install­a­tion pro­cess. As a res­ult, a small spill of radio­act­ive water was released into the sea instead of being prop­erly con­tained and cleaned up. The risk was well under­stood, but the con­trol pro­ced­ure for this risk was not imple­men­ted.

Finally, the Kashiwazaki Kariwa plant was con­struc­ted along a major fault line. The design­ers used fig­ures for the max­im­um seis­mic accel­er­a­tion that were three times lower than the accel­er­a­tions that could be cre­ated by the fault. Regulators per­mit­ted the plant to be built even though the rel­at­ive weak­ness of the design was known.

Failure Modes

I believe that there are a num­ber of reas­ons why these kinds of fail­ures occur.

People have a dif­fi­cult time appre­ci­at­ing the mean­ing of prob­ab­il­ity. Probability is a key factor in determ­in­ing the degree of risk from any haz­ard, yet when fig­ures like ‘1 in 1000’ or ‘1 x 10-5 occur­rences per year’ are dis­cussed, it’s hard for people to truly grasp what these num­bers mean. Likewise, when more sub­ject­ive scales are used it can be dif­fi­cult to really under­stand what ‘likely’ or ‘rarely’ actu­ally mean.

Consequently, even in cases where the sever­ity may be very high, the risk related to a par­tic­u­lar haz­ard may be neg­lected because the risk is deemed to be low because the prob­ab­il­ity seems to be low.

When prob­ab­il­ity is dis­cussed in terms of time, a fig­ure like ‘1 x 10-5 occur­rences per year’ can make the chance of an occur­rence seem dis­tant, and there­fore less of a con­cern.

Most risk assess­ment approaches deal with haz­ards singly. This is done to sim­pli­fy the assess­ment pro­cess, but the prob­lem that can res­ult from this approach is the effect that mul­tiple fail­ures can cre­ate, or that cas­cad­ing fail­ures can cre­ate. In a mul­tiple fail­ure con­di­tion, sev­er­al pro­tect­ive meas­ures fail sim­ul­tan­eously from a single cause (some­times called Common Cause Failure). In this case, back-​up meas­ures may fail from the same cause, res­ult­ing in no pro­tec­tion from the haz­ard.

In a cas­cad­ing fail­ure, an ini­tial fail­ure is fol­lowed by a series of fail­ures res­ult­ing in the par­tial or com­plete loss of the pro­tect­ive meas­ures, res­ult­ing in par­tial or com­plete expos­ure to the haz­ard. Reasonably fore­see­able com­bin­a­tions of fail­ure modes in mis­sion crit­ic­al sys­tems must be con­sidered and the prob­ab­il­ity of each estim­ated.

Combination of haz­ards can res­ult in syn­ergy between the haz­ards res­ult­ing in a high­er level of sever­ity from the com­bin­a­tion than is present from any one of the haz­ards taken singly. Reasonably fore­see­able com­bin­a­tions of haz­ards and their poten­tial syn­er­gies must be iden­ti­fied and the risk estim­ated.

Oversimplification of the haz­ard iden­ti­fic­a­tion and ana­lys­is pro­cesses can res­ult in over­look­ing haz­ards or under­es­tim­at­ing the risk.

Thinking about the Fukushima Dai Ichi plant again, the com­bin­a­tion of the effects of the earth­quake on the plant, with the added impact of the tsunami wave, res­ul­ted in the loss of primary power to the plant fol­lowed by the loss of backup power from the backup gen­er­at­ors, and the sub­sequent par­tial melt­downs and explo­sions at the plant. This com­bin­a­tion of earth­quake and tsunami was well known, not some ‘unima­gin­able’ or ‘unfore­see­able’ situ­ation. When con­duct­ing risk assess­ments, all reas­on­ably fore­see­able com­bin­a­tions of haz­ards must be con­sidered.

Abuse and neglect

The risk assess­ment pro­cess is sub­ject to abuse and neg­lect. Risk assess­ment has been used by some as a means to jus­ti­fy expos­ing work­ers and the pub­lic to risks that should not have been per­mit­ted. Skewing the res­ults of the risk assess­ment, either by under­es­tim­at­ing the risk ini­tially, or by over­es­tim­at­ing the effect­ive­ness and reli­ab­il­ity of con­trol meas­ures can lead to this situ­ation. Decisions relat­ing to the ‘tol­er­ab­il­ity’ or the ‘accept­ab­il­ity’ of risks when the sever­ity of the poten­tial con­sequences are high should be approached with great cau­tion. In my opin­ion, unless you are per­son­ally will­ing to take the risk you are pro­pos­ing to accept, it can­not be con­sidered either tol­er­able or accept­able, regard­less of the leg­al lim­its that may exist.

In the case of the Japanese nuc­le­ar plants, the oper­at­ors have pub­licly admit­ted to falsi­fy­ing inspec­tion and repair records, some of which have res­ul­ted in acci­dents and fatal­it­ies.

In 1990, the US Nuclear Regulatory Commission wrote a report on the Fukushima Dai Ichi plant that pre­dicted the exact scen­ario that res­ul­ted in the cur­rent crisis. These find­ings were shared with the Japanese author­it­ies and the oper­at­ors, but no one in a pos­i­tion of author­ity took the find­ings ser­i­ously enough to do any­thing. Relatively simple and low-​cost pro­tect­ive meas­ures, like increas­ing the height of the pro­tect­ive sea wall along the coast­line and mov­ing the backup gen­er­at­ors to high ground could have pre­ven­ted a nation­al cata­strophe and the com­plete loss of the plant.

A Useful Tool

Despite these human fail­ings, I believe that risk assess­ment is an import­ant tool. Increasingly soph­ist­ic­ated tech­no­logy has rendered ‘com­mon sense’ use­less in many cases, because people do not have the expert­ise to have any com­mon sense about the haz­ards related to these tech­no­lo­gies.

Where haz­ards are well under­stood, they should be con­trolled with the simplest, most dir­ect and effect­ive meas­ures avail­able. In many cases this can be done by the people who first identi­fy the haz­ard.

Where haz­ards are not well under­stood, bring­ing in experts with the know­ledge to assess the risk and imple­ment appro­pri­ate pro­tect­ive meas­ures is the right approach.

The com­mon aspect in all of this is the iden­ti­fic­a­tion of haz­ards and the applic­a­tion of some sort of con­trol meas­ures. Risk assess­ment should not be neg­lected simply because it is some­times dif­fi­cult, or it can be done poorly, or the res­ults neg­lected or ignored. We need to improve what we do with the res­ults of these efforts, rather than neg­lect to do them at all.

In the mean time, the Japanese, and the world, have some cleanup to do.

The Problem with Probability

This entry is part 3 of 8 in the series Risk Assessment

Risk Factors


There are two key factors that need to be under­stood when assess­ing risk: Severity and Probability (or Likelihood). Sometimes the term ‘con­sequence’ is used instead of ‘sever­ity’, and in the case of machinery risk assess­ment, they can be con­sidered to be syn­onyms.  Severity seems to be fairly well under­stood — most people can fairly eas­ily ima­gine what reach­ing into a spin­ning blade might do to the hand doing the reach­ing. There is a prob­lem that arises when there is an insuf­fi­cient under­stand­ing of the haz­ard, but that’s the sub­ject for anoth­er post.


Probability or like­li­hood is used to describe the chance that an injury or a haz­ard­ous situ­ation will occur. Probability is used when numer­ic data is avail­able and prob­ab­il­ity can be cal­cu­lated, while like­li­hood is used when the assess­ment is sub­ject­ive. The prob­ab­il­ity factor is often broken down fur­ther into three sub-​factors as seen in Figure 3 below [1]:

There is No Reality, only Perception…

Whether you use prob­ab­il­ity or like­li­hood in your assess­ment, there is a fun­da­ment­al prob­lem with people’s per­cep­tion of these factors. People have a dif­fi­cult time appre­ci­at­ing the mean­ing of prob­a­bil­ity. Probability is a key fac­tor in deter­min­ing the degree of risk from any haz­ard, yet when fig­ures like “1 in 1000” or “1 x 10–5 occur­rences per year” are dis­cussed, it’s hard for peo­ple to truly grasp what these num­bers mean. When prob­a­bil­ity is dis­cussed as a rate, a fig­ure like “1 x 10–5 occur­rences per year” can make the chance of an occur­rence seem incon­ceiv­ably dis­tant, and there­fore less of a con­cern. Likewise, when more sub­jec­tive scales are used it can be dif­fi­cult to really under­stand what “likely” or “rarely” actu­ally mean. Consequently, even in cases where the sever­ity may be very high, the risk related to a par­tic­u­lar haz­ard may be neg­lected if the prob­a­bil­ity is deemed low.

To see the oth­er side, con­sider people’s atti­tude when it comes to win­ning a lot­tery. Most people will agree that “Someone will win” and the infin­ites­im­al prob­ab­il­ity of win­ning is seen as sig­ni­fic­ant.  The same odds giv­en in rela­tion­ship to a neg­at­ive risk might be seen as ‘infin­ites­im­ally small’, and there­fore neg­li­gible.

For example, con­sider the decisions made by the Tokyo Electric Power Corporation (TEPCO) when they con­struc­ted the Fukushima Dai Ichi nuc­le­ar power plant. TEPCO engin­eers and sci­ent­ists assessed the site in the 1960’s and decided that a 10 meter tsunami was a real­ist­ic pos­sib­il­ity at the site. They decided to build the react­ors, tur­bines and backup gen­er­at­ors 10 meters above the sur­round­ing sea level, then loc­ated the sys­tem crit­ic­al con­dens­ers in the sea­ward yard of the plant at a level below 10 meters. To pro­tect that crit­ic­al equip­ment they built a 5.7 meter high sea­wall, almost 50% short­er than the pre­dicted height for a tsunami! While I don’t know what rationale they used to sup­port this design decision, it is clear that the plant would have taken sig­ni­fic­ant dam­age from even a rel­at­ively mild tsunami. The 11-​Mar-​11 tsunami topped the highest pre­dic­tion by nearly 5 meters, res­ult­ing in a Level 7 nuc­le­ar acci­dent and dec­ades for recov­ery. TEPCO exec­ut­ives have repeatedly stated that the con­di­tions lead­ing to the acci­dent were “incon­ceiv­able”, and yet redund­ancy was built into the sys­tems for just this type of event, and some plan­ning for tsunami effects were put into the design. Clearly was neither unima­gin­able or incon­ceiv­able, just under­es­tim­ated.

Risk Perception

So why is it that tiny odds are seen as an accept­able risk and even a reas­on­able like­li­hood in one case, and a neg­li­gible chance in the oth­er, par­tic­u­larly when the ignored case is the one that will have a sig­ni­fic­ant neg­at­ive out­come?
According to an art­icle in Wikipedia [2], there are three main schools of thought when it comes to under­stand­ing risk per­cep­tion: psy­cho­lo­gic­al, soci­olo­gic­al and inter­dis­cip­lin­ary. In a key early paper writ­ten in 1969 by Chauncy Starr [3], it was dis­covered that people would accept vol­un­tary risks 1000 times great­er than invol­un­tary risks. Later research has chal­lenged these find­ings, show­ing the gap between vol­un­tary and invol­un­tary to be much nar­row­er than Starr found.
Early psy­cho­met­ric research by Kahneman and Tversky, showed that people use a num­ber of heur­ist­ics to eval­u­ate inform­a­tion. These heur­ist­ics included:
  • Representativeness;
  • Availability;
  • Anchoring and Adjustment;
  • Asymmetry; and
  • Threshold effects.
This research showed that people tend to be averse to risks to gains, like the poten­tial for loss of sav­ings by mak­ing risky invest­ments, while they tend to accept risk eas­ily when it comes to poten­tial losses, pre­fer­ring the hope of los­ing noth­ing over a cer­tain but smal­ler loss. This may explain why low-​probability, high sever­ity OHS risks are more often ignored, in the hope that less­er injur­ies will occur rather than the max­im­um pre­dicted sever­ity.

Significant res­ults also show that bet­ter inform­a­tion fre­quently has no effect on how risks are judged. More weight is put on risks with imme­di­ate, per­son­al res­ults than those seen in longer time frames. Psychometric research has shown that risk per­cep­tion is highly depend­ent on intu­ition, exper­i­en­tial think­ing, and emo­tions. The research iden­ti­fied char­ac­ter­ist­ics that may be con­densed into three high order factors:

  1. the degree to which a risk is under­stood;
  2. the degree to which it evokes a feel­ing of dread; and
  3. the num­ber of people exposed to the risk.

Dread” describes a risk that eli­cits vis­cer­al feel­ings of impend­ing cata­strophe, ter­ror and loss of con­trol. The more a per­son dreads an activ­ity, the high­er its per­ceived risk and the more that per­son wants the risk reduced [4]. Fear is clearly a stronger motiv­at­or than any degree of inform­a­tion.

Considering the dif­fer­ing views of those study­ing risk per­cep­tion, it’s no won­der that this is a chal­len­ging sub­ject for safety prac­ti­tion­ers!

Estimating Probability

Frequency and Duration

Some aspects of prob­ab­il­ity are not too dif­fi­cult to estim­ate. Consider the Frequency or Duration of Exposure factor. At face value this can be stated as “X cycles per hour” or “Y hours per week”. Depending on the haz­ard, there may be more com­plex expos­ure data, like that used when con­sid­er­ing aud­ible noise expos­ure. In that case, noise is often expressed as a time-​weighted-​average (TWH), like “83 dB(A), 8 h TWH”, mean­ing 83 dB(A) aver­aged over 8 hours.

Estimating the prob­ab­il­ity of a haz­ard­ous situ­ation is usu­ally not too tough either. This could be expressed as “15 minutes, once per day /​ shift” or “2 days, twice per year”.


Estimating the prob­ab­il­ity of avoid­ing an injury in any giv­en haz­ard­ous situ­ation is MUCH more dif­fi­cult, since the speed of occur­rence, the abil­ity to per­ceive the haz­ard, the know­ledge of the exposed per­son, their abil­ity to react in the situ­ation, the level of train­ing that they have, the pres­ence of com­ple­ment­ary pro­tect­ive meas­ures, and many oth­er factors come into play. Depth of under­stand­ing of the haz­ard and the details of the haz­ard­ous situ­ation by the risk assessors is crit­ic­al to a sound assess­ment of the risk involved.

The Challenge

The chal­lenge for safety prac­ti­tion­ers is two­fold:

  1. As prac­ti­tion­ers, we must try to over­come our biases when con­duct­ing risk assess­ment work, and where we can­not over­come those biases, we must at least acknow­ledge them and the effects they may pro­duce in our work; and
  2. We must try to present the risks in terms that the exposed people can under­stand, so that they can make a reasoned choice for their own per­son­al safety.

I don’t sug­gest that this is easy, nor do I advoc­ate “dumb­ing down” the inform­a­tion! I do believe that risk inform­a­tion can be presen­ted to non-​technical people in ways that they can under­stand the crit­ic­al points.

Risk assess­ment tech­niques are becom­ing fun­da­ment­al in all areas of design. As safety prac­ti­tion­ers, we must be ready to con­duct risk assess­ments using sound tech­niques, be aware of our biases and be patient in com­mu­nic­at­ing the res­ults of our ana­lys­is to every­one that may be affected.


[1] “Safety of Machinery — General Principles for Design — Risk Assessment and Risk Reduction”, ISO 12100, Figure 3, ISO, Geneva, 2010.
[2] “Risk Perception”, Wikipedia, accessed 19/​20-​May-​2011, http://​en​.wiki​pe​dia​.org/​w​i​k​i​/​R​i​s​k​_​p​e​r​c​e​p​t​ion.
[3] Chancey Starr, “Social Benefits versus Technological Risks”, Science Vol. 165, No. 3899. (Sep. 19, 1969), pp. 1232 – 1238
[4] Paul Slovic, Baruch Fischhoff, Sarah Lichtenstein, “Why Study Risk Perception?”, Risk Analysis 2(2) (1982), pp. 83 – 93.