Ansia I Haz 102005 Analysis

Army Safety Management
Implementing the ANSI/AIHA Z10-2005

Occupational Health and Safety Management
System in the Army
The purpose of this document is to provide a detailed look at business

management processes and design of accident and risk management
systems. It provides a detailed look at the Army Safety Program and
lays out a transition path to compliance with the ANSI/AIHA Z10-2005
Occupational Health and Safety Management System
David W. Johnson
15 September 2009
September 15,
ARMY SAFETY MANAGEMENT
2009
Copyright © 2009 David W. Johnson

All Rights Reserved
Page 2
September 15,
2009
Table of Contents
TABLE OF CONTENTS ...................................................................................................................................................................... 3
PREFACE .............................................................................................................................................................................................. 5
SECTION 1 – ACCIDENT CAUSATION .......................................................................................................................................... 7
HISTORICAL VIEW OF ACCIDENT CAUSATION ...................................................................................................................................................... 7
THE HEINRICH MODEL OF ACCIDENT CAUSATION ............................................................................................................................................. 7
MODERN ACCIDENT CAUSATION MODEL ............................................................................................................................................................. 8
RISK MANAGEMENT .............................................................................................................................................................................................. 11
AN UPDATED APPROACH TO ACCIDENT CAUSATION ...................................................................................................................................... 11
SECTION 2 – A MODERN VIEW OF THE ARMY BUSINESS MODEL .................................................................................. 15
RESOURCING THE OBJECTIVE ............................................................................................................................................................................... 15
DID YOU ACHIEVE YOUR OBJECTIVE – PROVIDING FOR ALTERNATE OUTCOMES...................................................................................... 17
SECTION 3 – SAFETY PROGRAM MANAGEMENT ................................................................................................................. 19
SWAMP – SAFETY WITHOUT ANY MANAGEMENT PROCESSES ................................................................................................................... 19
NORM – NATURALLY OCCURRING REACTIVE MANAGEMENT ...................................................................................................................... 19
SAFETY EXCELLENCE............................................................................................................................................................................................. 20
SAFETY MANAGEMENT IN THE ARMY ................................................................................................................................................................ 20
PROVIDING FOR A FEEDBACK LOOP IN THE ARMY SAFETY PROGRAM ......................................................................................................... 21
SECTION 4 – MEASURING PERFORMANCE AND EFFECTIVENESS .................................................................................. 23
MEASURES OF PERFORMANCE ............................................................................................................................................................................. 23
MEASURES OF EFFECTIVENESS............................................................................................................................................................................ 25
MAKING SAFETY METRICS RELEVANT TO THE ENTERPRISE ......................................................................................................................... 26
SECTION 5 – BASICS OF THE ANSI/AIHA Z10-2005 OHSMS ............................................................................................ 27
PLAN-DO-CHECK-ACT.......................................................................................................................................................................................... 28
THE ANSI/AIHA Z10-2005 OCCUPATION HEALTH AND SAFETY MANAGEMENT SYSTEM .................................................................. 28
SECTION 6 – IMPLEMENTING ANSI/AIHA Z10-2005 OHSMS IN THE ARMY .............................................................. 31
LIMITATIONS OF THE ARMY SAFETY PROGRAM ............................................................................................................................................... 32
BENEFITS OF THE ANSI/AIHA Z10-2005 OHSMS .................................................................................................................................... 32
MAKING THE TRANSITION TO THE ANSI Z10.................................................................................................................................................. 32
FINAL RECOMMENDATIONS ................................................................................................................................................................................. 38
SECTION 7 – DESIGNING AND INTEGRATING SAFETY AUTOMATION SYSTEMS ...................................................... 39
DESIGNING TOOLS FOR ANSI Z10 ..................................................................................................................................................................... 40
BASE REQUIREMENTS ........................................................................................................................................................................................... 40
ARMY ANSI Z10 SYSTEMS DEVELOPMENT MODEL ....................................................................................................................................... 41
END STATE.............................................................................................................................................................................................................. 52
SECTION 8 – SUMMARY................................................................................................................................................................. 55
APPENDIX A – COMPARATIVE ANALYSIS OF SAFETY MANAGEMENT SYSTEMS ...................................................... 57
SYSTEMS BASED BUSINESS MANAGEMENT MODELS....................................................................................................................................... 69
APPENDIX B – FIVE STEP COMPOSITE RISK MANAGEMENT PROCESS ........................................................................ 75
IDENTIFYING AND ASSESSING HAZARDS ............................................................................................................................................................ 75
DEVELOPING COUNTERMEASURES AND CONTROLS TO MITIGATE RISK ...................................................................................................... 76
INTEGRATING RISK MANAGEMENT – MANAGING HAZARDS AND CONTROLS ............................................................................................. 80
APPENDIX C – EXAMPLE SAFETY STRATEGIC ASSESSMENT ........................................................................................... 81
MEASURES OF PERFORMANCE ............................................................................................................................................................................. 81
Page 3
September 15,
2009
MEASURES OF EFFECTIVENESS ............................................................................................................................................................................86

GLOSSARY.......................................................................................................................................................................................... 97
ANSI Z10 KEY DEFINITIONS ...............................................................................................................................................................................97
OTHER DEFINITIONS ..............................................................................................................................................................................................97
WORKS CITED .................................................................................................................................................................................. 99
Page 4
September 15,
2009
Preface
Research by the National Institute for Occupational Safety and Health (NIOSH) initiated in the late 1970s has
documented the limited effectiveness of traditional safety approaches in minimizing occupational injuries and
illnesses. When safety effectiveness ratings of a studied population of companies were compared to loss
outcomes produced, no significant correlation of effort to results was found. However, when the same
population of companies was studied a second time comparing management competencies to loss outcomes, a
clear correlation of management effectiveness to low incident rate outcomes was revealed. Factors having
minimal impact were:
♦ A shift in safety emphasis; safety campaigns and promotions

♦ Size of the safety budget; random expenditures without a strategic safety plan
♦ Degree of hazard; assessing risk with no actions to control hazards
♦ Safety rules (quantity or quality); compliance mandated safety
♦ Safety committees; lack of positive leadership direction
If traditional safety programs are not meeting the need, what then is the approach that will make an
organization safe? One factor is common though, excellent safety performance cannot be attained in a
generally poor organization. Safety is nothing more than a byproduct of doing things right (Hansen, 2005).
Doing things right has been achieved by many organizations when they transformed the way they manage
their business to a systems based business management model. With the general acceptance of ISO 9000
quality management system, corporations implemented practices that provided for continual improvement
and systematic elimination of underlying or root causes of deficiencies. Other corporate management
elements have followed suit and modeled specific operational areas under similar systems based business
management models. An example is the standardization of environmental management practices with the
introduction of ISO 14000 environmental management systems. The American National Standard for
Occupational Health and Safety Management System, ANSI/AIHA Z10-2005, brings this same level of
systems based business management to safety.
This document provides a detailed look at business management processes and design of accident and risk
management systems. It provides a detailed look at the Army Safety Program and lays out a transition path to
compliance with the ANSI/AIHA Z10-2005 Occupational Health and Safety Management System. The
document will also provide a detailed software development strategy designed around the ANSI/AIHA Z10-
2005 Occupational Health and Safety Management System. Below is a breakdown for each section:
♦ Section 1 – Accident Causation

♦ Section 2 – General overview of the Army Business Model
♦ Section 3 – Safety Program Management
♦ Section 4 – Measuring Performance
♦ Section 5 – Basics of the ANSI/AIHA Z10-2005 OHSMS
♦ Section 6 – Implementing the ANSI/AIHA Z10-2005 OHSMS in the Army
♦ Section 7 – Designing and Integrating Safety Automation Systems
The document has two target audiences Section 1 through Section 6 is targeted at safety professionals to
outline the foundations of existing safety management programs and lay out a path to the ANSI/AIHA Z10-
2005 Occupational Health and Safety Management System. Section 7 is provided for safety software
development teams to outline a strategy for developing tools and resources designed around the ANSI/AIHA
Z10-2005 Occupational Health and Safety Management System. Though this document focuses on safety
programs in the U.S. Army, the principles and concepts outlined in the document can be applied to any
organization.
For questions and comments related to this document, please contact:
David W. Johnson
PSC 303 Box 45 (FKSF)
APO AP 96204
Phone: +82-10-4123-7699
E-Mail: david.w.johnson8@us.army.mil
Page 5
September 15,
2009
Page 6
September 15,
2009
Section 1 – Accident Causation

An accident is an unplanned event that causes harm to people or damage to property. Safety programs and
safety managers exist for one primary reason; the prevention of accidents. The goal of any safety program is
to provide tools and resources to reduce the risk of occupational injuries, illnesses, and property loss. To
develop these programs and implement countermeasures that can prevent accidents, the cause of an accident
must be determined. Man’s desire to understand the causes of accidents has gone through a long evolutionary
process. Modern accident causation models are very affective in understanding how accidents occur. The
most effective accident investigation tools and processes provide information that will allow informed
decisions by leadership to prevent future occurrences.
This section will review the evolution of traditional accident causation models from their origins to modern
causation models. Particular focus will be placed on integrating accident causation models with risk
management concepts.
Historical View of Accident Causation

Early man attributed hurtful happenings or accidents to the spirits. For centuries this approach was
predominant. Later a more sophisticated view was accepted- the person injured was somehow at fault. He
was at fault because he should be "Punished", was careless", or just "stupid."
During the early industrial revolution, factory managers reasoned workers who were injured, were hurt
because they weren’t "careful." Accidents were considered a natural side effect of production in other words
the cost of doing business. There was no way to change human nature, people always had been and always
would be careless.
The court system upheld the view of individual responsibility for safety. The injured worker had to sue and to
win the suit, the employer had to be found completely to blame for negligence, and this was rare. Public
opinion rose against the "worker alone-is-to-blame" theory. The courts responded by being more responsive
to workers' claims. State legislatures followed suit and by 1908 every state had an employer's liability law
Employers now with financial responsibility for an injured worker began to see that financially at least, it
would be more cost effective to prevent accidents. The only theory of what caused accidents was personal
carelessness. Individual businesses and factories used a hit-or-miss kind of effort in designing a safety
program. These efforts enjoyed varying degrees of effectiveness.
Figure 1 - Historical View of an Accident
The Heinrich Model of Accident Causation

The Heinrich model to accident causation has been the basic approach in accident prevention and has been
used mostly by safety societies and professional people since its publication in 1932. This was the first
scientific approach.
Heinrich began with the fact of injury and traced it back to its causes. An injury, he reasoned, was caused by
an accident, and an accident was caused by either an unsafe act on the part of the injured person or an unsafe
Page 7
September 15,
2009
condition in the environment. The concept of an unsafe condition was a major breakthrough because it
removed some of the blame from the individual worker. The worker might have been careless but it might
also have been caused because the machine was poorly designed or maintained, thus making it likely whoever
worked with it would be injured. Managers could see the rationale behind this theory. Since one of the
remedies against accidents dealt with 'things' instead of people, employers had something concrete to correct.
Machines, business and factory layouts were looked at with a new eye and were found to be sadly lacking in
safety features. A big push began to engineer for safety. This engineering for safety has been very effective
and is still a big area of responsibility under the Occupational Safety and Health Act.
However, engineering out unsafe conditions was only part of Heinrich’s corrective action sequence. Heinrich
professed that among direct and proximate causes of accidents, 88% are unsafe acts of persons, 10% are
unsafe mechanical or physical hazards, and 2% of accidents are unpreventable (Manuele, 2008). To address
the unsafe acts of persons, Heinrich proposed: instruction, which workers were taught how to do their
particular job safely; persuasion and appeal, in which people were exhorted to behave safely and which
prompted all those reams of paper being used for posters; and, discipline, in which, when all else has failed, a
worker was threatened with loss of money or job if his safety performance did not improve. From these came
the three "E's" of accident prevention: Engineering, Education, and Enforcement.
Figure 2 - Heinrich's Accident Causation Theories
Modern Accident Causation Model

The modern causation model does a better job of depicting the causes of accidents. It is a little more
complicated than Heinrich's model, but with it we can demonstrate that it does a lot more in helping to
understand how accidents are caused and how to correct those causes.
The modern model parallels Heinrich's to a certain point. A few words have been changed. Injury is
called Result indicating it could involve damage as well as Personal injury and the result can range
from no damage to the very severe.
Page 8
September 15,
2009
Figure 3 - Basic Modern Causation Model
The word Mishap has been used rather than Accident to avoid the popular misunderstanding that an accident
necessarily involves injury or damage.
Finally, the term Operating Error has been substituted for Unsafe Act & Unsafe condition to better reflect that
both are essentially the same thing, resulting from mistakes made by individuals. Examples of operating
errors include:
♦ Taking an unsafe position.

♦ Stacking supplies in unstable stacks.
♦ Poor housekeeping.
♦ Removing a guard.
The addition of system defects breaks away from Heinrich and adds a concept that virtually revolutionizes
accident prevention. This key concept is the single most important concept yet developed in accident
prevention theory. It changes what we seek to do and how we do it. System defects are weaknesses in the way
the system is designed or operated. Typical examples of system defects include:
♦ Improper assignment of responsibility.

♦ Creation of an improper climate of motivation.
♦ Inadequate provisions for training and education.
♦ Poor provisions for providing suitable equipment and supplies.
♦ Improper procedures for selection and assignment of personnel.
♦ Improper allocation of funds.
The next question is, "What causes systems defects?" The answer is management errors, because managers
are the people who design systems. In organizations without a safety staff, the buck stops with the manager.
Page 9
September 15,
2009
Figure 4 - Leader Failures
However, if the organization has a safety staff, we can answer the question, "Why did the manager make the
error?" by answering, "Perhaps because he was poorly supported by the safety program responsible for
advising him on safety matters." We may further conclude that when safety programs are weak and
ineffective, it is generally because safety managers make them that way.
♦ Safety Management Error - a weakness in the knowledge or motivation of the safety manager that permits
a preventable defect in the safety program to exist.
♦ Safety Program Defect - a defect in some aspect of the safety program that allows an avoidable error to
exist. Examples:
♦ Ineffective information collection.
♦ Weak causation analysis.
♦ Poor countermeasures.
♦ Inadequate control.
Figure 5 - Safety Program Defects
Page 10
September 15,
2009
Risk Management
Traditional industrial type operations are conducted in a stable and predictable operational environment.
Because the operational environment is more predictable, accident causation analysis is more direct and
controls can easily implemented through a compliance based model. In dynamic operations, there can be a
significantly greater number of variables and complexities to consider. Traditional compliance based
programs tend to be less effective across the full spectrum of operations. In many cases, relevant controls
specific to an operation must be developed and implemented during the planning phase of the operation. To
deal with this additional complexity many organizations have implemented policies that require the use of
some form of operational risk management.
Risk management in its various incarnations has been around for a long time. Originally, risk management
was primarily used by engineers and by insurance companies. Engineers traditionally use risk management
as a decision making tool during the development and sustainment of engineered systems. Insurance
companies have used risk management to calculate insurable risks. Their processes determine the cost to
insure based on risk of an accident.
More recently, a variety of industries and institutions have looked to risk management as a method to prevent
accidents. Arguably, the Service Components of the Department of Defense have implemented operational
risk management as an accident prevention tool more than any other industry or institution. An examination
of why they have so enthusiastically embraced risk management is in order.
Military organizations, like general industry, quickly adopted compliance based programs and
institutionalized their programs based on the standard guidelines. These programs contributed to dramatic
reductions in accidents from the late 1970s through the 1980s. This steady decline in accidents lasted until
the beginning of the 1990s. By the time Desert Storm kicked off, military organizations had achieved all that
could be milked from standard compliance based safety programs. Clearly, the military needed a plan to
continue downward trends
The Service Components aggressively began an analysis into the reasons for the loss of effectiveness of
compliance based programs. They soon realized that many of their processes did conform to the operational
paradigm that the individual compliance initiatives were originally designed upon. Most compliance
requirements originated from industrial operations. These operations take place in a predictable and
controlled environment where the “at risk” population is clearly identified. On the contrary, most military
operations are not conducted in a controlled industrial environment. Military operations typically focus on
situationally dynamic operations and tasks. In the mid to late 1990s they began to look at a process that was
designed to adapt to the dynamics of any operational situation. The process came to be known as Composite
Risk Management (also known in the US Army as Composite Risk Management).
Since that time, other agencies and institutions have adapted similar programs. These agencies and
institutions all have one thing in common; they conduct less predictable operations in uncontrolled
environments. Additionally, the ―at risk‖ population may not be clearly established for many operations and
tasks. Common to these types of organizations are dynamic tasks that vary regularly based on weather,
political and ethnic demographics, availability of skilled personnel to complete the task, and availability of
tools and resources to ideally control all aspects and outcomes. In addition to the military Service
Components, agencies such as Homeland Security, FEMA, law enforcement, and fire fighters all conduct
dynamic operations that benefit from operational risk management.
Operational risk management is now employed by all military service components and by many other
agencies. The U.S. Army’s implementation of operational risk management is known as Composite Risk
Management. Appendix B provides an overview of the Composite Risk Management process as defined in FM
5-19, Composite Risk Management.
An Updated Approach to Accident Causation

In Managing Maintenance Error: A Practical Guide, the authors comment on the need to inquire into the
systemic causal factors that result in human errors. They state, ―Errors are consequences not just causes.
They are shaped by local circumstance: by the task, the tools and equipment, and the workplace in general. If
we are to understand the significance of these factors, we have to stand back from what went on in the error
maker’s head and consider the nature of the system as a whole.‖
Page 11
September 15,
2009
The local circumstances referred to in the above excerpt vary greatly in operationally dynamic organizations.
Operationally dynamic organizations incorporate risk management into their basic operations and regularly
accept and manage risk. At the heart of any risk management program is the concept of acceptable risk.
William Lowrance, the author of Of Acceptable Risk: Science and the Determination of Safety, wrote,
―Nothing can be absolutely free of risk. One can’t think of anything that isn’t under some circumstance, able
to cause harm. Because nothing is absolutely free of risk, nothing can be said to be absolutely free of risk.
There are degrees of risk, and consequently there are degrees of safety.‖
Through risk management, operationally dynamic organizations such as Army strive to achieve the minimum,
practicable, and acceptable levels of risk throughout all operations. MIL-STD-882E, The Department of
Defense Standard Practice for System Safety defines this acceptable risk as ALARP or As Low as Reasonably
Practicable. ALARP is that level of risk which can be further lowered only by an increment in resource
expenditure that cannot be justified by the resulting decrement of risk.
Levels of acceptable risk are often judgmental. The operational risk management provides leaders with
flexibility to weigh the risk against the operational objectives. In some cases the operational objectives may
outweigh the risk. Most of the time, operationally dynamic operations are accomplished successfully without
any accidents or other failure outcomes. Should an accident occur though, it may be difficult to determine the
cause of an accident using traditional accident causation models such as the Modern Causation Model
described above.
Accounting for Acceptable Risk

An operation that has an excepted residual risk usually contains precursor elements that could result in some
form of failure outcome if not properly managed. The National Academy of Engineering workshop defines
Accident Precursors as any event or group of events that must occur for an accident to occur under a given
scenario. A precursor is an event that precedes and indicates the approach of another. In the context of risk
management, a precursor is an event or situation that, if it had included (or not included) some other small
set of behaviors or conditions, some form of failure outcome such as an accident would have occurred. The
―other set of behaviors or conditions‖ are known as exacerbating factors. The purpose of risk management is
to attempt to manage these exacerbating factors and prevent them from resulting in an accident.
In his report Root Cause Analysis of Precursors, Dr. William Cochran discusses root cause analysis that
includes the consideration of precursors. In this report he states:
In a perfect world precursors would be identified and analyzed so corrective actions could be taken to prevent
the downstream failure outcomes? In some cases this does not occur. Several high profile accidents occurred
with clearly identified precursors. The space shuttle Challenger explosion clearly shows this to be the case. It
was commonly known that every shuttle launch included O-ring blow-by. In fact, it can be said that every
launch of the space shuttle was a precursor to the Challenger explosion, in that if the pre-launch ambient
temperature had been sufficiently low the O-rings would have failed and the vehicle would have been lost.
There is also a near miss relationship to the accident or failure outcome. Initial studies showed for each
disabling injury, there were 29 minor injuries and 300 close calls/no injury. Recent studies indicate for each
serious result there are 59 minor and 600 near misses. A
near miss is a special case precursor. There seems to be
some agreement that near misses should be investigated
commensurate to the potential loss. When the necessary
exacerbating factors are highly likely the precursor is often
called ―a near miss‖.
For example, running a red light in a busy intersection

without a collision. The exacerbating factor would have
been a crossing vehicle in the intersection. Similarly, one
would expect a precursor to be called a near miss if the
mitigating factors were unlikely or not robust enough to deal
with potential exacerbating factors. For example a high Figure 6. Accident Probability / Near Miss trends
energy power line break that resulted in no injuries because
the workers happened to be at lunch when it happened.
Page 12
September 15,
2009
What Causes a Precursor to Become an Accident?

Dr. Cochran went on to discuss several formulas that clearly define the relationship between precursors and
accidents. When an accident does not occur in a risk managed operation, then an exacerbating factor was
missing, a mitigating factor was effective, or both. Conversely, when an accident occurs in a risk managed
operation then an exacerbating factor was missing, a mitigating factor was effective, or both. The following
equations define this relationship:
Equation 1: Accident = Precursor + Exacerbating Factor(s)
Equation 2: Accident = Precursor – Mitigating Factor(s)
Equation 3: Accident = Precursor + Exacerbating Factor(s) – Mitigating Factor(s)
It is not uncommon for an accident investigation to overlook precursors and the factors that lead to the
accident. If an accident is not effectively investigated with appropriate corrective action put in place, then the
causes of it may continue to exist. If the causes continue to exist another similar event may occur.
Equation 4: Accident(N+1) = Accident(N) + Nothing + Time
Equation 4a: Worse Accident(N+1) = Accident(N) + Nothing + Time + Exacerbating Factor(s)
In general, we think of a near miss as a precursor whose ingredients differ in only minor ways from those
necessary for an accident to occur. The ―near miss‖ concept suggests the following:
Page 13
September 15,
2009
Equation 5: Accident = Near Miss ± Not Much
The importance of these formulas cannot be overstated. In a risk managed environment, precursors are the
mix of DOTLMPF resources used to execute the mission. Exacerbating factors are unmitigated hazards and
mitigating factors are controls. Ideally, the DOTLMPF resources are managed to find the right balance ensure
success without taking unnecessary risks. Mitigating factors are put in place using risk management
principles to protect against exacerbating factors. Usually this approach works. Unfortunately, when one of
the conditions described above is in place an accident may occur.
For risk management to be effective and to make a positive impact on safety there needs to be a mechanism in
place that provides feedback for improvement of the process. Feedback is used to help ensure the proper mix
of DOTLMPF resources and use of proper mitigating factors. Without feedback, every time a mission is
executed is like the first time. Knowledge gained from previous operations is not put to use.
Page 14
September 15,
2009
Section 2 – A Modern View of the Army Business Model

The General Systems Theory Business Model, also known as a Programs Based Business Model, is the most
common business model used today. The approach views an organization as a group of interrelated programs
brought together for a common purpose and is the foundation of the Army Business Management Model.
Programs Based Business Models rely heavily on compliance with established standards to accomplish
results.
The figure below is a simple representation of the Programs Based Business Model. Resources used in the
event process and make up are represented as the input portion of the model. Each mission or operation has
a defined objective. The objective is the missions desired output. Between the input and the output lies the
core mission / operation which consists of events and processes that manipulate the input to yield the output.
Figure 7 - Standard Programs Based Linear Business Model
Resourcing the objective

The input portion of all business management models are composed of basic resource elements. Leaders
manage these resources to execute their missions and achieve their objectives. An efficient organization
expends only enough resources to adequately accomplish the mission. Over resourcing reduces the
organizations efficiency and profitability. Under resourcing as a minimum over extend the boundaries of the
resources and at worse causes losses such as damaged products, sub-standard products, or losses to one or
more organization resources. Finding an efficient balance in the utilization of these resources is critical to the
success of the corporate entity.
DOTLMPF Resource Elements

The Army Business Management Model contains seven resource management elements. These elements are
defined by the acronym DOTLMPF. DOTLMPF is used by the U.S. Army as it resourcing model to represent
the collection of resource elements that make up the corporate enterprise. Each of the DOTLMPF elements
are defined below
♦ Doctrine – Doctrine is defined as the collection of rules, laws, organizational guideline, and corporate
governances that provide the standards by which the business system operates.
♦ Organization – Organization is defined as the structure and manning guidelines that specify the
hierarchal structure of the business system. The corporate organizational structure is critical to all
business categories. It provides the foundation for all reports and metrics. It establishes the scope of the
enterprise itself. It may be organized according corporate structure, geographic location, sales region, or
any other logical representation of the enterprise. The structure defines how the corporate views itself
Page 15
September 15,
2009
and how the enterprise will represent itself. From a mission point of view, organization represents the
right individual with the proper knowledge and supervision to execute the mission.
♦ Training – Training is defined as the instructional guidance provided to leaders and employees
necessary for the safe and efficient execution of the organization’s mission.
♦ Leadership – Leadership begins with first line supervisors and includes all intermediate levels through
corporate executive leadership. It represents those personnel that provide guidance at all levels to
employees for the safe and efficient execution of the mission. Leadership is not attached to individuals
but instead is attached to positions within the organizational structure.
♦ Material – Material represents equipment and materials necessary for the successful completion of the
organization’s mission. This includes consumables, production equipment, and durables, but does not
include any real property such as buildings and facilities. Material elements are divided into those
elements used directly in the execution of the organization’s mission and those used to support the
enterprise infrastructure. Raw materials used in the production process are considered missions material
resources. Enterprise resources used to support the infrastructure would include machines used in the
manufacturing process, vehicles used in logistical support, or equipment used to support service based
industries.
♦ Person – Person includes employees at all levels from intern through corporate executive. On the
mission side, it includes the customer base. Person Resource represent information associated with an
organizations employee base and may be used as a reference source for Employee management events
such as training, awards, etc. When used with employee based events, historic records of personnel
actions are associated with each individual employee. Its metrics focus on the issues directly related to
the sustainment of the personal condition.
♦ Facility – Facilities represent those real property elements such as buildings and land used to support
the organization’s mission at all levels. It does not usually include properties used solely for investment
purposes. Real property entities are used as a reference source to manage things such as facility
maintenance, inspections, etc. Like personnel resources, real property resources may be used to associate
an historical record base for the management of the real property.
Figure 8 – Resourcing with DOTLMPF
Page 16
September 15,
2009
The DOTLMPF model also defines how each resource element functions within the business model. To do
this, each of the DOTLMPF elements is categorized as depicted below:
1. Management Control Processes. Doctrine represents the organization’s management control

processes. Through Doctrine all operations and their related tasks are defined.
2. Resource Enablers. Organization, Training, and Leadership represent resource enablers. That is to
say, all doctrinal use of an organization’s resources is facilitated through training and through the
organization’s leaders and leadership practices.
3. Organizational Resources. The remaining DOTLMPF elements represent the resources within an
organization used to execute a task. Material, Personnel, and Facilities represent those organizational
elements directly involved in the execution of a task.
Figure 9 - Programs Based Linear Business Model with Army defined resourcing (DOTLMPF)
Did You Achieve Your Objective – Providing for Alternate Outcomes

The standard Programs Based Business Model represents operations in an ideal world. It assumes that the
output will always be the desired output. The input side of the model consists of a balance of DOTLMPF
resources designed specifically to achieve the desired output. Unfortunately, not all output represents the
desired mission objective. Sometime resource performance is less than anticipated. Sometimes resource
deficiencies are known from the start and accounted for through the risk management process. Regardless of
the reason, output may vary from intended objective. Variable outputs are known as outcomes. Outcomes
may be:
1. Desired or Anticipated Outcome. Outcomes that represent the anticipated or desired output
2. Deficiency Outcome. Outcomes other than anticipated or less than the desired outcome deficiency
outcomes
3. Failure Outcome. A severe type of Deficiency Outcome represented by a significant loss such as
property damage, a personal injury or a fatality where the losses from the resulting outcome exceeds
acceptable cost. An accident is always considered a failure outcome even though the risk was accepted as
part of the operation. All failure outcomes are a subset of deficiency outcomes (e.g. accident, near miss).
When all these elements are combined, they define the Army Business Management Model as depicted below.
Page 17
September 15,
2009
Figure 10 - The Army’s implementation of the Programs Based Linear Business Model
Page 18
September 15,
2009
Section 3 – Safety Program Management

The ultimate goal of an organization’s safety program is to achieve excellence in safety. During a review of
statements made in annual reports on safety, health, and environmental controls issued by five companies
that consistently achieve outstanding results, a pattern became evident that defines the absolutes necessary to
attain such results (Manuele, 2008):
♦ Safety considerations are incorporated within the company’s culture, within its expressed vision, values,
benefits, core values, and system of expected behavior.
♦ The board of directors and senior management lead the safety initiative and make clear by their actions
that safety is a fundamental within the organization’s culture.
♦ There is a passion for, and sense of urgency to generate, superior safety results.
♦ Safety considerations permeate all business decision making, from the concept stage for the design of
facilities and equipment, through their disposal.
♦ An effective performance management system is in place.
♦ All levels of personnel are held accountable for results.
Larry Hansen developed a safety management model known as The Architecture of Safety Excellence. In May
2005 he published an article in Occupational Hazards magazine titled Stepping up to Operational Safety
Excellence. In this article he defined the various stages types of safety program management as outlined
below.
SWAMP – Safety Without Any Management Processes

COSTS ARE THE PROBLEM – Safety is Unmanaged; Safety is Ignored
Organizations mired in the SWAMP frequently reject responsibility and perceive safety as a task with no
productive value, a burden placed upon them by regulators, the insurance industry, or labor. They accept
accidents as an unavoidable cost of doing business, are autocratic, and have a heavy production focus. Safety
is frequently compromised to quota and/or delivery schedules. People are viewed as expendable resources.
Their planning is short-term and reactive; communications are one-way (down) and founded in mandates of
fear. They employ ―make-do‖ solutions to equipment and facilities problems, often leaving them unsafe.
Minimal employee involvement is allowed in the process and labor/management relations often are at odds
concerning safety and adversarial on most everything else. It’s always a case of them versus us.
These companies have high insurance costs driven by both frequency and severity. They populate the high-
risk pools, and adversely affect the insurance rates for their industry classification. These companies operate
in statutory ignorance, often in violation of recognized codes and regulations. Employee complaints and
whistle blowing occur frequently. They are targets of labor lawsuits and workplace litigation emanating from
injuries, which frequently make national headlines.
Companies mired in the SWAMP remain there until a Significant Financial Crisis occurs, which can be either
a single catastrophic event or a cumulative increase in loss costs so significant as to impact profits, and
threaten the CFO’s or CEO’s position, hence forcing senior management to acknowledge a problem and
declare: ―We need a safety program!‖
NORM – Naturally Occurring Reactive Management

PEOPLE ARE THE PROBLEM – Safety is Mismanaged; Safety is a Program
Because the decision to act was driven by cost and ignorance rather than an understanding of real causes, the
NORM is typically christened with the kiss of death the hiring of a safety director. This is a typical move as
management believes people are the problem, hence the natural answer is to hire someone to fix them, not us.
At this stage, companies implement safety programs without having an adequate understanding of the
problems or the actions necessary to resolve them. They implement programs patterned after what others
have done, i.e., create committees, establish rules, implement training, and enforce progressive disciplinary
policies. None of these proves effective, as they are answers that do not address the problem … the
management problem.
Page 19
September 15,
2009
Line managers typically excuse away accidents as employee carelessness. They are in conflict with the safety
officer who they perceive to be a nitpicker impeding their real job to get product out the door. Line
supervisors do not accept responsibility for the safety and health of the people assigned to their units and
embrace ―quick fix‖ programs that have minimal impact. Employees see through the ploys and blow them off.
Safety campaigns have high visibility, with slogans, contests, gimmicks, and incentive programs. Managers
issue rules and more rules, but frequently compromise them in their own day-to-day behavior, sending a clear
message to employees: Efforts are cyclical as they follow blood cycles injuries occur, pressure applied; injuries
reduced, pressure removed.
Activities focus on inspecting out hazards and disciplining out unsafe work practices. This process fails to
identify core problems, and only addresses surface symptoms. Line managers ―do‖ safety but don’t ―buy into‖
safety. Insurance costs in these organizations show some improvement, but plateau at or about industry
norms.
The NORM is where many companies exist, and where most will remain. For an organization to advance
onward to Stage III ... EXCELLENCE, they must undergo a ―Radical Organizational Change‖ (ROC),
discarding traditional beliefs and approaches, and adopting a more progressive mindset on systemic cause
and correction. These become the excellence companies.
Safety Excellence
PROCESS IS THE OPPORTUNITY – Safety is Managed as a System; Safety is Integrated into
Other Corporate Systems.
In excellence companies, safety is less scheduled and more systemic. Efforts are dedicated to building
collaborative systems and cooperative partnerships that integrate safety into core business processes. There
are few, if any, safety rules, safety meetings, safety audits, safety training, safety metrics and, least of all, safety
committees. The objectives of such activities are integrated into operational procedures. In place of separate
safety activities, there are:
♦ Normally held operations meetings (that include, and often start with, safety)
♦ Standard operating procedures and training (that include safety as an integrated component)
♦ Problem seeing and solving sessions (that address safety as a fundamental element)
♦ Manager meetings to address on-going performance improvement opportunities (that include safety as an
integral business process)
These organizations are well-schooled in progressive management principles such as ISO 9000, Lean Six
Sigma, and other modern leadership practices. Accidents are rare events. When they occur, they are
addressed quickly and effectively at their root-cause level. Labor relations is healthy with many of these
companies listed on recognized business lists, e.g., ―Best 100 Companies to Work For‖ and/or publicized in
business trades, B-school case studies and management journals. Accident costs are low. For these
companies, safety pays dividends and adds to the bottom line. Many in this group have transformed their
safety function from a cost center to a profit center in recognition of its ability to
make margin contribution and create shareholder value. Excellence companies face
one additional mind shift on the journey to becoming a true world-class safety
organization. This final step-change involves a Critical Thinking Shift wherein safety
is no longer perceived as a technical and/or managerial issue, but as a core value
critical to business success. Safety in world-class organizations is cultural, an issue
of leadership values ―Safe is how business is done.‖
Safety Management in the Army

When safety is managed as a separate program within an organization the results are
often typified by Naturally Occurring Reactive Management (NORM) described
above. The NORM type of safety management is the most common management
practice in the Army and is a direct result of the Army Business Management Model.
The ―programs‖ focused nature of the Army Business Management Model results in Figure 11 - Chaotic nature of program
a conglomeration of linear programs attempting to work toward a common elements in the Programs Based
organizational goal but often falling short. This reactive and chaotic nature of Business Model
Page 20
September 15,
2009
Programs Based Business Models led to the development of Systems Based Business Management Models.
Systems Based Business Management Models focus on proactive, standard processes for continuously
assuring and improving elemental effectiveness. Systems Based Business Management Models requires a
feedback loop that provides evaluation mechanisms, performance measurement, and a framework of
continual improvement. The Safety Excellence model described above defines a Systems Based Business
Model for safety. The figure below represents the generic Army Business Management Model modified to
conform to the Systems Based Business Model
Figure 12 - The Army's implementation of the Systems Based Business Management Model
Providing for a Feedback Loop in the Army Safety Program

The Army Safety Program contains most of the elements to support an effective systems based management
model. However, one critical element is missing. The Army has no consistent methodology for providing for
the feedback loop. It has no system for continuous feedback and improvement. For feedback to be of
consistent use it must be standardized. To do this, a system of metrics needs to be in place. Currently, the
Army has no consistent system to measure safety performance. Only accident performance has been defined.
Additionally, no system exists to measure the effectiveness of its programs. Before an effective feedback
system for continuous improvement can be implemented in the Army, a comprehensive system of metrics
needs to be put into place that measures performance of all safety program elements.
Page 21
September 15,
2009
Page 22
September 15,
2009
Section 4 – Measuring Performance and Effectiveness

Accident rates are currently the only standardized metric used throughout the Army. Unfortunately, accident
rates do little to indicate accident causation trends. They also are unable to provide necessary feedback to
improve the organization’s safety initiatives. An accident rate is simply a performance indicator (and not a
very good one either).
The lack of metrics is indicative of the Army’s programs based safety management model. Though some
statistics are kept, few are standardized and none are consolidated to provide holistic view of the performance
of the Army Safety Program. This is not to say that data is not available to establish a system of metrics. The
process of managing a safety program generates tremendous amounts of data. Data related to safety audits,
safety training, and compliance with safety requirements is gathered and kept at virtually every command
level. However, this data has no common system of measurement in order to quantify performance. It
usually sits in a drawer until its meets guidelines for disposal; never benefiting the safety program and never
providing feedback to the safety management system.
The Systems Based Business Management Model described in Section 3 above requires an effective means of
measuring the performance of the entire management system. The importance of this cannot be
overemphasized. A core requirement of the Systems Based Business Management Model is that it must
provide for continuous improvement. This requires a system of metrics that measures performance and that
measure the effectiveness of its programs. Once processed, this data can be fed back into the planning process
to provide for continual improvement.
One of the primary reasons for the limited successes of risk management to date can be directly attributed to
the lack of metrics used to measure both successes and failures. Data related to operational successes and
failures represents only a portion of the available information. Once gathered, data related to safety audits,
safety training, and compliance with safety requirements can also be quantified using a standard system of
metrics. Accurately measuring these and other safety performance factors is fundamental to providing the
necessary feedback required by the management system.
Measures of Performance
Measures of performance are direct measurements of an organization’s safety and accident prevention
activities. Examples include measurements of safety training attendance, percent of required personnel in
respiratory protection program, performance on safety surveys, etc. Two types of metrics are used to measure
performance: lagging indicators and leading indicators.
Lagging Indicators
Lagging indicators result from analysis of failure outcomes. Most often they represent an accident or other
type of loss and typically are measured as the number of times a failure occurred, the reasons for the failure,
and the resulting outcome. Lagging indicators may also be grouped together to show overall organizational
trends. For example, the number of time a failure associated with the individual DOTLMPF elements occurs
would indicate weaknesses in that resource area.
Lagging indicators are generally easier to define and quantify. Lagging indicators represent data elements
associated with events that have already occurred. The amounts and types of data available are known and
the relevancy on the data is similarly easy to identify and quantify. Because of the ease in identifying relevant
quantifiable data, the majority of the data we tend collect and quantify is associated with lagging indicators.
Lagging indicators can also be easily grouped into who, where, when, what, and why categories. These
categories are often referred to as the 5ws. The 5ws can be further classified into 3 groups: demographics,
precursors, and exacerbating factors
Measuring Demographics
Demographics are represented by who, where, and when. The main purpose of demographics is to identify
the at risk population. A population may be defined by age, gender, and pay grade. It may also be defined by
duty position and work location. Any set of who, where, and when that can identify a specific working
population may be used. This population is then measured against a standard set of metrics. Identification of
Page 23
September 15,
2009
mission parameters is critical to defining the elements that make up relevant metrics to measure at risk
populations. Demographic metrics then seek out commonalities and accident trends to determine what
population is most vulnerable to a reoccurrence of the mishap. Below are examples of information sets that
may be used to measure demographic metrics.
♦ Who – gender, age, rank, duty position, etc.

♦ Where – operational environment, type location, theater of operations, etc.
♦ When – period of day, season, etc.
What – Conditions Allowing a Hazard

As previously mentioned, a deficiency exists when the DOTLMPF resource elements of a task are under
resourced or improperly resourced. This deficiency is considered to be a hazard when it increases the
probability or severity of a loss. DOTLMPF deficiencies define what conditions were in place that allowed a
hazard to exist. Hazards can then be measured as DOTLMPF deficiencies and controls measured as applied
DOTLMPF resources. These deficiencies are defined below:
♦ Doctrine – Standards do not exist or they are not clear and practical
♦ Organization – Inadequate personnel or services to complete the operation
♦ Training – Standards exist but they are not known or ways to achieve them are not known
♦ Leader – Standards are known but are not enforced
♦ Material – Inadequate material or design of material inadequate for the mission
♦ Person – Standards not followed by the individual
♦ Facility – Inadequate facility maintenance or facility design inadequate for operation
How and Why – Exacerbating Factors that Lead to DOTLMPF Deficiencies

DOTLMPF deficiencies measure condition or state but they do not define how and why a condition led to an
accident. In a risk managed environment, DOTLMPF deficiencies exist and are managed as part an aspect of
the operation. Understanding what exacerbating factor caused DOTLMPF deficiencies to result in an accident
is critical to identifying abatements and controls to the root cause of a problem. Exacerbating factors
represent behaviors and conditions that lead to accidents. Most often, human behaviors, either by leaders or
by individuals, contribute to these exacerbating factors. Human Factor elements (HFACS) are used to define
behavioral exacerbating factor. Without understanding how and why these deficiencies exist,
countermeasures that address superficial elements and not the fundamental root cause of the deficiency
would be implemented. This is most common the case when dealing with systemic deficiencies.
Leading Indicators
Leading indicators measure the performance of safety programs and initiatives. With leading indicators it is
typically more difficult to determine what should be measured. Significant amounts of data may need to be
collected over time before quality metrics are identified. Difficulties in determining the usefulness of this type
data has led to many safety professionals to overlook its applicability to improving the safety management
system.
Data for traditional leading indicators such as measurements of compliance, analysis of after action reviews,
organizational readiness health assessments, and evaluations of near misses may or may not be kept for an
organization and almost no organizations quantify this data and measure performance using a standardized
system of metrics. For the most part, the data is collected because of the requirement from a higher authority.
Each of these programs though can provide useful data for improving the safety management system.
Compliance
Compliance record keeping is common to most all organizations. Unfortunately, compliance is usually not
quantified and little is done to measure the effectiveness of the compliance requirement. For the most part
compliance record keeping is done for the sake of compliance or for liability reasons. Much more can be
drawn from the record keeping process. For example, a safety inspection can quantify the DOTLMPF
resource deficiencies and the reasons these deficiencies exist in much the same way as described in an
accident investigation. The measurement of compliance or in this case lack of compliance can give an insight
into the deficiency trends within an organization.
Page 24
September 15,
2009
Other types of compliance record keeping such as that used for safety training may also be quantified to
provide leading performance indicators. The percentage of personnel attending training and measurement of
skills and knowledge received in training (normally done through some type of testing) can also represent a
safety measure of performance. It is critical to compare the compliance leading indicators with failures
identified in accident investigations to measure the effectiveness of the compliance control.
Analysis of After Action Reviews

An After Action Review is used to identify the successes and failures of an operation. Each of the controls that
were implemented for the mission should be measured and quantified for their effectiveness. Likewise, the
type of operation being conducted should also be quantified. In this way the effectiveness of a type of control
against a particular mission or mission set type can be measured. Additionally, the After Action Review
should identify those DOTLMPF resources that were not as appropriate for the operation as expected. The
exacerbating factors that caused the failures should also be accounted for.
Metrics can be developed for after action reviews to quantify types of events, types of exposures, and types of
lessons learned. Over time operational trends derived from the after action reviews can be analyzed to
identify organizational shortcomings and systemic trends.
Organizational Readiness Health Assessments

Organizational Readiness Health Assessments, also known as Safety Health Assessments, measure the
integration of safety and risk management in the organization. Most significantly, it measures how effectively
leadership has established a risk management culture within the organization. This metric does not directly
measure the effectiveness of a particular control but instead measures risk management and safety values
impressed upon the organization’s employees. The metrics derived from the assessments should be gathered
as a minimum annually to measure progress in developing a risk management culture. Accidents that include
deficiencies in the Person DOTLMPF resource should be evaluated against the Organizational Readiness
Health Assessment to validate findings.
Evaluations of Near Misses

As previously defined, a near miss is a special case precursor. When the necessary exacerbating factors are
highly likely the precursor is often called ―a near miss‖. Near misses should be investigated using the same
processes used in an accident investigation. A level of effort commensurate with the potential loss should be
applied to the investigation process. Like accidents, deficiencies in DOTLMPF resources and existing
exacerbating factors should be quantified and analyzed. As with accidents, deficiency trends identified in this
way can show an organizations strengths and weaknesses. More importantly it can often clearly identify the
countermeasures that need to be put in place to prevent future occurrences.
Measures of Effectiveness
Measures of effectiveness are more difficult to quantify. These measurements represent a quantification of
how effective a particular control or program is at preventing accidents. To determine a measure of
effectiveness, leading indicators are checked against lagging indicators to see if the plans, policies, and
programs represented by the leading indicators reduced the frequency or severity of the events represented by
the lagging indicators. Ideally, the metrics used to measure performance and effectiveness should pre-define
when program or control put in place.
For example, the process for measuring the effectiveness of the mandatory seatbelt requirement should have
been put into place when the requirement was first established. The severity of injuries in motor vehicle
accidents prior to implementing a mandatory seatbelt rule would have already been established. To measure
the effectiveness of the seatbelt policy, the metric system would compare the severity of injuries after
implementation to those identified before the implementation of the policy.
To realize the full potential of both leading and lagging indicators, exposures must be measured. It is easy to
measure the frequency of events such as accidents that generate lagging indicators. It is far more difficult to
measure the frequency of our successes. For the most part we tend not to measure our successes. Because
our successes, or our exposures, are not measured it is difficult to fully define the effectiveness of systems that
have been put into place.
Page 25
September 15,
2009
Figure 13 - The Systems Based Business Management Model with metrics defined
Making Safety Metrics Relevant to the Enterprise

The main purpose of both leading and lagging indicators is to measure the effectiveness of existing controls
and provide for continual improvement of the management system. The collection of metrics combines to
provide the feedback mechanism necessary to support continuous improvement of the management system.
The figure above shows where these metrics fit into the Systems Based Business Management Model.
Attempts have been made in the Army to provide this type of feedback. Six Sigma is very similar in design the
systems based management concepts described in this document and makes use of metrics in much the same
way. Unfortunately, Lean Six Sigma has not lived up to its expectation. This is because Six Sigma is a tool,
not a management system. When used as a tool within the Systems Based Business Management Model, Six
Sigma could unquestionably provide the results Army leadership is searching for.
Page 26
September 15,
2009
Section 5 – Basics of the ANSI/AIHA Z10-2005 OHSMS

In 1999, the American National Standards Institute (ANSI) officially approved the ANSI Accredited Standards
Committee Z10, with the American Industrial Hygiene Association (AIHA) as its Secretariat, to begin work on
a U.S. Occupational Health and Safety (OH&S) Standard. A committee was formed with broadly
representative members from industry, labor, government, professional organizations and general interest
participants. The committee examined current national and international standards, guidelines and practices
in the occupational, environmental and quality systems arenas.
Based on extensive deliberations, they adapted the principles most relevant from these approaches into a
standard that is compatible with the principal international standards as well as with management system
approaches currently in use in the United States. The process of developing and issuing a national consensus
standard is expected to encourage the use of management system principles and guidelines for occupational
health and safety among American organizations. It may also yield widespread benefits in health and safety,
as well as in productivity, financial performance, and quality and other business goals.
Figure 14. Evolution of Occupational Health and Safety Management Systems
On July 25, 2005, ANSI approved the new ANSI/AIHA Z10-2005 Occupational Health and Safety
Management System (ANSI Z10). ANSI Z-10 is a voluntary consensus standard on occupational health and
safety management systems. It uses recognized management system principles based on the Systems
Business Management Model in order to be compatible with
quality and environmental management system standards
such as the ISO 9001:2000 Quality Management System and
ISO 14000 Environmental Management System. The ANSI Z-
10 Standard also draws from approaches used by the
International Labor Organization’s (ILO) guidelines on
Occupational Health and Safety Management Systems and
from systems in use in organizations in the United States.
The purpose of the standard is to provide organizations an

effective tool for continual improvement of their occupational
health and safety performance. Additionally, the standard
sought to impact favorably on productivity, financial
performance, quality, and other business goals through
compatibility with other management systems. This
compatibility encourages integration of the ANSI Z10 standard
requirements into other business management systems (ISO
9001:2000 and ISO 14000) in order to enhance overall
organizational performance. The ANSI Z10 standard is a set of
interrelated elements that establish or support health and
safety policy and objectives, and mechanisms to achieve those
objectives in order to continually improve occupational safety Figure 15. Business & Operations Management Systems
and health (Specialized Technology Resources, 2009).
Page 27
September 15,
2009
Plan-Do-Check-Act
The ISO 9001:2000 Quality Management
System reference a methodology known as
―Plan-Do-Check-Act‖ or PDCA. The
methodology provides for continual
improvement of the organizations quality
management systems. The ANSI Z-10 standard
is based on the same classic PDCA quality
principles. The PDCA is a four-step model for
carrying out change. Just as a circle has no end,
the PDCA cycle should be repeated again and
again for continuous improvement. The
elements of the PDCA cycle are defined below:
1. Plan: Establish the objectives and

processes necessary to deliver results in
accordance with the expected output. By
making the expected output the focus, it differs
from other techniques in that the completeness
and accuracy of the specification is also part of
the improvement.
2. Do: Implement the new processes. Often
on a small scale if possible.
3. Check: Measure the new processes and
compare the results against the expected results
to ascertain any differences.
4. Act: Analyze the differences to determine
Figure 16. The PDCA as implemented in ANSI Z10
their cause. Each will be part of either one or
more of the P-D-C-A steps. Determine where to
apply changes that will include improvement. When a pass through these four steps does not result in the
need to improve, refine the scope to which PDCA is applied until there is a plan that involves
improvement.
Like many organizational management systems, Lean Six Sigma also makes use of the PDCA methodology.
Lean Six Sigma adapts the PDCA methodology as ―Define, Measure, Analyze, Improve, and Control.‖ This
Lean Six Sigma methodology is usually referred to as DMAIC. Because of the common foundation to PDCA,
Lean Six Sigma can also be plugged into the overall business model providing quantitative metrics and
problem solving methodologies that could benefit the OHSMS.
The ANSI/AIHA Z10-2005 Occupation Health and Safety Management

System
The ANSI Z10 is designed around a Systems Based Management Model specifically for occupational health
and safety. It is a management system standard not a specification standard. The basic elements of the
standard address management leadership and employee participation, planning, implementation, evaluation
and corrective action and management review. Contained within the standard are processes for continual
improvement. These processes are to be in place and implemented to insure:
♦ Hazards are identified and evaluated.

♦ Risks are assessed and prioritized.
♦ Management system deficiencies and opportunities for improvement are identified.
♦ Risk elimination, reduction, or control measures are taken to assure acceptable levels of risk are attained.
Page 28
September 15,
2009
Figure 17 - The American National Standard for Occupational Health and Safety Management Systems
Below is an overview of the seven different topics contained in the standard:

1. Scope, Purpose and Application: Section 1 defines the scope, purpose, and application of the ANSI
Z10 standard. ANSI Z10 defines its purpose to provide a management tool to reduce the risk of
occupational injuries, illnesses, and fatalities. The scope of the program and the underlying principles of
the new standard are also discussed in this section.
2. Definitions: Section 2 provides definitions of terms used in the standard. Definitions for many of the
classics terms such as ―risk‖ and even ―hazard‖ vary slightly from commonly excepted definitions. It is
important to understand how these terms are defined in the standard because these definitions form the
basis for the provisions set down by the standard. Key ANSI Z10 definitions are included in the Glossary
section.
3. Management Leadership and Employee Participation: Section 3 covers management and
employee participation. It places the responsibility for the Occupational Health and Safety Management
Systems (OHSMS) directly on the shoulders of management. The standard also emphasizes that there
must be effective participation at all employee levels in the OHSMS. The primary elements of this section
are:
a. Management Leadership
(1) Policy (documented, employee protection & participation)
(2) Responsibility and Authority (implementation, maintenance, performance of OHSMS, provide
resources)
b. Employee Participation
(1) Involvement in OHSMS by all employee levels of the organization
(2) Resources and time to participate in planning, implementation, evaluation, corrective &
preventive action
(3) Access to relevant OHSMS information
(4) Examples of Employee Participation Incident investigations, procedure development,
Occupational Health and Safety (OH&S) related audits, training development, job safety analysis,
planning process, OH&S committee involvement
4. Planning (Plan): Section 4 defines planning. Planning in ANSI Z-10 is described as the process of
identifying and prioritizing OHSMS issues. ANSI Z10 further defines issues as hazards, risks, OHSMS
deficiencies, and improvement opportunities. The emphasis is on determining the hazards, risks,
prioritizing and making corrective measures to reduce or eliminate risks. Classic process safety principles
to reduce hazards and risk are emphasized in this section. The primary elements of this section are:
Page 29
September 15,
2009
a. Initial and ongoing reviews

b. Compliance with legal and other requirements
c. Hazard & risk identification
d. OH&S Objectives
e. Implementation Plans and Allocation of Resources
5. Implementation and Operation (Do): Section 5 covers OHSMS operational elements, training,
communications, and documentation. Many of these items are found in most organizational OHSMS.
Hierarchy of controls, as described by the standard, means that companies ―shall‖ employ the classic risk
reduction steps through elimination, substitution, engineering, warnings, administrative controls and
PPE. The documentation and record control process are designed to fit in with ISO 9000 and ISO 14000
standards. The primary elements of this section are:
a. OHSMS Operational Elements
(1) Hierarchy of Controls
(2) Design Review and Management of Change
(3) Procurement
(4) Contractors
(5) Emergency Preparedness
b. Education, Training, and Awareness
c. Communication
d. Document and Record Control Process
6. Evaluation & Corrective Actions (Check): Section 6 covers evaluation and corrective actions.
Highlighted in this section are periodic audits. The audits are critical because they measure the
organization’s effectiveness in implementing the OHSMS. The primary elements of this section are:
a. Evaluation
(1) Monitoring and Measurement
(2) Audits
(3) Incident Investigation
b. Corrective and Preventive Actions
c. Feedback to the Planning Process
7. Management Review (Act): The last section of the standard requires that management continue to
participate in the process continuing to address issues for improvement. This key focus of this section is
the requirement for measures of effectiveness of programs and policies in reducing risks. The primary
elements of this section are:
a. Review Process Requirements
b. Review Elements and Outcomes
c. Review Follow-up
Page 30
September 15,
2009
Section 6 – Implementing ANSI/AIHA Z10-2005 OHSMS in the Army

An Occupational Safety and Health Management System is a set of interrelated elements that establish or
support health and safety policy and objectives, and mechanisms to achieve those objectives in order to
continually improve occupational safety and health (AIHA, 2005). Appendix A includes an overview of
various OHSMS in use today. One such OHSMS that would meet the needs of the Army is the ANSI/AIHA
Z10-2005 American National Standard for Occupational Safety and Health Management System.
What is the difference between an OHSMS

and a Safety Program? The distinction as
used here is, a program operates in
isolation by itself. The focus is typically on
compliance with a specific regulation.
Programs also lack strong, if any, feedback
or evaluation mechanisms, which then
limits their continuous improvement over
time (Core Advantage, 2007).
Conversely, a systems approach, while not

losing sight of programmatic
requirements, is broader in scope and
addresses many other issues such as the
quality of the safety and health
performance, integration with other
business systems, and focuses on safety
and health improvement. A key distinction Figure 18 - The ANSI/AIHA Z10-2005 OHSMS
of a systems approach is that there are
clear feedback and evaluation mechanisms
so that the system responds to both internal and external events (Core Advantage, 2007).
The OMB Circular (consistent with Section 12(d) of the NTTAA) directs agencies to use voluntary consensus
standards, such as ANSI Z10, in lieu of developing government-unique standards, except when such use
would be inconsistent with the law or otherwise impractical. The ANSI Z10 contains many elements very
similar to Army Safety Program elements but provides the added advantage of being designed around the core
requirement of continual improvement. Each element of the ANSI Z10 is designed to feed into the next until
it restarts the improvement cycle. When the individual program elements of the Army Safety Program are
integrated into their appropriate place in the ANSI Z10, the non-cyclical nature of the current Army Safety
Program becomes clear as do the possibilities for improvement.
The transition to ANSI Z10, while not impractical, is not without effort. The Army Safety Program contains
elements that need clarification and the addition of several specifications to comply with the ANSI Z10. For
example, paragraph 5.1.1 of the ANSI Z10 specifically requires a hierarchy of controls. DA Pam 385-30
defines controls but does not specifically provide for this hierarchy. Each program element of the Army Safety
Program would require analysis to determine where it fits into the ANSI Z10 and what changes would need to
be made for compliance with the standard. A reasonable estimation would be that the Army Safety Program is
currently about 80% to 85% in compliance with the ANSI Z10.
Changing the safety culture and the way the Army has managed safety for so many years also presents
difficulties. Initiating the ANSI Z10 in the Army would require commitment and direction at the highest
levels. To ensure integration of the ANSI Z10 into the Army Safety Program, transition to ANSI Z10 should be
initiated through the use of the Strategic Safety Plan to establish the initial goals. The ultimate end result of
these goals would be the certification of individual programs and the overall Army Safety Program as
ANSI/AIHA Z10-2005 OHSMS compliant.
This section compares the Army Safety Program to the ANSI Z10 and looks at requirements to make the
transition. It first looks at the advantages of the ANSI Z10 and the limitations of the Army Safety Program
from strategic level. The following sub-sections then look at each of the elements that make up the ANSI Z10
with the corresponding Army Safety Program element. Discussion for each section is provided to discuss
issues and modifications to the Army Safety Program needed for compliance with the ANSI Z10.
Page 31
September 15,
2009
Limitations of the Army Safety Program

In Section 3 of this document, Army Safety Program management practices were defined as NORM or
Naturally Occurring Reactive Management. In the Army Safety Program, activities focus on inspecting out
hazards and disciplining out unsafe work practices. Safety campaigns have high visibility, with slogans,
contests, gimmicks, and incentive programs. Managers issue rules and more rules, but frequently
compromise them in their own day-to-day behavior.
In AR 385-10, The Army Safety Program, 24 chapters define individual safety program elements.
Unfortunately, none of these chapters include a collective business management process to integrate the
individual safety program elements. For that, the Army refers to the standard linear business model. In
general, each program element continues in a linear fashion independent of the other program elements.
Integration of program elements is a requirement but the Army Safety Program lacks specific guidance or a
framework on how to accomplish integration. To provide some semblance of integration, the individual
program elements rely heavily on Composite Risk Management (CRM). Like the ANSI Z10, the Army’s CRM
process does follow a Plan-Do-Check-Act (PDCA) structure. When the individual safety program elements are
used in conjunction with the CRM process, some cyclical benefits can be realized. However, CRM itself was
not meant to be a comprehensive business management model as the ANSI Z10 is. Because of this, CRM falls
short of being able to fully integrate the individual program elements into single cyclical business
management model. Unfortunately, this lack of integration often results in limited program improvement.
The Army Safety Program is too large and too complex to require integration without providing a framework
and a set of standards to accomplish the task.
The Army Safety Program also provides limited guidance on safety performance measurement. Currently,
accident rates are the only clearly defined metric in the Army Safety Program. Chapter 2 of AR 385-10, The
Army Safety Program requires metrics to measure performance in all areas but the Safety Center has yet to
clearly define a system of standardized metrics that can be used to measure overall safety and occupational
health performance. No metrics exist for measuring safety training performance, safety compliance reporting,
etc. Neither is there a system in place to clearly measure effectiveness of safety program initiatives. Tools
such as ARAP, TRiPS, and Safety Audit results should be used along with accident trends to clearly define
measures of performance and effectiveness. To accomplish this, specific metrics should be clearly defined.
Benefits of the ANSI/AIHA Z10-2005 OHSMS

Also in Section 3 of this document, safety management practices that focus on safety management systems,
such as those found in ANSI Z10, were defined as Safety Excellence. With the ANSI Z10, safety is managed as
a system that is integrated into other corporate systems. Unlike programs based linear business management
practices, the ANSI Z10 goes beyond the sum of individual safety and health programs. It is made up of
interrelated and interdependent components that are designed around a continual improvement model.
To achieve continual improvement, the ANSI Z10 is recursive in nature with each section cyclically feeding
into the other until the cycle starts again. At the core of this cyclic process is the requirement for Management
of Change. This requirement is the engine that drives continuous improvement and is the most critical
component that is missing from the Army Safety Program. The individual elements that make up the ANSI
Z10 integrate into the management of change process. Each provides feedback into the system.
Elements such as accident reporting, audits, and safety training feedback into the system to provide a
comprehensive view of the total safety system. The ANSI Z10 requires metrics to measure the systems
performance. Because metrics are built into the system, quantitative assessments of safety performance are
continually fed into the management of change process. Ultimately, this results in leading indicators being
measured against trends in lagging indicators, to measure the system’s overall effectiveness.
Making the Transition to the ANSI Z10

The purpose of the following section is to identify structures within the Army Safety Program that support
transition to the ANSI Z10. It follows the format and structure of the ANSI Z10 providing corresponding
Army Safety Program elements. A discussion is included for each ANSI Z10 element identifying issues and
implementation strategies. This section is not intended to be a comprehensive roadmap to change. It is
designed to provide a high level overview of implementation.
Page 32
September 15,
2009
Section 3 Management Leadership and Employee Participation

Section 3 places the responsibility for the Occupational Health and Safety Management Systems (OHSMS)
directly on the shoulders of management. It defines roles and responsibilities for implementing, maintaining,
monitoring, and resourcing the OHSMS program. The standard also emphasizes that there must be effective
participation at all employee levels in the OHSMS. It requires employee participation in planning,
implementation, and corrective actions.
Army Safety Program

AR 385 10, The Army Safety Program encompasses all the individual program elements that make up the
Army Safety Program. Chapter 1, Section 2, Responsibilities similarly defines roles and responsibilities for the
Army Safety Program. However it lacks requirement to integrate OHSMS into other organizations business
systems and processes.
Paragraph 2-24(e) states ―Commanders of separate detachments, companies and above will establish a
Soldier and Army Civilian Employee Safety Committee. The committee will be representative of the
workforce within the organization.‖ Though employee participation is implied, it does not specifically define
the requirement for an employee safety committee nor does it define any other mandatory employee
participation in planning, implementation, and corrective actions.
Discussion and Recommendations

Discussion: The Army Safety Program clearly defines management and leadership responsibilities but it
does not define relationships to other management programs. Additionally, few organizations actually have
effective participation by Soldiers and NCOs. Some organizations have NCO Safety Councils but these
programs are hit and miss. Likewise, some organizations have effective civilian employee participation
programs but this is not consistent throughout the Army.
Recommendation: Identify other management systems

and programs that should be integrated with the OHSMS.
The scope of integration and key elements of the
integration must also be clearly defined. Clearly define
participation programs that should be included in DA Pam
385-10, The Army Safety Program. Elements should
include requirements for an employee recommendation
program, require BOSS representation at Commander
level safety councils, define metrics that should be reported
to employees/soldiers to promote suggestions, and include
requirement for effective employee participation programs
to be considered for organizational safety awards. Figure 19 - Section 3 of the ANSI Z10
Section 4 Planning (Plan)

Section 4 clearly defines use of information resources in the planning process. It requires processes to review
relevant information used to identify OHSMS issues, prioritization of OHSMS issues, development of
objectives, and formulation of implementation plans. It requires all systems to provide feedback to the
planning process for continual improvement. This methodology creates a cyclical process that provides for
continual improvement.
Army Safety Program

FM 5-19, Composite Risk Management defines implementation of CRM for Army operations. DA Pam 385-
30, Mishap Risk Management defines risk management used in non-tactical/routine environments. The risk
management process has many tenants of the Planning portion of the ANSI Z10. One element that is missing,
perhaps the most important element, is a sustainable system of feedback and input to the planning process for
Page 33
September 15,
2009

Discussion: Traditionally, the Army has focused on accident reporting. Metrics to measure performance
have likewise focused on accident reporting. The Army is missing metrics to measure leading indicators such
as inspections and audits as well as other leading performance indicators. For an OHSMS to meet the
requirement of ANSI Z10 Section 4.0 Planning it must have systems in place to capture leading and lagging
indicators that measure safety performance and the effectiveness of controls. These performance indicators
are provided to improve plans, correct deficiencies, and improve the overall OHSMS.
Automation tools have likewise focused on accident reporting

and analysis tools. More recently, the Army has focused on
developing some risk management tools (e.g. TRiPS and
GRAT). Unfortunately these tools do not share a common
metrics model and are unable to communicate with each other.
Because of this, they provide limited functionality in
improving the OHSMS over time.
Recommendations: Define a system of metrics to measure

leading and lagging indicators for all areas of safety. Metrics
should be common throughout the system to provide for
common comparison and analysis. External data sources
should be used and metrics normalized to the common system.
Also recommend the development of an information

automation system to provide as a repository of a wide range
of leading and lagging metrics and to provide for analysis of
trends. The information system should be composed of a
variety of tools designed around the ANSI Z10 that address
specific requirements and management needs. Tools should
be designed with common metrics and interoperability in Figure 20 - Section 4 of the ANSI Z10
mind. The system should focus on the ability to review
relevant information, identify issues, and feedback capabilities
as part of its core design. Note: See Section 7 for a detailed
automation implementation strategy.
Section 5 Implementation and Operation (Do)

Section 5 defines specific implementation processes. Several of the key elements are Hierarchy of Controls,
Design Review and Management of Change, Procurement, Contractors, and Emergency Operations. In the
area of operations it defines education and training programs, communication processes, and documentation
of control processes. Perhaps the most significant element is the requirement for management of change.
Management of change is critical to providing for continual improvement of the OHSMS. It is the process
that integrates the other elements of the system and is the engine of continual change.
Army Safety Program

AR 385-10, the Army Safety Program, specifically addresses many of these elements. Chapter 2 addresses
communication and documentation programs, Chapter 4 addresses contracting and procurement, Chapter 10
addresses training and education, and Chapter 19 addresses emergency operations. In addition, several DA
Pams target these programs and provide detailed guidance.

Discussion: Many of the basic elements that would support Section 5 of ANSI Z10 are essentially in place.
Guidance for education and training requirements are adequate for the needs of the Army but a mechanism to
track safety specific training is incomplete. The Army has a system known as the Defense Training
Management System (DTMS) to track training but a complete list of safety training requirements are not
included in the list of available training programs. Additionally, the system is not integrated with other safety
information systems. Safety training is a leading performance indicator but, there are no metrics defined to
provide measures of performance or to measure the effectiveness of training programs.
Page 34
September 15,
2009
Additionally, two significant elements are missing from the Army Safety program, a formal hierarchy of
controls and a process for management of change. Hierarchy of controls provides a systematic way to
determine the most effective feasible method to reduce risk associated with a hazard (AIHA, 2005).
Management of change provides for system design reviews and managing of change to improve the OHSMS.
Management of change provides mechanisms that manage and track controls and corrective actions in
support of the continual improvement process. Like the Safety Centers Recommendation Tracking System, it
tracks implementation of recommended corrective strategies, identifies responsible action agencies, and
manages the process throughout the lifecycle of the action. Ideally it should also assess the effectiveness of
the corrective action.
Recommendation: A system to provide metrics

related to safety training should be fairly simple to
implement. Safety training should be tracked like any
other organizational training. Since DTMS is the
standard system in the Army to track training, it
should be used to track safety training. To facilitate
this process, all required safety training should be
added to the system so it is available for inclusion as
training. Additionally, training requirements based
on the individual’s MOS/occupation and
environmental exposures should be developed to
identify specific safety training requirements (e.g.
respiratory protection training, PPE training, etc.).
This capability should be also be integrated into
DTMS. Finally, the Safety Center, should import
training statistics and develop metrics that can be
used to gauge safety performance factors and provide
for measurement of the effectiveness of specific safety Figure 21 - Section 5 of the ANSI Z10
training in preventing accidents.
A hierarchy of controls would also be fairly simple to implement. Integration of the hierarchy of controls into
FM 5-19, Composite Risk Management, and DA Pam 385-30, Mishap Risk Management, would probably be
the most effective approach. The scope of the program would have to be broadened to encompass all safety
program elements but this should create any issues.
Implementing a process for change management would be more difficult. First the requirement for
management of change would need to be formally defined within the Army Safety Program. Processes and
procedures would need to be identified and standardized. Metrics would need to be developed to identify the
types of controls and changes being implemented and a measurement of effectiveness would also be
necessary. Existing tools such as the Recommendation Tracking System should be used as a starting point to
support this requirement. Its scope would need to be broadened and metrics would need to be defined.
Section 7 below details elements of this design.
Section 6 Evaluation & Corrective Actions (Check)

Section 6 defines requirements for evaluating performance of the OHSMS. It requires the ability to track
findings and identify trends. The section specifically requires measurement of performance against the
OHSMS standards. Section 6.1 defines specific processes and tools used to measure performance. Workplace
inspections, exposure assessments, injury / illness investigations, and employee feedback are examples of
these mechanisms. Section 6.2 focuses on incident investigation. Section 6.3 addresses audits. Section 6.4
addresses corrective and preventive actions. Finally Section 6.5 addresses feedback to the planning process.
Army Safety Program

Most of the elements from Section 6.0 are incorporated into the Army Safety Program. AR 385-10, The Army
Safety Program, outlines program element implementation. Chapter 2 addresses the Army Command
Inspection Program (CIP), Chapter 3 details accident investigation and reporting and Chapter 17 addresses
workplace inspections. Specific program implementation details are addressed in various DA Pams.
Occupational health and industrial hygiene assessment programs are addressed in Army medical
Page 35
September 15,
2009
publications. These programs are designed to operate independent of each other and do not, by design,
provide feedback into the planning process.

Discussion: To effectively meet the standards of the Section 6.0, the Army Safety Program requires an
effective hazards management model that manages hazards and corrective actions throughout their entire life
cycles until they can feedback into the process. Audits and workplace inspections provide a great assessment
of safety and occupational health but no standard system exists in the Army to track this leading performance
indicator. Findings from inspections and audits are usually given to the command responsible for corrective
action and little else is done with the information to ensure continual program improvement. Though a
significant amount of data related to accidents is captured, there is also no way to determine if controls
emplaced in the work environment were effective in reducing accidents. For example, is eye protection being
used in industrial areas and is it effective in limiting the seriousness of eye injuries.
Though many of the processes defined in Section 6 exist in the Army they are not integrated and most often
different program offices do not share their information. When information is shared it usually has no
common metric to clearly define performance trends. The Safety Center and USACHPM are the primary
collectors of accident and illness data. The information systems used by these organizations do not currently
share information nor do they share a common system of metrics. Common metrics are key to getting usable
information from the various program organizations in the Army.
Many of the operations in the Army expose personnel to various levels of risk. The Safety Center has
developed several effective risk management tools but they are not used to their full effectiveness. The
capabilities of the Ground Risk Assessment Tool (GRAT) and Composite Aviation Risk Assessment Tool
(CART) could be extended to capture types of risks personnel are being exposed to and types of controls put in
place to manage risk. When coupled with resources such as those found in the Center for Army Lessons
Learned, these tools could be used as an exposure metric / leading indicator that could be used to gauge
overall safety performance.
Recommendation: A common metric system

should be developed to clearly measure
performance across a wide variety of Army
Programs. The system of common metrics should
be designed so that data can be shared across
systems and across commands. Metrics for leading
indicators need to be clearly identified and
performance goals attached to these indicators.
When compared with lagging indicators such as
accident performance, these metrics should be
capable of generating measures of the program
effectiveness.
Further recommend the Army develop a

comprehensive information system that
encompasses all the elements of Section 6. The
system would need to include capabilities similar to
those in the Army’s Recommendation Tracking Figure 22 - Section 6 of the ANSI Z10
System but at a much larger scale. The system would
need to manage hazards and deficiencies from all
identifying sources. Specific requirements include:
♦ Need to establish standardized audits (e.g. CIPS and ARMS) designed around OHSMS model with
example checklists in DA Pam and capability to track system level safety performance
♦ Need to establish standardized workplace inspection capabilities to manage workplace and facility safety
issues as well as facility life cycle management
♦ Need capabilities to track type of corrective actions implemented, time to correct deficiencies,
effectiveness of corrective actions
♦ Need capabilities to report close calls
Page 36
September 15,
2009
♦ Need capability to integrate with issues from Center for Army Lessons Learned
♦ Need capability to integrate with occupational illness trends tracked at USACHPM
Section 7 Management Review (Act)

Section 7 defines methodologies for higher level management review of the overall OHSMS. Section 7.1
defines the management review process and Section 7.2 defines review of outcomes and follow-up procedures.
Army Safety Program

The Army Safety Program has a clearly defined Management Control Evaluation Process. Appendix C of AR
385-10, The Army Safety Program, contains a detailed checklist of the evaluation elements. The checklist
focuses heavily on accident performance but makes little provisions for leading performance indicators.
Compliance with OSHA also requires evaluation and reporting of safety performance. Currently annual
performance reports a forwarded to DA each year for consolidation. These reports focus primarily on the
civilian workforce. No specific reporting requirements for the military workforce are defined but most
organizations combine this data with that of the
civilian workforce.

Discussion: The Management Control Evaluation
Process (MCP) is not currently used as an effective
safety performance tool. It is mostly a paperwork drill
meeting a GAO reporting requirement. The Army
Safety Program needs a tool to elevate and assess its
overall effectiveness.
Recommendation: The MCP should be expanded to

incorporate a comprehensive self assessment model
that makes use of all metrics to assess the health of the
OHSMS at all organizational levels. The MCP should
be merged with annual OSHA reports to provide a
comprehensive strategic assessment of the OHSMS.
The strategic assessment should also include data from
other resources such as the Center for Army Lessons
Learned to develop future plans and initiatives.
Appendix C contains an example of the type of report that Figure 23 - Section 7 of the ANSI Z10
could be implemented.
To ensure accurate representation of performance, metrics used in the reports and the overall content of the
reports should be standardized so that data could be rolled up to DA (Safety Center). This data could then
provide a strategic overview of the OHSMS. This strategic assessment could drive the foundation of future
business strategies and Strategic Safety Plans. It could be used to develop action plans and taskings.
Page 37
September 15,
2009
Figure 24 - The Army implementation of the ANSI/AIHA Z10-2005 OHSMS
Final Recommendations
To achieve full integration of ANSI Z10 in the Army, a more comprehensive analysis would be required. The
analysis should look at all aspects of the existing Army Safety Program and provide a roadmap to
implementation of the ANSI Z10 in the Army. As a minimum, the comprehensive analysis should include:
♦ Levels of effort required for modification of existing programs to comply with ANSI Z10
♦ Levels of effort required to develop common corporate metrics that provide for measures of performance
and measures of effectiveness
♦ Identification of any obstacles to change
♦ Detailed assessment of the total cost of the transition. Include annual costs to allow for incremental
implementation
♦ Detailed assessment of automation tools needed to meet system requirements with estimated life cycle
costs
♦ Development of a clear set milestones to set goals and gauge implementation performance
♦ Expectations of benefit to Army safety and reasonable accident reduction goals. Accident reduction goals
should be specific and linked to specific portions of the OHSMS implementation plan
Page 38
September 15,
2009
Section 7 – Designing and Integrating Safety Automation Systems

The Vice Chief of Staff of the Army has directed U.S. Army Combat Readiness/Safety Center (Safety Center) to
develop and maintain a single source reporting system and data repository for all Army accidents. This
requirement provides direction to the Army and assists leaders in developing strategic plans and goals.
Current systems are designed to provide this type of resource and do it quite well, but this is only a start. To
truly have an impact on accident reduction and safety in general the Safety Center needs to do more.
One of the problems facing safety managers over the years has been managing the information recording and
reporting requirements of the Army Safety Program. These requirements are burdensome but the
information is not recorded simply for the sake of recording. The information can provide valuable accident
prevention and hazard abatement resources. This information is representative of the data and metrics
needed to provide for continuous improvement as outlined in ANSI Z10. For the most part though, the Safety
Center has focused its information management and analysis resources on accident data only. Far more data
related to safety and risk management is collected by operational units and installations on a regular basis.
Currently, DA level accident data and organizational safety program data are managed separately. DA level
accident data is stored at the Safety Center in a proprietary data system with no system to share data or
provide for common metrics. For most organizations, their safety program data is stored in a collection of
spreadsheets and documents with no system of automation and little if any metrics captured.
Accident reporting and analysis needs vary based on level of command. At Safety Center, information is
looked analyzed based on a strategic view of the Army. Installations, specialty organizations, and
organizations at various levels of command all have specific safety and risk management information needs
that greatly exceed basic accident reporting and DA level analysis provided by the Safety Center. The
headquarters centric information provided by Safety Center tends to a good job at providing overall strategic
safety and risk management guidance to the Army, but because of their lack of scalability and extendibility,
current systems tend to falter in their abilities to provide organizational centric information that can address
detailed safety analysis at most organizational levels.
Organizational tools such as ASPIRE and RCAS were developed to collectively manage accident data and
other safety related data such as hazards logs in a single safety management system. Unfortunately, the
design of these systems requires data that should be maintained at DA (e.g. accident data) be duplicated in
local data repositories. RCAS and ASPIRE are not to be singled out on this issue. Hundreds of databases exist
throughout the Army, all containing mishap data. Multiple databases have created multiple versions of the
―truth‖ often obscuring critical mishap related issues and trends. Most databases are not properly designed
and the security of sensitive data has regularly been compromised
ASPIRE, RCAS, and similar tools provide a far more comprehensive view of their organization safety program
and risk management initiatives than the accident only tools provided by Safety Center. Most commands that
use these tools have no desire to lose any of their current capabilities. Most are also more than willing to give
up the responsibility of managing their own systems if they don’t lose any functionality when they adopt DA
developed tools. From a commander’s perspective, they don’t care where the data or the safety management
tools reside as long as they can have access to the resources they need without increasing the complexity and
volume of their work.
The Safety Center has developed several state of the art automation tools designed to assist in safety program
improvement and accident reduction. Like the Army Safety Program in general, most of these tools function
independently of each other without taking advantage of information generated by other tools. Ultimately,
the goal should be designing a single robust business model that incorporates scalability and extendibility to
cover all organizational safety information and record keeping needs. The design of the ANSI Z10 is ideal for
use as a safety automation tool development model. The ANSI Z10 provides the basis for a framework in
which a safety automation model can be constructed. This model would provide for tight integration of all
Safety Center tools and a framework to develop external tools that function seamlessly with Safety Center
tools. A single business model, regardless of who develops the tools, provides economy force and sharing of
resources.
Page 39
September 15,
2009
Designing Tools for ANSI Z10

Do design effective safety management tools for the Army, developers must first realize that Army commands
vary greatly and by design have significant differences in their needs for safety management and information
tools. The variation in command structures and their information requirements begin at the highest levels of
command. This is evidenced in the recent restructuring of MACOMs to AC, ASCCs, and DRUs. Army
Commands are very large and like the Safety Center have a more strategic view when analyzing safety and risk
management information. ASCCs represent our go to war headquarters command and tend to be more
directly involved in specific details associated with safety trend analysis. They tend to be more proactive at
cross-referencing mishap data with other trend resources. DRUs represent the supporting infrastructure. In
many cases they are more systems oriented. They also employ the majority of the civilian workforce and need
to look at how OSHA requirements relate to the Army’s safety systems. The model needs to take this
variability into account in its basic design.
Divisions and other Major Subordinate Commands and below will look at data with much more detail. They
also have more direct access to additional safety leading indicators. A composite look at leading indicators,
mishaps trends, and other lagging indicators can give a much different view than analyzing mishaps alone.
The model must allow for analysis of safety and risk management data and trends from these other resources.
With the creation of the Installation Management Command comes the creation of specific safety and risk
management needs. An installation not only must address occupational safety but must also address public
safety. Their responsibilities extend into restraints, shopping centers, schools, and public service agencies
such as fire fighting and law enforcement. Clearly, the model needs to address these needs also.
Finally, not all tactical organizations have the same mission. Special Operations Command, Intelligence and
Security Command, Army Medical Command, and the Corps of Engineers all have unique missions. Their
needs are often neglected when a singular strategic view of the Army is all that is addressed. The model must
be capable of addressing the specific needs of these special organizations.
These variations in command structure and safety information system requirements present challenges to
developers. Fortunately, the ANSI Z10 was designed from the ground up to be applicable to all organizations
of all sizes and types. It is designed to be both scalable and extendible to support needs at all levels. Because
of this flexibility of ANSI Z10 extends to information systems development in the form of the Army ANSI Z10
Systems Development Model.
Base Requirements
For a safety information system to be applicable across the Army, certain critical capabilities must designed
into the system. These capabilities are the high level objectives of the Army ANSI Z10 Systems Development
Model.
1. Encapsulate all the above ANSI Z10 safety elements into the model and, as a minimum, design for a
system of continual improvement through the use of a well defined feedback capability.
2. The Army ANSI Z10 Systems Development Model must be a subcomponent of the overall corporate
business model and be integrated into Army business processes at all levels. . Today, safety and risk
management exist as separate activities of Army processes and operations. To achieve the requirements
of the ANSI Z10, safety and risk management must be a core process and integrated into all processes as
part of the process itself.
3. The design of the Army ANSI Z10 Systems Development Model must be flexible enough to adapt to the
wide range of operations executed by the Army. For example:
a. High stakes, event driven operations
b. Routine support operations such as vehicle repair
c. Combat operations and training
d. Administrative operations
4. To encapsulate the concepts of safety excellence, the business model must support the concept that
leaders manage resources and processes to achieve the objective.
5. The model must be a single model that is both scalable and extendible. It must provide the capabilities to
add on features at all levels of command so that it can evolve and mature as the Army’s safety
management systems mature. It must anticipate a paradigm shift from traditional reactionary safety
programs to the tenants of the ANSI Z10.
Page 40
September 15,
2009
6. The model must encompass all accident reporting requirements into a single model regardless of the
source of the requirement. The model should be designed with built in extensibility to accommodate
additional requirements and evolutionary changes to existing requirements.
7. The Army ANSI Z10 Systems Development Model defines a business management system not a software
application. An extendible business management system will assure extendible software and non-
software based tools.
8. The Army ANSI Z10 Systems Development Model must be designed to support both data consumers and
data providers. The model must address the functional needs of each from their respective points of view.
A data consumer is focused on what information they need to do their analysis and data providers should
be identified according to their ability to provide the required data.
9. Simply reporting accidents is not enough. A system to manage hazards, deficiencies, and controls
associated with the accidents is essential to preventing future accidents. This system should be designed
around the requirement for management of change. Additionally the management of change system
should also accommodate hazards, deficiencies, and controls from other sources such as audits,
inspections, safety councils, near misses, and those identified independently by the work force.
10. Deficiencies identified by accidents represent lagging indicators of deficiencies and hazards within an
organization. Failures of systems and controls must occur for identification of these deficiencies. The
Army ANSI Z10 Systems Development Model must also be able to accommodate deficiencies and trends
identified prior to system and control failures. It must be able to make use of these leading indicators to
reduce the potential for accidents.
11. The Army ANSI Z10 Systems Development Model should provide for measures of effectiveness. The
system should provide capabilities to check leading indicators against lagging indicators to see if the
plans, policies, and programs represented by the leading indicators reduced the frequency or severity of
the events represented by the lagging indicators. Capabilities to pre-define metrics used to measure
performance and effectiveness should be designed into the system.
12. The Army ANSI Z10 Systems Development Model should be published as a corporate standard. As part
of this standard, commonalities to other systems should be identified. Reference / look-up codes that are
common to other systems should be identified and authoritative sources for these resources established.
This concept should be built in as an extensibility requirement so that integration with external systems
can be supported.
13. Information availability and the capability to use the information for safety and accident prevention
purposes vary at different levels of command. The higher the level of command, the more strategic the
view and the less detailed the information needs to be. The Army ANSI Z10 Systems Development Model
should be designed to provide a framework that can be published and integrated into systems at any level
of command. A common model would allow users at all levels to identify necessary information resources
and have defined business processes to make use of the resource specific to their needs while supporting
the overall information needs at higher command levels.
14. The Army ANSI Z10 Systems Development Model should address the specific needs of installations (e.g.
public safety concerns, recreational safety, traffic safety, etc.)
15. Operational units have a need to capture data in much greater detail than higher level commands. Data
related facility inspections, hearing conservation, respiratory protection, radiation safety, explosive safety,
and other operational areas provide a profile on the safety health of the organization. The Army ANSI
Z10 Systems Development Model should address these specific needs.
16. The Army ANSI Z10 Systems Development Model should address pure ad hoc analysis needs (e.g. answer
specific targeted questions regarding the who, where, when, what, why, and how)
17. The Army ANSI Z10 Systems Development Model should be designed as a stateless system to improve
performance.
Army ANSI Z10 Systems Development Model

The phrase Army ANSI Z10 Systems Development Model has been used to describe the development
approach using the American National Standard for Occupational Health and Safety Management Systems
(ANSI Z10) as a business model for system software development. It is not intended to be a catch phrase but
is intended to be a formally defined software development model. It is designed to be compliant with the DoD
Software Architecture Standards and designed to provide for growth and maturation of the safety
management system and its business requirements.
Page 41
September 15,
2009
The purpose of this section is to provide input to the Army Integrated Risk Management Enterprise
Architecture at the U.S. Army Combat Readiness / Safety Center. Recommendations and input represent the
information systems needs from the viewpoint of an ASCC, installation, or brigade safety office.
Recommendations are designed to assist in analysis and in the general management of organizational safety
programs. Some of the recommendations may not directly impact the needs of ACOMs, installations with
combined safety offices, or the Safety Center. The final end state will be a multi-tiered Risk Management
Information System (RMIS) that extends the capabilities of the systems at Safety Center and provides
valuable tools at command level safety offices.
Designing the Enterprise

An assessment of software development plans from the Safety Center was conducted to identify areas of
consideration. . (Note: The below analysis is included as separate document titled Army Risk
Management Information System Boundary – 20080524 ArchitectureDesignPlans_USASafety
Center_Dave.vsd). Few recommendations were made for near term integration. Near term recommendations
integrates ASCP initiatives and lays foundation for future recommendations. Out year recommendations
include recommendations to Analyze-It, a proposed Track-It, and the Command ARMIS. Finally, to reduce
confusion of end users, the system is changed to the Army Risk Management Information System (ARMIS).
Users will see this as an evolution and capabilities enhancement of existing systems. Definitions of ARMIS
and other tool changes are included below in the section titled Multi-Tiered Risk Management Information
System. Specific definitions of the tools that make up ARMIS are included in the section below titled The
Army Risk Management Information System.
6 to 12 Months
An assessment of the 6 month model indicates that the primary
focus of Safety Center is to continue development of Report-It and
lay the foundation for the transfer of the database systems from
Oracle to SQL Server. At the core of the Army ANSI Z10 Systems
Development Model is the requirement to provide for continual
improvement via a feedback mechanism. To support this
requirement, the system must establish a common set of metrics.
Metrics rely heavily on quantifiable data values in the information
system. To ensure commonality across applications and across
systems, a common set of look-up codes must be defined.
Wherever possible, the system should use codes defined by an
authoritative source (e.g. consider using ICD-10 codes to represent
type injuries). To develop new codes and validate existing codes
developed by the Safety Center, a committee of stake holders
should be formed. The committee should consist of developers,
analysts at the Safety Center, and key users in the field. The
Figure 25 - Integration with DTMS and ALMS
committee would be charged with ensuring the relevancy of the code
system, its applicability to the ANSI Z10, and the elimination of data
noise. The code system should also be managed and new codes only
allowed when a consensus among stake holders is achieved.
A basic framework of metrics must be built for both existing systems and future projects. The framework
should provide for controlled additions and changes to the codes system. It should define the purpose of the
metric and its role in providing for continual improvement of the OHSMS. Because the ability to provide for
continual improvement is critically tied to metrics and the code system, it is critical that this requirement be
initiated at the beginning of the project.
The only additional recommendation would be to integrate with the Defense Training Management System
(DTMS) and the Army Learning Management System (ALMS). With this integration, the Safety Center will be
able to provide for centralized reporting of safety training. The Safety Center should establish links with
DTMS and ALMS that imports and normalizes data to the common metrics model.
Appendix C of DA Pam 385-10, The Army Safety Program, provides a detailed list of all safety training that
may be required by soldiers and DA civilians. The list is primarily based on the requirements of 29 CFR 1910
Page 42
September 15,
2009
and 1926. Training requirements are implemented as controls to prevent injuries for specific type operations.
Safety managers track the completion of training as part of the risk management process (step 5 – supervise).
Reports representing percent of personnel that attended training is a measure of performance for that
organization’s safety program.
The list from Appendix C of DA Pam 385-10, The Army Safety Program, should be loaded into DTMS as
standard Army training requirements. This would allow commanders and safety managers a standardized
way of tracking safety training. Data from DTMS could be fed into Analyze-It and represent a measure of
effectiveness. Lack of training is often included as a recommendation in an accident report.
Recommendations are currently quantified in the Army Safety Management Information System (ASMIS).
Training trends could be compared with type recommendations to determine if training is being conducted
and if it is, was the training effective. This comparative analysis represents a valuable measure of
effectiveness. Initial integration could occur sometime between the 6 month model and the 12 month model.
Full integration of DTMS data with Analyze-It would be forecasted for inclusion in the beyond 18 month
model.
12 to 18 Months
An assessment of the 12 month model indicates the continued focus of Safety Center on development of
Report-It and the transition to SQL Server. Focus should continue on the integration of DTMS and ALMS. By
the 12 month mark, DTMS can be fully integrated as a training reporting tool. On-line safety classes can be
cross referenced with DTMS safety training entries and credit automatically given for a class when an
individual completes a training module at CRU-II or ALMS. Integration with Analyze-It should be targeted
for a later date.
The Safety Center should also conduct an analysis of the capabilities of the Army Readiness Assessment
Program (ARAP) providing measures of effectiveness to Analyze-It. ARAP assesses the effectiveness of the
command’s safety and risk management initiatives. As a leading indicator it provides feedback directly from
the command’s personnel. The analysis of ARAP should look at the ability to sanitize ARAP data to protect is
capabilities as a battalion level assessment tool and still provide adequate data for use in Analyze-It. Analyze-
It could compare ARAP assessment trends with accident trends to measure the effectiveness of the Army’s
safety initiatives as well as those of the organization. Analyze-It could also use the data to profile at risk
organizations. Interactions with the resulting data could be through the ARAP interface or through Analyze-
It. Safety Center may want to consider establishing bi-directional data flows for all data in Prevent-It. This
data represents leading indicators of Army organizations and operations. All of these leading indicators can
provide valuable input into Analyze-It.
18 Months and Beyond

An assessment of the 18 month model indicates the most significant shift in the Safety Center’s information
infrastructure. Data has been moved off Oracle to SQL Server and integration services are established.
Report-It should be fully developed and established as the Army standard accident reporting tool. The
number of external interfaces is also increased. At this point DTMS should be moved into the External
System list. It is also recommended that the Defense Occupational Health Reporting System (DOHRS) and
Integrated Facility System (IFS) be added as external sources.
DOHRS provides occupational health and industrial hygiene information that could be used by Analyze-It to
determine the health (as it relates to industrial hygiene) of our facilities and the integration of our personnel
into programs such as the respiratory protection program and the hearing conservation program. These
leading indicators when compared with accident trends can measure the effectiveness of these programs in
preventing accidents.
The Recommendation Tracking System (RTS) should have evolved into Tack-It and exist independent from
Analyze-It. The complete capabilities of Track-It are defined in the section below titled The Army Risk
Management Information System.
Finally, external Risk Management Systems tools such as RCAS should exist independently as ARMIS
compliant tools that must conform to architectural requirements before being allowed to communicate
directly with ARMIS. By the 18 month mark, all external independent Risk Management Systems would
require compliance with business rules established by the Safety Center. These business rules would define
Page 43
September 15,
2009
communication standards, code table standards, communication infrastructures, and other requirements that
would guarantee a definable amount of integration. Compliance would be mandatory. Data could flow down
to compliant systems. Bi-directional data flow may or may not exist at this time. This would be a transitional
phase for external systems. The eventual state for external Risk Management Systems would not take place
until well beyond the 118 month model.
An assessment of the model beyond 18 month indicates the establishment of the foundation infrastructure
with a series of web services encapsulated in tool sets at Safety Center. The focus of efforts from 18 months
and beyond should be the evolutionary development of the entire suite of Risk Management tools. The
following section defines each of these tools and the recommended end state. Recommendations are based on
an assessment of safety management, reporting, and analysis needs for ACOMs, ASCCs, DRUs, installations
and brigade level commands.
Figure 26 - Army ANSI Z10 Systems Development Model
Page 44
September 15,
2009
The Army Risk Management Information System

In FY2000, the Safety Center G6 made a proposal to BG LaCoste (the Safety Center commander at the time)
to develop a multi-tiered Risk Management Information System. The DA level tools located at Safety Center
would be known as the Risk Management Information System (RMIS) and lower level commands would have
a less capable tool designed to manage safety data not managed in RMIS and to integrate tightly with RMIS.
This tool was known as Command Risk Management Information System of CRMIS.
Since that time, Safety Center has done a tremendous job at evolving on-line safety and risk management
tools. The purpose of this section is to update the original concept of tools with their current variants. The
collection of tools located at Safety Center would be collectively known as the Army Risk Management
Information System (ARMIS). It would consist of the following tools: 1) Report-It, 2) Track-It, 3) Analyze-It,
4) Train-It, 5) Prevent-It, and Review-It. The command level, known as CARMIS, would also be updated.
Details on CARMIS are included later in this section.
Incorporating ANSI Z10

The introduction of “Report-It,” the Army online accident reporting tool, established precedence for a naming
convention that well suits the Army ANSI Z10 Systems Development Model and its safety automation tools.
The naming convention focuses on using “It” as the action and purpose of the tool. For example, Report-It,
Analyze-It, Track-It, and Prevent-It all define functional aspects of Army safety and the tool’s function within
the OHSMS.
The long term goal of any safety automation project would be developing a model that provides for continuous
safety program improvement and seamless integration of a community of safety management tools and
resources. At the core of the ANSI Z10 is the concept of continually improving safety and health performance.
Continual improvement requires that program deficiencies be identified, corrective elements be developed,
controls be implemented, and performance of control measures analyzed. The ANSI Z10 incorporates this
traditional Plan-Do-Check-Act (PDCA) approach for improving safety in the workplace. The PDCA approach
is recursive and provides the
methodology for continual
improvement. The PDCA approach
can also be defined as a change
management approach.
Change management is critical to the

implementation of the ANSI Z10.
From an automation perspective,
change management should be
designed in as the core concept of the
automation business model for all
Army safety automation projects. The
importance of implementing a change
management tool at the core of the
Army’s safety development efforts
cannot be overemphasized. Without
continual improvement and a process
to manage change, the Army Safety
Figure 27. Overview of basic automation model with change management Program will continue to struggle with
integrated at its core. sustainable accident, risk, and hazard
reduction.
Data is either provided or it is consumed. Tools used to manage and manipulate data can be categorized as
data providers or as data consumers. Data provider sources such as accident reports, inspection reports, and
training records are designed to track and measure performance. Data consumers analyze and process data
collected from data providers. Analyzed data can provide measures of effectiveness when implemented
corrective actions are measured for their impact in correcting a deficiency.
A change management model defines the specifications for all other safety automation tools both internal and
external to Safety Center. For the ANSI Z10 to function as a basis for designing safety automation tools it
Page 45
September 15,
2009
must have a robust core functional component that defines a framework for all other components. As with the
standard itself, the core function should focus on change management. Figure 2 depicts how this Army safety
automation model with change management capability at its core might work. On the data provider side are
tools such as Report-It, Inspect-It, and Train-It. These tools feed performance data into the change
management core of the model. Tools such as Analyze-It and Prevent-It draw data from the core, analyze and
process the data, then provide measures of effectiveness back to the core. These measures of effectiveness
would then be used to determine if actions managed in Track-It and implemented in tools such as Prevent-It
are effective in controlling specific hazards and deficiencies.
The following sections outline the individual tools that make up the ARMIS. Each of the tools are categorized
into their corresponding Plan-Do-Check-Act categories.
Track-It – Providing for Management of

Change
Change management is at the core of the Army ANSI Z10
Systems Development Model and is the engine that drives
continuous improvement. It is singularly the most important
component of the Army ANSI Z10 Systems Development Model.
Change management requires full life cycle management of
hazards and deficiencies to support continual improvement of the
OHSMS.
The Army Safety Program currently makes limited use of a

change management. The current change management tool is
known as the Recommendation Tracking System (RTS). The RTS
is very limited in its scope and not capable of addressing the
broad scope of change management that is required by the Army
ANSI Z10 Systems Development Model. To meet the
requirements of the ANSI Z10 and the Army ANSI Z10 Systems
Development Model, RTS would need to be completely redesigned.
The redesigned change management tool is known as Track-It. Figure 28 - Track-It; the engine of change management
Track-It would have the core requirement of being a robust change management tool that integrates with all
other safety management tools covering all aspects of the OHSMS. Track-It should be designed from the
ground up to be scalable and extendible. It should be designed around a clearly defined set of common
specifications that would facilitate communication between safety automation tools. Existing tools should be
updated to conform to this model as part of their normal upgrade cycle and all new tools, both internal to the
Safety Center and externally developed tools, should be required to conform to this model.
To manage change, Track-It would need to be designed to support the PDCA approach. In the Plan phase,
deficiency demographics (e.g. location, deficiency type, etc.) and deficiency causation factors (e.g. HFACS)
would be quantified and stored with the deficiency entry to provide for trend analysis. Likewise
recommended corrective actions would be quantified to identify type corrective actions associated with type
deficiencies. In the Do phase, the actual corrective action that was implemented would be captured. Like the
Plan phase, key elements such as type corrective action, cost, and how implemented would be quantified so
performance could be measured. In the Check phase, the effectiveness of the corrective actions would also be
quantified. Track-It would use this information to gauge the performance of type corrective actions in abating
specific type hazards and deficiencies. Finally in the Act phase, Track-It, through analysis of its data, would
provide the basis for improved corrective actions and controls that could be fed back into Army regulations,
training programs, prevention tools, and processes. Below are some additional features that should also be
incorporated into Track-It.
♦ Provide for responsible action officer and responsible office to track and manage change
♦ Provide a design that could be implemented at all levels of command
♦ Require implemented corrective actions to include what the expected outcome of the corrective action will
be
♦ Require measurable elements be defined to determine levels of success for the corrective action
Page 46
September 15,
2009
Though Track-It would rely on interaction with the entire suite of safety automation tools it would manage
hazards and deficiencies independently of any of those tools. Status updates would of hazards and
deficiencies would be synchronized between the tools but this synchronization would not be required for
either to function. The following sections describes how data provider tools could feed data to Track-It and
how data consumer tools make use of the data processed through Track-It.
Plan
Plan tools should be designed to process and review
relevant information used to identify OHSMS issues,
prioritize OHSMS issues, develop objectives, and
formulate implementation plans. It requires all
systems to provide feedback to the planning process
for continual improvement.
Prevent-It
Prevent-It is designed to evolve from Risk
Management tools currently in place at the Safety
Center. GRAT, CART, and TRiPS all are used to
identify and manage operational and individual risks.
This data contains information that is significant to
analysis tools such as Analyze-It. Currently this
information is largely unused by Safety Center for Figure 29 - Section 4; Plan
analysis. As the tools within Prevent-It evolve,
provisions for extracting performance data should be incorporated. For example, if GRAT or CART required
some sort of AAR following a mission, then the successes of controls could be measured. These successes
could represent valuable performance trends for use in Analyze-It. To encourage use, GRAT and CART could
be integrated into mission planning tools for seamless mission planning integration. Along with data from the
Center for Army Lessons Learned, successes could be measured instead of just failures. These development
goals are perhaps the most difficult to achieve but have the greatest potential in preventing accidents.
Do
Do tools incorporate several key elements of the Army
ANSI Z10 Systems Development Model to include Design
Review and Management of Change, Procurement,
Contractors, and Emergency Operations. In the area of
operations it defines education and training programs,
communication processes, and documentation of control
processes. Perhaps the most significant element is the
requirement for management of change. Management of
change integrates the other elements of the system and is
the engine of continual change. Accordingly, the
management of change tool, Track-It, exists independently
but integrated with of the Do section.
Train-It
Integration of the Defense Training Management System
(DTMS) and the Army Learning Management System
(ALMS) would require the development of an interface tool
known as Train-It to make use of the data. Train-It would
normalize data to the common system of metrics and make
the DTMS and ALMS usable throughout the ARMIS.
Through Train-It, the Safety Center will be able to provide Figure 30 - Section 5; Do
for centralized reporting of safety training to organizations
at all levels.
Page 47
September 15,
2009
Check
Check tools require the ability to track findings and identify
trends. Check tools also require measurement of
performance against the OHSMS standards. Specific
processes and tools used to measure performance such as
workplace inspections, exposure assessments, injury / illness
investigations, and employee feedback are examples of these
requirements.
Report-It
The current development path of Report-It is an example of
best practices in software development. Both scalability and
extensibility are built into the design. Report-It would be
established as the primary means for reporting all accidents.
Accidents could be reported by the safety manager or chain of
command personnel. When completed, the finished report
could be approved / endorsed by the chain of command
electronically. No paper report need exist. The design of
Report-It should necessarily include the reporting
requirements for civilian injuries and the specific reporting
requirements of the U.S. Army Corps of Engineers (e.g.
reporting of contractor mishaps and reporting of injuries and Figure 31 - Section 6; Check
fatalities to visitors of USACE recreation facilities). Once these
requirements were included, no other accident reporting system
should be allowed.
Report-It should also includes capabilities beyond accident reporting. It should include hazards and
deficiencies reported directly by organizational personnel. It should also transparently link with external
systems such as the Center for Army Lessons Learned and USACHPM injury reporting systems. Report-It
would include:
♦ Report-It – Mishaps: Reports findings and recommendations identified as a result of an accident

investigation process. Select findings and recommendations would be exported to Track-It in a similar
matter to RTS. Track-It would then provide for full life cycle/change management of the finding.
♦ Report-It – Employee Found: Reports observations and recommended abatements reported by
employees. In Army Aviation this report is known as an OHR. For all others it is known as a Report of
Alleged Unsafe or Unhealthful Working Condition. One requirement of the ANSI Z10 is employee
participation. Report-It – Employee Found would be an integral part of the Army’s enhanced employee
participation initiatives required by the standard. Track-It would then provide for full life cycle/change
management of the validated deficiency observations.
♦ CALL & USACHPM Injury Reporting: Reports findings and recommendations derived from external
injury and deficiency reporting systems.
ARAP
Like tools associated with Prevent-It, ARAP offers significant potential for providing safety and risk
management measures of effectiveness. ARAP should have the ability to pass sanitized data to Analyze-It
while protecting is capabilities as a battalion level assessment tool. Analyze-It could compare ARAP
assessment trends with accident trends to measure the effectiveness of the Army’s safety initiatives as well as
those of the organization. Analyze-It could also use the data to profile at risk organizations. Commands
could access the resulting command specific data from ARAP and access DA level trends from Analyze-It.
Page 48
September 15,
2009
Act
Act tools define the management review process
and provide for review of outcomes and follow-up
procedures. Incorporated into Act tools is the
ability to provide measures of effectiveness of the
OHSMS.
Analyze-It
Analyze-It began as a collection of analysis tools
currently in place at the Safety Center. To enhance
analysis capabilities, Analyze-It should undergo
an assessment to determine what is needed by
data consumers and what is the best provider /
source of that data. The existing tools could then
Figure 32 - Section 7; Act
evolve into a mature analysis tool. Several
conceptual capabilities have been described
throughout this document.
Analyze-It should also be designed to provide for measures of effectiveness. To do this Analyze-It would
perform detailed statistical and trend analysis of conditions, behaviors, and activities that lead to the existence
of hazards and that have caused accidents. Analysis of leading indicators such as training data and audit data
defines leading performance factors in the organization. Analysis of demographics define ―at risk‖ personnel
and activities. Analysis of causations factors defines those factors that precipitated the conditions into an
accident. All elements are then checked against each other to see if the plans, policies, and programs
represented by the leading indicators reduced the frequency or severity of the events represented by the
lagging indicators
Once analyzed and processed, this data can be used to develop effective corrective actions (Plan), implement
corrective actions (Do), and verify if the corrective actions were effective (Check). Track-It would provide the
communication and tracking mechanism to link analysis with hazards and deficiencies so that life
cycle/change management could be accomplished. As a minimum, Analyze-It should provide the following:
♦ A Trend Analysis Tool

♦ An AdHoc Query Tool
♦ An HFACS Analysis Tool
♦ A Hazards Analysis Tool
♦ Comparative analysis of leading indicators against lagging indicators
♦ Analysis should include the measurement of both leading and lagging indicators and measure
performance and effectiveness
Analyze-It should be capable of being accessed independently of any other tool and provide data as requested.
Additionally, Analyze-It should work in conjunction with Command ARMIS (see below) to combine Safety
Center analysis data with organizational data. This combination of data would provide a more detailed view
of an organization’s safety health for that commander. The business model for Analyze-It should include this
capability as part of its fundamental design.
Review-It
The Management Control Evaluation Process (MCP) is not currently used as an effective safety performance
tool. The MCP should be expanded to incorporate a comprehensive self assessment model that makes use of
all metrics to assess the health of the OHSMS at all organizational levels. The MCP should be merged with
annual OSHA reporting requirements to provide a comprehensive strategic assessment of the OHSMS. The
strategic assessment should also include data from other resources such as the Center for Army Lessons
Learned to develop future plans and initiatives.
The Safety Center should develop a tool to capture and management this data. The tool, known as Review-It,
would draw data already archived and collect additional data not yet captured in the system. Review-It,
would make use of existing raw data, analyzed data from Analyze-It, and new data provided by the user.
Page 49
September 15,
2009
Through the use of a Turbo-Tax like interface, standard reporting criteria could be captured and standardized
reports provided.
Command ARMIS – Providing for External Safety Automation Tools at Lower Level
Commands
Hazards and deficiencies with their corresponding recommendations have a scope of impact. They also have a
targeted level of command responsibility for actions described in the recommendation. Each level of
command below DA requires information in finer levels of granularity than the next higher level of command.
DA may not care if annual fire extinguisher inspections were conducted but a battalion level safety manager
may have a real need to track this data. This and other detailed information can act as a leading indicator
gauging the commands emphasis and involvement in safety. The traditional one size fits all approach to
software development would limit the success that could be achieved with command scalable safety
automation tools.
Scalability describes the ability of a safety automation tool to grow from a simple desktop application to an
enterprise wide application. Because scalability is built in, Track-It and other safety automation tools based
on the ANSI Z10 are applicable to all levels of command. The original recommendation for a Command RMIS
in FY2000 called for multiple information systems located at Headquarter Commands and installations.
Given today’s technologies and headaches associated with access control, it is recommended that these
systems be centrally located at the Safety Center. The Safety Center, while not managing the data and
programs at lower levels of command, could centrally house all data for all command levels. Tools such as
Analyze-It and Review-It would include data from these sources in the analysis and review process. Data
from these sources may be invaluable in determining measures of effectiveness.
The updated model for command level tools is known as the Command Level Army Risk Management
Information System (CARMIS). It would consist of the following tools: 1) Inspect-It, 2) Staff-It, and 3)
Manage-It (awards, facilities, explosives safety, radiation safety, etc.). Like its big brother ARMIS, CARMIS
tools would also be categorized according to their Plan-Do-Check-Act category. Currently, there are no tools
anticipated for the Plan category. DA level ARMIS tools are expected to fulfill this need. CARMIS tools begin
with the Do category.
Do
Do tools at the command level incorporate organizational level elements of the Army ANSI Z10 Systems
Development Model such as communication processes, compliance programs, and documentation of control
processes.
Manage-It
Manage-It deals primarily with the management of compliance and other directed programs. Tools in this
category include management of the following programs:
♦ Safety awards program

♦ Facilities management
♦ Medical surveillance (a DOHRS lite tool)
♦ Explosives safety management
♦ Radiation safety program management
Organizational management of training should also be included in Manage-It. Access to training should be
provided seamlessly through the ARMIS tool Train-It.
Page 50
September 15,
2009
Check
Like ARMIS Check tools, command level Check tools also require the ability to track findings and identify
trends. At the command level, these tools focus on audits and inspections. They also include centralized
hazards management through the ARMIS tool Track-It.
Inspect-It
Inspect-It manages findings and recommended abatements identified from workplace safety inspections and
audits. Workplace safety inspections and audits are conducted from the DA level down to the organizational
level. Many significant safety deficiencies have been identified as a result of this process. Inspect-It provides
tools to manage the inspection process and feed hazards, findings, and recommendations into Track-It.
Act
Act tools at the command level define the information gathered from various sources that has been presented
to commanders and senior staff personnel for action and monitoring.
Staff-It (Safety Council Tool)

Chapter 2 of AR 385-10, The Army Safety Program, requires the establishment of a safety council. Safety
councils are directed at all levels from Battalions Safety Councils to the DA level Army Safety Coordinating
Panel. Staff-It manages issues and recommendations resulting from these safety councils/committees. Staff-
It also provides mechanisms to feed hazards, findings, and recommendations into Track-It.
External Data Providers

Many external information systems contain data that could be of significant use to ARMIS and the Army
ANSI Z10 Systems Development Model. The external information systems serve as data providers to ARMIS.
The following are examples of external data providers essential to meeting the goals of the Army ANSI Z10
Systems Development Model.
Defense Training Management System – Train-It

The Defense Training Management System is being positioned as the standard training reporting tool for all
Army training. The Army Learning Management System is the standardized online learning system for the
Army. Integration of DTMS and ALMS with the ARMIS has been previously defined in this document.
Completion of safety training would be directly entered into DTMS by supervisors or safety managers. As an
external system, data from DTMS would represent a measure of safety performance for both the individual
organization and for DA. DTMS can be found at https://dtms.army.mil/
Defense Occupational Health Reporting System

The Defense Occupational Health Reporting System is used to track industrial hygiene compliance issues and
to manage individual industrial hygiene programs such as respiratory protection and hearing conservation.
DOHRS can be difficult to use and it is intended for use by industrial hygienists. Because of this, it would
probably not be a system used by most safety professionals. Data from the system could be used in Track-It
and Analyze-It to represent measures of performance. Trends identified from DOHRS data could also be
compared with accident trends to provide measures of effectiveness. DOHRS can be found at
http://dohrswww.apgea.army.mil/
Integrated Facility Systems

The Integrated Facility System is used for the management of buildings located on Army installations.
Currently there is not a module in the system specifically for safety. The IFS could provide a resource list for
safety managers to track facility safety functions such as the Standard Army Safety and Occupational Health
Inspections. Manage-It would make use of data in the IFS to provide for facilities management at the
organization level. The value of IFS as an external resource will be dependent upon the degree of integration
with Manage-It.
Page 51
September 15,
2009
Analyze-It and Review-It would also make use of data in the IFS. These tools would use the IFS data as part
of life cycle maintenance of facilities. Life cycle issues that would be tracked include accessibility, traffic flow,
building maintenance ease of support, pedestrian flow, and environmental impact. IFS can be found at
https://www.acsim-apps.army.mil/
SaFER
SaFER was designed as an intermediate data layer between the Office of Workman’s Compensation (OWCP)
claims tool and Safety Center / Command Safety Offices to provide reports of civilian injuries. In the past
data from OWCP/Department of Labor (DoL) was used to track civilian injury rates. Data in these reports
were based off requirements in 29 CFR 1960. Since 2005, Federal agencies have been required to report
civilian accidents in accordance with the guidelines in 29 CFR 1904. The significant differences between these
two systems are the way in which lost time injuries are reported. SaFER will usually report more lost time
injuries over a given period then required by 29 CFR 1904. To comply with Federal reporting requirements,
the Army made changes to AR 385-10 and aligned its reporting requirements accordingly. Civilian injuries
are now reported directly to Safety Center and not through OWCP/DoL. Once Safety Center has collected an
adequate amount of civilian injury reports (recommend 3 to 5 years worth of data) the need for SaFER / DoL
data will no longer exist.
Figure 33 - The Army Risk Management Information System
End State
The Army clearly needs tools that can provide the DA consolidation of select data while still providing
information fidelity down to the organizational level. Tools are needed to address all aspects of Army safety
and risk management. We need to avoid mistakes from the past where individuals have to learn multiple
interfaces on multiple different platforms. The tools we create must not increase the complexity of the task.
Our goal should be to create an integrated highly flexible Army Risk Management Information System
(ARMIS).
Most people are familiar with web portals. AKO, MSN, and yahoo all provided customizable web portals.
Web services provide tools and resources to users. The web services can reside in multiple locations and
access data across multiple domains. ARMIS should be designed around a web portal that houses web
services that would be used to manage the organization safety and risk management programs. Some of the
tools accessible in the portal would be sourced from ARMIS. The following are examples of these tools:
Page 52
September 15,
2009
♦ Prevent-It
♦ Report-It
♦ Track-It
♦ Analyze-It
Safety managers and other select individuals also need access to tools that manage safety data at the
command level. The command level tools would collectively be known as the Command Level Army Risk
Management Information System (CARMIS). CARMIS would be designed from the ground up to integrate
with ARMIS. CARMIS would also be designed to compliment ARMIS and house data that Safety Center or
other DA repositories have no intent of managing. CARMIS itself would not be a separate web site. It would
be a data repository and a collection of web services.
The end state would be a system designed around the Army ANSI Z10 Systems Development Model that
meets safety management and information needs at all levels of command. Access to these tools would be
transparent. Each tool would be a web service that is accessed through a common Army Risk Management
Information System portal. The user would not know nor care where the data repository and services reside.
Access to ARMIS and CARMIS would be managed at Safety Center using subscription services. A user would
subscribe to ARMIS. Based on the user’s duty position and their function within the organization, the user
would be assigned a role. Each user role provides access to tools specifically targeted to the needs of the role.
Below is an example of the types of roles that could be implemented:
♦ ACOM / ASCC / DRU Safety Director/Manager – requires role-up views of command data and DA data
for key program tracking and analysis.
♦ Brigade/Division Command Safety Manager – requires role-up views of command data, facility data, and
DA data for program management, integration, and analysis.
♦ Facility Safety Manager – requires facility safety data to manage inspections, work conditions, waivers,
licenses, explosive storage, and range safety issues. Requires access to DA facility mishap trends for
analysis.
♦ Organizational Safety Manager – requires organizational safety data, relative facility data, mishap data,
and hazard related data for organizational safety program management and analysis.
♦ Commander – requires access for chain of command related activities and data relative to level of
command. Conducts analysis of mishap and hazard trends.
♦ Command Approval Authority – requires access to support operations requiring chain of command
approval authority.
♦ Supervisor – provides input to system on activities related to their organization and personnel. Examples
include DTMS, employee report of hazard, and general safety data reports.
♦ General User – mishap reporter and employee report of hazard.
Roles would be granted in a similar fashion to the way RMIS currently grants access. Requests would be
approved by the supervisor, reviewed by key personnel at Safety Center, and then the role would be granted to
the individual. The individual would then be provided the ability to customize their view of the portal. A
supervisor may only have 3 to 5 choices for customizing their portal view where as a safety manager may have
dozens of options for customization. The customization capabilities would be designed to promote each user
taking ownership of their portion of the organization safety program.
The figure below shows an example of how the portal could look for a safety manager role. A variety of tools
are offered in the menu. The portal would also provide graphic rich charts and graphs. Visual representations
of safety related data such as mishap trends and at risk populations are far more effective at conveying a
message than numbers alone. Each chart and graph could be clicked on to drill down through the data
(similar to some features in RMIS Quick Search). Views could be transparently linked to ARMIS data or data
in CARMIS. Views could also represent composite data from DA sources such as the DTMS and IFS.
Composite views would give the commands a more comprehensive view of the safety and risk management
health of their organization.
Page 53
September 15,
2009
Figure 34 - Conceptual implementation of ARMIS
Page 54
September 15,
2009
Section 8 – Summary
The purpose of this document was to provide a high level overview of the possible evolution of the Army
Safety Program to the ANSI Z10. It also attempted to show the benefits of modeling a safety automation
development model around this same standard. Section 3 of this document defined Safety Excellence
organizations as organizations that focus on process and management not on simple programs. In Safety
Excellence organizations, focus is placed on running safety as part of an integrated management system. The
ANSI/AIHA Z10-2005, American National Standard for Occupational Health and Management Systems has
the potential to transform Army safety and achieve Safety Excellence.
The document also was intended to provide an information system developmental model designed around
ANSI Z10. The Army ANSI Z10 Systems Development Model is designed to comply with all aspects of ANSI
Z10. The document defined tools that provide for management of change and continual improvement of the
OHSMS. It provides high level recommendations designed to lay the foundation for future safety information
management needs.
This document, however, is only a starting point. Its recommendations represent only high level actions.
Much more analysis needs to be done to meet the Army’s needs. The transition to ANSI Z10 requires
significant effort as does the development of compliant safety information management tools. Each program
element of the Army Safety Program and each safety automation tool would require analysis to determine
where it fits into the ANSI Z10 and what changes would need to be made for compliance with the standard.
The requirements of this transition are challenging but the can be realized.
Page 55
September 15,
2009
Page 56
September 15,
2009
Appendix A – Comparative Analysis of Safety Management Systems

Leadership: An effective leader must unite followers to a shared vision that offers true value,
integrity, and trust to transform and improve an organization and society at large. (source:
www.bambooweb.com)
Management: Management characterizes the process of leading and directing all or part of an
organization, often a business one, through the deployment and manipulation of resources (human,
financial, material, intellectual or intangible). One can also think of management functionally: as the
action in measuring a quantity on a regular basis and adjusting an initial plan and the actions taken to
reach one's intended goal. This applies even in situations where planning does not take place.
Situational management may precede and subsume purposive management. (source:
www.bambooweb.com)
Employee Relations: Employee Relations refers to the characteristics of people understanding

their role in the Organization, with two-way open communications and managers ability to effectively
relate to inspire, motivate, and leverage the talents of the employees within the organization to
achieve organizational goals.
Measurement: Measurement is the determination of the size or magnitude of something.

Measurement is not limited to physical quantities, but can extend to quantifying almost any
imaginable thing such as degree of uncertainty, worker confidence. (source: www.bambooweb.com)
Safety Culture : Safety Culture refers to the product of individual and group values, attitudes,
perceptions, competencies, and patterns of behavior that determine commitment to, and the style and
proficiency of, an organization's health and safety management. Organizations with a positive safety
culture are characterized by communications founded on mutual trust, by shared perceptions of the
importance of safety and by the efficacy of preventive measures. (source: The Advisory Committee on the
Safety of Nuclear Installations (ACSNI)1993, p23).
Core Element Comparisons

Leadership at the Top
CEO Leader Executive Team
Top 12 Managers Operations Leadership in Transition
VP Responsible
Management System That Works
“Trust but Verify” Best Safety Practices
OHSAS, CHSEA, OSHA Standards &
Bi-Monthly Reporting to Top Management
Certifications
Behavioral
Confidence by all in Company Value
Operations Accountability Public Report
Accountability Requirements Broad Use of Goals
Financial Incentives High Profile VPP Participation
Rewards/Recognitions
Page 57
September 15,
2009
Core Element Comparisons (continued)

Performance Monitoring and Feedback
Internal & External Audits
Real Time Performance Data
Focused Staff Follow-up
Assessment Program
Source: Driving Toward ―0‖
Best Practices in Corporate Health and Safety, R-1334-03-RR,
The Conference Board. http://www.conference-board.org
Page 58
September 15,
2009
Independent Safety Management Models
Keil Centre Ltd. - Safety Culture Maturity ® Model

The safety culture maturity model ® presented refers to organizational behaviors; NOT safety management
systems. A positive safety culture is the product of effective safety management. As part of a project sponsored
by the United Kingdom offshore oil industry and the Health and Safety Executive, The Keil Centre developed
the Safety Culture Maturity® Model, providing a structured safety culture improvement process. The Safety
Culture Maturity® Model assists organizations to identify their current level of safety culture, and develop
level-specific improvement actions. The focus of improvement actions differs, depending upon the existing
level. The Model is set out in stages. Organizations progress sequentially though the five levels. Growth in
Safety Culture Maturity® normally takes one to two years per level, and collectively five to ten years for an
organization to achieve peak performance, assuming they start at Level 1 and maintain a sustained and well-
resourced effort. Safety Culture Maturity is a Registered Trade Mark of The Keil Centre Ltd. Copyright The
Keil Centre, 1999
1 2 3 4 5
Continually
Emerging Managing Involving Cooperating Improving
Realize the importance of frontline Engage all staff to develop
Develop Management staff and develop personal cooperation and commitment to Develop consistency and
Commitment responsibility improving safety fight complacency
Safety Culture Maturity ® Element Leadership Management Employee Relations Measurement

Visible Management Commitment X
Safety Communication X X
Production versus Safety X X
Learning Organization X X X
Health and Safety Resources X
Participation in Safety X X
Risk-taking Behavior X X
Trust between Management and Frontline Staff X X
Industrial Relations and Job Satisfaction X
Competency X X
Page 59
September 15,
2009
Australian Defense Aviation System

The specific goals of the Defense Aviation Safety Management System (ASMS) to accomplish this purpose are
the:
♦ Preservation of the human and materiel resources of Defense aviation in order to maintain capability,
improve quality and enhance readiness to perform the organization’s mission(s)
♦ Reduction in the rate of aviation accidents and serious incidents resulting from human, organizational
and systemic deficiencies to zero
♦ Establishment and maintenance of an effective hazard identification, reporting, investigation and
management system, which eliminates, or reduces to an acceptable level, aviation risks within Defense
aviation
♦ Establishment and maintenance of a generative safety culture
1 2 3 4
Genuine Command Generative Safety Culture Defined Safety Organization Communication
Commitment Structure
♦ Safety recognized as a Promote stds of excellence: Committee purpose: inform Policy documentation
priority o Professionalism, commander promote interest Review boards/working
♦ Command committed to o Innovation Forum for: viewpoints policy groups
improving objectives eliminate/mitigate
o Loyalty Surveys
♦ Appropriate allocation of safety hazards
resources o Integrity - adherence to Audits
♦ Trained and qualified staff codes. Safety stand-downs
♦ Personnel aware of: orders, Commanders should: Open reporting mechanisms
instructions, procedures o Lead by example Confidential reporting
♦ High level of awareness
o Allocate adequate resources Activity briefings/de-
♦ Effective risk management
o Acknowledge concerns & briefings
process
suggestions Face to face discussions
o Give feedback on decisions Visits and liaisons
Actively measure: Safety information
o Safety climate Communication strategy
o Behaviors
o SMS
Measure perceptions:
o Integrity
o Trust
o Morale
o Quality
o Leadership
5 6 7 8
Documented Safety Policy Training & Education Risk Management Hazard Reporting &
Tracking
Group policy: a safety Training: Establish the context Hazard reporting
o Mgmt system culture - open o Orientation Identify risks Occurrence reporting:
reporting hazard o Postgraduate Analyze risks o Event
o Id process risk o Skill specialization Evaluate risks o Incident
o Management target - zero o Contractor Treat risks o Accident
accidents o Safety staff Communication & consultation o Serious accident
Personnel policy: adequate training
o Overseas Monitoring & review Hazard review board
awareness risk management
o Domestic 5-m model for assessment Tracking
o Conferences Hazard identification Reports
o Websites Risk control strategies Hazard identification
Recognition program Risk control tools Perception of a hazard
Risk decision making
Page 60
September 15,
2009
Australian Defense Aviation System (continued)

9 10 11 12
Investigation Emergency Response Survey & Audit ASMS Review
Analysis Standard plan framework Safety survey purpose: Continuous improvement
Findings Standard terminology o Assess the SMS cycle:
Contributing factors Facility names o Recommendations for o Safety policy planning
Defenses Promulgate authority improvement o Implementation
Risk management Planning committee o Measure culture o Measure & evaluate
Actions & recommendations Emergency plan context o Improve the quality o Management review
Define any problems Quality mgmt. System:
Set planning objectives o Identify positive impacts
Design & apply the management o Identify hazards
structure o Risk mitigation strategies
Determine roles o Facilitate safety education
Determine responsibilities o Transfer new information
Analyze resources o Raise safety awareness
Develop emergency systems Mgmt. System audits:
Document response plan o Ensure compliance
Test the plan o Check standards & quality
Review the plan of documentation
o Improve the QMS
Page 61
September 15,
2009
Transport Canada
A safety management system is a businesslike approach to safety. It is a systematic, explicit and
comprehensive process for managing safety risks. As with all management systems, a safety management
system provides for goal setting, planning, and measuring performance. A safety management system is
woven into the fabric of an organization. It becomes part of the culture, the way people do their jobs. The
organizational structures and activities that make up a safety management system are found throughout an
organization. Every employee contributes to the safety health of the organization. In larger organizations,
safety management activity will be more visible in some departments than in others, but the system must be
integrated into ―the way things are done‖ throughout the establishment. This will be achieved by the
implementation and continuing support of a coherent safety policy which leads to well designed procedures.
1 2 3 4
Senior Management Safety Policy Safety Information Establishing Safety as a
Commitment Core Value
Expressed as direction Commitment & objectives Safety goals Safety integral to mgmt. Plan
Allocates responsibilities Performance goals & review Evaluation of progress Set safety goals
Holds people accountable Clear statements of responsibility Accident/incident records Hold managers & employees
Accountabilities converge at top Investigation findings accountable
Ensure compliance w/ regulations Corrective actions Achieve goals
Adequate knowledge & skills Concerns raised by Establish deadlines
Compatibility or integration Employees/resultant action Part of normal business
With other management systems Safety review & actions Part of normal job
Records of safety initiatives In acquisition process
5 6 7 8
Setting Safety Goals Hazard Identification & Risk Establishing a Safety Safety Audit & Assessment
Management Reporting System
Identify & eliminate or control During implementation Employees: Includes contractor activities
hazards Regular intervals afterwards o Report hazards Are staff following procedures?
Risk management Major operational changes o Report concerns If not? Why?
Identify: When changes are planned o Trust & use system Audits & assessments are
o Systemic weaknesses If organization is: Staff know: how to report conducted regularly
o Accident precursors o Undergoing rapid change Reports are: acknowledged
Eliminate or mitigate them o Changing services new analyzed resolved
o Equipment/procedures key
o Personnel change
9 10 11 12
Accident & Incident Safety Orientation & Emergency Response Plan Documentation
Reporting & Investigation Recurrent Training
Every accident/incident is: New employee training: Checklists & contact info Policy statement
o Reported o How safety is managed Regularly updated Reporting chain
o Investigated o Company philosophy Exercised to ensure Key personnel
o Analyzed o Policies Adequacy & readiness Responsibilities
o What happened o Procedures After plan is adopted: Identifies processes:
o Why it happened o Practices o Staff are briefed o Hazard identification
o How it happened Employee training: o Staff receive training o Risk management
Responsible manager acts on o Each discipline o In procedures o Safety reporting
findings o Refresher/retrainer o Poc has plan on desk o Audit/review
Page 62
September 15,
2009
Nine Elements of a Successful Safety and Health System © 2005 National Safety
Council
A safety management system is an organized and structured means of ensuring that an organization (or a
defined part of it) is capable of achieving and maintaining high standards of safety performance. A
comprehensive safety and health system should be proactive and preventive. It should be an integrated
system that involves everyone in the company, starting with a solid commitment from top management. It
should include a formal method of measuring and evaluating individual and organizational safety
performance with an emphasis on improving safety performance within the system. In creating a safety
management system, a company’s management system must first clarify and establish its safety and health
philosophy, beliefs, and vision or mission. Through these efforts, a culture that promotes safety and health is
established. A comprehensive safety management system should give equal consideration to the
administrative, operational and technical, and cultural issues of safety and health.
Administrative - Management
1 2 3
Management Leadership & Organization Communications & Assessments, Audits & Continuous
Commitment System Documentation Improvement
Clear policy Two-way communication Compliance to policy
Goals & objectives Record keeping & procedure
Performance measures Documentation Audits
Resources Assessments at all levels
Accountability Action plans
Integrated
Technical - Operational
4 5 6
Hazard Recognition, Evaluation & Workplace Design & Engineering Workplace Design & Engineering
Control
Ergonomic design Ergonomic design Training
Regulations & standards Regulations & standards Communications
Design Design Behavior auditing
Policies Policies Recognition & reward
Observations
Cultural - Behavioral
7 8 9
Employee Involvement Motivation, Behavior & Attitudes Training & Orientation
Training Organization Behavior Management (OBM) Systematic
Communications Reinforcement & feedback Training plan
Behavior auditing Total Quality Management (TQM) Management training
Recognition & reward Attitude adjustment methods Orientation program
Observations
Page 63
September 15,
2009
"The Architecture of Safety Excellence" © Copyright 2000, Larry L. Hansen, L2H

Speaking of Safety, Inc.
Peak safety performance is the result of multiple strategies designed and applied across a broad spectrum of
issues and risk factors within an organization. Safety excellence is the outcome of a strategy continuum – one
that addresses a company’s regulatory, technical, engineering, organizational, behavioral, managerial and
cultural loss sources. Safety excellence is a function of individual and organizational behavior, both of which
are a function of organizational culture – that force which determines what everyone does to drive safety
through the process. For the past 70 years, American business has focused almost exclusively on the ―E‖ in
this equation – engineering, education and enforcement. In large part, safety professionals have mastered
these areas. Now it is time to work on the building blocks of culture, organizational strategy, performance
leadership and organizational behavior – the true accident sources.
Operational Strategies of a Safety Program
1 2 3
Education Enforcement Engineering
“Awareness” “Improving” “Engineering”
Policies Facility inspections Automation
Procedures Compliance audits Ergonomics
Meetings Walkthroughs Work methods
Training Program minimum Safeguarding
Disciplinary policies Requirements Process design
Citations, fines, penalties
Safety success = CEOu, where C = culture; E = elements of safety; O = organization and u = you
4 5 6 7
Behavioral Strategy Organization Leadership Cultural Strategy
“Actions of All” “Structure” “Managing People” “Culture”
Human resources Organizational design Encourage Vision & mission building
Engineers Job descriptions Reward Values clarification
Operations Responsibilities Participative High-visibility executive
Legal Communications Teaming Involvement
Risk management Performance measurement Reinforcing
Behave safely Rewards systems
Note: The 'Operational Strategies' of Education, Enforcement and Engineering…working left to right and the
'Organizational Strategies' of Culture, Leadership, and Organization, working right to left - in concert,
influence 'Behavior'…the ultimate event(s) prior to incident...and potential injury.
Page 64
September 15,
2009
People Based Safety - E. Scott Geller, Safety Performance Solutions - Alumni

Distinguished Professor, Virginia Tech
―People-Based Safety‖ (PBS) strategically integrates the best of behavior-based and person-based safety in
order to enrich the culture in which people work — improving job satisfaction, work quality and production,
interpersonal relationships, and occupational safety and health.
1 2 3 4
Observable Behavior External/Internal Factors Activators & Motivate Focus on Positive
Consequences
“Think To Act Differently” “Improve Behavior” “ABC’s” "Motivate Behavior"
What people do Improve job satisfaction Activator, behavior, & Working to achieve success
Analyzes why Work quality & production consequence Avoid reactive behavior
Intervention strategy Interpersonal relationship Design interventions for Using total recordable
Occupation Safety & Health Improving behavior at Injury rates
Individual, group, &
Organizational levels
5 6 7
Scientific Method Improve Theory to Integrate Consider Internal Feeling &
Intervention Information Attitudes of Others
“DO IT”
D = define target action & increase Intervention techniques Leadership empathy & sensitivity
or decrease Situation to message delivered
O = observe, set goals Individual
I = intervene
T = test impact, record Work practice
Page 65
September 15,
2009
Values-Driven Safety (Safety is a Social or Cultural Issue) - Copyright 1996, Don

Eckenfelder, Profit Protection Consultants, Inc.
Organizational attitude will determine whether safety initiatives will be successful. The attitude flows directly
from the culture and:
1. Culture predicts performance.

2. Culture can be measured and managed.
3. Nothing is more important than getting the culture right.
This knowledge – together with the ―tools‖ to act on it and the resolve to get on with it – can serve as a catalyst
for every existing safety effort. It will overcome the deficiencies in behavior-based safety (BBS) and magnify
its benefits.
1 2 3 4
Performance Map Bridge Metaphor Safety Culture Barometer Exercises for Improvement
"Causation Diagram" "Strong Bridge" "Maturity Grid" Do It For The Right Reason
Create loss resistance Deal with culture directly "Measurement tool" Routine exercises
Facilitate loss prevention Change it consciously Organization customized
Work on beliefs and values Change it strategically Measurement device
Creating organizational culture
14 attributes that are invariably resident in organizations that are loss

resistant:
4. Each employee takes responsibility for safety.
5. Safety is integrated into the management process.
6. The presence of the full-time safety professional is limited.
7. There is an off-the-job safety effort.
8. Safety and other training are seamlessly integrated.
9. Compliance comes naturally.
10. Programs and technical processes have history and occur naturally
11. There is a bias against gimmicks.
12. Leadership always sets the example; safety is never taken lightly.
13. There is a recognizable safety culture.
14. The focus is more on process than statistics.
15. Negative findings are treated expeditiously.
16. The few safety professionals have stature.
17. Safety is seen as a competitive edge...not overhead.
The beliefs and values, worded as imperatives that will lead to the acquisition
of the 14 attributes, are:
18. Do it for the right reasons.
19. See it as part of the whole.
20. Recognize there is no end.
21. First, it is a people business; things are a distant second.
22. Put the right person in charge.
23. Use a yardstick everyone can read.
24. Sell benefits...and they are many.
25. Never settle for second best.
26. Be guided by logic, not emotion.
27. Empower others rather than seeking after support.
Page 66
September 15,
2009
Statistical Process Control - Motorola Inc.

The goal or purpose of Six Sigma is to reduce variation and eliminate defects so that virtually all products or
services meet or exceed customer expectations. Six Sigma is described both as a capability and as a
methodology. As a capability, Six Sigma is defined as 3.4 defects per million opportunities in a process. As a
methodology, Six Sigma provides the guidelines and tools to significantly and permanently improve processes
and products. There are three basic elements to the Six Sigma methodology: process improvement, process
design/re-design, and product design/re-design. Six Sigma was developed by Motorola in the 1980s but has
its roots in Statistical Process Control (SPC), which first appeared in the 1920s.
1 2 3
Process Improvement Process Design/Re-design Process Design/Re-design
DEFINE process identify goals for process DEFINE process identify goals for process DEFINE processes key customer requirements
consider customer requirements consider customer requirements develop key performance indicators
MEASURE process categorize key performance requirements that MATCH goals MEASURE performance against requirements
characteristics verify measurement systems ANALYZE performance requirements develop and key performance indicators
collect data outline design for new process detailed ANALYZE data to enhance measures refine
DESIGN for new process & IMPLEMENT
ANALYZE data translate data into information process management mechanisms
identify causes of defects & problems VERIFY new process performs as required CONTROL monitor process inputs process
IMPROVE process develop solutions analyze introduce controls to ensure continued operation process outputs
performance
results of changes determine if changes are
beneficial
CONTROL monitor process to assure no
unexpected changes occur
Page 67
September 15,
2009
Page 68
September 15,
2009
Systems Based Business Management Models
ISO 14000 Environmental Management System (EMS) - American National

Standards Institute (ANSI)
The ISO 14000 family is primarily concerned with "environmental management". This means what the
organization does to minimize harmful effects on the environment caused by its activities, and to achieve
continual improvement of its environmental performance. There are five major elements of the standard;
policy, planning, implementation and operation, checking and corrective action, and management review
commonly referred to as plan, do, check, act. These elements interact with each other to form the framework
of an integrated, systematic approach to environmental management, with the ultimate result being continual
improvement of the overall system. Copies of all ISO standards can be purchased from the American National
Standards Institute (ANSI), 25 West 43rd St., NY,NY 10036; phone: 212-642-4900 e-mail info@ansi.org
http://www.webstore.ansi.org/ansidocstore/
1 2 3 4 5
Policy Planning Implementation & Checking & Management Review
Operation Corrective Action
Pollution prevention Program achieving Emergency preparedness & Ems audit
Top management objectives response Records
Commitment continual Objectives & targets Operational control Nonconformance,
improvement Legal & other requirements Document control corrective &
Environmental aspects & Ems documentation preventative action
impacts Communication Monitoring & measurement
Significant aspects Training, awareness,
competence
Structure & responsibility
Page 69
September 15,
2009
Health & Safety Management System OHSAS 18001

OHSAS 18001 is an internationally accepted specification that defines the requirements for establishing,
implementing and operating an OHSMS. The specification was developed with the assistance of a number of
international standards and certification bodies. OHSAS 18001 fills a void, in that there is currently no
international ISO standard suitable for independent third-party certification. OHSAS 18001 was designed to
be compatible with ISO 9000 and ISO 14000. This will be helpful if you want to design, implement and
operate an integrated quality, environmental and occupational health and safety management system. The
benefits of an OHSMS include:
♦ Reductions in staff absence

♦ Reductions in claims against the organization
♦ Reductions in adverse publicity
♦ Improved insurance liability rating may equal lower insurance premiums
♦ Improved productivity
♦ A positive response from customers who want to deal with an organization with a proven health and safety
track record.
1 2 3 4 5
Policy Planning Implementation & Checking & Management Review
Operation Corrective Action
Policy statement Hazard identification Define roles, Procedures for handling Top mgmt. Meet
supported & authorized Risk assessment responsibilities and & investigating periodically
by top management Risk control authorities of staff accidents, incidents Facilitate continual
Top mgmt. & non-conformities improvement
Objectives to achieve
Representative Eliminate actual or Review policy &
Policy potential cause
Provide appropriate performance against
Specific and training Assess system objectives
measureable legal & suitability &
other requirements Int. & ext. Reviews determine
Communication effectiveness suitability, adequacy,
Plans that define: "Audits" and effectiveness of
Develop process &
o What will be done procedures management system
o Who will do what Control OHSMS Reviews focus on
o And by when documentation improvement &
Manage risk control customer satisfaction
Record maintenance
Establish, maintain &
test a process
Page 70
September 15,
2009
ILO-OSH 2001 International Labour Organization’s Guidelines on Occupational

Health and Safety Management Systems
The International Labour Organization’s Guidelines on Occupational Safety and Health Management Systems
(ILO-OSH 2001) was developed according to internationally agreed principles defined by the ILO's tripartite
constituents. This tripartite approach provides the strength, flexibility, and appropriate basis for the
development of a sustainable safety culture in the organization. The ILO has therefore developed voluntary
guidelines on OSH management systems which reflect ILO values and instruments relevant to the protection
of workers' safety and health (ILO, 2001).
Objects (ILO, 2001)

These guidelines should contribute to the protection of workers from hazards and to the elimination of work-
related injuries, ill health, diseases, incidents, and deaths. At national level, the guidelines should:
Be used to establish a national framework for OSH management systems, preferably supported by national
laws and regulations;
Provide guidance for the development of voluntary arrangements to strengthen compliance with regulations
and standards leading to continual improvement in OSH performance; and
Provide guidance on the development of both national and tailored guidelines on OSH management systems
to respond appropriately to the real needs of organizations, according to their size and the nature of their
activities.
At the level of the organization, the guidelines are intended to:
Provide guidance regarding the integration of OSH management system elements in the organization as a
component of policy and management arrangements; and
Motivate all members of the organization, particularly employers, owners, managerial staff, workers and their
representatives, in applying appropriate OSH management principles and methods to continually improve
OSH performance.
Policy Organizing Planning & Evaluation Action for

Implementation Improvement
♦ Occupational safety ♦ Responsibility and ♦ Initial review ♦ Performance ♦ Preventive and

and health policy accountability ♦ System planning, monitoring and corrective action
♦ Worker participation ♦ Competence and development, and measurement ♦ Continual
training implementation ♦ Incident improvement
♦ Occupational safety ♦ Occupational safety investigation
and health and health objectives ♦ Audit
management system ♦ Hazard prevention ♦ Management review
documentation
♦ Communication
Page 71
September 15,
2009
Occupational Safety & Health Administration (OSHA) Challenge (VPP Model) - OSHA
Draft revised 4/4/2007 - Occupational Safety & Health Administration, U.S.
Department of Labor
The OSHA Challenge Pilot uses the Voluntary Protection Programs (VPP) model of safety and health program
management to guide employers in the development and improvement of workplace safety and health
management systems (SHMS), with the goal of improving performance and ultimately qualifying for VPP
recognition and participation. Challenge participants follow a 3-stage roadmap of progressively more
comprehensive actions, documentation, and results. At each stage, they address the four major elements of
the VPP model:
28. Management leadership and employee involvement. Management accepts responsibility for, and
commits to implement and operate (including allocation of necessary resources), an effective occupational
safety and health program that protects all employees and contractors working at the site. Employees agree to
participate in the program and work with management to ensure a safe and healthful workplace. Annual
SHMS self-evaluations are performed, actions items identified and SHMS adjustments made to foster
29. Worksite Analysis. Management of workplace. safety and health must begin with a thorough
understanding of all hazardous situations to which employees may be exposed, plus the ability to recognize
hazards as they arise;
30. Hazard Prevention and Control. Hazards identified during the hazard analysis process must be eliminated
or controlled by developing and implementing appropriate systems; and
31. Safety and Health Training. All employees must understand the hazards to which they may be exposed
and how to prevent harm to themselves and others. Effective training ensures safety and health personnel,
managers, and employees acquire knowledge and skills they need to perform their work free of harm.
1a 1b 1c
Management Leadership & Employee Involvement
management commitment employee involvement contractor employee coverage
Mission & policy statements Employee safety & health perception survey Documented oversight & management system
Goals & objectives Meaningful employee Adherence to rules
Leadership by example Involvement in the SHMS, such as: Same level of protection as regular employees
Open communications o Investigations Contractor selection process
Between managers & employees o Hazard analysis Encourage contractors to develop & operate
Adequate resources o Planning effective SHMS
Responsibility, authority & accountability Employee rights intact Track correction of hazards
Employees notified of results of complaints, “Ownership” of SHMS Stop work policy
Investigations, etc.
Annual self-evaluation
Continual improvement
2 3 4
Worksite Analysis Hazard Prevention & Control Safety & Health Training
Baseline safety & industrial hygiene (IH) Access to certified professional resources Orientation for all employees, including
analysis Hazard elimination & control methods contractors
Data trend analysis Hierarchy of controls: engineering, Training for all workers appropriate to level of
Hazard analysis of routine jobs, tasks, and administrative, work practice, personal responsibility and exposure to hazards
processes protective equipment (PPE) Training for specific groups of workers
Hazard analysis of significant changes Documented system for hazard correction & Training for non-routine tasks
Pre-use analysis tracking Change of job training
Change analysis Emergency preparedness & response
IH program
Routine self-inspections
Employee hazard reporting system
Investigation of hazards & near misses
Equitable & clearly communicated
Disciplinary system
Page 72
September 15,
2009
ANSI/AIHA Z10-2005: The American National Standard for Occupational Health and
Safety Management Systems
The American National Standard for Occupational Health and Safety Management Systems (ANSI/AIHA Z10-
2005) is a voluntary consensus standard on occupational health and safety management systems. It uses
recognized management system principles in order to be compatible with quality and environmental
management standards such as the ISO 9000 and ISO 14000 series. The standard draws from approaches
used by the International Labor Organization’s (ILO) guidelines on Occupational Health and Safety
Management Systems and from systems in use in organizations in the United States. This compatibility
encourages integration of the standard’s requirements into other business management systems in order to
enhance overall organizational performance (AIHA, 2005).
The purpose of the standard is to provide organizations an effective tool for continual improvement of their
occupational health and safety performance. The ANSI Z10 is a set of interrelated elements that establish or
support health and safety policy and objectives, and mechanisms to achieve those objectives in order to
continually improve occupational safety and health (AIHA, 2005).
3.0 Policy 4.0 Planning 5.0 Implementation & 6.0 Evaluation & 7.0 Management
Operation Corrective Action Review
PLAN DO CHECK ACT
3.1 Management 4.1 Initial and Ongoing 5.1 OHSMS Operational 6.1 Monitoring, 7.1 Management Review
Leadership Reviews Elements Measurement, and Process
3.1.1 Occupational Health 4.1.1 Initial Reviews 5.1.1 Hierarchy of Controls Assessments
and Safety Management 4.1.2 Ongoing Reviews 5.1.2 Design Review and 7.2 Management Review
System Management of Change 6.2 Incident Investigation Outcomes and Follow-up
3.1.2 OHS Policy 4.2 Assessment and 5.1.3 Procurement
3.1.3 Responsibility and Prioritization 5.1.4 Contractors 6.3 Audits
Authority 5.1.5 Emergency
4.3 Objectives Preparedness 6.4 Corrective and
3.2 Employee Preventive Actions
Participation 4.4 Implementation Plans 5.2 Education, Training,
and Allocation of Awareness, and 6.5 Feedback to the
Resources Competence Planning Process
5.3 Communications
5.4 Document and Record

Process
Page 73
September 15,
2009
Page 74
September 15,
2009
Appendix B – Five Step Composite Risk Management Process
Figure 35: Five Step CRM Process
Step 1. Identify hazards to the force. Consider all aspects of current and future situations, environments, and
known historical problem areas.
Step 2. Assess hazards to determine risks. Assess the impact of each hazard in terms of potential loss and cost
based on probability and severity.
Step 3. Develop controls and make risk decisions. Develop control measures that eliminate the hazard or
reduce its risk. As control measures are developed, risks are re-evaluated until the residual risk is at a level
where the benefits outweigh the cost. The appropriate decision authority then makes the decision.
Step 4. Implement controls that eliminate the hazards or reduce their risks. Ensure the controls are
communicated to all involved.
Step 5. Supervise and evaluate. Enforce standards and controls. Evaluate the effectiveness of controls and
adjust/update as necessary. Ensure lessons learned are fed back into the system for future planning.
Most organizations with dynamic event driven operations have some sort of risk management program but
usually do not fully address all the issues that can impact risk. As the Risk Managed Systems Model indicates,
the mission or task exists in an operational environment. This operational environment has significant
impact on the mission’s risk. Correctly identifying those exacerbating factors that can impact the safe conduct
of an operation must be correctly identified. Likewise, developing effective countermeasures to control the
hazard and mitigate risk is just as critical.
Identifying and Assessing Hazards

A hazard is defined as a condition that can impair mission accomplishment, but this does not indicate to what
extent. A risk is a hazard that has been quantified by how much it affects the mission. Three components
determine a level of risk– exposure, severity, and probability. Exposure is the number of personnel or
resources affected by a given event or, over time, by repeated events. Severity is the estimate of the extent of
loss that is likely. Probability is the estimate of the likelihood that a hazard will cause a loss. For example,
the risk of the driver of a truck falling asleep at the wheel is a combination of the length of the operation
(exposure), how badly the personnel in the truck would be hurt (severity), and how often a driver goes to sleep
while driving (probability).
A hazard is any real or potential condition that can cause mission degradation; injury, illness, or death to
personnel; or damage to or loss of equipment or property. Three actions are required in to identify hazards:
♦ Analyze the mission/task

♦ List hazards
♦ List the causes
Page 75
September 15,
2009
Analyze the Mission/Task

In order to perform a good mission/task analysis, what is at risk must be established. A review of the
operational requirements or identification of any special equipment or capabilities will offer insight into
what's important. Also, looking at past mishap reports for trends or just talking with other personnel can help
clarify what's at risk.
A hazard identification tool, called the Operations Analysis can be used to outline the operation in
chronological order or by sequence of events. Using the Operations Analysis tool to do a mission/task analysis
can reduce the chance of forgetting any individual segment of the operation, ensure there is an accurate plan
from which to identify hazards, and chart the events chronologically.
Identify Possible Hazards

Once the mission/task has been mapped out, each event in the sequence is then reviewed for hazards. For
each event in the sequence examine associated DOTLMPF resource elements to ensure adequate resourcing.
Additionally, evaluate the overall operation against the DOTLMPF resource model to identify global
deficiencies.
Identify Related Causes

List the cause associated with each hazard. Identify the root cause of the hazard, that is, the exacerbating
factor leading to mission degradation; personnel injury, illness, or death; or property damage. The simplest
way to accomplish this is to ask why a DOTLMPF resource element is inappropriately resourced.
Developing Countermeasures and Controls to Mitigate Risk

Hazard controls (also known as countermeasures) are actions designed to reduce, mitigate, or eliminate risk
by lowering the probability of occurrence and/or decreasing the severity of an identified hazard. There are
three actions to analyze control measures:
1. Identify Control Options – Starting with the highest risk, identify as many control options as possible
for the hazards. Ensure the exacerbating factors responsible for the hazard’s existence are specifically
addressed.
2. Determine Control Effects – Determine the effect of each control on the risk associated with the
hazard. A computer spreadsheet or data form may be useful to list control ideas and indicate control
effects.
3. Prioritize Risk Controls - For each hazard, prioritize those risk controls that will change the risk to an
acceptable level. The best controls will be consistent with mission objectives and optimize use of available
DOTLMPF resources.
Identify Control Options

There are seven control options available when trying to mitigate risk. Because of risks associated with
hazards an operation may be rejected, avoided, delayed, transferred, spread, compensated, and/or reduced.
Each of these choices is defined below.
Reject – If overall risks exceed benefits, don't take the risk. Reject is a valid option for risk when you don't
have the authority or resources to apply the proper controls. This is a way to elevate the risk to the proper
level of authority.
Avoid – It may be possible to avoid specific risks by "going around" the risk or by doing the activity a
different way. For example, risks associated with a night operation may be avoided by planning the operation
for daytime.
Delay – If there is no urgency to accomplishment of a risky operation, then a delay may be viable. The
problem could resolve itself, new technology may reduce the risk, or the need for the operation may no longer
exist. For example, delaying a computer buy for six months in order to take advantage of new
features/capability.
Page 76
September 15,
2009
Transfer – As a minimum, the original risk is decreased or eliminated for you because the risk is shifted to
another individual/organization. Transfer of risk does not change probability or severity of the hazard, but it
may decrease the risk level actually experienced by the accomplishing entity. For example, deciding to fly an
unmanned aerial vehicle into a high-risk environment instead of risking personnel in a manned aircraft.
Spread – Spread risk by either increasing the exposure distance or lengthening the time between exposure
events. For example, risk may be spread over a group by rotating the personnel involved in a high-risk
operation more frequently. Risk may also be spread by using decoys such as chaff and flares to provide
additional targets for enemy weapons.
Compensate – Compensate by creating redundancy. Having spare parts or alternative resources available
will lower the risk associated with an equipment malfunction. Another means is to compensate financially.
Either budget for anticipated loss or insure the resources that are at risk.
Reduce – Risk can be reduced if hazards are identified early enough in the conceptual phase. Reduce takes
on an expanded meaning as it gives us as it can give us a priority order of precedence for reducing exposure,
severity, and probability. Controls that directly reduce risk may be categorized into four primary categories:
engineering controls, protective devices, warning devices, and procedural controls. A proven order of
precedence for this is to:
♦ Plan or engineer the design for minimum risk by eliminating hazards upfront. Without a hazard,
there is no exposure, severity, or probability. For example, flight control components that are designed so
that they cannot be incorrectly connected during maintenance operations.
♦ Incorporate safety devices when the hazard can't be eliminated or reduced to acceptable levels.
Safety devices do not affect probability but can reduce severity. For example, an automobile seatbelt may
not prevent an accident, but can lessen the injuries sustained.
♦ Provide warning devices to detect a hazardous condition and alert personnel of the hazard. For
example, smoke detectors.
♦ Develop procedures and training on the proper response to a hazardous condition. This is the least
reliable option as its success depends on human involvement. For example, fire and other disaster drills.
Additional, there are two primary types of controls. Institutional Controls are controls that are
institutionalized in our doctrine and become part of our business process. For example compliance type
controls. Operational Controls are controls specific to a mission or mission set to deal with specific mission
issues and variables. Overtime these may evolve into institutional controls. The institutionalization of a
control is preferred wherever possible. This ensures that DOTLMPF resources can be developed and
implemented to sustain the mitigation of a risk.
Determine Control Effects

Controls used must affect the risk assessment. The estimated effect on severity and/or probability after
implementing the control measure(s) will determine your new risk level. Scenario building and next mishap
assessment can help in determining a control's effect.
This is also the time to consider cost, which includes manpower, materiel, equipment, money, and time. Can
the organization afford the cost of implementing a control? When calculation the cost of a control consider
the following:
Control Cost  Number of employees * time implement procedural controls * salary vs. engineering cost /
safety device costs / warning device costs
Control measures are most effective when used in depth. How many controls can be afforded? Ensure these
realities are considered when prioritizing controls.
Prioritize Risk Controls

For each hazard, prioritize those controls that lower the risk to an acceptable level. Record this information
for future reference. Follow the standard order of precedence if time and cost permit. Otherwise, look to
existing controls implemented by operating instructions, technical data, etc. Involve organizational personnel
who will be directly affected by the control. Ask them what they think of the control(s). Benchmark (find the
Page 77
September 15,
2009
best practice in other organizations) against existing controls which have proven successful. When making
risk control decisions, the first action is determining who should make the decision. Consider the following
items when making this determination:
♦ Is there any published guidance that dictates the level of leadership for the decision-maker?
♦ What level of leadership has control of the resources necessary to implement the recommended control
measures?
♦ Determine what the cost of implementation of recommended controls will be and what level of leadership
does the decision-maker need to be?
♦ What level of leadership has "big picture" knowledge of the benefits of the operation/mission?
♦ What level of leadership will be held accountable if the operation/mission fails or if a fatality, injury, or
property damage/loss occurs?
Establishing Decision Making Guidelines

A good decision-making system must be established ahead of time. Valuable time and resources can be
wasted trying to find the "right" person. A good decision making system will:
♦ Get decisions to the right decision maker

♦ Create a trail of accountability
♦ Assure like decisions are made at the same levels
♦ Assure timely decisions
♦ Provide flexibility
Things to Consider
Once it has been determined who should make the decision, which risk controls to use must be selected.
♦ Select optimum combination – most mission supportive.

♦ Be aware some controls are incompatible.
♦ Select the best mix of controls that reduce the risk to an acceptable level, but remain consistent with
mission objectives and budget constraints. "Get the biggest bang for the buck".
♦ Evaluate full costs versus full benefits.
♦ The goal is not the least level of risk, but the best level of risk for the total mission.
Making the Decision

Once the best mix of control measures have been chosen, it's time for making the decision. Keep the following
points in mind:
♦ Analyze the overall level of risk for the mission with the selected controls in place. Ensure cumulative risk
and compound risk are accounted for.
♦ Determine whether the benefits of the mission outweigh the reduced level of risk; -OR- determine
whether the risk level is still too high for the benefits that would be gained from performing the mission.
♦ Document the risk decision analysis for future reference.
Once the risk control decision is made, resources must be available to implement the specific controls. This
step requires the following three actions:
♦ Make the implementation plan clear.

♦ Establish accountability for accomplishing the plan.
♦ Provide support at all levels to ensure the plan is implemented.
Make Implementation Clear

To avoid pitfalls in the implementation of risk controls:
♦ Frame implementation plans within the culture of the organization. If the organization normally uses a
very decentralized approach, then don't develop a plan that requires centralized control of every step.
Personnel will resent it and implementation can fail.
Page 78
September 15,
2009
♦ Fully involve unit personnel in the development and integration of risk controls. User ownership is key to
control success.
♦ Integrate controls into the established infrastructure by including in job aids, checklists, training material,
etc.
♦ Establish timelines for implementation and keep personnel informed of progress.
Establish Accountability
Consider the follow factors to establish accountability:
♦ The organizational Director/Commander is ultimately responsible for a control's success. However,

specific tasks will be delegated to subordinates. The interest and support of leadership greatly increases
the chances of success. It's not enough to have a leaders sign a policy letter; a higher level of involvement
needs to be attained. The on-going participation of the leadership speaks volumes and clearly signals
support.
♦ Motivate personnel through positive and negative means as warranted. Exploit successes at every
opportunity. Develop a system of rewards to promote the process.
Provide Support
A well-supported control has the best chance for successful implementation. It will include the following
elements:
♦ A policy pillar
♦ Leader support
♦ A training package
♦ Job aids and tools
♦ A measurement package
♦ Motivational package
Finally, determine the actual effectiveness of hazard controls throughout the operation. There are three
actions to successfully complete this step:
♦ Supervise the implementation

♦ Review the cost/benefit balance
♦ Feedback on the original plan and any changes
Supervise
Supervision requires that risk control implementation be monitored to ensure that all controls remain in place
and are effective. Any ineffective controls are detected and corrected and unforeseen hazards are controlled.
If events change during the operation, use the appropriate risk management tools and procedures to identify
changes that require further risk management.
Review
Hazard control effectiveness can be measured by many different means. Because it's proactive, a report is not
needed to tell if the controls are working or not. Most measurement can be done by simple observation or
talking with organizational personnel. The review action focuses on effectiveness and efficiency in the
following ways:
♦ Analyze costs to see if they are in line with expectations.

♦ Conduct a cost-benefit review to see if the benefits in risk reduction are greater than the costs of the
control measure, focusing on the mission performance that the control measure was designed to improve.
♦ Compare the actual changes with the pre-established goals recorded during the risk control process.
♦ Watch for favorable changes in either physical conditions or personnel behavior.
Mishap reports can also be part of the review. Evaluate whether risk control measures were designed to
prevent that type of mishap, and record any errors in risk analysis for future reference.
Page 79
September 15,
2009
Feedback
Feedback has four purposes:
♦ Feedback systems must be designed to inform all involved personnel about the effectiveness of the risk
control.
♦ Crosstell at all levels, regarding successes and failures. This includes from person-to-person,
organization-to- organization, and to the entire enterprise.
♦ Provide input into a lessons learned process so they may be used by others.
♦ Feedback to Resource Business Process to continuously improve upon operations and tasks.
Integrating Risk Management – Managing Hazards and Controls

The process of managing of hazards and controls is known as Composite Risk Management. It is a systematic
process that guides individuals through each aspect of the process (a step by step outline of the Composite
Risk Management process is contained in Appendix A). As important as the process itself is how it is
integrated into the Risk Managed Systems Model. Composite Risk Management is integrated at each point in
the Evolved Systems Management Model. The level of detail and intensity of effort varies at each level as does
the decision authority to move forward with the operation. Below is detailed breakdown of the various levels
integration in the Risk Managed Systems Model.
♦ Strategic Risk Management – Also known as a Job Hazard Analysis (JHA), the strategic CRM
requires detailed hazard identification and analysis. It is the process used to establish the fundamental
guidelines and controls for standard operations. It is the base line document that is referred to during
SOP and policy reviews to validate controls and processes.
♦ Detailed Risk Management – Used in high priority or high visibility situations, detailed CRM
generally requires use of more thorough hazard identification and risk assessment tools. Generally
reserved for the more complex and riskier efforts, as it may be time consuming.
♦ Deliberate Risk Management – Used in the majority of workplace applications where experience in a
group setting will produce the best results.
♦ Hasty Risk Management – Used when there is little time, little complexity, or low risk. Often used
during the execution phase of an operation where an unplanned change occurs and must be managed. It's
easily applied to typical day-to-day situations.
Page 80
September 15,
2009
Appendix C – Example Safety Strategic Assessment
Measures of Performance
Measures of performance are direct measurements of an organization's accident prevention activities.
Examples include measurements of safety training attendance, performance on safety surveys, raw accident
experience statistics, and accident rates. As part of this Annual Performance Review accident experience
statistics, accident rates, and a safety training overview are included as measures of performance.
Fiscal Year 2008 DA Reportable Mishaps

The workforce supporting this mission consists of military personnel, DA Civilian employees, and a Korean
National workforce (classified as Foreign Indirect Hire employees). The majority of the accidents reported by
this workforce involve military personnel. Forty-four percent of all military personnel injuries are non-work
related and occur during off-duty activities. The majority of on-duty accidents involve personal injuries not
associated with other accident types such as motor vehicle accidents.
The figures below represent a breakdown of all Class A through Class D accidents that occurred during Fiscal
Year 2008. The vast majority of accidents are defined as Personal Injury – Other type mishaps. Sixty-five of
these accidents involved injuries resulting in lost work days with five of those involving more serious losses
(includes 2 off-duty fatalities).
DA Reportable Mishaps
POV-Not on Mishap Type /

Property A B C D Total
Official
Damage-Other Category
Business
Mishaps
Personal 5%
3% Aircraft Ground Mishap 0 0 0 1 1
Injury-Other
Aircraft
Mishaps Army Combat Vehicle
58%
Ground 0 1 2 0 3
Mishap Mishaps
2%
Army Motor Vehicle
Army Combat 0 0 6 8 14
Vehicle Mishaps
Mishaps
3%
Flight Mishap 0 0 1 6 7
Army Motor Flight Related Mishap 0 0 0 1 1
Vehicle
Personal Injury-Other
Mishaps 2* 2 61 1 66
13% Mishaps
Flight Mishap
Flight Related POV-Not on Official
14% 0 0 3 1 4
Mishap Business
2%
Property Damage-
0 0 0 3 3
Other Mishaps
Totals 2 3 73 21 99
Note: Data on above table represents all Class A
through Class D accidents. It also includes a fatal
accident involving a KATUSA that was not
recordable to DA.
Note: Data on above pie chart represents accidents

from all categories of accidents to include off-duty
military accidents
The table below represents military on-duty and civilian employee on-duty accidents. In FY2008 the
command experienced the same number of military on-duty lost workday injuries but this occurred with a
reduced workforce. The resultant lost workday rate showed a 54% increase for FY2008. Similar increases
were also experienced among the civilian workforce. Appendix A includes a summary report of all accidents
from 2008.
Page 81
September 15,
2009
FY 2007 FY 2008
Military On- Military On-
Civilian Civilian
duty duty
Number of Federal Employees, including full-time,
26998 10877 17435 10877
part-time, seasonal, intermittent workers
Lost Time Cases (number of cases that involved days
33 10 33 18
away from work)
Lost Time Case Rate (rate of only the injury/illness
1.22 0.09 1.89 0.17
cases with days away from work per 100 employees)
Lost Work Days (number of days away from work) 712 377 819 635
Accident experience statistics and accident rates represent raw performance statistics for the Command. As
lagging indicators, they represent failures in safety systems and controls. Accident experience statistics
represent the occurrence of an accident type. Accident rates represent only the frequency of a type accident in
relationship to the exposure to an operation. Because neither take complexity of an operation into
consideration or any other factors that could play into the accident causation process, the value of the
information for future accident prevention purposes is limited. The charts below represent accident
performance statistics from FY2006 through FY2008. The red lines on each of the charts represent accident
rates for the category represented.
Aviation Class A through C Mishaps Military Lost Workday Mishaps

FY06 to FY08 FY06 to FY08
70 61 4.00
8
6.75 60 51 3.50 3.00
6 42
50
40
4 2.41 1.89 2.00
3.05 2 30
2 1 20 1.00
0 10
0 0.00 0 0.00
FY06 FY07 FY08 FY06 FY07 FY08
Page 82
September 15,
2009
DA Civilian Employee Lost Workday Mishaps KN Civilian Employee Lost Workday Mishaps
2.5 2 0.12
0.11 20 16 0.20
2 0.10
0.18
0.08 15 0.15
1.5
1 0.06 9 9
0.05 10 0.10 0.10
1
0.04 0.10
0.5 5 0.05
0.02
0
0 0.00 0.00 0 0.00
FY06 FY07 FY08 FY06 FY07 FY08
The aviation mishap rate represents Class A through Class C aviation accidents for every 100,000 flight hours.
In FY2008 the Command experienced no Class A through Class C aviation mishaps achieving a mishap rate of
0. The military lost workday mishap rate represents lost workday injuries for every 1000 soldiers, and the
civilian lost workday mishap rate represents the frequency of lost workday injuries for every 100 civilian
employees. The Command experienced a significant increase in personal injury rates for both military
personnel and civilian employees. Detailed causation and trend analyses were conducted and the results are
listed in the Measures of Effectiveness section below. The analysis identified several trends but did not
pinpoint specific causes for the increases. The Command Safety Office continues to work at identifying
underlying causes for these increases.
Recordable Mishap Trends

FY99 thru FY08 FY06 thru FY08
120 70
66
106 60
100
50
50
Number Mishaps
Number Mishaps
80
40
67 40
65 66
60 64
58
52
30 30
51 50
47 28
46
40 44
40 23
20
30 28
26 15
20 23 23 14
17 19 20 19 10 12
16 16
14 14 15
12
5 5
0 0
1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2006 2007 2008
FiscalYear FiscalYear
Army Motor Vehicle Personal Injury - Other Army Motor Vehicle Personal Injury - Other
Flight Mishap Flight Mishap
Mishap Mishap Mishap Mishap
The chart above represents reportable mishaps by type for each fiscal year (see Appendix C for definitions of
accident reportability and type classification). Listed are the three most common accident categories: Army
Motor Vehicle Mishaps, Flight Mishaps, and Personal Injury – Other Mishaps. The bars represent the count
for each occurrence of a reportable accident by mishap category and the lines represent occurrence trends for
the period of FY2006 to FY2008. The Command continues to improve most categories with one exception.
As previously mentioned there has been a significant increase in the number of Personal Injury – Other
Page 83
September 15,
2009
mishaps (represented by the green line). Specific causational trends and recommendations will be addressed
in later sections.
Motor Vehicle Mishaps

The command experienced eight on duty motor vehicle mishaps with two resulting in recordable personal
injuries. This is a reduction by eleven mishaps from the previous year and a reduction in cost of $537, 828.
The below table provides specific comparative data for FY2007 and FY2008.
FY 2007 FY 2008 Change

Number of motor vehicle accidents experienced by employees 19 8 -11
Number of accidents resulting in personal injury 2 2 0
Vehicle repair costs due to accidents $1,303,708 $766,880 -$536,828
Additional Performance Indicators

Accident experience is not the only performance indicator in safety. Safety inspections and audits, safety
training, and safety councils are all measures of performance in safety. Below is an overview of these
programs for Army in Korea.
DA Safety Audit
The Office of the Director of Army Safety audited the Command Safety Program in July 2008. The audit
evaluated 20 Army safety program elements and concluded that the Command Safety Program meets
established requirements for an Army Safety Program, as defined in AR 385-10. The overall rating was 3.2 on
a 4.0 scale. Eighteen program elements received ratings indicating they met all requirements; and two
program elements received ratings indicating they met key requirements but need some improvement.
Appendix B contains a summary of the audit’s findings and recommendations.
Employee Support
The Command provides a variety of employee support programs. Through training programs and safety
councils, the Command strives to ensure its personnel are aware of hazards and risks and trained to protect
themselves and their personnel from these hazards. Through councils, the Command engages leaders, key
personnel, and employees to collectively find solutions to safety issues and move the safety programs forward.
Safety Training
The Command provides safety training to all its personnel, from soldiers and civilian employees to
supervisors and senior management. The purpose of the training is to provide awareness and the skills to
recognize hazards, assess risks associated with these hazards, and implement controls. At the core of this
approach is the Army Composite Risk Management (CRM) program and training. Every soldier and civilian
employee is taught the principles of CRM and their role in implementing the program. At every leadership
level, the increased CRM roles and responsibilities are emphasized.
CRM is integrated into the way the Army does business. Through on-line and instructor lead training,
personnel are taught how to safely manage their operations, from routine to situation and event driven
operations. They are also taught to integrate other safety training programs as controls and abatements of
hazards. Training for key safety personnel such as radiation safety training and employee safety training such
as PPE training are all integrated into the overall CRM training program. The chart below highlights key
training programs. Some training is directed specifically at CRM. Other training programs address specific
program needs or identified hazards and risks. All integrate CRM training into the process.
Page 84
September 15,
2009
Types of Training Provided in FY2008

1. Commander / First Sergeant Course
Top management officials
2. Commander’s Safety Course via CR University
1. Supervisor’s Safety Course
Supervisors 2. Warrior Leader Training (PLDC)
3. Cadets Course
1. Semi-annual Safety Manager’s Workshop
2. CR University on-line safety training
Safety and health specialists 3. Radiation Safety Officer Course
4. Explosives Safety Course
5. Range Safety Training
1. ADSO Facility Inspection Training
Safety and health inspectors
2. Fire Evacuation Coordinator Training
Collateral duty safety and 1. ADSO / CDSO Training via CR University
health personnel and committee 2. CR University on-line safety training
members 3. Local Garrison Safety Training
1. Composite Risk Management Training (military and
civilian courses)
Employees and employee
2. Driver’s Accident Avoidance Course
representatives
3. OSHA mandated safety training (respiratory
protection, PPE use, etc.)
Completion of safety training is a leading indicator of safety performance. When analyzed against hazard
tracking and accident causation it can be used to determine measures of effectiveness in preventing accidents.
The Command tracks training performance as part of the Command Inspection Program. During the
inspection process, training records are reviewed to ensure proper training is being executed, make-up
programs are in place, and personnel requiring training are receiving the training. To improve the record
keeping process for all training, the Army has implemented the Defense Training Management System
(DTMS). The Command plans to fully embrace this on-line record keeping system for tracking safety training.
Completion of on-line safety training available from the Combat Readiness University (CR University) is
automatically fed into DTMS. The Command Safety Office is working to get other safety training programs
into the course list in DTMS. Once entered into the course list, training managers will be able to record and
track safety training for all their personnel. The Command hopes to fully implement DTMS in FY2009.
Safety and Health Councils

The Command has implemented safety and health councils at all levels. At the lowest levels, organizations
conduct Command Safety Councils and NCO Safety Councils. Quarterly, the Command hosts a Commanders’
Safety Council that encompasses all Army commands within the Korea Theater of Operations. These councils
deal with safety issues within the command, theater specific seasonal safety issues, accident trends, lessons
learned, and best practices. The Command also represents the Army service component in the US Forces
Korea Safety Council.
In addition to Command Safety Councils, the Command also hosts program specific safety councils. The
purpose of these program specific safety councils is to address issues and deficiencies within a particular
management program and develop courses of action to improve program safety. The following table
represents a listing of program specific safety councils.
Council Type Frequency

Aviation Safety and Standardization
Semi-Annual
Council
Radiation Safety Council Annual
Explosive Safety Council Semi-annual
Installation Safety Council Quarterly
Page 85
September 15,
2009
Measures of Effectiveness
Measures of effectiveness are more difficult to quantify. These measurements represent a quantification of
how effective a particular control or program is at preventing accidents. For example, measuring the number
of motor vehicle accidents that resulted in injuries prior to implementing a mandatory seatbelt rule and after
implementation would represent a measure of effectiveness. As part of this Annual Performance Review,
Accident Analysis by Mishap Category and Command Inspection results were assessed.
Accident Analysis by Mishap Category

The Army defines specific accident categories to more effectively analyze demographics and causal factors (see
Appendix D). Personal injury accidents and Army motor vehicle accidents are included in the analysis. For
each of these categories, specific elements that define ―at-risk‖ personnel and operations are analyzed for
FY2006 through FY2008. Included are detailed analysis of DOTLMPF resource deficiencies and causation
factors. The analysis also includes a look at off-duty accidents focusing on the impacts of alcohol has on the
frequency and severity of off-duty accidents. Finally, pedestrian accident trends are examined to determine
trends and to raise awareness of the impact of these accidents to the Command.
Personal Injury Mishaps

Personal injury accidents involve injury or occupational illness to Army personnel (civilian and military),
Army direct contractors, contractors and subcontractors contractually required to report accidents, and non-
Army personnel as a result of Army operations not covered by any other accident type and injury to off-duty
military personnel not covered by any other accident type. The following section provides trend analysis of
demographic data associated with this accident category.
“At Risk” Analysis – Accident Demographics

Location Type Analysis Activity Analysis
Maintenan
ce facilities
Loading /
17% Walking /
Housing unloading
Recreation Climbing 29%
al facilities 10% 37%
25% Pedestrian
way
8%
Other
4%
Range Sports /
17% MWR
Vehicle 14%
Way Storage Other
13% Area 20%
6%
Page 86
September 15,
2009
Nature of Injury Analysis Mistake Trend Analysis

Improper
Other planning
Fractures 4% 10% Improper
47% Lacerations / Improper
use of
Punctures focus /
equipment
16% attention
16%
30%
Improper
use of safety
equipment
Sprain / 13%
Strain
13% Other
5%
Amputation Improper
Contusion Burns 3% Improper motor
6% Concussion
5% body vehicle
6%
position operations
17% 9%
The Command has experienced a steady increase in accident of this category for the last three years. There
was a 25% increase from FY06 to FY07 and an increase of 30% from FY07 to FY08. For FY08 the category
accounted for 58% of all accidents. This is up approximately 8% from the average for this category. The
accidents occur at a wide variety of locations with no specific location type identified as more problematic
than others. The most common activity associated with these mishaps is walking that results in slips, trips,
and falls and loading and unloading vehicles that also usually result in falls. Most common injuries
experienced are fractures followed by lacerations, sprains, and strains. These type injuries are indicative of
slips, trips, and falls associated with human movement activities. They are also commonly associated with
loading and unloading of personnel and equipment.
Further analysis was conducted to determine specific activities categorized as loading and unloading. Loading
and unloading applies to both the loading and unloading of material and the loading and unloading of
personnel. For material, the most common occurrence was material falling on personnel loading or unloading
equipment. For personnel, the most common injuries occurred when passengers attempted to dismount from
the back of FMTVs without the use of the ladder. Similar accidents occurred when personnel improperly
climbed down from the backs of HEMTTs.
Accident Precursors – DOTLMPF Resource Deficiencies and Exacerbating

Factors
The acronym DOTLMPF represents resources necessary to the execution of a mission. In safety, deficiencies
in DOTLMPF resourcing set the conditions for an accident to occur. The following section looks at DOTLMPF
resourcing deficiency trends associated with personal injury accidents and the causal factor trends related to
the DOTLMPF deficiencies. All seven DOTLMPF Resource deficiency categories were examined. Leadership
and Personnel were the only two categories that contained sufficient data to be considered statistically
significant. The following section provides a side-by-side comparison of DOTLMPF Resource Deficiencies
and Causation Trends for these two categories.
Page 87
September 15,
2009
Leadership Deficiencies
Hazard Trends for Leadership Causation Trends for Leadership
Failure to Other
Inadequate correct 21%
Inadequate known
supervision -
supervision - higher problem
direct 38%
17%
47%
Choice
decision
errors
10%
Procedural
Inadequate decision
supervision errors
Accepted risk
36% 17%
14%
The charts above represent deficiencies in leadership. The Hazard Trends chart represents deficiencies in
leadership resources. The Causation Trends chart represents the reasons for leadership deficiencies or why
leadership is considered to be deficient. The concentration of leadership deficiencies occur most commonly
among first line supervisors. The primary causation trends indicate that standards are known but not
enforced. Decision errors represent the second most common causation occurrence. These trends are
representative of the staffing deficiencies being experienced at key leadership levels in the Command. The
lack of experience and the desire to complete missions tend to provide conditions where compromises and
poor decisions can lead to accidents.
Personnel Deficiencies
Hazard Trends for Personnel Causation Trends for Personnel
Procedural
Choice decision
Other decision
Overconfidenc 12% errors
errors 21%
e 39%
47%
Effects of Skills based

alcohol / drugs attention
14% failures
15%
Other Skills based

13% execution
In a hurry
failures
27%
12%
The charts above represent individual employee deficiencies. The Hazard Trends chart represents
deficiencies in individual employee resources. Hazard trends indicate overconfidence and haste as the leading
deficiencies. The Causation Trends chart represents why individual employee deficiencies exist. Decisions
errors and skills based errors are the most common occurring causation trends. Overall, individuals tend to
Page 88
September 15,
2009
not have the skill set and functional knowledge necessary to safely accomplish mission tasks. As with
leadership deficiencies, personnel deficiencies are representative of an inexperienced workforce and a
workforce focused on mission accomplishment.
Overall Risk Assessment: Moderate
Findings and Recommendations

The impact of manning shortfalls is evident in the accident and causation trends depicted above. These
shortages are evident when looking at the ranks of individuals in many leadership positions. Often positions
are filled with personnel junior to the position requirements. These junior leaders often lack the experience
and training to make know the importance of safety standards and how to properly implement them.
Manning shortfalls also impacts individual personnel deficiencies. In the past, time was available to provide
additional on-the-job and continuation training. In many cases, personnel shortages have severely limited
resources to conduct this training. Soldiers are expected to hit the ground running ready to execute the
mission, often without the knowledge necessary to complete it safely.
In both cases, corrective actions begin with the training and development of our junior leaders. NCO and
officer professional development training that focuses on mission completion to standards, including safety
standards, is fundamental to safety program improvement. Safety standards and program elements should be
integrated into operational training and not taught as a separate component. For safety standards to be
effective and enforced at all levels they must be indoctrinated as the ―way we do business.‖ Junior leaders
learn to enforce these standards with their subordinates. Enforcing safety standards helps to ensure
accidents, such as eye injuries, are prevented by enforcing the use of established control measures (e.g.
wearing of protective eyewear).
Army Motor Vehicle Mishaps

An accident involving a motor vehicle may be classified as an Army Motor Vehicle (AMV) accident if the
vehicle meets the following Criteria:
1. The vehicle is owned, leased (includes General Services Administration (GSA) and Government owned,
contractor-operated vehicles, that are under full operational control of the Army; for example, hand
receipt or like document), or rented by DA (not an individual). Note: Vehicles rented by individuals
while on TDY and POVs used for official business are classified as POV on Official Business Mishaps.
2. The vehicle is primarily designed for over-the-road operation.
3. The vehicle's general purpose is the transportation of cargo or personnel. Examples are passenger cars,
station wagons, SUVs, trucks, ambulances, buses, motorcycles, fire trucks, and refueling vehicles.
Accidents of this category may or may not include injuries. The following section provides trend analysis of
demographic data associated with this accident category.
Page 89
September 15,
2009

Equipment Involved Analysis Collision Type Analysis
Going
forward and
Government rear-ended
Local non-tactical Collision with vehicle
national vehicle moving 16%
vehicle 16% vehicle
23% 23%
Other
20%
HMMWV
Other 19% Collision with
12% parked
vehicle Collision
9% while
POV backing
7% 5%
FMTV Collision with Collision
HEMTT
16% other object while turning
7%
20% 7%
Location Type Analysis Mistake Trend Analysis

FY06 to FY08 FY06 thru FY08
Improper
Improper
supervision /
Vehicle way focus of
planning
89% attention Excessive
13%
21% speed
9%
Missjudged
Improper use
clearance
Trail / off- of equipment
8%
road 12%
7%
Other
Maintenance 10%
Improper
/ storage stopping / Improper
facility braking turning /
4% 11% steering
16%
The Command has experienced a decrease in motor vehicle accidents over the past several years. In has also
experienced decreases in the damage costs associated with motor vehicle accidents and severity of injuries. A
review of the demographic information above indicates that accidents are occurring in all types of Army
Motor Vehicles. Thirty percent of these accidents involve privately owned vehicles. Since most of the
accidents occur off post on the Korean public highway system, the majority of the accidents also involve local
national vehicles.
Twenty-nine percent of the accidents involve collision with parked vehicles or fixed objects such as telephone
poles. This often occurs while backing. In most cases ground guides are not used and the absence of a grond
guide is a contributing factor.
In all cases, no specific mistake trends have been identified. Most of these mistakes are attributable to a
common lack of driving experience.
Page 90
September 15,
2009
Accident Precursors – DOTLMPF Resource Deficiencies and Exacerbating

Factors
The following section looks at DOTLMPF resourcing deficiency trends associated with Army Motor Vehicle
accidents and the causal factor trends related to the DOTLMPF deficiencies. All seven DOTLMPF Resource
deficiency categories were examined. Leadership and Personnel were the only two categories that contained
sufficient data to be considered statistically significant. The following section provides a side-by-side
comparison of DOTLMPF Resource Deficiencies and Causation Trends for these two categories.
Leadership Deficiencies
Hazard Trends for Leadership Causation Trends for Leadership
Inadequate Failure to
supervision - correct
direct known
80% problem
67%
Other
Inadequate 20%
supervision -
higher
7%
Inadequate
supervision Accepted risk
13% 13%
The charts above represent deficiencies in leadership. The Hazard Trends chart represents deficiencies in
leadership resources. Leadership deficiencies show a concentration among first line supervisors. This focus
of deficiencies among first line supervisors would indicate a systemic deficiency throughout the Command.
The Causation Trends chart represents why leadership deficiencies exist or why leadership is considered to be
deficient. ―Failure to correct known problems‖ accounts for 67% of the causational trends. As with the
personal injury accident category, the shortages in key leadership positions have impacted the safety trends.
Together, the charts indicate a need for senior management to ensure junior leaders know and enforce safe
driving standards.
Personnel Deficiencies
Hazard Trends for Personnel Causation Trends for Personnel
Procedural
decision
errors
Overconfiden
13% Skills based
ce Fatigue
Choice attention
48% 13%
decision failures
errors 19%
33%
Other
12%
Skills based
Other execution
In a hurry 6% failures
27% 29%
The charts above represent personnel deficiencies. Hazard trends indicate overconfidence/complacency in
abilities and haste as deficiencies. Causation trends focus in two areas, driving skills errors and decision
Page 91
September 15,
2009
errors. Insufficient driver training, particularly under the local driving conditions, accounts for the skill
deficiencies. A lack of experience would account for decision errors.

As previously mentioned, the Command has experienced a small but steady decrease in Army Motor Vehicle
accidents over the past several years. Command focus directed by the Department of the Army and the local
Command have put programs in place that have contributed to this trend. Continuation of these programs
and initiatives as well as continued command emphasis is required to maintain this downward trend. The
following section provides an overview of these programs.
Driver Training Programs

The Republic of Korea is consistently rated as the one of the most dangerous countries to drive in among the
world’s most industrialized nations. Aggressive driving and disregard of traffic laws by many makes driving
here particularly challenging. In most cases accidents involving military drivers find the Korean National
driver at fault. To address these challenges, Eighth Army should continue to work closely with garrison
commands in instilling defensive driving into each vehicle driver. In addition to defensive driver training the
Command should continue to place focus with ongoing initiatives to protect our personnel from vehicle
mishaps.
First, the Command Safety Office has developed a driver’s training program that lays the foundation for the
necessary driver skills. Through classroom training and testing, the program standardizes the minimum
knowledge and skills needed to drive in Korea. Visiting individuals and commands are also required to take
the same training and testing before they are allowed to drive in country.
Additionally, the Command has developed guidelines and training programs for vehicle commanders and
track commanders (VC/TC). The VC/TC program ensures the senior occupant is engaged in ensuring the
driver performs safely and the right decisions are made. The VC/TC is accountable as the supervisor for the
driving operation. Because so many of our drivers are young and experienced, having a trained VC/TC of a
rank of CPL or above has significantly reduced mishaps associated with bad decisions.
Finally, the Command has implemented a roadside inspection program. With this program, any government
vehicle or convoy is subject to inspection to ensure seatbelt utilization, proper dispatching/PMCS, availability
of emergency equipment, and driver qualifications and licensing. The Command’s 2nd Infantry Division has
fully embraced this program and sets up regular roadside inspection points with their area of operation.
Seatbelt Use
Seatbelt use is mandated by Korea driving laws and DoD, DA, and US Forces Korea driving regulations. The
Command maintains records on seatbelt utilization when vehicles are involved in mishaps. No on-duty
accidents have been recorded in recent years where seatbelts were not utilized. Utilization of seatbelts has
been significant in reducing the number of injuries associated motor vehicle accidents.
Records on percentage of usage not associated with vehicle accidents are not specifically measured but
enforcement programs have been implemented to ensure utilization. All installations have implemented a
―Click It or Ticket!‖ program. Law enforcement and installation security personnel enforce seatbelt utilization
with spot checks and at installation entrances. Roadside inspection points also validate seatbelt utilization.
Finally, through awareness programs on AFN, in print, and on Command websites, seatbelt utilization and its
importance are regularly emphasized.
Off-Duty Mishaps
Off-duty accidents are not considered a separate category of accidents in the Army. Off-duty accidents are
demographic properties included as part of several different Army accident categories. Each year in CONUS
and Europe, POV accident account for the majority of fatalities among Soldiers. These trends do not hold true
for Army units in Korea. Army units in Korea experience significantly different off-duty injury trends. Off-
duty accident data is recorded for soldiers only and does not include any data for civilian employees. The
Page 92
September 15,
2009
following section provides an analysis of demographic trends associated with off-duty accidents. It also
includes a specific look at pedestrian accident trends.

Injury Mishaps Duty Status Non-Driving Off-Duty Mishaps
On-duty Off-duty - Local

75% MWR Activity community
6% 54%
Off-duty -
Local
community
12% MWR activity
34%
Off-duty -
Other
7%
Other
12%
Alcohol Involved Non-Driving Off-Duty Alcohol Involved POV Mishaps

Mishaps FY02 thru FY08
FY06 thru FY08
12
10
None
Number Incidents
8
75%
6
Definate
20% 4
0
2002 2003 2004 2005 2006 2007 2008
Suspected Incidents by Fiscal Year
5% Alcohol Contributed to
Non-Alcohol Related
Mishap
Pedestrian Accidents
Korea experiences one of the highest pedestrian fatality rates among the world’s most industrialized nations.
The fatality rate per 100,000 persons is almost five times higher than other nations. Pedestrian accidents are
those accidents in which a Soldier or civilian employee is struck by a motor vehicle causing injury to the
individual. Because it involves a motor vehicle, the Army categorizes pedestrian accidents under the Army
Motor Vehicle accident category or the Privately Owned Vehicle accident category.
Korea experiences on average three pedestrian accidents each year. Though pedestrian accidents do not
represent the greatest number of accidents, they often result in severe debilitating injuries or death. In May
Page 93
September 15,
2009
2008, a Soldier was struck by a taxi when he tried to cross the road resulting in serious injury. In August
2008, a KATUSA was killed when he stepped out into the street in front of a bus. The following charts provide
an overview of pedestrian accident trends.
Number Pedestrian Mishaps Injury Severity Analysis

6
6
Permanent
Pedestrians Struck by Vehicles
5
Fatal Injury Disability
29% 5%
4
4
3
3 3
2
2 2
1 Other
1
14% Hospitalizat
ion / Lost
0
2001 2002 2003 2004 2005 2006 2008 Workday
52%
FiscalYear
Analysis
The greatest concern associated with off-duty accidents focuses on alcohol as a contributing factor. Off-duty
accidents account for 25% of the Command’s personal injury accidents. Off-duty accidents are grouped based
on the type and location of the activity as follows: MWR Activity – On and off installation activities sponsored
by MWR, Local Community – Non-MWR activities conducted off installation (e.g. shopping, nightclubs, etc.),
and Other – Non-MWR activities conducted on installation (e.g. post club, barracks, etc.)
The majority of off-duty accidents, 54%, occur in the local community. None of the MWR sponsored activities
included alcohol as a contributing factor. Alcohol is a contributing factor in 39% of all other off-duty
accidents. Most of the injuries are factures and concussions resulting from the following:
♦ Falling to the ground and into ditches

♦ Falling while trying to climb fences
♦ Large items falling onto individuals
♦ Pedestrian accidents with local national vehicles
Since FY2001, one in three pedestrian accidents has resulted in death or permanent total disability. (The
command has experienced 6 pedestrian fatalities and one permanent total disability.) Alcohol was a
contributing factor in both accidents and is a causal factor in 25% of all the Command’s pedestrian accidents.
For those pedestrian accidents that result in a fatality, alcohol was a contributing factor in ½ of the accidents.

For off-duty accidents and pedestrian accidents, the analysis focused on the role alcohol plays as a
contributing factor to these accidents. The following are recommendations based on the above analysis:
MWR accidents have not shown alcohol as a contributing factor and injuries tend to be less severe.
Recommend increasing the scope, variety, and frequency of MWR activities. Note: Severe accidents, even
fatalities, have been associated with certain MWR activities such as boxing and bull riding. MWR activities
must ensure Command involvement and that risk decisions are made at the right levels of command.
Page 94
September 15,
2009
Many of the most severe accidents could have been prevented if the Soldier had a ―Battle Buddy‖ or a
designated ―Battle Buddy‖ was sober enough to prevent a bad decision or action. When both ―Battle Buddies‖
are drunk then who is watching out for them. Junior leaders often mention the Buddy System in passing but
don’t truly champion its importance. The Command should place more emphasis on the importance of a
―Battle Buddy‖ and give incentives for ―Designated Battle Buddies.‖ Incentives should be similar to those
given for ―Designated Drivers.‖
―Under the Oak Tree Counseling‖ focuses on junior leaders being engaged with their soldiers. It requires
them to know what their soldiers plans are and to intercede when there is potential for trouble. Meaningful
―Under the Oak Tree Counseling‖ can be a key tool to preventing these type accidents but many of our junior
leaders don’t truly understand its importance. To be effective, the Command needs to teach our junior leaders
how to effectively engage and counsel their soldiers.
The Command should implement an alcohol review board process similar to accident review boards. The
process would involve establishing a review board at battalion level consisting of the battalion CSM and its
1SGs. Each alcohol related incident would be reviewed to quantify demographic elements such as age group,
type location, type activity, type incident (e.g. injury, sexual assault, assault, etc.), and key individual
background conditions such as previous incidents, recent redeployment, etc. The review board would also
make recommendations to prevent future events. Incident demographic data, recommended controls, and
effectiveness of implemented controls would then be briefed at QTBs and SATBs. Finally, the information
could be captured at the Eighth Army level. Trends and best practices could then be shared back down the
chain-of-command.
Other Measures of Effectiveness
Safety Inspections, Site Assistance Visits, and Surveys

The Command has an aggressive self evaluation program. Each level of command conducts Command
Inspections of their subordinate commands. At Eighth Army level, the Command Safety Office conducts
Command Safety Inspections of all its Major Subordinate Commands (MSC) annually. Included in this
inspection program are ADCOM and OPCOM MSCs covering all Army elements in Korea.
The Command also conducts program specialized inspections. The Aviation Resource Management Survey is
conducted by the G3 Aviation Office for all aviation organization, aviation support organizations, and airfield
operations. Additionally, the Command conducts periodic assessments of its radiation and explosives safety
programs. These program assessments evaluate the effectiveness of the programs and controls implemented.
In addition to inspection based self-assessments, the Command actively participates in the Army Readiness
Assessment Program (ARAP). ARAP uses organization surveys to provide commanders with an assessment of
the Safety Command Climate. It assists commanders in determining the effectiveness of their safety
programs as well as the overall safety and risk management awareness of their personnel. These assessments
are rolled up to each level of command to provide an overall picture of the health of the Command safety and
risk management programs. Results of these surveys are compared with accident trends to assist in
developing future safety program element controls.
Finally, in July of 2008 the Command was audited by the Army Safety Office. Though minor program
deficiencies were identified, the Command showed it had effective programs in place in every safety program
element and that it had the necessary courses of action underway to correct its deficiencies.
Results of all these inspections are entered into the TacSafe system. Deficiency and performance trends are
analyzed to assist in the development of abatements and controls. Trends are also analyzed against accident
trends and performance indicators such as safety training participation to determine the effectiveness of
existing controls and assist in developing future courses of action.
Page 95
September 15,
2009
Page 96
September 15,
2009
Glossary
ANSI Z10 Key Definitions

The following definitions are derived from Section 2 of the American National Standard for Occupational
Health and Safety Management Systems (ANSI/AIHA Z10-2005). The definition for Residual Risk is in
Appendix E of this publication.
Continual Improvement: The process of enhancing OHSMS to achieve ongoing improvement in overall
health and safety performance in line with the organization’s health and safety policy and performance
objectives.
Corrective Action: Action taken to eliminate or mitigate the cause of a system deficiency, hazard, or risk.
Exposure: Contact with proximity to a hazard, taking into account duration and intensity.
Hazard: A condition set of circumstances, or inherent property that can cause injury, illness, or death.
(Army Definition - Any actual or potential condition that can cause injury, illness, or death of personnel or
damage to or loss of equipment, property or mission degradation, or a condition or activity with potential to
cause damage, loss, or mission degradation.)
Occupational Health and Safety Management System (OHSMS): A set of interrelated elements that
establish and/or support occupational health and safety policy and objectives, and mechanisms to achieve
those objectives in order to continually improve occupational health and safety.
OHSMS Issues: Hazards, risks, management system deficiencies and opportunities for improvement.
Preventive Action: Action taken to reduce likelihood that an underlying system deficiency or hazard will
recur or occur in another similar process.
Risk: An estimate of the combination of the likelihood of an occurrence of a hazardous event or exposure(s),
and severity of injury or illness that may be caused by the event or exposures. (Army Definition - Risk is
directly related to the ignorance or uncertainty of the consequences of any proposed action. Risk is an
expression of possible loss in terms of hazard severity and hazard probability. Risk is the expected value of
loss associated with a loss caused by a hazard expressed in dollars. The risk associated with this loss is
mathematically derived by multiplying the probability of the loss’s likelihood of occurrence by the probable
dollar loss associated with the loss’s severity. Note that risk has 2 dimensions - likelihood and magnitude,
while a hazard has only 1- varied magnitude.
Risk Assessment: The identification and analysis, either qualitative or quantitative, of the likelihood of the
occurrence of a hazardous event or exposure, and severity of injury or illness that may be caused by it.
Residual Risk: Risk can never be eliminated entirely, though it can be substantially reduced through the
application of the hierarchy of controls. Residual risk is defined as the remaining risk after controls have been
implemented. It is the organization’s responsibility to determine whether the residual risk is acceptable for
each task and associated hazard. Where the residual risk is not acceptable, further actions must be taken to
reduce risk.
Other Definitions
The following definitions come from a variety of sources. The definitions of these terms may vary slightly
from traditionally accepted definitions. Where used in this document, these terms shall be defined using the
following definitions.
Acceptable Risk: Acceptable risk is that risk for which the probability of a hazards-related incident or
exposure occurring and the severity of harm or damage that may result are as low as reasonably practicable,
and tolerable in the situation being considered.
Accident Precursor: An accident precursor is a DOTLMPF resourcing deficiency that provides conditions
for an accident to occur. In the context of risk management, a precursor is an event or situation that, if it had
Page 97
September 15,
2009
included (or not included) some other small set of behaviors or conditions (also known as exacerbating
factors), a failure outcome would have occurred.
ALARP: As Low As Reasonably Practicable (ALARP) is defined in MIL-STD-882E, The Department of

Defense Standard Practice for System Safety as that level of risk which can be further lowered only by an
increment in resource expenditure that cannot be justified by the resulting decrement of risk.
Control Category: There are two primary types of control categories. Institutional Controls are controls
that are institutionalized in our doctrine and become part of our business process and operational controls
that are specific to a mission or operation.
Cumulative Risk: Cumulative risk is representative of exposure to risk. Cumulative risk is the sum of the
number of personnel or resources affected by a given event or, over time, by repeated events
Compound Risk: Compound risk is the combination of hazards associated with a single operation and can
increase the probability of an exacerbating factor impacting the operation.
Dynamics Based Organizations: Dynamic Based Organizations are organizations with dynamic
operational requirements such as the Service Components of the Department of Defense, Homeland Security,
FEMA, law enforcement, fire fighting, and other similar agencies.
Exacerbating Factors: Exacerbating factors are a set of behaviors or conditions that cause a risk managed
activity to result in a failure outcome.
Failure Outcome: A failure outcome is a condition that exists when an operation succumbs to the
associated risk, either accepted or previously unidentified, and an unfavorable outcome results. Some failures
only impact on efficiency while others result in some sort of loss or a failure of the mission or task. An
accident is a type of failure outcome.
Institutional Controls: Institutional Controls are controls that are institutionalized in our doctrine and
become part of our business process. For example compliance type controls.
Operational Controls: Operational Controls are controls specific to a mission or mission set to deal with
specific mission issues and variables
Training related death: A death associated with a non–combat military exercise or training activity that is
designed to develop a military member’s physical ability or to maintain or increase individual/collective
combat and/or peacekeeping skills, and is due to either an accident or the result of natural causes occurring
during or within one hour after any training activity where the exercise or activity could be a contributing
factor. This does not apply to Army civilians participating in a wellness program.
Page 98
September 15,
2009
Works Cited
Abrams, A. L. (2006, 3 21). Legal Perspectives - ANSI Z10-2005 Standard Occupational Health and Safety
Management Systems. Retrieved August 30, 2009, from ASSE:
http://www.asse.org/membership/docs/92ArticleaboutZ10LegalPerspectives.pdf
AIHA. (2005). The American National Standard for Occupational Health and Safety Management Systems.
Fairfax, VA: American Industrial Hygiene Association.
Corcoran, W. R. (2003). Root Cause Analysis of Precursors. Windsor, CT.
Core Advantage. (2007). S&H Management System Approach. Retrieved August 30, 2009, from Core
Advantage: http://www.coreadvantage.com/shmgmnt.html
Department of Defense. (2000). MIL-STD-882D, DoD Standard Practice for System Safety. Washington
D.C.: Department of Defense.
Department of the Army. (2007). AR 385-10, The Army Safety Program. Washington D.C.: Department of
the Army.
Department of the Army. (2006). FM 5-19, Composite Risk Management. Washington D.C.: Department of
the Army.
Hansen, L. L. (2005, May). Stepping Up to Operational Safety Excellence. Occupational Hazards .
Lowrance, W. W. (1976). Of Acceptable Risk: Science and the Determination of Safety. William Kaufmann.
Manuele, F. A. (2008). Advanced Safety Management Focusing on Z10 and Serious Injury Prevention.
Hoboken, NJ: John Wiley & Sons, Inc.
Michaud, G., & Johnstone, J. (2009). How Will the New ANSI Z-10 Standard Affect your HSE Management
Systems Program? Retrieved August 30, 2009, from Contec Solutions:
http://contekllc.com/documents/ANSI%20Z10%20Standard.pdf
Reason, J. T., & Hobbs, A. (2003). Managing Maintenance Error: A Practical Guide. Surrey, UK: Ashgate
Publishing.
Specialized Technology Resources. (2009). Introduction To ANSI/AIHA Z-10:2005 Occupational Health &
Safety Management Systems. Retrieved August 30, 2009, from Specialized Technology Resources:
http://www.strquality.com/en-us/registrar/Pages/ANSIAIHAZ102005.aspx
Page 99

Ansia I Haz 102005 Analysis

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Ansia I Haz 102005 Analysis

Diunggah oleh

Hak Cipta:

Format Tersedia

Army Safety Management

Implementing the ANSI/AIHA Z10-2005

The purpose of this document is to provide a detailed look at business

Copyright © 2009 David W. Johnson

MEASURES OF EFFECTIVENESS ............................................................................................................................................................................86

♦ A shift in safety emphasis; safety campaigns and promotions

♦ Section 1 – Accident Causation

For questions and comments related to this document, please contact:

Section 1 – Accident Causation

Historical View of Accident Causation

Figure 1 - Historical View of an Accident

The Heinrich Model of Accident Causation

Figure 2 - Heinrich's Accident Causation Theories

Modern Accident Causation Model

Figure 3 - Basic Modern Causation Model

♦ Taking an unsafe position.

♦ Improper assignment of responsibility.

Figure 4 - Leader Failures

Figure 5 - Safety Program Defects

An Updated Approach to Accident Causation

Accounting for Acceptable Risk

For example, running a red light in a busy intersection

What Causes a Precursor to Become an Accident?

Equation 1: Accident = Precursor + Exacerbating Factor(s)

Equation 2: Accident = Precursor – Mitigating Factor(s)

Equation 3: Accident = Precursor + Exacerbating Factor(s) – Mitigating Factor(s)

Equation 4: Accident(N+1) = Accident(N) + Nothing + Time

Equation 4a: Worse Accident(N+1) = Accident(N) + Nothing + Time + Exacerbating Factor(s)

Equation 5: Accident = Near Miss ± Not Much

Section 2 – A Modern View of the Army Business Model

Figure 7 - Standard Programs Based Linear Business Model

Resourcing the objective

DOTLMPF Resource Elements

Figure 8 – Resourcing with DOTLMPF

1. Management Control Processes. Doctrine represents the organization’s management control

Did You Achieve Your Objective – Providing for Alternate Outcomes

Section 3 – Safety Program Management

SWAMP – Safety Without Any Management Processes

NORM – Naturally Occurring Reactive Management

Safety Management in the Army

Providing for a Feedback Loop in the Army Safety Program

Section 4 – Measuring Performance and Effectiveness

♦ Who – gender, age, rank, duty position, etc.

What – Conditions Allowing a Hazard

How and Why – Exacerbating Factors that Lead to DOTLMPF Deficiencies

Analysis of After Action Reviews

Organizational Readiness Health Assessments

Evaluations of Near Misses

Making Safety Metrics Relevant to the Enterprise

Section 5 – Basics of the ANSI/AIHA Z10-2005 OHSMS

Figure 14. Evolution of Occupational Health and Safety Management Systems

The purpose of the standard is to provide organizations an

1. Plan: Establish the objectives and

The ANSI/AIHA Z10-2005 Occupation Health and Safety Management

♦ Hazards are identified and evaluated.

Below is an overview of the seven different topics contained in the standard:

a. Initial and ongoing reviews

Section 6 – Implementing ANSI/AIHA Z10-2005 OHSMS in the Army

What is the difference between an OHSMS

Conversely, a systems approach, while not

Limitations of the Army Safety Program

Benefits of the ANSI/AIHA Z10-2005 OHSMS

Making the Transition to the ANSI Z10