The DSM as a Hazard Log



A hazard log is a continually updated record of the hazards, causes and effects in a system.  It documents the risk management for each hazard and potential accident.

Every hazard log has an implicit or explicit model of how accidents occur. Most safety engineering is based on “chain of events” models; hazard identification and mitigation is done by tracing forwards from possible causes (as in FMEA) or backwards from possible accidents (as in HAZOP). Once a causal chain is identified it is disrupted by inserting “controls”, which are intended to either prevent the accident or to reduce its severity.

Traditional hazard logs are simple tables. However this leads to duplicated information, as information about a control, accident or causal event must be repeated for each hazard that it relates to. Duplication leads to inconsistency, especially when the hazard log has to be updated by different people over a long period of time.

Bow tie diagram showing the hazard of the train door opening while under way.
Bow Tie Diagram in the DSM (click to enlarge)

In the DSM the chain-of-events model is incorporated in bow tie diagrams. Each hazard is associated with one or more “top events” (the point at which control of the system is lost), and causal chains can be established between events. Additional data about these entities (e.g. likelihood, severity, status, responsibility) are recorded using extension fields attached to the relevant entities.

Once the hazards have been related to chains of events in bow tie diagrams the model can be analysed using queries and matrices and presented using reports. For instance a traditional FMEA spreadsheet can be created from a matrix.  However none of these outputs is the hazard log itself: the real hazard log is the model in the DSM.

Using the DSM for your hazard log ensures that each entity is recorded exactly once. You can present information in a mixture of tabular and graphical formats without risk of inconsistency, and without the costs of maintaining and checking multiple copies of the same thing.