Skip to main content

Part 4: How to Design Safety and Decision-Making into the Lifecycle of a Product

Silas is a safety inspector who obtained his Master of Science in Safety and Master of Business Administration degree.

Design Safety and Decision-Making

Design Safety and Decision-Making

A safety program template must involve participants that are willing and able to contribute to safety oversight. Accidents happen, and that is ok, although companies must implement a framework to manage operations and decrease the injury rate and reduce risk. Bahr (2015) mentions that a comprehensive and systematic assessment to control risk through a cost-effective method protects a company from liability claims. Therefore, lifecycle safety management requires interventions at the earliest possible time throughout the safety program. The lifecycle suggests managing safety from development until disposal of the product, system, or process.

Poor application performance presented itself in several case studies. For example, the Challenger explosion captivated the world, witnessing the structural breakup of the shuttle. Bahr (2015) mentions that the rocket seal disintegration and limited data at a specific temperature remained unknown and created disagreements between management and the engineering team. Political agendas pressured the final launch after three failed attempts identifying a cultural failure within the system safety program. The cause of the shuttle accident highlights the importance of data-based decision making.

This article discusses how safety is designed in a product throughout the lifecycle and a lack of data presents a challenge. Accident examples include the Challenger shuttle, Boeing 737 Max, and Unmanned Aircraft Systems (UAS).

Shuttle Launch

Shuttle Launch

Challenger Shuttle Disaster

Poor application performance involving safety systems highlight problems in several safety cases. For example, the Challenger explosion captivated the world, witnessing the structural breakup of the shuttle. Bahr (2015) mentions that the rocket seal disintegration and limited data at a specific temperature remained unknown and created disagreements between management and the engineering team. Political agendas pressured the final launch after three failed attempts identifying a cultural failure within the system safety program. The cause of the shuttle accident highlights the importance of data-based decision-making.

Boeing 737 Max Accidents

Next, data was not effectively collected and analyzed by the FAA concerning the Boeing 737 Max accident report (Senate Committee, 2020). Data problems exist and stem from eliminating certification and engineering practices. Capturing data that presents valuable information has become a challenge. The Boeing 737 Max and UAS operations performed under part 107 presented improper decision-making due to insufficient data. Thus, managing safety through the use of the engineering components presents several problems that include data collection.

Unmanned Aircraft Systems (UAS) Problems

Collecting data for research has become a buzzword throughout the UAS industry. In the absence of providing context surrounding applicable data, identifying hazards presents challenges to determine the level of risk. Without determining risk, the safety engineer cannot prioritize hazards or develop appropriate controls. Next, without accepted peer review documents and engineering standards, the FAA strains to produce data that ultimately enhance safety within the industry. Wallace (2012) mentions that data regarding UAS accidents may not be reliable. The FAA (2016) defines a part 107 UAS accident as $500 in damages to property other than the unmanned system. Thus, collecting, analyzing, and presenting data formulates a problem for the FAA concerning the cause of a UAS accident. Without accident and event trigger points, data-based decision making becomes less evident due to the definition presented in the UAS part 107 regulations.

An example includes UAS entering the airspace require engineering procedures to eliminate hazards during the design and construction phase. Entering UAS into service and operating the device requires the company to establish an SMS program. Throughout the last decade, UAS operations exist, and the Federal Aviation Administration (FAA) utilizes the SMS process to maintain and implement the safety program. Certification and engineering methods remain nonexistent according to the part 107 regulation.

Scroll to Continue

Reports Suggest Problems Exists

The federal government inspector general reported problems in obtaining adequate data on UAS operations to assess safety. According to the Department of Transportation (2018), the FAA’s ability to perform meaningful oversight of UAS operations remains hindered by limited access to detailed data. Moreover, the FAA remains outside of the scope that produces effective oversight strategy due to missed opportunities to gather data. The inadequacy of data suggests information does not represent UAS operations as expected.

UAS Hazards

The UAS project's lifecycle requires SMS components to detect corrections that may result from findings discovered during analysis. Activities such as testing and evaluating UAS components determine the hazards and whether the risk remains at an acceptable level. Since UAS components do not require certification by the FAA, the probability of failure exists and elevates the severity of the hazard. For example, an engine failure prevents the pilot from maneuvering the unmanned aircraft away from persons or property on the ground.

The lack of accident data suggests change remains necessary to continue operations during the lifecycle of the operation. For example, after an engine fails, the device can tumble out of the sky uncontrollably and increases the risk to persons on the ground. Throughout the lifecycle, the hazard established from an engine failure requires a review of the concept by redesigning the aircraft with a maneuverability capability once the powerplant fails. In the case of UAS operations, the FAA should not authorize operations over people or within congested areas.

History Repeats Itself

History Repeats Itself

History Repeats Itself

The goal remains not to repeat history, and the use of innovative methods present merit. Cohen (1995) mentions a conceptual model known as the quality function deployment (QFD) that supports accident causation presents a method to evaluate the system and improve decision-making. The QFD helps the engineer formulate a conclusion using visual cues along with quantitative and qualitative computations. Often, data-based decision-making requires a hybrid model that integrates pictorial structures and quantitative elements (Monks, 1987). Bahr (2015) suggests the safety system concept includes a detailed design that comprises detailed drawings and calculations that describes a conceptual model. Baumgardner (2007) mentions that the use of quality function deployment (QFD) presents an option to evaluate the effectiveness and safety of the environment posed by chemical spills that affect air, water, and soil.

Data presents the facts that allow decision-makers to formulate the direction forward in a proactive manner. Proactive methods remain a topic of discussion as society and operations have become more complex. Determining when the next event will happen seems an impossible task. However, the QFD method utilizes a predictive mode toward the product lifecycle analysis. Thus, conceptual models enable removing hazards and allowing a system to operate at a much lower risk. Therefore, hybrid measures support data-based decision-making.

Accidents Happen

In contrast, reducing failure to a complex problem presents data highlighting over four million injuries per year happen. Accidents suggest that safety professionals must utilize critical thinking to create solutions. Hidden costs escalate to nearly 18 times higher than the $1.6 billion yearly fees (Bahr, 2015). Data-based decision-making provides a measurement to identify hazards and develop controls to reduce the injury cost. The check stage of the PDCA cycle provides a path to utilize data and statistics to present decisions. The SMS process aligns to prevent gaps while utilizing data and performing analysis during the safety risk management and safety assurance phase of the SMS process (FAA, 2017). Both Bahr and Deming present options to apply data in the decision-making process.

Data Requirements

Along with using a conceptual method that supports safety engineering from the beginning, management of operations requires reactive and proactive measures. For example, reviewing data from accident and incident reports cultivates trends that necessitate controls to reduce risk. While the incident data presents itself after the fact, the outcome requires a decision to ensure future incidents don’t occur and controls are put in place to reduce risk. Reactive methods are essential to incorporate into the SMS program to help drive decisions based on the data. Specific injuries highlight hazards that may require engineering processes to remove hazards or manage risk through the SMS process.

Statistics highlight accidents do happen, and safety engineering provides a method to eliminate hazards. Eliminating hazards reduces the risk associate with endangering personnel. A primary method to prevent an accident requires a systematic and comprehensive approach to managing operations. A cost-effective means to control risk requires implementing an SMS program throughout the lifecycle of the program. The lifecycle of a safety oversight system establishes the concept of cradle to the grave. Incorporating a system safety framework into the program lifecycle reduces equipment failure and decreases human mistakes.

Final Note

Data obtained through experimentation and observation creates a proactive method to engage the system to prevent an event. Observations lead to hazard identification and eventually controls to reduce or eliminate the hazard. Observing risk through worker actions identifies behaviors that may require correction to align with a safety culture. Observation of personnel at each level within the organization establishes a proactive measure of improvement. Finding gaps associated with behavior and action that differs from an acceptable culture identifies a hazard that may lead to the next accident. Finally, quantitative data presents numbers that create a method or scale of measurement. Often, organizations rely on quantitative data to measure the effectiveness of the company’s safety program. The performance and data indicators support decisions that represent the SMS effectiveness.


  • Bahr, N. (2015). System safety engineering and risk assessment: A practical approach (2nd ed.). Boca
  • Baumgardner, P. (2007). Integrating product development process and quality function deployment for environmental field sampling planning. Ethics and Critical Thinking Quarterly Journal, 1(4), 1-55.
  • Department of Transportation. (2018). Opportunities exist for FAA to strengthen its review and oversight processes for unmanned aircraft system waivers.
  • Federal Aviation Administration. (2016). Small unmanned aircraft systems (UAS). (Circular Advisory 107-2).
  • Federal Aviation Administration, (2017). Safety risk management policy: Order 8040.4B.
  • Hewitt, J., & Pham J. (2017). Qualitative versus quantitative methods in safety risk management.
  • Monks, J. G. (1987). Operations and management: Theory and problems (3rd ed.). McGraw-Hill.
  • Senate Committee. (2020). Aviation safety oversight.
  • Wallace, J. (2012). Integrating unmanned aircraft systems into modern policing in an urban environment [Master’s thesis, Naval Postgraduate School]. Naval Postgraduate Digital Archive.

Related Articles