October 12, 2016 | Barb Carr

Root Cause Tips – Defense in Depth (layers of protection)

Happy Wednesday and welcome to this week’s Root Cause Analysis Tip.

The topic this week is the concept of “Defense in Depth.” You may have also heard terms such as Barrier Analysis or LOPA (layer of protection analysis). In TapRooT®, we use the term Safeguards.

Take a look at this diagram (courtesy of Mark Paradies, the creator of TapRooT®):

Screen Shot 2016-10-07 at 10.43.31 AM

What the diagram depicts is an incident where several layers of protection have been breached. You may have also heard of Reason’s “Swiss Cheese Model.” In these models we can see that we only have incidents when all layers are breached. So the amount of layers and strength of those layers determine if (and how often) we have incidents. It is also why sometimes things go wrong but we do not have an incident; because one or more layers worked.

So our goal in developing processes is to make sure we have enough layers and that the layers are functioning the way we want. Remember that every Safeguard has a hole in it, it is not infallible. So we want to make the holes as small as possible.

The same applies to corrective actions. Do we need new layers? How can we strengthen existing layers?

The concept is easy. What is difficult is determining just how much is enough.

Risk really is the main driver of that in my view, but business realities come into play as well. The easy ones are the ones on either side of the spectrum. For example, something is fairly difficult but low risk – probably all you need is a procedure and some training (we refer to these as Quasi-Safeguards).

If something is difficult AND high risk, we need a lot of layers, and hopefully many of them are engineering controls.

The hard ones are the ones in the middle; a process is very easy and there is very little chance of a problem… BUT, the risk is very high – in this case determining what you need can be very difficult.

In my November column, I will talk about the strength of Safeguards.

In closing, I urge you to think about Defense in Depth when developing processes. Audit them to make sure the layers are functioning. And if you do have an incident think about Safeguards and Defense in Depth when developing your corrective actions.

Have you been to our 5-Day TapRooT® Advanced Root Cause Analysis Team Leader Training?  Learn more about advanced techniques like Safeguards Analysis, Change Analysis, Critical Human Action Profile (CHAP) and Cognitive Interviewing.

Thanks for visiting the blog, and enjoy your week.

Categories
-->
Show Comments

Leave a Reply

Your email address will not be published. Required fields are marked *