It seems there has been a hive of interest for barrier-based approaches, with the ICMM’s Critical Control Management being the most prominent in my neck of the woods.
Given its apparent success in generating interest, I thought it worth sharing that barrier-based approaches have a long and sophisticated history in systems engineering and the process/oil & gas/chemical industries.
Interestingly:
· Given this long history, we don’t have consistent and uniform definitions of controls, barriers and safeguards
· Some conceptualisations have barriers and safeguards both as types of controls. Below are some definitions of barriers specifically
· Others don’t use the term ‘control’ as a noun, and instead have preventative and mitigating controls as types of barriers (they often talk about ‘controlling’ energy, but ‘control’ as a distinct category may be absent)
· Some have safeguards as either a form of barrier which doesn’t meet the definition of a full barrier (auditable, independent, effective), and others have safeguards as a type of ‘degradation control’ as part of a degradation function (also known as an escalation factors in bow ties); other types of bowtie systems have both controls and degradation controls
· There’s also many different conceptualisations of barriers. Originally, they were physical, but over time incorporated non-physical means. They include passive/active, hard/soft, technical/non-technical etc.
· Then we have things like barrier elements, barrier functions, barrier systems (the latter of which is normally meant when somebody refers to a control or barrier, but may not actually meet the definition of a barrier system/full barrier)
· As a bonus factoid – some auditing systems incorporate barrier function, elements and systems into their approach
· Hollnagel also has different conceptualisation of controls: physical, functional, symbolic, incorporeal
· Other distinctions divide barriers into detect-decide-act. That is, the detection of a threat (e.g. some sensor, or person), decide how to act (e.g. some electric or mechanical logics, or a person), and take the appropriate response (again, machine or person)
· Here’s an excerpt from a paper that tried to standardise some bowtie terminology:
· Some maintain that for a barrier to be considered ‘full’, it must fulfil all three functions of detect-decide-act, whereas others maintain that that’s only relevant for an active barrier
· Then, there’s several iterations of what quality-criteria for assessing a barrier/control. Below are some examples of quality criteria
· And then from ICMM on how to assess what meets the definition of a control, and a critical control
There’s also the critical question of how to specify human performance requirements in barrier systems, but I’ll leave that for another day.
Hurray that ‘safety is simple’, right?
NB. Not shown are management delivery systems, energy thinking, barriers divided by operational phases and lots of other stuff.
LinkedIn post: https://www.linkedin.com/pulse/controls-barriers-safeguards-whats-difference-does-ben-hutchinson-chnoc
Safety & Performance Research Summaries 
2 thoughts on “Controls, barriers, safeguards – what’s the difference? Does it matter?”