Risk acceptance criteria for railway: how safe is safe enough?
A general framework for risk acceptance criteria
Risk, by definition, is the composite of predicted severity and the likelihood of the potential effect of a hazard. It has complexity and uncertainty in its nature; it’s impractical to split risks into “acceptable” and “unacceptable.” In other words, it’s challenging for any one individual or organization to measure risk, and to decide where to draw the line in the sand when it comes to safety.
But while there is no perfect way to measure risk or to evaluate risk assessment, there are some measurable ways that can guide the process.
A commonly used method is to define a tolerable risk region between broadly unacceptable risk and acceptable risk. The acceptability of tolerable risk needs to be assessed case by case, alongside other factors such as technical feasibility, cost, and time constraints.
Unacceptable risk: the risk is not acceptable, so operation is not permissible and immediate action must be taken, except in rare and extraordinary circumstances.
Tolerable risk: the risk is within a range that society can live with. The risk is not negligible or something that can be ignored, but rather is something in need of close monitoring and further reduction if possible.
Broadly acceptable risk: a risk, which for the purposes of life or work, everyone who might be impacted is prepared to accept.
Individual risk vs. societal risk
There are different perspectives to measure risks. The two most common perspectives are individual risk and societal risk.
Individual Risk: The risk to a single person near a hazard.
Societal Risk: The measure of risk to a group of people.
Individual risk is most often expressed in terms of the individual’s probability of fatality per year by using the technology, product, or equipment under evaluation.
Societal risk criteria are important when there is potential for major accidents involving many fatalities. Societal risk is most often expressed in terms of the frequency distribution of multiple-casualty events, such as the FN-curve (accident frequency vs. number of fatalities).
Implementing a risk matrix in the railway industry
Individual risk criteria and societal risk criteria are usually used to evaluate a system’s overall risk to an individual or a community. A railway system usually has multiple subsystems and many components. To guide the safety design and development of components, subsystems, and systems which may involve a wide range of hazards, a more detailed risk acceptance criteria should be established.
The risk matrix method has been developed for this purpose. A risk matrix defines the level of risk by considering the category of probability or likelihood against the category of consequence severity, and then risk acceptability is defined based on the level of risk. Figure 3 shows an example of a risk matrix used in railway industry.
General principles for risk acceptance criteria
Railway transportation poses risks to us all: members of the public, railway workers, the environment, the economy, and the railway system owner must all be considered.
Therefore, it’s generally agreed that the risk acceptance criteria for railway transportation should be determined through a political process and be based on societal values.
For example, in the US, the FTA (Federal Transit Administration) requires each transit agency to provide safety goals and a risk matrix appropriate for the size and complexity of operations in the Public Transportation Agency Safety Plan.
In the UK and the EU, the ALARP (as low as reasonably predictable) evaluation is used. This evaluation is based on the concept that the effort to reduce risk should be continued until the incremental sacrifice in doing so is grossly disproportionate to the value of the incremental risk reduction achieved.
Safety expectation and perception
How safe is safe enough is more of a philosophical question than an engineering decision .
On the individual level, people’s perception of safety and risk varies with their values, education, experience, and personality, among other factors.
On a societal or organizational level, the risk acceptance criteria are developed based on the norms, history, and culture. This explains why the risk matrices from different organizations in the railway industry are different around the world.
With the development of technology, the public’s expectation of rail safety has elevated and as a result, railway authorities have updated their safety goals. However, developing risk acceptance criteria to fit the railway authority’s updated safety goals is a difficult problem that requires comprehensive understanding of railway systems and operations, and some risk modeling to bridge the safety goal to the risk matrix.
With many years’ experience in worldwide railway engineering, the safety experts at Hatch are ready to answer questions on safety targets and risk acceptance criteria, and help clients build their safety management system.
 Mary Kay O’Connor Process Safety Center, “Risk Acceptance Criteria: Overview of ALARP and Similar Methodologies as Practiced Worldwide”, January 2020.
Project Consultant, Railway systems safety and assurance
Alice Fang is a project consultant specializing in railway system safety and assurance. Prior to assurance work, she worked on design and system engineering of railway vehicles. Her solid engineering experience has helped her grow quickly into a lead role in system safety and reliability. Alice Fang is a licensed Professional Engineer, certified Project Management Professional, Certified Reliability Engineer and Certified Quality Auditor, and an active member of Hatch System Safety and Assurance Committee.