In AS 2885 safety management studies the concept of ALARP used to be misunderstood fairly often (ALARP = As Low As Reasonably Practicable). Some things ALARP is NOT:
- A risk rank (does it appear in the risk matrix?)
- The objective of the SMS (“We need to reduce all risks to ALARP”)
- “We haven’t really tried to think of any mitigation so we’ll say risk is ALARP”
Unfortunately I’ve seen all of these as implicit interpretations of what ALARP means.
So where does ALARP fit into the AS 2885 SMS process? It’s an extra step that is necessary if risk evaluation produces a risk rank of Intermediate:
- Identify threats
- Apply controls
- Do the controls essentially eliminate the possibility of failure?
- If failure remains possible, do risk evaluation:
- High risk – unacceptable
- Low risk – OK (more-or-less)
- Intermediate – tolerable only if shown to be ALARP
If you are invoking ALARP in any circumstances other than to justify acceptance of an Intermediate risk you’ve got the concept wrong.
Risks that are Intermediate are in a grey area – higher risks are unequivocally unacceptable and so don’t take much thinking about (1), and lower risks can be tolerated just as they are so take even less thinking about. But Intermediate risks are challenging because they are only borderline tolerable, and working out whether they can in fact be accepted may be difficult if you are honest about doing it properly.
More on how to asses ALARP in a day or so.
(1) When I say High risks don’t take much thinking about, I mean within the safety management study. They might create a very big problem for the pipeline engineer or manager who has to do whatever it takes to eliminate them, but that’s outside the SMS process until a solution comes back for reassessment.