As with organizational culture in general, safety and security is about the practices, habits and beliefs about risks and responsibilities that have developed over a long time. Official company policies are only the visible part of that culture, the top of the iceberg. It is the underlying rest that could doom the ship if not properly understood and managed.
There are five key attributes that employees and managers can use to “melt the iceberg” and generate a reliable, positive culture of safety and security (Reason, Managing the Risks of Organizational Accidents, 1998):
- An informed culture is one where those who operate and manage the system have knowledge about the human, technical, organizational, and environmental factors affecting its parts;
- A reporting culture is one in which people are able and encouraged to report safety concerns, errors, near-misses, and breaches immediately and, if necessary, anonymously;
- A just culture is one in which people are encouraged and rewarded for providing safety-related and security-sensitive information without fear of retribution from co-workers or supervisors;
- A flexible culture is one that can break from a conventional management hierarchy and lines of communication when needed to handle safety and security concerns,
- And finally, a learning culture is one that has the willingness and competence to draw the right conclusions from its threat and vulnerability assessments and event information, and then to implement whatever operational, procedural, and policy reforms are necessary to address the identified issues, not just the immediate aftermath of an accident or breach.
Our experts at novaturient can help organizations implement these attributes, and create a sustainable and positive safety and security culture.
In the next part, we will outline how these attributes define companies that operate successfully in risky environments, making them high-reliability organizations.