Defence in depth


” The principle strategy for the prevention of major accident is defence in depth, which means putting in place a series of defences or controls to guard against a major accident event.  The corresponding model of accident causation is that accidents occur when all these defences fail simultaneously (ref Reason “Swiss Cheese” model, 1997).

“…If one of the controls is regular inspection of pipes and tanks for corrosion, yet inspections are not being done, we can infer that the conditional probability of an accident – the probability given that this control is not in place – is much higher.  The more defective our system of controls, the higher is the probability of accident.  On the other hand, if our controls are all being implemented as intended, the probability of an accident is zero.  …

” Putting it another way, major accidents can be prevented by ensuring that all controls are working as intended.  From this perspective, accidents are no longer chance events; they are caused by control failures which are within the power of the facility owener to prevent.  …

“This way of thinking shifts the questions for top decision makers from “how much is it worth spending?” to “what are the critical controls that are supposed to be in place, and how can I guarantee that they are?””


  • From “How Much Should be Spent to Prevent Disaster? – A Critique of Consequences x Probability”. by Professor Andrew Hopkins, November 2014.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s