Transcript Transportation of Dangerous Goods

Risk Management in
the IT Industry
ELG/SEG/CSI 2910
By Dr. Mike Histed
Office of Risk Management,
Environmental Health and Safety
www.uottawa.ca/services/ehss/
13 February, 2006
Outline
Industry types
 OH&S* law, common themes in
differing jurisdictions
 Voluntary OH&S Standards
 Typical employer OH&S expectations
 Roles and responsibilities
 Risk Management
 Environmental Issues
*OH&S=Occupational Health & Safety

2
What’s out there?

Workplaces tend to be classified
into manufacturing or service
Design of electronics or SW
Manufacturing of microchips,
components and equipment for mass
market and specialty industries
SW development for the mass market or
specialty applications
Military SW and HW development
Web applications
3
Work Environments



Companies such as Nortel, JDS
Uniphase, Marconi, IBM, Microsoft,
Varian, Perkin Elmer…all have
manufacture or
design/development divisions
In mixed work environments
Certain people work purely in an
office setting
4
Work Environments


Other work purely in a
manufacturing setting
Few bridge both settings. They are
usually involved on prototype
development or R&D
5
Workplaces




Different work environments require
different OH&S/Env/risk approaches
North American laws include penalties
(jail time and/or financial penalties)
for supervisors, managers, and
companies
OH&S infractions are now part of the
criminal code in Canada
Basically know the rules applicable to
where you work
6
Canadian OH&S Law and Structure

The Federal Government has jurisdiction
over issues that are outside of the scope
of what one province can handle
Ex. Waterways, air traffic, national security,
banks, etc.

The Provinces have jurisdiction over
matters that can be contained to one
province
7
Canadian OH&S Law and Structure

The Provinces can also add specific
requirements to a federal law
Ex. Worker OH&S, labour laws, permits,
education, etc.

Municipalities govern issues applicable to
their infrastructure
8
Regulatory Structure
Country
Province/State
Municipality

Province/State
Province/State
Municipality
Ex. No smoking in public places
• Ontario has a general regulation
(Municipal Act 2001)
• Ottawa by-law regulates where in when
smoking in public places is allowed
9
OH&S Requirements




WHMIS – the hazards of the job must be
identified
Ergonomics (computer work, repetitive
movements on the assembly line)
Air quality (off gassing of new carpets,
furniture, paint, process chemicals, dust,
particulates etc.)
Workplace safety committee and
inspections
10
OH&S Requirements




ESD, EM waves, radiation and electrical
safety
Evacuation drills, spill and leak response
Harassment, smoking by-laws
…and much more!
11
More OH&S Requirements






Transportation of Dangerous Goods
(TDG)
Emergency planning
Hazardous waste management
General OH&S
Health Canada requirements for
medical devices
Agriculture Canada requirements for
equipment handling food
12
More Requirements


England has ergonomic requirements
built into legislation
Aerospace industry has special
requirements
Extreme traceability
Life span studies



Military specifications
Get to know what applies to your work
Ignorance of the law is no excuse!
13
Bill C-45


On March 31, 2004 it was put into effect
What makes it significant?
 Agents of a corporation (directors, managers, and even
employees) can be charged in criminal court
 Criminal proceeding apply = prison terms and criminal
records
 H&S violations did not have criminal proceeding
possibilities before Bill C-45
 “217.1 Every one who undertakes, or has the authority,
to direct how another person does work or performs a
task is under a legal duty to take reasonable steps to
prevent bodily harm to that person, or any other person,
arising from that work or task.”
14
Voluntary International Standards

International standards are often used to gain
an edge over the competition:
 ISO9001 (quality)
 ISO 14001 (environment), and
 OHSAS 18001 (OH&S)


It is almost guaranteed that manufacturing
and R&D environments will be registered to
one if not all of these standards
SW companies will focus on ISO 9001 or TL
9001
15
OHSAS 18001

The standard requires the company to
show:
Employees understand the OH&S policy
Legal requirements are known by those affected
Measurable improvement objectives have been set
and action plans are in place to meet the objectives
Daily control of hazards is in place
Mechanisms for fixing issues (before and after) are
used properly
Management us involved

The company gets audited a minimum of
annually and any employee is fair game
16
Your OH&S Roles and Responsibilities

First…definition according to the
law:
Worker – collects salary at a company.
Can be a contractor.
Supervisor – has authority over
another worker, or who is in charge of
a work place.
Employer – person who hires workers,
contractors, subcontractors to
undertake the delivery of a service or
perform work.
17
Responsibility Structure

Employer

Supervisor
Worker

Responsible for larger scope
issues
Responsible for relaying
information to superiors and
workers, as well as working
to solve and prevent OH&S
problems
Responsible for identifying
OH&S problems and
following OH&S laws and
procedures
18
Employer Roles and Responsibilities





Providing and maintaining protective
equipment
Ensuring everyone uses equipment
properly
Providing information, instruction and
supervision for working with hazards in
the workplace*
Appoint competent supervisors
Take every precaution reasonable for the
protection of workers
*This general clause is intended to capture all
situations that cannot be defined by the law.
19
Supervisor Roles and Responsibilities




Ensuring that workers wear
protective equipment
Inform workers of OH&S hazards
Works safely
Take every precaution reasonable
in the circumstances to protect
workers*
*Again, another catch-all general clause.
20
Worker Roles and Responsibilities




Comply to OH&S laws
Use and wear protective equipment
the employer provides
Report hazards that endanger
workers
Report contraventions
Shall not:



Engage in pranks that endanger workers
Endanger others or the worker
Disable protective devices
21
Worker Rights




Rights to OH&S training
Right to refuse unsafe work
Right to participate in OH&S decisions
The law:
Prevents the employer from disciplining
or reprising the worker when a true
problem exists
Protects individuals who acted out of
good intention
Does not protect those who plead
ignorance
22
What to Expect When You go to Work

OH&S committees
Management and worker representatives
OH&S inspections of the workplace

Initiation training
What are the physical, chemical, and/or
biological hazards associated with the job
Emergency procedures
Applicable regulations that apply to the,
product/service
Information on the company hierarchy,
both work related and OH&S related
23
Due Diligence

The best defence in OH&S law is due
diligence*
Taking every reasonable precaution to
protect the OH&S of the worker given the
circumstances
* With the exception of Criminal prosecutions as a result of Bill C-45
24
Due Diligence

How does someone show due diligence?
Identifying all predictable events
All reasonable measures taken to prevent an
event – primarily thru structural changes,
communication, training
Verify effectiveness of controls put in place
Identified issues were followed up on,
including disciplinary action where necessary
Incident response and follow up
IF IT ISN’T DOCUMENTED
IT DIDN’T HAPPEN
25
Typical Court Cases and Fines





Failure to educate employee about
hazards of doing the job and how to
prevent injury
Injury to hands (amputation)
Crushing injuries
Death
Fines start at $25 000 per charge
and can be applied to individuals as
much as companies
26
Real Life Situations
What to expect and Guideline
on OH&S
New Job: Making Microchips

Your new employer must cover the
following with you:
WHMIS Training
OH&S committee
Etching, developing, and bonding
chemicals
Personal protective equipment is required
Spill and leak response procedures
Hazardous waste management
ESD training
Clean room procedures
Possibly Transportation of Dangerous
28
Goods
New Job: Developing Software

Your new employer must cover the
following:
WHMIS
Emergency Drills
OH&S committee
Considerations



Most SW developers do not understand their OH&S
roles and responsibilities
A strong bug testing program is essential
Legal OH&S strings are attached to equipment
manufacturers
29
Scenario: Supervision




You are the owner of a small company that
designs specialised SW and HW for air traffic
control
You know that a bug exists ion the guidance
system under certain atmospheric conditions
Your testing manager gets assigned to fix as
many problems as possible before the beta SW
release but can’t fix this specific bug
What do you do?
30
Scenario – what to do



Legislation in all provinces and states require
that suppliers be held responsible for faulty
equipment
If an accident happens due to the SW bug,
your insurance may pay some of the
damages, but it is unlikely that the company
will recover from the financial and credibility
loss
You must delay the release of the SW (even
the beta version). Credibility from the client
is at stake.
31
SW Gone Bad
What can happen?




Insurance premiums can go up
Product can be recalled ($$)
Company designer can be sued
…and you never set foot where the
instrument was built or used
32
Scenario – Hazard Awareness





You are a SW developer working in cubicle
land
You notice the power to your computer is
fluctuating and causing you and some coworkers some problems
You notice a buzzing sound from the wall
socket where the 5 computers involved
are all connected
This has been happening since they rewired your floor
What do you do?
33
Scenario – what to do
1.
2.
3.
4.
As a worker, it is your legal duty to advise
your supervisor of a hazard
Your supervisor is required to investigate and
take measures to resolve true hazards
If you feel the hazard is still present, you must
advise your worker member on the OH&S
committee
If all else fails contact the ministry of Labour
 They will require proof of hazard and inaction
before proceeding
 They can issue an order to the employer
34
Scenario - PPE


Your employer requires you to wear
personal protective equipment when
installing SW and control devices on
the aircraft your company builds
You find the equipment restrictive and
decide that you are willing to live with
safety consequences of not wearing
PPE. After all, you’ve been doing this
for a while…
Is this OK?
35
Scenario – what you have to do



Most jurisdictions have a clause in their
legislations indicating that any specific PPE the
employer requires you to wear has to be worn
If the employer says wear pink pyjamas to be
seen, then it is a LEGAL requirement
Wear the fall arrest harness, if you don’t your
employer has legal jurisdiction to give you a
reprimand or worse
36
Web Sites
Medical Devices
http://www.scc.ca/en/programs/iso_reg/medical.shtml
Standards Council of Canada
http://www.scc.ca/en/programs/iso_reg/medical.shtml
Ontario Ministry of Labour www.gov.on.ca/LAB/main.htm
Ontario Laws www.elaws.gov.on.ca/home_E.asp?lang=en
Health Canada www.hc-sc.gc.ca
US FDA http://www.fda.gov/default.htm
Worker’s Compensation
www.wsib.on.ca/wsib/wsibsite.nsf/public/Home_e
Education Safety Association of Ontario
http://www.wsib.on.ca/wsib/wsibsite.nsf/public/homepage
37
Questions?

Know your roles and responsibilities as a
worker and supervisor
38
Environmental Impact of IT
Factoids






As much as 40% of heavy metals in landfills
come from electronic waste
Between 97’-04’ 315M computers became
obsolete
Shipping of e-waste to developing countries is a
reality
6” of silicone wafers requires 2M gallons of deionized water/day
Large quantities of solvent usage contributes to
localized SMOG issues
Electronic Products Stewardship Canada is
proposing take back concepts for Canada
39
Environmental Impact of IT

Cradle to the grave approach to
environmental protection in the
recent years has generated
legislation which is forcing
manufactures to think about life
cycle of a product and the
environmental impact. In some
industries products must be taken
back by the manufacturer at the end
of their use.
40
Environmental Impact of IT
Manufactures must comply with EU
initiatives on waste electrical and
electronic equipment (WEEE) in
order to sell equipment in Europe.
 Other initiatives in the EU relate to
the restrictions of hazardous
substances (RoHS)
 Example: reduction or prohibition of
lead used on PCB’s effective 2006

41
Environmental Regulation
Overview

Federal
• CEPA, CEAA, TDG, DSL, Species at Risk,
CGRP

Provincial
• EPA, OCDWA, TSSA

Municipal
• Sewer by-laws, noise by-laws
42
Environmental Reg Overview

Federal
• Importation of hazardous substances
• Canada wide inventories of pollutants
(NPRI)
• Importation and exportation of
hazardous waste
• Emergency management of specific
chemical
43
Environmental Issues

Provincial
• Regulations
• Air
• Ozone Depleting Substances
• Non hazardous
• Hazardous waste
• Spills
• Water treatment and discharges
44
Environmental Issues

Municipal
• Local limits placed on effluent begin
released to sanitary and storm sewers
• Nuisance noise in the community
45
Upcoming Environmental Issues

Hardware:
• Use of ODSs
• High consumption of water
• Ensuring staff are trained

Software
• Controls for air emissions processes
• Physical impacts due to robotics
malfunctions
• Modelling for multitude of environmental
issues
46
Definition of Risk
Definition:
Risk is an uncertain outcome
Meaning:
Risk does not represents only
negative events
for example a program that is estimated
to take 750hrs to code could take
500hrs or 1,250hrs, one would have a
positive and one a negative impact
47
What is Risk?
Risk
is characterised by
Uncertainty
is characterised by
Loss
is defined by
Probability
Impact
Timing
Expectations
is valued by
Objectives
Stakeholder
Risk = Probability x Impact
48
Definition of Risk
It is impossible for risks not to be
present.
Risks are present:
crossing the street
paying for items by credit card
deciding on who to hire
deciding which priority is higher
proposing a new idea/project
49
Definition of Risk Management
Definition:
The art of assessing and managing
risks to ensure that the objective is
accomplished within established
tolerance levels
Meaning:
Risks that aren’t known can’t be
managed
50
Process Overview
Risk
Identification
Risk
Monitoring
PROJECT
Risk
Reduction
Risk
Mitigation
51
Risk Identification
Objective:
To identify all the “things” that could
potentially go wrong (or right)
How to do it:
Brainstorming
Project plans
Key objectives for the project
Subject Matter Expertise
Previous Experience
52
Risk Reduction
Definition:
reducing the probability that an
event will occur
How to do it:
obtain written contracts with contractors
conducting background checks on
prospective employees
visit a current user of new equipment
before deciding what to buy
53
Risk Mitigation
Definition:
Reducing the impact of an event once
it’s occurred
How to do it:
insurance
wearing personal protective equipment
temporary staff to meet surge demands
installing an UPS
storing back up tapes off-site
Emergency Response Plans/Business
54
Risk Reduction vs Risk
Mitigation
Risk reduction is much more important
than risk mitigation
Would you rather install a baby gate at
the top of a flight of stairs or put
pillows on the stairs to make the
baby’s landing softer
Risk financing is often expensive
55
Risk Monitoring
Definition:
ensuring that the risk identification, risk
reduction and risk mitigation activities are
effective
How to do it:
management review meetings
loss history
accident/incident reports
supervisor’s comments
THEN START OVER AGAIN!!!!
56
Timing of Risk Management
Planning
20%
Execution/Control
60%
Closing
15%
Effort
Concept
5%
Effort/Cost expended
Impact of the risk
Time
Ability to influence the risk
57
Insurance
Insurance has a limited role.
Insurance is good when:
large numbers of similar events can be
insured
premiums can be established based on
logic/experience
premiums are commercially feasible
Cases when insurance is not useful:
delays in projects (ERP etc)
regulatory fines or jail time
loss of a blackberry
when things go right!
Don’t forget all insurance has specified limits!
58
Questions?
Contact for questions?
Dr. Mike Histed
Office of Risk Management
562-5800 ext 5892

Hans Loeffelholz
Risk Management Officer
Tel: 562-5800 ext 2627
www.uottawa.ca/services/ehss/reposit.htm
59