People are hurt and killed by systems that were designed without their bodies and\nmistakes in mind — machines that amputate, processes that release energy or\ntoxins, environments that poison slowly. Health and safety engineering exists to\ndesign the hazard out before anyone is exposed to it, and where it can't be\ndesigned out, to guard, control, and warn against it in that order. The\ndiscipline is engineering applied to the prevention of injury, illness, and\ncatastrophic loss, fusing mechanical, chemical, and human-factors knowledge with\nthe law and the unforgiving statistics of how accidents actually happen. Without\nit, safety is left to luck, blame, and the assumption that workers will simply be\ncareful — an assumption every serious incident disproves.
\n","wordCount":119},{"heading":"Core Mission","id":"core-mission","markdown":"Prevent injury, illness, and catastrophic loss by engineering hazards out of\nsystems — and where they remain, control them by the most reliable means, never by\nrelying on people to be careful.","html":"Prevent injury, illness, and catastrophic loss by engineering hazards out of\nsystems — and where they remain, control them by the most reliable means, never by\nrelying on people to be careful.
\n","wordCount":31},{"heading":"Primary Responsibilities","id":"primary-responsibilities","markdown":"The work is hazard identification, risk assessment, and control design across\nproducts, workplaces, and processes. That means analyzing systems for what can\nrelease harmful energy or substances (machine guarding, electrical, fall, fire,\nconfined space, chemical exposure, ergonomic); quantifying risk (likelihood ×\nseverity) and prioritizing; designing and specifying controls up the hierarchy\n(elimination, substitution, engineering controls, administrative, PPE); ensuring\nregulatory compliance (OSHA, NFPA, ANSI, ISO); investigating incidents to root\ncause; and managing process safety where the failure is catastrophic (PSM, the\nprevention of fires, explosions, and toxic releases). A large part of the job is\nmaking the safe way the easy, default way, because controls people bypass don't\ncontrol anything.","html":"The work is hazard identification, risk assessment, and control design across\nproducts, workplaces, and processes. That means analyzing systems for what can\nrelease harmful energy or substances (machine guarding, electrical, fall, fire,\nconfined space, chemical exposure, ergonomic); quantifying risk (likelihood ×\nseverity) and prioritizing; designing and specifying controls up the hierarchy\n(elimination, substitution, engineering controls, administrative, PPE); ensuring\nregulatory compliance (OSHA, NFPA, ANSI, ISO); investigating incidents to root\ncause; and managing process safety where the failure is catastrophic (PSM, the\nprevention of fires, explosions, and toxic releases). A large part of the job is\nmaking the safe way the easy, default way, because controls people bypass don't\ncontrol anything.
\n","wordCount":108},{"heading":"Guiding Principles","id":"guiding-principles","markdown":"- **The hierarchy of controls is non-negotiable order.** Eliminate, then\n substitute, then engineer, then administrate, then PPE. PPE is the last resort,\n not the first answer, because it depends on the person every single time.\n- **Design for the human who errs and the worst case.** People will be tired,\n rushed, untrained, and wrong. Safe systems assume it.\n- **Hazard energy wants out.** Every accident is uncontrolled energy or substance\n reaching a person; control the energy, not just the behavior.\n- **Prevention beats protection beats reaction.** Stop the release, then contain\n it, then respond — in that priority and that order of reliability.\n- **Leading indicators over lagging ones.** Counting injuries tells you you've\n already failed; near-misses and unsafe conditions tell you before.\n- **Safety is engineered in, not inspected in.** Bolt-on safety and posters don't\n change a fundamentally unsafe design.","html":"Health and safety engineers work across the whole organization: design and\nprocess engineers (to build safety in early, where it's cheapest), operations and\nmaintenance crews (who know where the real hazards and workarounds are), industrial\nhygienists and occupational-health staff, management (who own the resources and\nthe safety culture), and regulators and insurers. The hardest and most important\nrelationship is with the front-line workers, whose buy-in determines whether\ncontrols are used or bypassed — which is why the best safety engineers design with\nthem, not for them. Friction lives at the productivity-vs-protection line and in\nincident investigations, where the temptation to blame an individual collides with\nthe duty to fix the system.
\n","wordCount":115},{"heading":"Ethics","id":"ethics","markdown":"The work is, plainly, about whether people go home unharmed — and the engineer\noften stands between a worker's safety and a schedule or budget that would\ncompromise it. Duties: place worker and public safety above production and cost,\nand have the authority and spine to stop unsafe work; tell the truth about risk to\nworkers and management, including the hazards that are inconvenient to name;\nrefuse to let \"compliant\" substitute for \"safe,\" or to scapegoat a worker for a\nsystemic failure; and protect the vulnerable — temporary, untrained, or non-native-\nspeaking workers who bear hazards disproportionately. The gray zones — accepting a\nresidual risk, allocating finite safety budget, balancing privacy against exposure\nmonitoring — demand that the engineer name the trade-off honestly rather than let\nit be made silently by default.","html":"The work is, plainly, about whether people go home unharmed — and the engineer\noften stands between a worker's safety and a schedule or budget that would\ncompromise it. Duties: place worker and public safety above production and cost,\nand have the authority and spine to stop unsafe work; tell the truth about risk to\nworkers and management, including the hazards that are inconvenient to name;\nrefuse to let "compliant" substitute for "safe," or to scapegoat a worker for a\nsystemic failure; and protect the vulnerable — temporary, untrained, or non-native-\nspeaking workers who bear hazards disproportionately. The gray zones — accepting a\nresidual risk, allocating finite safety budget, balancing privacy against exposure\nmonitoring — demand that the engineer name the trade-off honestly rather than let\nit be made silently by default.
\n","wordCount":130},{"heading":"Scenarios","id":"scenarios","markdown":"**A machine that occasionally amputates.** A press has injured operators reaching\nin to clear jams. The plant's first instinct is a warning sign and a glove\npolicy. The engineer applies the hierarchy: can the jam be eliminated by fixing\nthe feed (elimination)? If not, a light curtain and two-hand control that make it\nphysically impossible for the machine to cycle with a hand in the danger zone\n(engineering control). PPE and signage are the last, weakest layer — and never the\nplan. The fix is judged by whether a rushed operator can still get hurt, not by\nwhether a rule now exists.\n\n**A near-miss that was nearly a fatality.** A worker is almost crushed when a\nsuspended load shifts; no injury, no lost time. The temptation is to log it and\nmove on. The engineer investigates it as if it had killed someone, traces it past\nthe rigger's \"error\" to a latent cause — a lifting procedure that didn't specify\nthe right rigging for that load and a schedule pressure that skipped the check —\nand fixes the system. The accident pyramid says the next one like it could be the\nfatality.\n\n**A new process with a toxic inventory.** A design calls for storing a large\nquantity of a hazardous gas. Rather than design ever-more-elaborate containment\nand detection, the engineer pushes inherently safer design: can the process run\nwith a far smaller inventory, generate the reagent on demand, or substitute a less\nhazardous chemical? Reducing what's stored cuts the worst-case release directly —\nthe Kletz principle that what you don't have can't leak — before adding the layers\nof protection that a residual inventory still requires.","html":"A machine that occasionally amputates. A press has injured operators reaching\nin to clear jams. The plant's first instinct is a warning sign and a glove\npolicy. The engineer applies the hierarchy: can the jam be eliminated by fixing\nthe feed (elimination)? If not, a light curtain and two-hand control that make it\nphysically impossible for the machine to cycle with a hand in the danger zone\n(engineering control). PPE and signage are the last, weakest layer — and never the\nplan. The fix is judged by whether a rushed operator can still get hurt, not by\nwhether a rule now exists.
\nA near-miss that was nearly a fatality. A worker is almost crushed when a\nsuspended load shifts; no injury, no lost time. The temptation is to log it and\nmove on. The engineer investigates it as if it had killed someone, traces it past\nthe rigger's "error" to a latent cause — a lifting procedure that didn't specify\nthe right rigging for that load and a schedule pressure that skipped the check —\nand fixes the system. The accident pyramid says the next one like it could be the\nfatality.
\nA new process with a toxic inventory. A design calls for storing a large\nquantity of a hazardous gas. Rather than design ever-more-elaborate containment\nand detection, the engineer pushes inherently safer design: can the process run\nwith a far smaller inventory, generate the reagent on demand, or substitute a less\nhazardous chemical? Reducing what's stored cuts the worst-case release directly —\nthe Kletz principle that what you don't have can't leak — before adding the layers\nof protection that a residual inventory still requires.
\n","wordCount":276},{"heading":"Related Occupations","id":"related-occupations","markdown":"Health and safety engineers apply engineering to a goal — human protection — that\ncuts across every other field. **Mechanical**, **chemical**, and **electrical\nengineers** are both their collaborators and the source of the hazards they\ncontrol. The **environmental engineer** shares the exposure, emissions, and\nmass-balance discipline aimed outward at the public rather than the worker. The\n**nuclear engineer** shares the defense-in-depth and catastrophic-risk mindset.\nThe **fire inspector** and **construction inspector** enforce overlapping safety\ncodes in the field. The **epidemiologist** studies the population-level health\noutcomes the safety engineer works to prevent at the source.","html":"Health and safety engineers apply engineering to a goal — human protection — that\ncuts across every other field. Mechanical, chemical, and electrical\nengineers are both their collaborators and the source of the hazards they\ncontrol. The environmental engineer shares the exposure, emissions, and\nmass-balance discipline aimed outward at the public rather than the worker. The\nnuclear engineer shares the defense-in-depth and catastrophic-risk mindset.\nThe fire inspector and construction inspector enforce overlapping safety\ncodes in the field. The epidemiologist studies the population-level health\noutcomes the safety engineer works to prevent at the source.
\n","wordCount":96},{"heading":"References","id":"references","markdown":"- *Safeware: System Safety and Computers* — Nancy Leveson\n- *What Went Wrong?* and *Lees' Loss Prevention in the Process Industries* — Kletz / Mannan\n- *Industrial Safety and Health Management* — Asfahl & Rieske\n- *Human Error* — James Reason\n- OSHA standards (29 CFR 1910/1926), NFPA, ANSI, ISO 45001\n- NIOSH publications and the Lifting Equation","html":"