FROM ANCIENT TIMES, the concept of using multiple lines of defense or layers of protection was practiced to survive. During the Byzantine Empire, cities and castles were fortified by trenches, Inoats, multiple stone walls built 30 ft wide and 30 ft high or higher, tall towers equipped with archers and drawbridge-gated entrances, all to provide layers of protection against outside forces. The walls of Constantinople were the most famous of the medieval world, not only due to the scale of the layers of defense, but also due to their construction and design. These lines of defense were constantly challenged and tested by would-be invaders and required continual improvement of defense weaknesses, learning from failures and breaches. However, even the best layers of defense are vulnerable. Ultimately, the walls of Constantinople were breached by an emerging risk of the time: gunpowder and cannon fire. When the Ottoman sultan acquired cannons, the walls of Constantinople were rendered obsolete. On May 29, 1453, the Gate of St. Romanus was destroyed by artillery, the garrison of the Circus Gate was seized, and the Fifth Military Gate was stormed by the Turks. The city was finally captured (Livius. org, 2020). Today, organizations face similar battles from an operational risk standpoint.

The concept of employing multiple lines of defense is used today in military strategies, cybersecurity of information technology, and in high-reliability type organizations such as the nuclear power industry and chemical processing. Seldom does a single risk control measure suffice in providing the sustainable risk reduction required or desired. Since the 1960s, the nuclear and petrochemical industries have made use of the concept of layering protection to prevent and reduce operational risk in their facilities.

Traditional safety practices have often taken a more singular view of controlling known hazards. The reliance upon a single machine guard or employee safety training comes to mind. However, what if the control fails or is inadequate or circumvented? Are redundancies, backup controls or additional layers of control in place to prevent the failure from occurring, and mitigative measures to reduce its severity of harm?

Risk Treatment Strategies

In the OSH profession, several terms are commonly used, sometimes interchangeably, in association with reducing risk: prevention, protection, mitigation and control. As each is a risk reduction...