 Most scientific disciplines deal with tangible objects. Chemistry and biology handle molecules and components. Physics, mechanics and civil engineering study matter in materials. On the contrary, safety science deals with an abstract concept, that is, risk. Even if dramatic consequences of accidents affect people or material assets, and even if their causes concern real features such as toxic chemical products, safety and risk are subjective notions. So several viewpoints on safety and risk exist, as well as several approaches for addressing them. During this first lesson, three viewpoints and associated approaches will be introduced, the qualitative viewpoint, then the quantitative viewpoint, and finally the managerial viewpoint. They will be developed in the lectures of this course. To introduce the concept of risk in a simple way, let me set the scene. Many activities aim to unpack future. First, our expected objectives are specified. We plan for these objectives to be achieved at time t2. For instance, we want to arrive at Paris in day t2. Then actions have to be planned. The action plan aims to achieve the objectives. For instance, to visit Paris, I plan to fly from Beijing to Paris taking off at t1. Putting together an action plan takes time. The design starts at t0 and is completed at t1. Finally, the action plan is carried out from t1 to t2 and the objectives are reached. Therefore, speaking of risk requires the definition of objectives and an action plan for achieving these objectives. This is an imperative prerequisite. Numerous objectives exist. This course is especially dedicated to one of them, preservation of human health and the environment, that is, safety. Unfortunately, in the real world, the execution of the action plan can be affected and objectives not achieved because risk exists. For example, people are injured due to the occurrence of an accident. We mention that risk exists and that this risk hampers the achievement of our objectives. But what is risk? Or, what does risk mean? And when preserving health is the objective, what does safety mean? Unfortunately, there is no unique meaning of these concepts. Their definitions depend on particular considered viewpoints. In this course, three points of view will be investigated. They will lead to three different approaches for handling risks. Thus we will successively address the qualitative viewpoint, also the called deterministic viewpoint, then the quantitative viewpoint, also the called probabilistic viewpoint, and finally the managerial viewpoint. Each viewpoint leads to a specific approach to deal with risks and consequently to ensure safety. This first lecture deals with the qualitative viewpoint, also called the deterministic viewpoint. The disturbance of the execution of the action plan is described as an effect. This viewpoint considers that all effects have a cause and that the cause-effect relationship is deterministic. Consequently, if a cause arises, the effect necessarily occurs. For instance, intoxications or electrocutions lead to injuries, which disturb the health objective. Consider a second example whose objective is to attend a meeting at T2. At T0, we make a decision to drive to the meeting. We leave home at T1. If the tank of a car becomes empty, the engine stops and the journey is delayed. The empty tank defines a cause. The engine stops is an associated consequence. The journey is delayed is a breach of objectives. When this viewpoint is considered, the risk management activity consists of identifying the risks, that is, the causes, the effects, and the cause-effect relationships. These risks can be controlled in two ways. First, identified causes are avoided. Consequently no effects will occur. Secondly, causes may arise but their effects are stopped. In these two situations, thanks to the risk controls, execution of the action plan cannot be disturbed and our objectives are achieved. When the objective is the preservation of health and environment, causes are called hazards. Effects on health are named injuries. Effects on the environment are called harms. Then the two previous risk controls lead to two definitions of safety. Firstly, safety is the absence of hazards. Secondly, safety is the absence of accidents. We are confronted with two definitions of safety requiring a strategic choice, that is, the absence of hazards or the absence of accidents. For instance, let me consider nuclear hazards. Germany chooses to prohibit nuclear plants. This country adopted the first definition. France preserved nuclear plants implementing multiple barriers to prevent accidents. France considers the second definition. The qualitative or deterministic approach assumes that risks are managed before starting the execution of the action plan. Risk management consists of identifying the risk, that is the cause and its effects, and then avoiding or removing causes, such as hazards or suppressing their effects. The barriers which allow the effects to be avoided are integrated into the action plan. Note that, although they are designed between T0 and T1, these risk controls are effective during operation, that is, between T1 and T2. For instance, consider a manufacturer designing a new car from T0 to T1. The manufacturer identifies accidents which could lead to injuries or fatalities, whereas passenger safety is one of its main objectives. During the development of the car, the manufacturer implements airbags. At T1 the first cars are sold. If an accident occurs between T1 and T2, airbags are opened and passengers' health is preserved. As risks are managed between T0 and T1, risks controls are implemented at T1. Thus, authorities can accept or not the launching of risky activities. For example, the car manufacturer is authorized to sell its new car as airbags provide the expected level of safety. When this viewpoint is considered, the following motto is often formulated, everything is under control. The disturbance of the execution of the action plan is an effect which prevents the achievement of the objective. The qualitative or deterministic viewpoint does not accept any deviation when executing the action plan. We are in a zero-risk attitude. The quantitative viewpoint tolerates deviations from the action plan execution and a resulting gap regarding achieved objectives only insofar as this gap acceptable. This acceptability notion is for instance explicit in the following definition of safety. Safety is the freedom from unacceptable risk. Consequently, acceptability criteria have to be defined and assessed to decide whether a risk is acceptable or not. This second viewpoint is called the quantitative viewpoint because of the notion of assessment or evaluation of criteria in a quantitative manner. The quantitative approach requires an assessment of the significance of risk. Firstly, the severity of the consequences is often taken into account. For instance, we don't consider that a chalk between two pedestrians walking in a street affects their safety. And we don't say that they take risks walking in a crowded street. The significance of risk is also assessed considering the probability of occurrence of the effects. Indeed, this approach does not assume that the cause-effect relationship is deterministic. A cause may, or may not, bring about effects. These two quantities, that is, probability and severity, are often combined for assessing risk. For instance, aviation authorities which aim to protect the health of passengers are not demanding zero accidents. They require evidence that the probability of a crash is less than 10 power minus 9 per flight hour. This requirement combines the severity of the consequences of a crash, that is, numerous fatalities, with the probability of such an accident. Extremely severe accidents are acceptable only insofar as their occurrence is implausible. Cause-effect relationships are stirred by probabilistic laws. Identifying these complex relationships which may affect the execution of the action plan is the first risk management activity. Then risk has to be assessed. Finally, risks are treated introducing risk controls to reduce the quantified risk to a level which is acceptable. Pay attention, our goal is to manage risks, not to suffer risks. So we cannot wait for T2 to conclude if risks were actually acceptable or not. Risks have to be managed before starting the execution of the action plan, that is, between T0 and T1. In particular, all the risks controls are implemented before T1. Once more, authorities may accept or not the launching of risky activities on the basis of an acceptability assessment at time T1. For instance, certification authorities accept that an aircraft can be flown commercially. After T1, the actual deviations during the execution of the action plan must be limited by the risks controls implemented between T0 and T1. The gap between expected objectives and achieved objectives must conform to the acceptable risk. The goal of risk management is to control the future. Again, the motto everything is under control is applicable. The previous approaches assume that all the causes of execution deviations are identified and risks are assessed. Thus, they can be treated before T1. So risks are controlled between T0 and T1. Unfortunately, sometimes, causes are unknown. In different circumstances, their effects are unknown. Sometimes the effectiveness of risks controls is unknown. As a result, the actual conformance cannot be guaranteed and authorities have no evidence allowing them to accept the risk. We are faced with uncertainties. For these reasons, the ISO provided in the ISO 31000 standard a new definition of risk, the effect of uncertainty on objectives. This leads a third viewpoint on risk. Consider a new avian flu whose strain is unknown or whose mechanism of contamination of humans is unknown. How to deal with these uncertainties? We are unable to design and implement risk controls a priori, that is, before T1, to avoid or to mitigate the consequences on human health. A third approach to risk and safety management is necessary. It will lead to a continuous activity for managing risk. Firstly, this allows us to benefit from the knowledge and to improve risk controls continuously. In practice, risk management will be more complex as we will see in future lectures. Let me summarize this first lesson with four key points. Firstly, risk and safety are related concepts. Safety management is a specialization of risk management where the objective is the preservation of health and environment. Secondly, definitions of risk and safety depend on subjective viewpoints. Thirdly, the course will address three viewpoints leading to three different approaches, the qualitative or deterministic approach, the quantitative or probabilistic approach and finally the managerial approach. A given viewpoint is often decreed, for instance by regulation. Otherwise, you will be able to make a choice between qualitative, quantitative and managerial viewpoints. Note that techniques, models, and processes appropriate for one viewpoint will not be suitable for an alternative viewpoint. An inappropriate viewpoint will lead to inadequate risk management activities and, in the end, to the non-activement of expected objectives. The following lessons will address the qualitative or deterministic viewpoint. Lesson 2 introduces a first model for representing risk. Then, lessons 3 and 4 present several methods to identify existing risks. The way risk can be treated is developed during lesson 5. Lesson 6 provides an overview of the deterministic approach and discusses its use. The illustration we use will mostly concern with achieving the safety objective that is preserving health and the environment.