Prevention Through Design: 7 Decisions Leaders Need
Prevention through design turns safety into a capital decision by forcing leaders to remove hazards before procurement, construction and daily work.
Principais conclusões
- 01Require hazard elimination in the project brief before procurement converts design freedom into retrofit cost, shutdown time and residual operational exposure.
- 02Challenge risk matrix colors when high-severity exposure remains, because a medium rating can hide dependence on perfect behavior and supervision.
- 03Simulate maintenance, contractor work and energy isolation before design freeze so repair tasks do not depend on improvisation after commissioning.
- 04Track PtD through residual-risk decisions, accepted design exceptions and engineered controls, not through workshop attendance or generic safety signoff.
- 05Share this Headline Podcast perspective with capital committees that need to discuss safety before layout, access and procurement choices are locked.
NIOSH describes Prevention through Design as one of the strongest ways to prevent occupational injuries, illnesses and fatalities because hazards are addressed before work reaches the field. This article gives senior leaders seven decisions that move PtD from an engineering slogan to a capital-governance discipline.
Why Prevention through Design belongs on the executive agenda
Prevention through Design belongs on the executive agenda because most expensive safety corrections happen after a cheaper design decision has already been missed. ANSI/ASSP Z590.3-2021 frames PtD as guidance for addressing occupational hazards and risks during design and redesign, which means the topic is not only an EHS concern but also a capital allocation concern.
On the Headline Podcast, Andreza Araujo and Dr. Megan Tranter often return to the same leadership question: what does the organization make easy before asking people to behave safely? PtD answers that question upstream, where layout, access, isolation, maintainability and contractor interfaces are still negotiable.
The trap is to treat PtD as an engineering checklist that EHS reviews at the end. By then, the organization has already converted design freedom into operational exposure, and the safety team is left managing residual risk through procedures, permits and PPE.
1. Make hazard elimination a design requirement, not a preference
Hazard elimination becomes real only when the project brief names it as a required design output. The NIOSH hierarchy of controls places elimination and substitution above engineering controls, administrative controls and PPE, and that order matters because it changes who owns the decision.
What most project teams miss is that elimination has a financial window. Before procurement, relocation, automation or layout change may be viable; after installation, the same decision becomes a shutdown, a retrofit and a budget exception.
Executives should require every capital request above a defined threshold to show which hazards were eliminated, which were reduced by design, and which were left for operations. Without that trace, the approval memo only proves that money was spent, not that risk was reduced.
2. Stop using the risk matrix as the final design argument
A risk matrix can support PtD, but it cannot be the final design argument when high-severity exposure remains. The matrix compresses uncertainty into color, which is useful for sorting, although it can hide the difference between a tolerable nuisance and a credible fatal event.
This is where risk matrix blind spots become expensive. A yellow or medium cell may persuade a steering committee that the design is acceptable, even though the remaining scenario still depends on human memory, supervision, shift discipline or perfect contractor execution.
The better executive question is precise: what design alternative would move this hazard one level up the hierarchy of controls? If the answer exists but was rejected, the project needs a documented tradeoff, not a quiet downgrade inside a colored box.
3. Design maintainability before approving operability
Maintainability is a PtD test because workers get hurt when normal repair requires abnormal body position, improvised access or live troubleshooting. A process can be operable during commissioning and still be unsafe during cleaning, unjamming, inspection or replacement.
Co-host Andreza Araujo explores this pattern in Antifragile Leadership, where leadership strength is measured by how a system learns before a crisis exposes its weakness. In PtD terms, that means treating maintenance as a design user, not as an afterthought called only when production stops.
Leaders should require a maintenance simulation before final design freeze. The simulation should ask whether the worker can isolate energy, reach the component, remove the part, handle the load, see the hazard and communicate with the team without inventing a workaround.
4. Require barrier thinking before the procurement order
Barrier thinking strengthens PtD because it separates prevention from mitigation before the purchase order locks the design. A guard, interlock, ventilation system, access platform or automated feed is not equivalent to a procedure, because each control demands a different level of human reliability.
For major hazards, leaders should connect PtD with Bow-Tie barrier questions before procurement, since the method clarifies which controls prevent the event and which only reduce consequences. This prevents a common executive illusion: believing the organization has many barriers when most of them are the same instruction repeated in different documents.
A practical rule is to reject any design review in which all critical controls sit in training, signage, permits or supervision. Those controls may still be needed, but PtD asks why the design did not remove or engineer out more of the exposure first.
5. Treat contractors as design users, not external visitors
Contractors are design users because they often perform the highest-risk work on assets they did not design and may not operate daily. If the design ignores contractor access, simultaneous operations and handover clarity, the organization imports interface risk into every turnaround, outage and project expansion.
The same logic appears in contractor interface risk: the weakest point is often not the contract clause, but the boundary where two work systems meet. PtD must identify that boundary while drawings are still open, because after mobilization the answer becomes more meetings and more permits.
Executives should ask project teams to map contractor tasks separately from employee tasks. The map should cover access routes, isolation points, lifting paths, rescue access, language or competency assumptions, and the person who can stop the work when the design reality differs from the method statement.
6. Put energy isolation into the layout, not only the procedure
Energy isolation is a design issue because lockout quality depends partly on whether isolation points are visible, reachable, labeled and logically grouped. OSHA lockout expectations are often discussed as procedure, but poor design makes procedure execution slower and less reliable.
The stronger PtD move is to make correct isolation the easiest path. Where a worker must walk across three levels, open a congested cabinet and interpret old labels, the organization has transferred design debt to a maintenance technician under time pressure.
For shutdowns and high-energy maintenance, leaders can connect PtD with lockout tagout during shutdowns, because temporary work often exposes permanent design weaknesses. A shutdown review should record which isolation problems are procedural and which require redesign before the next outage.
7. Measure PtD by residual-risk decisions, not by workshop attendance
PtD measurement should focus on residual-risk decisions because attendance at a design review says little about whether hazards changed. A useful dashboard tracks hazards eliminated, hazards reduced through engineering, design exceptions accepted by leadership and residual risks transferred to operations.
ANSI/ASSP Z590.3-2021 points organizations toward life-cycle thinking, which means the metric cannot stop at project delivery. The better test is whether the asset remains safer to operate, inspect, clean, repair and decommission after the initial excitement of commissioning has ended.
Headline Podcast exists as the space where leadership and safety come together to shape better workplaces and better lives, and PtD is one of the clearest places where that promise becomes visible. Leaders either approve design choices that reduce exposure, or they approve future dependence on perfect behavior.
Each project approved without a PtD decision record adds years of residual exposure, while the cost of changing layout, access and isolation rises after procurement.
Comparison: late safety review vs Prevention through Design
| Decision area | Late safety review | Prevention through Design |
|---|---|---|
| Timing | EHS reviews drawings after major choices are fixed. | EHS, operations and engineering test hazards before design freeze. |
| Control quality | Risk is often pushed into permits, PPE and supervision. | Risk is reduced through elimination, substitution and engineering controls first. |
| Executive visibility | Leadership sees cost, schedule and a generic risk rating. | Leadership sees residual-risk decisions and accepted design exceptions. |
| Maintenance reality | Repair work is discovered after commissioning. | Inspection, cleaning and replacement tasks are simulated before approval. |
| Contractor interface | Contractor risk is managed through onboarding and clauses. | Access, isolation, handover and rescue are designed into the work system. |
Two numbers should sit in every PtD steering conversation. 2021 is the current ANSI/ASSP Z590.3 edition referenced for PtD design and redesign processes, while NIOSH has led a national PtD initiative since 2007, focused on including prevention considerations in designs that affect workers. Those dates show that PtD is not a new slogan, although many organizations still behave as if safety begins when the procedure is written.
Conclusion: design is the first safety conversation
Prevention through Design matters because it forces leaders to decide whether safety will be built into the work or managed around the work after the hazard is already installed.
If your leadership team wants more real conversations about where safety decisions are made, listen to Headline Podcast at headlinepodcast.us and bring this PtD checklist to the next capital review.
Perguntas frequentes
What is Prevention through Design in workplace safety?
Why should executives care about Prevention through Design?
How is Prevention through Design different from a risk assessment?
Where should a company start with PtD?
Does Prevention through Design remove the need for training and PPE?
Sobre a autora
Andreza Araujo
Host & Editorial Lead
Andreza Araujo is an international reference in EHS, safety culture and safe behavior, with 25+ years leading cultural transformation programs in multinational companies and impacting employees in more than 30 countries. Recognized as a LinkedIn Top Voice, she contributes to the public conversation on leadership, safety culture and prevention for a global professional audience. Civil engineer and occupational safety engineer from Unicamp, with a master's degree in Environmental Diplomacy from the University of Geneva. Author of 16 books on safety culture, leadership and SIF prevention, and host of the Headline Podcast.
- Civil Engineer (Unicamp)
- Occupational Safety Engineer (Unicamp)
- Master in Environmental Diplomacy (University of Geneva)