Layers of Protection

Multiple layers of protection are widely advocated as a means of avoiding putting all the eggs in one basket.

The layers of protection that can be improved or are even under the control of a project can vary widely, but are generally based upon the gradually expanding range of influence of a hazard or accident.

For example, the layers of protection for a chemical plant could include the following.

  • basic design and choice of materials (e.g. chemical pathway)
  • cautions, warnings, signage, administrative controls, training, ...
  • control systems (e.g., automatic shutdown systems)
  • operator control (e.g., alarms and intervention)
  • damage limitation (e.g., barriers, firewalls, bunding, and personal protective equipment (PPE))
  • emergency response (e.g., first-aid, ambulance, fire-fighting, ...)
  • evacuation (e.g., plant and surrounding areas)

Although there may be a fairly obvious choice for the order in which the layers are listed, sometimes the effects of two different layers may overlap. For example, in the above the effects of a firewall and the sprinklers may both be to contain a fire, where the argument will be if the fire is able to be controlled by the sprinklers for the firewall to contain, or the fire is contained and therefore able to be controlled.

Some principles of risk reduction overlap with the layers of protection, adding a prioritisation to it.


Several layers of protection failed in the Piper Alpha oil platform inferno and the Staplehurst train crash.


One weakness is if there is no monitoring to check whether all the layers are working (and particularly the final layers) until an accident calls them into action.