Pre-Failure Signal Distortion as a Barrier to Integration in Socio-Technical Systems
How to cite
Rajabali Nejad, M. (2025). Pre-Failure Signal Distortion as a Barrier to Integration in Socio-Technical Systems. Safety.Science — Journal of Integrated Safety, 1(1). https://doi.org/10.65620/safetyscience.conceptual.2025.002
Abstract
Many safety failures are preceded not by missing information, but by gradual distortions in how safety-relevant signals are expressed, interpreted, and integrated. While safety research has extensively examined accidents, incidents, reporting systems, and safety culture, comparatively little attention has been paid to the pre-failure transformation of signals that shapes organisational response long before failure becomes visible.
This paper proposes a conceptual framework of pre-failure signal distortion mechanisms in socio-technical systems. Distinguishing between human, cultural, and systemic processes, we focus on five core mechanisms: silence, normalisation, fragmentation, metric substitution, and procedural shielding. Rather than removing information, these mechanisms undermine safety by weakening the system’s capacity for integration—the ability to hold human experience, organisational structure, and contextual meaning together over time.
We further show how distortion mechanisms can be stabilised or strategically activated through power relations and organisational structures without relying on individual intent or moral attribution. By reframing safety as an integration challenge rather than a problem of compliance or information availability, the paper complements existing work on safety culture, resilience, and performance indicators. It offers a foundation for future empirical research and downstream integration-focused design approaches, while highlighting the importance of understanding how signals change shape before failure occurs.
Keywords: pre-failure; signal; distortion; integration; capacity; barrier
1. Introduction
Many safety failures occur in systems where information was available, procedures were followed, and reporting mechanisms were present. Retrospective investigations frequently show that relevant signals existed prior to failure, yet failed to trigger timely or effective response. This observation points to a fundamental pre-failure question for safety science: not whether signals existed, but how they were shaped, filtered, stabilised, and integrated before failure became visible.
We propose pre-failure signal distortion as a distinct explanatory lens that complements existing work on sensemaking, safety culture, and resilience by focusing on how signals are transformed before collective interpretation and control become possible.
Safety research has traditionally focused on outcomes—accidents, incidents, near misses—and on formal mechanisms intended to prevent them (rules, reporting systems, management systems, audits). These approaches have yielded important advances, but they often assume that signals are stable entities that are either present or absent, heard or ignored. In practice, signals are frequently present yet unable to function as integrative inputs. They may be withheld, dispersed, thinned in meaning, translated into proxies, or absorbed into process. Such transformations occur during everyday organisational life and can be reinforced by culture, governance, and power relations.
This paper addresses that gap by proposing a conceptual framework of pre-failure signal distortion mechanisms. The focus is explicitly pre-failure and non-moralising: the aim is not to attribute blame, but to clarify how integration capacity is weakened over time. The paper is deliberately pre-prescriptive: it does not offer interventions, but delineates a coherent problem space for empirical study and downstream integration-focused design.
The paper is deliberately pre-prescriptive: it does not offer interventions, but delineates a coherent problem space for empirical study and downstream integration-focused design.
Contribution.
This paper contributes by (i) foregrounding the upstream transformation of safety-relevant signals before failure visibility, (ii) proposing five Tier-1 distortion mechanisms as a coherent analytic set, (iii) defining integration capacity as the explanatory core vulnerability, and (iv) articulating propositions (P1–P5) that bridge conceptual claims to empirical programmes.
2. Background and Positioning
Multiple traditions in safety science already address aspects of pre-failure dynamics, including organisational sensemaking (Weick,, 1995), safety culture and voice (Reason,, 1997), resilience engineering and Safety-II perspectives on adaptation (Hollnagel,, 2014), and systems thinking in safety (Leveson,, 2011). Related work on drift and the normalisation of deviance highlights how unsafe conditions can become routine without immediate breakdown (Vaughan,, 1996). In parallel, research on early warnings and ‘weak signals’ shows that pre-failure signals often exist but are discounted, filtered, or rendered non-actionable long before disruption occurs (Macrae2014;Nicolaidou2022). At the same time, scholarship on metrics, auditing, and governance warns that proxies may shape organisational reality rather than merely represent it (Power,, 1997; Strathern,, 2000). Recent work in safety science has increasingly emphasised governance, complexity, and the limits of control-oriented safety management approaches (Le Coze,, 2019; Hayes and Hopkin,, 2020).
Despite these advances, safety science still lacks an integrative conceptualisation of how safety-relevant signals are systematically distorted prior to failure across human, cultural, and systemic levels, and how such distortions degrade the system’s capacity to integrate meaning and act coherently. The present paper aims to complement established perspectives by focusing on the transformation of signals as a pre-failure vulnerability, and by proposing a concise set of mechanisms that can be operationalised and empirically examined in future work.
2.1. How signal distortion differs from adjacent constructs
Several established constructs address aspects of pre-failure dynamics, including sensemaking, drift/normalisation of deviance, resilience, safety culture and voice, and critiques of indicator-driven governance. The contribution of pre-failure signal distortion is not to replace these constructs, but to specify an upstream vulnerability: the systematic transformation of signals before they become available for collective interpretation, governance, and action. In this framing, signals may be present and even locally understood, yet lose their integrative capacity through distortions that erode (a) synthesis, (b) continuity, and/or (c) cross-domain legitimacy (Section 6.1). Table 1 summarises how this differs from adjacent constructs.
| Construct | What it primarily explains | Temporal locus | What “signal distortion” adds |
|---|---|---|---|
| Sensemaking (Weick,, 1995) | Interpretation and meaning construction under ambiguity | During / ongoing | Distortion is upstream: it shapes which signals become available, legitimate, and integrable before sensemaking operates collectively. |
| Drift / normalisation of deviance (Vaughan,, 1996) | Gradual movement toward failure through adaptation and success | Pre-failure trajectory | Distortion specifies the signal transformations that enable drift by stabilising diminished sensitivity and integration capacity. |
| Resilience / Safety-II (Hollnagel,, 2014; Amalberti,, 2016) | Adaptive performance and variability as both source of success and risk | Ongoing / systemic | Distortion identifies recurrent mechanisms through which adaptation can weaken integration even when performance appears successful. |
| Safety culture / voice (Reason,, 1997; Pidgeon and O’Leary,, 2017) | Norms, values, and speaking up climates | Ongoing / contextual | Distortion specifies structural and relational mechanisms (fragmentation, metric/procedural effects) that culture alone does not explain. |
| Safety clutter / auditification (Rae et al.,, 2018; Power,, 1997) | Accumulation of safety work and proxy governance | Governance cycles | Distortion integrates proxy governance into a broader mechanism set and links it explicitly to integration conditions (synthesis, continuity, legitimacy). |
Table 1: Contrast with adjacent constructs and the added explanatory contribution of pre-failure signal distortion.
2.2. Distortion mechanisms and culture
While several distortion mechanisms interact with cultural patterns, the framework does not treat culture as a primary explanatory variable. Safety culture typically describes shared values, norms, or attitudes. In contrast, the mechanisms described here operate at structural and relational levels, including process design, representational practices, and integration responsibilities. Culture may stabilise or legitimise distortion, but it does not account for how signals are fragmented, translated, proxied, or procedurally contained. The framework therefore complements cultural analyses by specifying the mechanisms through which cultural conditions become operationally consequential.
3. Methodological Position
The contribution of this paper is conceptual and theory-building. The proposed mechanisms are derived from recurring patterns visible across reflective safety practice, interdisciplinary systems reasoning, and established safety scholarship. They are not advanced as an exhaustive taxonomy or as a definitive causal account of accidents. Instead, they are offered as analytic lenses to make pre-failure phenomena more visible and discussable, especially when retrospective data and formal indicators provide insufficient access to early, ambiguous, relational signals.
This methodological stance is consistent with theory-building work in organisational studies and safety science, where conceptual clarity is necessary before measurement, modelling, and intervention design can be meaningfully pursued (Weick,, 1995; Hollnagel,, 2014). The framework aims to support empirical research by clarifying what should be observed and how pre-failure vulnerability can be conceptualised as an integration problem rather than an information deficit.
It is important to distinguish signal distortion from sensemaking failure. Sensemaking research focuses on how actors interpret ambiguous situations and construct meaning retrospectively or in action. Signal distortion, as used here, refers to systematic transformations that occur prior to sensemaking, shaping which signals become available, legitimate, or integrable in the first place. In this sense, distortion operates upstream of sensemaking: it affects the form, coherence, and transmissibility of signals before interpretation occurs. Sensemaking may succeed locally while distortion prevents signals from entering collective or organisational integration processes.
4. Conceptual Framework: Safety Signals and Distortion
4.1. What is a safety signal?
A safety signal is understood here in a broad, socio-technical sense. It includes not only formal reports and quantitative indicators, but also lived experience, unease, informal observation, and contextual cues. Signals are inherently relational and interpretive: they gain meaning only through the way they are received, connected, and integrated across actors, organisational structures, and situational contexts.
4.2. Distortion versus absence
Distortion in this paper does not imply intentional deception, irrationality, or error. Distortion refers to systematic changes in how signals are expressed, stabilised, and rendered actionable. Signals may be present while their integrative value is diminished. Distortion mechanisms can emerge from adaptation, success, governance, and power dynamics, and may be reinforced by organisational routines and cultural expectations.
4.3. Analytical claims and scope
Based on the framework developed in this paper, we advance three analytical claims. First, we argue that pre-failure safety vulnerability can be explained in terms of weakened integration capacity, even in the presence of abundant information and formal controls. Second, we argue that specific distortion mechanisms become dominant under identifiable structural conditions, such as distributed accountability, performance-based governance, or procedural saturation. Third, we argue that pre-failure signal distortion is expected to predict delayed, reactive, and episodic learning, as opposed to continuous adaptation, regardless of organisational intent.
4.4. Propositions to support empirical programmes
To support empirical investigation, the framework implies the following propositions:
P1 (Fragmentation and delay). Systems with a weak or ambiguous locus of synthesis (Section 6.1a) will exhibit higher fragmentation-driven delays, such that partial signals persist across units without timely coherence formation.
P2 (Audit/KPI dominance and proxy drift). In settings with strong KPI/audit dominance, metric substitution will be more prevalent and will correlate with more episodic learning cycles (i.e., learning triggered by disruption rather than continuous integration).
P3 (Procedural saturation and ownership loss). Under high procedural saturation, procedural shielding will increase even when formal compliance is high, producing signal processing without sustained ownership across the pathway.
P4 (Compound distortions and late surprise). Co-occurrence of fragmentation and procedural shielding will predict higher likelihood of “late surprise” events, where multiple partial warnings exist but no integrated recognition occurs until discontinuity.
P5 (Protection and silence). Where voice is weakly protected and escalation pathways are opaque, silence will become a dominant distortion mechanism, increasing the gap between lived experience and formal organisational records.
5. Pre-Failure Signal Distortion Mechanisms (Tier 1)
Each Tier-1 mechanism is defined by a primary integration failure mode (Table 2) and is analytically distinguished by what it is not. Fragmentation is not silence (signals are present but dispersed); silence is not lack of concern (signals exist but are withheld); normalisation is not drift as an outcome trajectory (it is a stabiliser that makes distortions durable by reducing interpretive sensitivity); metric substitution is not measurement per se (it is proxy replacement of meaning); and procedural shielding is not procedure use per se (it is ownership and judgement being absorbed into compliance pathways).
Before introducing the individual mechanisms, it is important to note that they are not intended as isolated categories. They describe recurrent ways in which early safety signals lose their integrative capacity under everyday organisational conditions. Each mechanism highlights a distinct failure mode, while Table 2 provides an overview to support synthetic reading.
This section presents five mechanisms selected for their conceptual coherence, relevance to ongoing safety science debates, and suitability for immediate publication. Additional mechanisms (e.g., exaggeration, minimisation, temporal delay, moral buffering) are treated as future work.
5.1. Tier-1 selection logic
The Tier-1 mechanisms are selected because they (a) are structurally recurrent across sectors rather than event-specific, (b) degrade integration capacity (see Section 6.1 for the minimal definition) directly (by eroding synthesis, continuity, or legitimacy), (c) can operate in the absence of malicious intent, and (d) are observable through organisational artefacts and practices (e.g., governance forums, metrics, procedures, records, and escalation pathways). Mechanisms treated as future work (e.g., exaggeration, minimisation, temporal delay, moral buffering) are considered derivative or secondary in the present framework: they often emerge as adaptive responses within the Tier-1 structural conditions or amplify Tier-1 distortions rather than constituting primary integration-degrading structures.
5.2. Fragmentation: Distributed Signals and the Loss of Coherence
Fragmentation occurs when safety-relevant signals are dispersed across individuals, departments, documents, or moments in time, such that no single actor or unit holds the signal in its entirety. Unlike silence or suppression, fragmentation does not require that information be hidden or withheld. On the contrary, fragmented signals are often widely present, yet structurally disconnected.
In fragmented systems, partial awareness is common. Individuals may recognise concerns within their immediate scope, while assuming that other aspects are known or addressed elsewhere. Reports are written, conversations take place, and indicators are generated, but these elements remain insufficiently connected to form a coherent picture that can inform integrated decision-making.
Fragmentation weakens safety not through error or neglect, but through the absence of an explicit locus for coherence. Responsibility for integration is diffused, and the expectation that someone else will “see the whole” becomes normalised. As a result, actions taken within local domains may be correct and well-intentioned, while the system as a whole drifts without oversight.
From an integration perspective, fragmentation represents a failure to hold together human experience, organisational structure, and contextual meaning. Signals remain valid within their local contexts but lose their capacity to inform system-level understanding. This explains why fragmented systems often respond only after discontinuities become visible as incidents or crises, despite the prior existence of relevant information.
Fragmentation is particularly resilient to traditional safety interventions, as adding more reporting channels or documentation can further increase dispersion without improving coherence. Addressing fragmentation therefore requires attention not to the volume of information, but to the conditions under which integration is expected, enabled, and institutionally supported.
In short.
Fragmentation weakens integration by distributing partial signals across actors and artefacts such that no locus of synthesis can form a coherent picture in time.
5.3. Silence: Withheld Signals and the Absence of Protection
Silence refers to situations in which safety-relevant signals are present but not communicated, despite being recognised by individuals or groups. Unlike fragmentation, where signals are dispersed, silence involves an active or passive withholding of information from organisational channels where integration could occur. Importantly, silence should not be understood as indifference or ignorance. In many cases, it reflects a rational response to perceived risk associated with speaking up. This emphasis on early, ambiguous concern aligns with work on weak signals and early warnings, where recognised concerns can exist long before organisations develop integrative response (Macrae,, 2014; Nicolaidou et al.,, 2022).
From a pre-failure perspective, silence emerges when individuals assess that voicing a concern is unlikely to lead to constructive integration or may carry negative personal or professional consequences. These consequences need not be explicit. Subtle signals—such as previous dismissals, lack of follow-up, reputational costs, or procedural complexity—can be sufficient to discourage communication. Silence, therefore, often reflects an absence of protection rather than an absence of concern.
Silence undermines safety by removing experiential input from the integration process. Human perception, intuition, and unease—often the earliest indicators of emerging risk—remain local and unarticulated. As a result, organisational understanding becomes increasingly detached from lived reality. Decisions are then made based on formally available information that appears complete, while critical dimensions remain unexpressed.
Silence also interacts with other distortion mechanisms. Fragmented systems increase the likelihood of silence by obscuring where signals should be directed. Procedural shielding can render speaking up ineffective by routing concerns into processes that offer no visible ownership or response. Normalisation further stabilises silence by framing non-communication as appropriate, professional, or aligned with organisational norms.
Crucially, silence does not eliminate signals; it displaces them temporally. Concerns that cannot be expressed early often reappear later in amplified or less tractable forms, such as sudden crises, informal disclosures, or post-event rationalisations. In this sense, silence shifts safety learning from a continuous process to an episodic one, dependent on disruption rather than integration.
From an integration standpoint, silence represents a breakdown in the relational dimension of safety. The system retains structural and procedural capacity but loses access to experiential meaning at critical moments. This explains why organisations with extensive reporting systems and formal openness initiatives may still experience silence: the issue lies not in the availability of channels, but in the conditions under which signals are perceived as safe to articulate.
These dynamics resonate with established work on organisational voice and reporting in safety-critical contexts, while extending it by situating silence within a broader pre-failure signal distortion frame (Dekker,, 2014).
Addressing silence, therefore, cannot be reduced to encouraging voice or increasing reporting requirements. Without explicit responsibility for integrating early, uncertain, or uncomfortable signals, silence remains a rational adaptation. Safety, in this context, depends less on expression itself and more on whether the system can demonstrably hold what is expressed.
In short.
Silence weakens integration by withholding experiential input, forcing decisions to be made with formally complete records that are semantically incomplete.
5.4. Normalisation: When Distortion Becomes Routine
Normalisation describes the process through which recurring signal distortions become embedded as ordinary, acceptable, or expected aspects of organisational life. Unlike silence or fragmentation, which describe specific ways signals are altered or withheld, normalisation operates as a stabilising mechanism: it renders distortion unremarkable.
In normalised contexts, behaviours and conditions that would once have prompted concern are reframed as typical, manageable, or inherent to the work. This reframing does not eliminate signals; rather, it alters the interpretive frame through which they are perceived. What might previously have been recognised as an anomaly or early warning becomes reclassified as background noise.
This stabilisation of what counts as “normal” is consistent with resilience-oriented accounts of adaptation and routine performance shaping safety over time (Amalberti,, 2016; Hollnagel,, 2014).
Normalisation often emerges incrementally. Repeated exposure to unresolved concerns, coupled with continued organisational functioning, produces an implicit inference that conditions are acceptable. Over time, this inference hardens into expectation. New entrants learn not only formal procedures, but also what is worth noticing and what can be safely ignored. In this way, normalisation is transmitted culturally, without requiring explicit endorsement.
From an integration perspective, normalisation weakens safety by narrowing the range of signals that are considered legitimate inputs for decision-making. Signals that fall outside this narrowed range may still be observed, but they are less likely to be articulated, connected, or acted upon. Normalisation thus amplifies other distortion mechanisms: it supports silence by redefining speaking up as unnecessary, and it sustains fragmentation by removing the perceived need for coherence.
Importantly, normalisation does not depend on complacency or lack of professionalism. It often develops in high-performing environments where individuals adapt successfully to constraints and demands. In such contexts, continued success can paradoxically reinforce distorted interpretations, as the absence of immediate negative outcomes is taken as confirmation that existing practices are sufficient.
Normalisation also interacts with power and leadership structures. When leaders implicitly signal acceptance of certain conditions—by prioritising performance, speed, or alignment over integrative reflection—normalisation accelerates. Conversely, the absence of visible integration work by leadership can lead individuals to conclude that certain signals are outside the organisation’s scope of concern.
The safety impact of normalisation lies in its temporal effect. By stabilising distortion over time, normalisation delays recognition of accumulating risk and shifts learning from continuous adjustment to episodic correction. Systems governed by normalisation tend to respond only when deviations exceed the boundaries of what can be explained away as normal.
From a pre-failure standpoint, normalisation represents a loss of interpretive sensitivity. The system retains its capacity to function and to comply, but gradually loses its ability to distinguish between what is familiar and what is acceptable. This distinction is critical for integration: without it, early signals are filtered out not by suppression, but by expectation.
In short.
Normalisation weakens integration by stabilising distortion as routine, reducing interpretive sensitivity and narrowing what counts as a legitimate signal.
5.5. Metric Substitution: When Measurement Replaces Meaning
Metric substitution occurs when quantified indicators gradually replace the underlying meanings they were intended to represent. In safety-critical systems, metrics are introduced to support oversight, comparability, and accountability. Over time, however, these indicators can become proxies that stand in for complex safety realities, reshaping how signals are perceived, discussed, and acted upon.
Unlike fragmentation or silence, metric substitution does not obscure information through absence or dispersion. Instead, it narrows attention to what is measurable. Safety-relevant experiences that do not fit existing indicators—such as unease, ethical concern, or emerging complexity—remain present but lose organisational traction. As a result, signals are not denied; they are rendered irrelevant by virtue of being uncounted.
Metric substitution often develops through successful governance. When indicators align with regulatory expectations, audit requirements, or performance targets, they become reliable tools for demonstrating control. This reliability can create a feedback loop: what can be reported confidently is increasingly prioritised, while what resists measurement is treated as ambiguous or secondary. Over time, metrics acquire interpretive authority.
From an integration perspective, metric substitution weakens safety by decoupling representation from experience. Quantified indicators circulate efficiently within organisational structures, but they carry limited contextual meaning. Human experience is translated into numbers, and numbers are treated as sufficient grounds for decision-making. The integrative task of holding experience, structure, and context together is thus replaced by proxy coherence.
This observation aligns with critiques of indicator proliferation and audit-driven safety governance, including the accumulation of “safety work” that may not strengthen operational safety (Power,, 1997; Rae et al.,, 2018).
Metric substitution also interacts with power and strategy. Actors with influence over indicator selection, threshold setting, or reporting formats can shape which signals gain visibility. In competitive or resource-constrained environments, favourable metrics may be emphasised to justify decisions, secure legitimacy, or suppress alternative interpretations. In such cases, metrics do not merely describe reality; they actively configure it.
Importantly, metric substitution does not imply that metrics are inherently flawed or misleading. Indicators can support learning and coordination when they remain connected to their referents. Distortion arises when the presence of acceptable numbers is taken as evidence that underlying conditions are acceptable as well. In this shift, safety becomes a property of dashboards rather than of lived practice.
The temporal effects of metric substitution further complicate integration. As long as indicators remain within acceptable ranges, deviations accumulate unnoticed. When discrepancies between measured performance and lived experience eventually surface, they often do so abruptly and in forms that resist easy quantification. Learning is then forced into reactive modes, rather than being supported through continuous integration.
From a pre-failure standpoint, metric substitution represents a loss of semantic integrity. Signals retain formal clarity but lose their capacity to convey meaning across organisational boundaries. Addressing this loss requires not additional metrics, but renewed attention to how indicators relate to the realities they are meant to reflect—and to the spaces in which non-quantifiable signals can still be held alongside numbers.
In short.
Metric substitution weakens integration by replacing meaning with proxies, so representation circulates efficiently while contextual understanding erodes.
5.6. Procedural Shielding: When Process Absorbs Responsibility
Procedural shielding occurs when formal processes absorb safety-relevant signals in ways that prevent responsibility, judgement, or integration from being exercised. In such cases, signals are neither silenced nor ignored. They are correctly routed, logged, and processed, yet fail to result in meaningful engagement or ownership.
This is compatible with accounts of verification rituals in which procedural correctness can substitute for substantive engagement with risk (Power,, 1997; Strathern,, 2000).
Unlike metric substitution, which replaces meaning with representation, procedural shielding replaces responsibility with compliance. Where metric substitution primarily concerns representational proxies, procedural shielding primarily concerns responsibility and ownership continuity across pathways. Signals are translated into procedural artefacts—forms, tickets, cases, or workflows—that satisfy organisational requirements while simultaneously distancing actors from the underlying concern. The process functions as an intermediary that contains the signal without necessarily transforming understanding. This disconnect resonates with work-as-imagined versus work-as-done gaps, where formal procedure can diverge from operational reality in ways that conceal emerging vulnerabilities (Hollnagel,, 2017).
Procedural shielding is particularly likely in organisations characterised by complexity, regulatory pressure, or distributed accountability. Formal processes are introduced to ensure consistency, fairness, and traceability. Over time, however, these same processes can become protective barriers. Once a signal enters the system, its handling is governed by predefined steps that may leave no space for discretionary integration or cross-boundary interpretation.
From an integration perspective, procedural shielding weakens safety by decoupling action from meaning. The system demonstrates that it has responded—by processing the signal—without ensuring that human experience, contextual understanding, and organisational judgement are brought together. Integration is thus replaced by procedural completion.
Procedural shielding also interacts strongly with power. Authority is exercised not through direct decision-making, but through control of process design and ownership. Leaders and managers may remain formally compliant while remaining substantively detached from emerging concerns. In such contexts, escalation becomes difficult not because it is forbidden, but because the process itself defines what counts as resolution.
This mechanism can be strategically exploited. Actors seeking to deflect attention or avoid accountability may rely on procedural correctness as a defence against further inquiry. By adhering strictly to process, they can demonstrate alignment while preventing deeper engagement. Procedural shielding thus becomes a vehicle through which distortion mechanisms are stabilised under the appearance of order.
The temporal effects of procedural shielding mirror those of other Tier-1 mechanisms. Early signals are processed efficiently but shallowly, postponing integration until issues reappear in forms that exceed procedural capacity. When this occurs, organisations often respond by adding further layers of process, thereby intensifying the very conditions that produced the shielding effect.
From a pre-failure standpoint, procedural shielding represents a loss of agency integration. The system retains formal structure and accountability on paper, but loses the ability to connect signals to responsible actors who can interpret and act across boundaries. Safety, in this sense, becomes a function of procedural integrity rather than of collective understanding.
Addressing procedural shielding therefore does not require abandoning process, but re-examining the relationship between procedure and responsibility. Without explicit spaces where signals can escape procedural containment and be held relationally, processes risk becoming mechanisms of distortion rather than instruments of safety.
In short.
Procedural shielding weakens integration by absorbing signals into compliance pathways that process concerns without restoring ownership or cross-boundary judgement.
| Mechanism | Primary integration failure mode | Typical structural conditions |
|---|---|---|
| Fragmentation | Loss of coherence (no locus of synthesis) | Distributed accountability; siloed governance; multi-interface work |
| Silence | Loss of protected voice (signals withheld) | Low protection; opaque escalation; reputational risk |
| Normalisation | Loss of interpretive sensitivity | Repeated unresolved concerns; success reinforcing routines |
| Metric substitution | Loss of semantic integrity (proxy replaces meaning) | KPI/audit dominance; performance governance; dashboard-centric decisions |
| Procedural shielding | Loss of agency integration (process absorbs ownership) | Procedural saturation; compliance emphasis; unclear responsibility |
Table 2: Five Tier-1 pre-failure signal distortion mechanisms, their primary integration failure modes, and typical structural conditions.
Illustrative example (composite scenario). Consider a hospital escalation process in which nurses report concerns through an electronic incident system. Individual reports are logged (no silence), routed to different committees (fragmentation), assessed against predefined indicators (metric substitution), and closed once procedural steps are completed (procedural shielding). Because similar issues have occurred without immediate harm, concerns are increasingly treated as routine (normalisation). At no point is there a forum with authority to synthesise experiential concern, procedural signals, and contextual risk. The system functions as designed, yet integration capacity is progressively eroded before any adverse event occurs.
Although framed in healthcare, the same mechanism pattern transfers to other sectors. In rail or infrastructure maintenance, weak-signal reports may be fragmented across contractors and asset systems, assessed through indicator thresholds, and closed through procedural completion. In aviation SMS, reports may be logged yet filtered through proxy metrics and governance routines that preserve compliance without restoring cross-domain synthesis. In offshore or chemical process safety, audit cycles and procedural saturation can similarly stabilise proxy success while early experiential unease remains weakly legitimate. This resonates with early-warning accounts in healthcare disasters, where weak signals were present but progressively discounted or deformed before event visibility (Macrae,, 2014).
6. Integration as the Core Vulnerability
Across the distortion mechanisms described, a common pattern emerges. Safety-relevant signals are rarely absent. Instead, they are present but unable to be integrated.
6.1. A minimal definition of integration capacity
For the purposes of this paper, integration capacity is treated as a system property that minimally requires: (a) an identifiable locus of synthesis (a role, forum, or interface where partial signals can be assembled into a coherent situation), (b) temporal continuity (the ability to sustain attention across time so early signals are not reset or lost between cycles), and (c) cross-domain legitimacy (signals from experiential, structural, and contextual sources are treated as admissible inputs for understanding and decision). Distortion mechanisms are analytically defined by how they erode one or more of these minimal conditions. This minimal characterisation is consistent with systems-integration fundamentals that treat integration as a cross-domain challenge shaped by humans, systems, environments, and their interactions (Rajabalinejad et al.,, 2020).
In practical terms, a locus of synthesis may take the form of a safety review board or coordination role with authority to integrate signals; temporal continuity may be observed where issues persist and are revisited across audit or review cycles; and cross-domain legitimacy is present when experiential signals such as operator unease are treated as admissible alongside formal indicators and procedural data.
Integration, in this context, refers to the system’s capacity to hold together lived human experience, organisational structure and decision processes, and contextual meaning over time. Each distortion mechanism undermines this capacity in a specific way.
Silence removes experiential input. Fragmentation disperses responsibility and coherence. Metric substitution replaces understanding with proxies. Procedural shielding absorbs concerns into process without ownership. Normalisation stabilises these distortions as routine. The result is not ignorance, but structural disconnection.
Importantly, this loss of integration can occur even in systems with abundant data, formal reporting channels, and well-defined procedures. Safety failures, from this perspective, are not primarily the result of missing rules or insufficient compliance, but of weakened integration capacity. Signals no longer arrive in a form that allows human, organisational, and contextual dimensions to be held together at the moment decisions are made.
This reframing shifts attention away from individual error and toward the conditions under which integration becomes difficult or impossible. It also explains why safety interventions that focus solely on reporting, measurement, or procedure often fail to produce lasting improvement. Integration is therefore not a downstream optimisation problem, but a pre-failure vulnerability.
6.2. Leadership as a Structural Condition for Signal Integrity
Leadership plays a decisive role in shaping the conditions under which early safety signals retain or lose their integrity. This role is often misunderstood as a matter of encouragement, attitude, or personal openness. From a pre-failure integration perspective, however, leadership functions primarily as a structural condition, not a behavioural trait.
Leaders influence signal integrity through the expectations they establish regarding coherence, ownership, and legitimacy of concern. Where leadership implicitly rewards local optimisation, speed, or alignment over integrative understanding, distortion mechanisms such as fragmentation, silence, and metric substitution are more likely to emerge. Conversely, where leadership makes integration itself an explicit responsibility, signals are more likely to remain connected and meaningful.
Importantly, leadership does not need to actively suppress information for distortion to occur. Distortion often arises when leaders are structurally absent from early signal spaces, leaving signals to circulate laterally without a recognised pathway for synthesis. In such contexts, individuals adapt by translating concerns into formats that fit existing procedures or metrics, or by withholding information that lacks a clear recipient.
Power dynamics further shape this process. Leaders hold disproportionate influence over which signals are treated as legitimate and which are dismissed as peripheral, premature, or misaligned. Strategic actors can exploit this asymmetry by selectively activating distortion mechanisms—such as procedural shielding or metric substitution—to advance competitive or positional interests. In these cases, leadership does not create distortion directly, but enables it through structural permissiveness.
From the perspective of integration, leadership integrity is therefore less about decisiveness and more about holding space. This includes maintaining arenas where incomplete, uncomfortable, or cross-boundary signals can coexist without immediate resolution. When such spaces are absent, early signals are forced into simplified, delayed, fragmented, or procedurally contained forms that undermine their integrative value.
Ensuring the integrity of early signals does not require leaders to act as problem solvers or arbiters of truth. Rather, it requires them to sustain conditions in which integration is possible: clarity about who is responsible for coherence, tolerance for ambiguity, and protection of voices that do not yet fit established categories. Without these conditions, even well-designed safety systems are likely to experience pre-failure signal distortion.
7. Power and Strategic Activation of Distortion
Distortion mechanisms can arise through adaptation and routine; they may also be stabilised or activated strategically in competitive or power-laden environments. In such contexts, power operates not only through formal decision rights, but through selective control over which signals gain legitimacy, which representations dominate, and which processes are treated as definitive.
These forms of power are most visibly enacted in governance arenas such as escalation meetings, audit reviews, prioritisation committees, and cross-functional coordination forums.
Power is used here in a structural sense, combining (i) positional power (authority attached to roles), (ii) procedural power (control through process design, escalation rules, and admissibility), and (iii) epistemic/discursive power (control over which representations, metrics, or narratives count as valid). Strategic activation of distortion mechanisms is conceptualised as the selective use of these power modalities to shape which signals become legitimate, integrable, and actionable.
Strategic behaviour (including competition, reputation management, or the marginalisation of alternative viewpoints) does not necessarily introduce new distortion types. Rather, it exploits existing channels: silence can suppress competitors’ concerns; fragmentation can prevent coherent understanding from forming; metric substitution can elevate proxies (including social or reputational indicators) over substantive meaning; procedural shielding can contain critique within compliance structures; and normalisation can stabilise the resulting state as routine.
This structural view allows safety science to address power dynamics without moral attribution. The issue is not primarily individual intent, but structural permissiveness: distortion becomes effective when the system does not explicitly expect or support integration of early signals. In this sense, power games can be understood as strategic exploitation of integration weaknesses.
The framework further supports conditional propositions. Under conditions of high task complexity and distributed responsibility, fragmentation is likely to dominate. Where voice is weakly protected and escalation pathways are opaque, silence becomes the primary distortion mechanism. In performance-driven or audit-intensive environments, metric substitution and procedural shielding are expected to become structurally reinforced. These conditions are not mutually exclusive and may co-occur, producing compound distortion effects that further degrade integration capacity (see Section 6.1 for the minimal definition).
8. Implications for Safety Science
The framework of pre-failure signal distortion mechanisms proposed in this paper has several implications for safety science research and practice. These implications do not challenge existing safety theories, but rather complement them by shifting attention to an earlier and often under-examined phase of the safety process: the transformation of signals before they enter formal decision-making and control systems.
8.1. Reframing Safety as an Integration Challenge
A central implication of this work is the reframing of safety from a problem of information availability or rule compliance to a problem of integration (see Section 6.1 for the minimal definition). Across the mechanisms discussed, safety-relevant signals are typically present but unable to be held together in ways that allow human experience, organisational structure, and contextual meaning to inform one another.
This perspective suggests that safety vulnerabilities can persist even in systems with extensive reporting infrastructures, mature safety cultures, and comprehensive procedural controls. Failures may occur not because signals were absent or ignored, but because the system lacked the capacity to integrate them at the right moment and at the right level.
For safety science, this reframing highlights the need to complement outcome-oriented and compliance-oriented approaches with conceptual tools that address coherence, relationality, and meaning-making as core safety functions.
8.2. Implications for Safety Management and Governance
For safety management practice, this framework suggests that the effectiveness of reporting systems, audits, indicators, and escalation procedures depends less on their formal presence than on whether they preserve integration capacity (see Section 6.1). Reporting systems may exist yet fail to support safety if signals are fragmented, silenced, normalised, proxied through metrics, or absorbed into procedure without ownership. This integration-oriented framing is compatible with national standardisation efforts that formalise safety-by-design as a cross-domain, life-cycle practice (e.g., NTA 8287:2021) (NEN,, 2021). The standard is referenced here only as an example of integration-oriented framing, not as a nationally limiting claim about applicability.
From this perspective, safety management systems, audits, and governance processes can be understood not merely as control instruments, but as potential sites of pre-failure signal distortion. Audits may reinforce metric substitution, escalation procedures may enable procedural shielding, and reporting systems may coexist with silence if protection and synthesis are absent. The framework therefore shifts attention from compliance with safety mechanisms to the conditions under which those mechanisms sustain or erode integration.
Three interpretive shifts follow from this framing:
- • Shift 1: From “Are we collecting data?” to “Is there a locus of synthesis with authority to integrate signals?”
- • Shift 2: From “Are KPIs green?” to “Do indicators preserve semantic integrity across domains?”
- • Shift 3: From “Was the procedure followed?” to “Did ownership persist across the escalation pathway?”
Importantly, this does not imply that safety management tools are ineffective or misguided. Rather, it highlights that their contribution to safety depends on how they interact with organisational structures, power relations, and interpretive routines that shape early signal handling. In this sense, the framework offers a conceptual lens for reinterpreting familiar safety practices, rather than proposing new ones.
8.3. Extending Existing Work on Culture, Voice, and Metrics
The distortion mechanisms described here intersect with several established areas of safety science research, including safety culture, speaking up, and the use of performance indicators. However, rather than treating these domains separately, the framework situates them within a unified account of signal transformation.
Silence, for example, is reframed not primarily as a deficit of voice or courage, but as a rational response to structural conditions that fail to protect early signals. Metric substitution is presented not as a flaw in measurement per se, but as a semantic distortion that arises when indicators are treated as sufficient representations of complex realities. Normalisation is understood not as complacency, but as an interpretive drift that stabilises distortion over time.
By integrating these phenomena within a common pre-failure framework, the paper offers a way to connect disparate strands of safety research that are often examined in isolation.
Empirically, leadership-related signal distortion can be examined in settings such as safety review boards, escalation meetings, audit interactions, and cross-functional governance forums. In these arenas, leadership influence is visible not primarily through decisions taken, but through which signals are invited, deferred, reframed, or absorbed into process. Studying these interactional sites allows analysis of leadership as a structural condition for integration rather than as an individual trait.
8.4. Implications for the Study of Power and Strategy in Safety
The analysis also contributes to ongoing discussions about power, authority, and strategic behaviour in safety-critical organisations. Rather than conceptualising power primarily in terms of decision rights or hierarchical control, the framework highlights how power operates through the selective activation and stabilisation of distortion mechanisms.
From this perspective, strategic behaviour does not introduce new forms of distortion, but exploits existing ones. Power determines which signals gain legitimacy, which representations dominate, and which processes are treated as definitive. This structural view allows safety science to address issues of influence and inequality without resorting to moral attribution or individual blame.
8.5. Methodological Implications: Studying Pre-Failure Phenomena
Methodologically, the paper underscores the importance of conceptual and phenomenological approaches in safety science. Pre-failure signal distortion is difficult to capture through incident data, retrospective analysis, or quantitative indicators alone. It often becomes visible only through attention to lived experience, narrative accounts, and organisational sense-making practices.
This suggests a need for greater methodological pluralism in safety research, including approaches that prioritise early, ambiguous, and relational phenomena. Such approaches can complement empirical and model-based methods by clarifying what should be measured, integrated, or designed for in the first place. Weak-signal scholarship in safety and process safety also suggests concrete ways to surface early traces—through expert elicitation, governance artefacts, and hybrid qualitative–computational approaches (Nicolaidou et al.,, 2022; Yu et al.,, 2022).
- • Fragmentation: document analysis; responsibility mapping; cross-boundary case tracing.
- • Silence: interviews comparing lived experience vs. formal records; discrepancy analysis; shadow reporting pathways.
- • Normalisation: longitudinal ethnography of interpretive routines; meeting discourse analysis; onboarding narratives.
- • Metric substitution: indicator–decision mismatch studies; audit trail analysis; comparative justification analysis.
- • Procedural shielding: process tracing of escalation pathways; workflow completion vs. ownership continuity; governance forum observation.
| Mechanism | Typical empirical traces (what to look for) | Suggested methods (how to study it) |
|---|---|---|
| Fragmentation | Duplicate case IDs across units; repeated handoffs; “no clear owner” language in minutes; partial signals appearing in separate artefacts without synthesis | Document analysis; responsibility mapping; cross-boundary case tracing |
| Silence | Discrepancies between lived experience and formal records; informal “shadow” pathways; repeated “not worth escalating” narratives | Interviews comparing experience vs records; discrepancy analysis; shadow reporting mapping |
| Normalisation | Language shifts from anomaly to routine; onboarding stories that narrow what counts as noteworthy; recurring concerns reframed as “how things are” | Longitudinal ethnography; meeting discourse analysis; onboarding narrative analysis |
| Metric substitution | Decisions justified by KPI status despite narrative concerns; proxy success used to dismiss experiential signals; indicator-threshold talk replacing contextual meaning | Indicator–decision mismatch studies; audit trail analysis; comparative justification analysis |
| Procedural shielding | Workflow closure while concerns recur; repeated reopenings; procedural completion presented as resolution; escalation routed into “closed” states without ownership continuity | Process tracing of escalation pathways; workflow completion vs ownership continuity; governance forum observation |
Table 3: Operational traces of Tier-1 mechanisms: empirical observables and suitable study methods.
8.6. Implications for Downstream Design and Engineering Approaches
Finally, the framework has implications for downstream work in safety management, system design, and integration-focused engineering. By identifying specific ways in which signals lose their integrative capacity, the mechanisms described here can inform the design of organisational structures, interfaces, and processes that better support reintegration.
Importantly, these implications remain deliberately pre-prescriptive. The paper does not propose specific interventions or methods, but rather delineates the problem space that such interventions must address. In doing so, it provides a conceptual foundation for future work that seeks to formalise integration requirements and develop operational responses to pre-failure vulnerability.
9. Limitations and Future Work
This paper is conceptual and deliberately pre-prescriptive. It does not provide empirical validation of the proposed mechanisms, nor does it claim exhaustiveness. Future work should operationalise the mechanisms for empirical study, examine sector-specific instantiations, and explore interactions among mechanisms under varying governance and power conditions.
In addition, several mechanisms that are likely important in practice are treated here as extensions: exaggeration, minimisation, temporal delay, and moral buffering. These may be developed in subsequent work, including formal modelling and integration-focused design approaches that translate pre-failure vulnerability into actionable system requirements.
Boundary conditions.
Distortion mechanisms are expected to intensify under high system complexity, distributed accountability, and audit/assurance pressure, where synthesis is structurally difficult and proxy governance is rewarded. In smaller organisations, distortion may appear less as fragmentation across formal units and more as silence or normalisation within tight social networks. In highly regulated or digitalised settings, metric substitution and procedural shielding may dominate through dashboards, workflow systems, and automated closure logics, which can increase traceability while still weakening ownership continuity and cross-domain legitimacy. These boundary expectations are not deterministic but specify where the framework is most likely to explain persistent pre-failure vulnerability.
10. Conclusion: Seeing Integration Before Failure
The contribution of this framework lies in explaining how safety-relevant signals can be present, legitimate, and well-intentioned, yet systematically fail to inform action due to pre-failure distortions that undermine integration rather than information availability or compliance.
This paper has argued that safety failures are often preceded not by missing information, but by systematic distortions in how signals are shaped, stabilised, and integrated over time. By introducing a framework of pre-failure signal distortion mechanisms, we have sought to make visible a phase of the safety process that typically remains implicit or is addressed only retrospectively.
Across silence, normalisation, fragmentation, metric substitution, and procedural shielding, a common vulnerability emerges: the erosion of integration capacity. Signals remain present, yet lose their ability to connect human experience, organisational structure, and contextual meaning at the moments when decisions are formed. From this perspective, safety breakdowns reflect not isolated errors or compliance failures, but structural conditions that prevent early signals from being held together.
Importantly, the framework does not attribute distortion to individual deficiency or organisational negligence. Distortions often arise from adaptation, success, and well-intentioned governance. They may also be strategically activated within competitive or power-laden environments. In all cases, distortion becomes consequential when integration is no longer explicitly expected or supported.
By reframing safety as a pre-failure integration challenge, this work complements existing approaches in safety science and opens new directions for research and practice. Understanding how signals change shape before failure, we suggest, is not an auxiliary concern, but a prerequisite for any meaningful effort to improve safety in complex socio-technical systems.
References
- Hollnagel, (2014) Hollnagel, E. (2014). Safety-I and Safety-II: The Past and Future of Safety Management. Ashgate.
- Leveson, (2011) Leveson, N. (2011). Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press.
- Power, (1997) Power, M. (1997). The Audit Society: Rituals of Verification. Oxford University Press.
- Reason, (1997) Reason, J. (1997). Managing the Risks of Organizational Accidents. Ashgate.
- Strathern, (2000) Strathern, M. (Ed.). (2000). Audit Cultures: Anthropological Studies in Accountability, Ethics and the Academy. Routledge.
- Vaughan, (1996) Vaughan, D. (1996). The Challenger Launch Decision: Risky Technology, Culture, and Deviance at NASA. University of Chicago Press.
- Weick, (1995) Weick, K. E. (1995). Sensemaking in Organizations. Sage.
- Le Coze, (2019) Le Coze, J.-C. (2019). How safety science can help organisations manage complexity. Safety Science, 117, 1–8. https://doi.org/10.1016/j.ssci.2019.04.002
- Hayes and Hopkin, (2020) Hayes, A., & Hopkin, P. (2020). The risk management of safety. Safety Science, 124, 104587. https://doi.org/10.1016/j.ssci.2019.104587
- Pidgeon and O’Leary, (2017) Pidgeon, N., & O’Leary, M. (2017). Organizational safety culture. Safety Science, 91, 1–5. https://doi.org/10.1016/j.ssci.2016.08.002
- Rae et al., (2018) Rae, A., Provan, D., & Dekker, S. (2018). Safety clutter: The accumulation and persistence of ‘safety’ work that does not contribute to operational safety. Safety Science, 109, 168–178. https://doi.org/10.1016/j.ssci.2018.05.020
- Dekker, (2014) Dekker, S. (2014). The Field Guide to Understanding Human Error. Ashgate.
- Amalberti, (2016) Amalberti, R. (2016). Navigating Safety: Necessary Compromises and Trade-offs. Springer.
- Rajabalinejad et al., (2020) Rajabali Nejad, M., van Dongen, L., & Ramtahalsing, M. (2020). Systems integration theory and fundamentals. Safety and Reliability, 39(1), 83–113. https://doi.org/10.1080/09617353.2020.1712918
- NEN, (2021) NEN (2021). NTA 8287:2021 — Safety Cube Method for design, engineering and integration of systems and products. Netherlands Standardization Institute (NEN).
- Macrae, (2014) Macrae, C. (2014). Early warnings, weak signals and learning from healthcare disasters. BMJ Quality & Safety, 23(6), 440–445. https://doi.org/10.1136/bmjqs-2013-002685
- Nicolaidou et al., (2022) Nicolaidou, O., Dimopoulos, C., Varianou-Mikellidou, C., Mikellides, N., & Boustras, G. (2022). Weak signals management in occupational safety and health: A Delphi study. Safety Science, 146, 105558. https://doi.org/10.1016/j.ssci.2021.105558
- Hollnagel, (2017) Hollnagel, E. (2017). Why is work-as-imagined different from work-as-done? In J. Braithwaite, R. L. Wears, & E. Hollnagel (Eds.), Resilient Health Care, Volume 3: Reconciling Work-as-Imagined and Work-as-Done. CRC Press / Taylor & Francis. https://doi.org/10.1201/9781315605739-24
- Yu et al., (2022) Yu, M., Pasman, H., Erraguntla, M., Quddus, N., & Kravaris, C. (2022). A framework to identify and respond to weak signals of disastrous process incidents based on FRAM and machine learning techniques. Process Safety and Environmental Protection, 158, 98–114. https://doi.org/10.1016/j.psep.2021.11.030
Declarations
Author notes: Narrative reflections on these mechanisms are explored in the Safety.Club initiative, where lived experiences are examined through a non-technical lens.
