At a fundamental level compliance programs protect the value stream from threats that hinder the creation of value. Each program contributes to keeping the value chain safe from various risk including: quality risk, occupational safety risk, security risk, and so on. These programs are socio-technical in nature in that they recognize the interaction between people and technology often across multiple levels of organization.

Rasmussen's Risk Management Framework (also known as Rasmussen's ladder) provides useful insights when it comes to understanding risk across social-technical boundaries to achieve safety objectives along with other risk objectives. Rasmussen originally developed his approach as part of a proactive risk management strategy, however, its primary application has been as an accident analysis tool (ACCIMAPS) for complex socio-technical systems.

Rasmussen's Risk Management Framework

This framework has its roots in systems thinking based on the notion that accidents are hidden in normal operations and do not need special causes. This is similar to Safety II (Holnagel, 2017), and Deming's work that defects are caused by normal causes (natural variation). Rasumussen's model and others since represent a growing trend away from "root causes" or you might say "special causes" for systemic failures.