Risk Management in Diving: Using Best Practice

- english checklists cognitive biases decision-making gareth lock risk management Apr 29, 2023

A recent discussion about risk management in a remote diving location where a diver had suspected DCI is the prompt for this blog. While it was prompted by a remote location, the principles are applicable to all the diving we do.

The first part of risk management is understanding and recognising the hazard. Fundamentally, we are diving in a hazardous environment where we will die within a minute or two if we don’t have mechanical or technical support. I know breath-hold divers can spend much longer underwater without support, but they are not the norm!! The hazards we face are those things that cause harm to us: hypoxia, hyperoxia, hypercapnia, decompression illness, pulmonary barotrauma, hyperthermia, hypothermia, physical trauma and excessive blood loss. As divers, none of these should come as a surprise.

The outcome for all of these could be death given the right circumstances to trigger the event and without mitigations to stop the situation from developing to a fatal outcome. This is shown by this simple bow-tie model. Prevention or controls on the left, the hazard in the middle, and mitigations on the right. The goal is to drive the probability of the event to as close to zero, but we are never going to get there, so assume the probability of the risk is 1, and work out how to fail safely.



The traditional way of dealing with risks is via the 4Ts. These are Treat, Transfer, Tolerate, and Terminate. The rest of the blog will explain how these relate to diving and what we can do to manage risk.

Before we go there, we need to recognise that diving has an inherent and irreducible risk of injury or death. The risk can never be zero. There are just too many variables involved: physiologically, environmentally, physically, technically, or socially. The only way to get to zero harm is not to go diving. At the same time, risks can also lead to rewards: wreck exploration, cave exploration, seeing a reef for the first time, being with friends, underwater photography/photogrammetry, and many other positives. Whenever we go diving (or life in general) we are always trading perceived risk/uncertainty for perceived benefit. Unfortunately, as humans, we are not very good at making decisions surrounding uncertainty or risk. This blog from The Human Diver explains this in more detail.

The Four Ts


Over the years our knowledge of the failures that can lead to a risk materialising has improved. We have developed better training programmes to give divers and instructors the skills to manage their buoyancy and ascent/descent rates, propulsion, trim, and equipment usage (including emergency drills). Quality management programmes should manage the inherent drift from standards. We have a better understanding of gas dynamics and decompression theory (although it is still more of an art than a science). We have a better understanding of thermal issues so have developed more effective thermal protection measures. Dive operators like Dirty Dozen Expeditions and Lust 4 Rust recognise the fallibility of individuals, and so are providing peer-checking processes before divers enter the water and recommending the use of pre-dive checklists. This is no different to scientific diving, commercial diving, or military diving operations and the role of a diving safety officer. The role of human factors in diving operations is starting to be better recognised, and so programmes like that offered by The Human Diver are treating the risk of failures within a socio-technical system (people, technology, environment, and social setting).


The diving industry has three main ways of transferring the risk from the organisational level to the individual level: insurance, waivers, and dive safety briefings. Risk transfer is about isolating one entity (e.g., instructor, agency, dive centre or expedition operator) within the system from the risks that might be realised. These risks aren’t just related to harm but also include financial or reputational risks.

  • Insurance: If an adverse event occurs, there will be some financial impact or loss. Personal/professional liability or medical treatment insurance provides a means by which the loss can be recovered in financial terms. But that risk transfer has a limit. You cannot bring a dead person back to life.
  • Waivers: The purpose of a liability waiver is to formally document that you as a diver recognised and accepted the risks that are present when diving before you went diving. The problem is that most (an assumption on my part) don’t read all of the lines in a waiver (I know I don’t read them all) because of a number of factors: we trust the organisation we are contracting with, we haven’t heard of things going wrong, therefore it must be ok, System 1 and System 2 behaviours and the want/need to be cognitively efficient (a positive spin on being lazy!).
  • Safety briefings. The purpose of these is two-fold: one to give you the information to manage certain situations on your own e.g., abandoning a boat when it sinks and where the emergency equipment is; the second is to inform you in an interactive manner so that you are aware of the risks involved and what to do when they materialise – the operator cannot actively manage all the risks themselves, and therefore requires you as a diver/team member to be part of the risk management system, and for that to happen, you have to know what the risks are and what to do with them. 


As stated above, there is an irreducible risk on any dive, be that a shallow 5-10m reef dive in clear, warm water, or a 100m wreck dive in cold, dark waters where the decompression overhead is 4-5 hours. That level of tolerable or acceptable risk is down to the diver, the dive team, and in some cases, the dive centre, the dive operator, the boat captain, the expedition leader or the training agency if it is a training dive. When it comes to risk tolerance above the individual level, organisations are not just considering personal, physiological, and psychosocial risks, but also financial and reputational risks. 


“Anyone can thumb a dive at any time for any reason, and that includes being on the surface.” This isn’t just a technical or cave diver saying, it applies to all divers, irrespective of experience or domain. The dive location/target are likely to be there on another day. Don’t get fixated on the dive, even when there are huge sunk costs. Terminating the dive isn’t just the responsibility/action of the individual divers involved. On an expedition or liveaboard, the expedition leader/boat captain are also managing risks above an individual’s level e.g., the ability to get a diver back on the boat if the weather is marginal, if a potential risk escalates into one which compromises the whole operation and so the whole team is impacted and not just one person - “the needs of the many outweigh the needs of the few” – Spock. They are also managing financial and reputational risks. 

These 4Ts don’t just exist in isolation, they are interdependent e.g., by preparing and bringing the right equipment and ensuring the qualification and competence are at a high level, the tolerable level risk is likely to be higher because the team can ‘fail safely’ without a catastrophic outcome. Medical cover is a classic example of treating what you can, transferring to an insurance company what you can't treat, tolerating the remaining risk at a level acceptable to the team (and their wallets), and if things look bad, terminating the operation.

However, there are several biases that can influence the ‘tolerable’ level of risk or uncertainty we face. There are a couple of blogs on THD worth exploring here

So What?!

To bring this theory to life, the following section looks at a remote diving location scenario and how risk is managed at multiple levels and highlights why there isn’t a simple, black-and-white answer to managing risk in diving. As with many complex scenarios, context matters, and while in hindsight clarity is obvious, in real-time, things can be fuzzy and grey. You might also think that this is different to a simple, shore-based operation or a liveaboard where there is easy access to a hyperbaric chamber via Search and Rescue (SAR) services, and you'd be right. Risk management is context, location and task-specific, and your controls/mitigations are based on what is acceptable in terms of outcome and how much you want to spend on controlling or mitigating the risk.


An expedition is taking place in a remote location, 18-20 hours away from the nearest chamber. The maximum diving depth beyond 150m. The visibility is 10-20m and the water temperatures are 15-20 degrees centigrade. CCRs will be used for the diving.


Ensure team members are aware of the remote location and the need to reduce risk exposure where possible. Consideration of a portable hyperbaric chamber plus medic and operator (but this has a cost and can lead to space issues on the boat). Validate that divers are current and competent for the expected dives. Provide full medical support - to the limits of team members and their wallets. Use technology like EPIRBs to deal with lost divers on the surface. Validate emergency response plans on arrival at the operating location. Provision and briefing of Standard Operating Procedures which standardise many protocols e.g., gas analysis and emergency responses. Provision of surface support including peer-checking checklists to minimise/trap pre-dive issues (which have been proven to trap misconfigured equipment before the diver enters the water).

Post-emergency response: One thing not often considered is if the risk does materialise, what is your media response plan? Following the recent sinking of the Carlton Queen in the Red Sea, the organisation appears to have been slow to respond on social media. Having a series of contingency plans, including media interaction, is essential so that you aren’t trying to deal with the external pressures and resolve the internal issues at the same time – you’ll run out of mental capacity and drop the ball which might have catastrophic commercial/reputational implications.


Use of travel insurance by the diving team in case of medical issues or travel limitations – level of cover down to the diving team members. Like gambling, only bet what you can afford to lose. Liability insurance for the operator. Safety briefings on arrival and prior to each days’ diving. Remote medical advice via insurer/medical provider. Work with a media manager prior to things going wrong. Remember, even if you’ve got travel/medical insurance as an individual, your medical provider doesn’t have a teleport device to get you from the dive/incident location to the treatment location... 


This is difficult to define or discuss in general terms because it is at an individual, a team, or an organisation level and what is tolerable is in tension with the goals of the trip, the workload involved, and the finances involved.


Thumb the dive when things have exceeded the tolerable level. As has been stated many times on The Human Diver blogs, the line between tolerable and intolerable is easy to spot in hindsight but in real-time with multiple competing goals, and finite resources, and a huge number of cognitive biases like optimism bias and the sunk-cost fallacy, this is hard to do. One thing to consider is that an organisation (operator, captain) might end the dive/operation for what appears to be ‘odd’ reasons, but they will be managing multiple risks, many of them will be above your own want/need to dive. While you won’t get the time back, you can get your money back if you’ve got your insurance sorted. 


This has been a brief overview of the 4Ts of risk management as it applies to diving. Risk management in diving often focuses on the liability aspects of risk by using waivers and the (sometimes) blind adherence to standards – standards can facilitate safety but do not create it. The problem is that the world is a messy place when it comes to managing risk and uncertainty and so there needs to be a multi-layered approach to bring it to a tolerable level.

One of the biases we have is the expectation that an operator is an operator, an expedition company is an expedition company, a liveaboard is a liveaboard, and a captain is a captain, but they are all different for a multitude of reasons, not least their perception and acceptance of risk. This blog should give you some ideas about the questions to ask your operator/instructor/captain to see how they manage risk on your behalf. 

At an organisational level, your instructor candidates/clients/students might have a level of risk acceptance that is not within your organisation's risk tolerance, and therefore they add risk to your operation. I have no idea how to identify that prior which is commercially viable, but it is something that should be considered and built into your risk management plan.

The risks faced by individuals can be different to those faced by instructors, boat captains, and expedition leaders. What is an acceptable level to an individual on a diving expedition can be considered unacceptable to the boat captain or expedition leader. This is where teamwork comes to the fore – mutual accountability and working together towards a common goal/aim. That goal should be to have everyone back on the boat/shore without any harm having taken place, be that physical, physiological, or psychosocial. Diving should be fun and can be if the risks and uncertainties are proactively managed.

Gareth Lock is the owner of The Human Diver, a niche company focused on educating and developing divers, instructors and related teams to be high-performing. If you'd like to deepen your diving experience, consider taking the online introduction course which will change your attitude towards diving because safety is your perception, visit the website.