Safety models & accident models

Similar documents
Performing Hazard Analysis on Complex, Software- and Human-Intensive Systems

Capturing an Uncertain Future: The Functional Resonance Accident Model

Resilience Engineering: The changing nature of safety

Marine Risk Assessment

Safety assessments for Aerodromes (Chapter 3 of the PANS-Aerodromes, 1 st ed)

Safety-Critical Systems

STPA Systems Theoretic Process Analysis John Thomas and Nancy Leveson. All rights reserved.

Accidents and accident prevention

Review and Assessment of Engineering Factors

Risk Management Qualitatively on Railway Signal System

ASDA 2014 Scientific Seminar ATM Exploratory Research Tournament

CHAPTER 28 DEPENDENT FAILURE ANALYSIS CONTENTS

Workshop to Generate Guidelines For the Implementation of: 1 - Step 1 of State Safety Program (SSP) and 2 - Phases 1 & 2 of ICAO SMS

Aeronautical studies and Safety Assessment

Three Approaches to Safety Engineering. Civil Aviation Nuclear Power Defense

Hazard Identification

How to reinforce the defence-indepth in NPP by taking into account natural hazards?

Workers Compensation Accident Investigations

Every things under control High-Integrity Pressure Protection System (HIPPS)

Safety Analysis: Event Classification

An STPA Primer. Version 1, August 2013

Purpose. Scope. Process flow OPERATING PROCEDURE 07: HAZARD LOG MANAGEMENT

Safety-critical systems: Basic definitions

Adaptability and Fault Tolerance

Hazard Identification

The «practical elimination» approach for pressurized water reactors

Reduction of Speed Limit at Approaches to Railway Level Crossings in WA. Main Roads WA. Presenter - Brian Kidd

Accident Precursor Monitoring in Metro Railways

1.0 PURPOSE 2.0 REFERENCES

Accident Investigation

Systems Theoretic Process Analysis (STPA)

Establishment of Emergency Management System Based on the Theory of Risk Management

CITY OF WEST KELOWNA COUNCIL POLICY MANUAL

Evaluating Grade Crossing Safety. Christopher C. Pflaum, Ph.D. Spectrum Economics, Inc. Overland Park, KS (913)

Section 4. Fundamentals of Accident/Incident Prevention. Accidents/Incidents are Preventable

[ Fundación PONS ] [ Fundación PONS ] [ Expertise PONS ] Investing in road safety

A Road Safety Strategy for Greece

New Airfield Risk Assessment / Categorisation

FLIGHT TEST RISK ASSESSMENT THREE FLAGS METHOD

the Ministry of Transport is attributed as the source of the material

5.1 Introduction. Learning Objectives

Systems Theoretic Process Analysis (STPA)

Road safety training for professional drivers: worldwide practices

Module No. # 01 Lecture No. # 6.2 HAZOP (continued)

Resilience Engineering

Important Themes for Implementation of These Areas of Emphasis

Introducing STAMP in Road Tunnel Safety

Hazard Identification

Nuclear Safety. Module 3 DEFENSE IN DEPTH. Reacu03.ppt. Slide!

Analyses and statistics on the frequency and the incidence of traffic accidents within Dolj County

Lecture 04 ( ) Hazard Analysis. Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016

SUMMARY OF SAFETY INVESTIGATION REPORT

RYA British Youth Sailing Safety Policy

Hazard analysis. István Majzik Budapest University of Technology and Economics Dept. of Measurement and Information Systems

A study on the relation between safety analysis process and system engineering process of train control system

DRIVER FATIGUE MANAGEMENT PLAN

Rock Climbing Risk Management Plan Lutanda Yarramundi

ANCHORING REQUIREMENTS FOR LARGE CONTAINER SHIPS

Safety Standards Acknowledgement and Consent (SSAC) CAP 1395

the Ministry of Transport is attributed as the source of the material

Using what we have. Sherman Eagles SoftwareCPR.

Hazard Recognition. Leader s Guide and Quiz

Introduction to Match Officiating (L1)

IMPROVING POPULATION MANAGEMENT AND HARVEST QUOTAS OF MOOSE IN RUSSIA

A Continued Worker Safety Issue

Managing Injury Risk at Grain Handling Facilities. Matt Shurtliff Director of Safety and Environmental Issues J.D. Heiskell & Co January 17, 2018

Accident Investigation and Hazard Analysis

Safety & Health Division. INVESTIGATION INTO THE FATAL ACCIDENT TO JOHN ANTHONY MAHER AT COOK COLLIERY ON 30th AUGUST 2000

Hazard identification at a major hazard facility

Building the Playing Style Concepts

POSSIBILITIES OF TRAFFIC ACCIDENTS AND RISK CRASH EVALUATION

Well Control Modeling Software Comparisons with Single Bubble Techniques in a Vertical Well

SUBJECT: Board Approval: 4/29/04

The Impact of TennCare: A Survey of Recipients 2009

Safe Work Practices and Permit-to-Work System

Basic STPA Tutorial. John Thomas

Estonian way to safer roads: what is behind the numbers? Maria Pashkevich Road Safety Department/Chief specialist

Big Blue Crane Collapse Solaris Nite Engr Fund I: Statics AAA/A32 Prof. Raghavan 12/1/15

The race for boats. Christian Mullon (IRD-France), Charles Mullon (UFL- Switzerland)

How to Define Your Systems and Assets to Support Reliability. How to Define Your Failure Reporting Codes to Support Reliability

Reliability Risk Management. August 2012 g Earl Shockley, Senior Director of Reliability Risk Management

Mountain Bike Risk Management Plan

Safety Management in Multidisciplinary Systems. SSRM symposium TA University, 26 October 2011 By Boris Zaets AGENDA

BEST PRACTICE FLEET MANAGEMENT AND PRIORITY ACTIONS

Dev Food Industry. Procedure for HACCP Plan. To establish and maintain a uniform approach to establish HACCP Plan.

Cycling and risk. Cycle facilities and risk management

Managing for Liability Avoidance. (c) Lewis Bass

Leading and Sharp Edge Applications: What You Need to Know When It Comes to Fall Protection

Social marketing can it be used to reduce road traffic collisions among young male Irish drivers?

KARATE CANADA PILOT PROJECT: 2016 YOUTH TEAM AND DEVELOPMENT PROGRAM -OUTLINE AND SELECTION CRITERIA-

Advanced LOPA Topics

IAEA-TECDOC Precursor analyses The use of deterministic and PSA based methods in the event investigation process at nuclear power plants

Traceable calibration of automatic weighing instruments in dynamic operation

the Ministry of Transport is attributed as the source of the material

SECTION 1. The current state of global road safety

Elements of an Effective Aquatic Risk Management Plan Linda Griffith, JD, ARM

Toward Greater Understanding of the Relationship between Public Perceptions of Speed, Speed Laws, and Safety

Identification and Screening of Scenarios for LOPA. Ken First Dow Chemical Company Midland, MI

C.A.R.S. Project Design Report.

Archery Risk Management Plan Lutanda Yarramundi

Transcription:

Safety models & accident models Eric Marsden <eric.marsden@risk-engineering.org>

Mental models A safety model is a set of beliefs or hypotheses (often implicit) about the features and conditions that contribute to the safety of a system An accident model is a set of beliefs on the way in which accidents occur in a system Mental models are important because they impact system design, operational decisions and behaviours 2 / 17

Accidents as acts of god Fatalism: you can t escape your fate Defensive attitude: accidents occur due to circumstances beyond our control Notion that appeared in Roman law: reasons that could exclude a person from absolute liability e.g. violent storms & pirates exempted a captain from responsibility for his cargo 3 / 17

Simple sequential accident model H. Heinrich s domino model (1930) Assumptions: Accidents arise from a quasi-mechanical sequence of events or circumstances, that occur in a well-defined order An accident can be prevented by removing one of the dominos in the causal sequence 4 / 17

Simple sequential accident model The safety pyramid or accident triangle (H. Heinrich, 1930 and F. Bird, 1970) Assumptions: Each incident is an embryo of an accident (the mechanisms which cause minor incidents are the same as those that create major accidents) Reducing the frequency of minor incidents will reduce the probability of a major accident Accidents can be prevented by identifying and eliminating possible causes 5 / 17

Simple sequential accident model According to this model, safety is improved by identifying and eliminating rotten apples front-line staff who generate human errors whose negligent attitude might propagate to other staff Some accidents (in particular in high-risk systems) have more complicated origins 6 / 17

Is it relevant to count errors? Counting errors produces a quantitative assessment of the safety level of a system Allows inter-comparison of systems Can constitute the point of departure for a search for the underlying causes of incidents number of errors inverse relationship safety level quantity quality This simplistic model is very criticized 7 / 17

Is counting errors relevant? Who is more dangerous? 8 / 17

Is counting errors relevant? 700 000 doctors in the USA between 44 000 and 98 000 people die each year from a medical error between 0.063 and 0.14 accidental deaths per doctor per year 8 / 17

Is counting errors relevant? 700 000 doctors in the USA between 44 000 and 98 000 people die each year from a medical error between 0.063 and 0.14 accidental deaths per doctor per year 80 million firearm owners in the USA responsible for 1 500 accidental deaths per year 0,000019 accidental deaths per firearm owner per year 8 / 17

Is counting errors relevant? 700 000 doctors in the USA between 44 000 and 98 000 people die each year from a medical error between 0.063 and 0.14 accidental deaths per doctor per year 80 million firearm owners in the USA responsible for 1 500 accidental deaths per year 0,000019 accidental deaths per firearm owner per year The probability that the human error of a doctor kills someone is 7500 times higher than for a firearm owner. [S. Dekker] 8 / 17

Epidemiological accident model technical barriers safety management systems and procedures sharp-end workers cooperation accident James Reason s Swiss cheese model event incident from "Human Error" (James Reason) Assumption: accidents are produced by a combination of active errors (poor safety behaviours) and latent conditions (environmental factors) Consequences: prevent accidents by reinforcing barriers. Safety management requires monitoring via performance indicators. 9 / 17

Bow-tie model causes preventive barriers top event protective barriers impacts 10 / 17

Bow-tie model no flow from component A1 no flow from source1 causes component A1 blocks flow no flow from source2 component A2 blocks flow no flow from component A2 no flow into component B no flow from component B no flow to receiver top event impacts component B blocks flow fault tree event tree 10 / 17

Bow tie diagram 11 / 17

Bow-tie: example 12 / 17

Loss of control accident model Destabilization point PREVENTION RECOVERY ACCIDENT MITIGATION Figure source: French BEA 13 / 17

Drift into failure economic failure Human behaviour in any large system is shaped by constraints: profitable operations, safe operations, feasible workload. Actors experiment within the space formed by these constraints. unsafe space of possibilities unacceptable workload Figure adapted from Risk management in a dynamic society, J. Rasmussen, Safety Science, 1997:27(2) 14 / 17

Drift into failure economic failure Human behaviour in any large system is shaped by constraints: profitable activity, safe operations, feasible workload. Actors experiment within the space formed by these constraints. unsafe management pressure for efficiency Management will provide a cost gradient which pushes activity towards economic efficiency. unacceptable workload Figure adapted from Risk management in a dynamic society, J. Rasmussen, Safety Science, 1997:27(2) 14 / 17

Drift into failure gradient towards least effort economic failure Human behaviour in any large system is shaped by constraints: economic, safety, feasible workload. Actors experiment within the space formed by these constraints. unsafe Management will provide a cost gradient which pushes activity towards economic efficiency. unacceptable workload Workers will seek to maximize the efficiency of their work, with a gradient in the direction of reduced workload. Figure adapted from Risk management in a dynamic society, J. Rasmussen, Safety Science, 1997:27(2) 14 / 17

Drift into failure economic failure These pressures push work to migrate towards the limits of acceptable (safe) performance. Accidents occur when the system s activity crosses the boundary into unacceptable safety. unsafe drift towards failure unacceptable workload A process of normalization of deviance means that deviations from the safety procedures established during system design progressively become acceptable, then standard ways of working. Figure adapted from Risk management in a dynamic society, J. Rasmussen, Safety Science, 1997:27(2) 14 / 17

Drift into failure unsafe economic failure Mature high-hazard systems apply the defence in depth design principle and implement multiple independent safety barriers. They also put in place programmes aimed at reinforcing people s questioning attitude and their chronic unease, making them more sensitive to safety issues. effect of a questioning attitude safety margin unacceptable workload These shift the perceived boundary of safe performance to the right. The difference between the minimally acceptable level of safe performance and the boundary at which safety barriers are triggered is the safety margin. Figure adapted from Risk management in a dynamic society, J. Rasmussen, Safety Science, 1997:27(2) 14 / 17

Non-linear accident model Systemic models FRAM (Hollnagel, 2000) STAMP (Leveson, 2004) Assumption: accidents result from an unexpected combination and the resonance of normal variations in performance Consequences: preventing accidents means understanding and monitoring performance variations. Safety requires the ability to anticipate future events and react appropriately. 15 / 17

Image credits Sodom and Gomorrah burning (slide 26): Picu Pătruţ, public domain, via Wikimedia Commons Dominos (slide 27): H. Heinrich, Industrial Accident Prevention: A Scientific Approach, 1931 For more free course materials on risk engineering, visit risk-engineering.org 16 / 17

Feedback welcome! This presentation is distributed under the terms of the Creative Commons Attribution Share Alike licence @LearnRiskEng Was some of the content unclear? Which parts were most useful to you? Your comments to feedback@risk-engineering.org (email) or @LearnRiskEng (Twitter) will help us to improve these course materials. Thanks! fb.me/riskengineering For more free course materials on risk engineering, visit risk-engineering.org 17 / 17

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback