This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Simple, linear cause-effect modelAssumption: Accidents are the (natural) culmination of a series of events or circumstances, which occur in a specific and recognisable order.
Consequence: Accidents are prevented by finding and eliminating possible causes. Safety is ensured by improving the organisation’s ability to respond.
Domino model (Heinrich, 1930)
Hazards-risks: Due to component failures (technical, human, organisational), hence looking for failure probabilities (event tree, PRA/HRA).
The purpose of safety management is ensure that nothing unwanted happens.
An SMS must therefore be able to control a dynamic process or organisation to insure that performance remains within predetermined safety limits.
Key concepts: Process model (nature of activity)Measurements (performance indicators, output)Possibilities for control (means of intervention)Nature of threats (disturbances, noise)
Events that occur so often that the organisation can learn how to respond.
(Westrum, 2006)
Medication errors that only affect a single patient.Transportation accidents (collision between vehicles)Process or component failure (loss of mass, loss of energy)
Regular threats are covered by standard methods (HAZOP, Fault Trees, FMECA, etc.)
Solutions can be based on standard responses,typically elimination or barriers
Their likelihood and severity (cost) are so high that they must be dealt with.
Mont Blanc Tunnel fire (March 26 1999)Swedish government after Tsunami (December 26 2004)Homeland Security and FEMA after Hurricane Katrina (August 29 2005)
The aviation industry Nuclear power plantsHospitals
Toyota (as innovative manufacturer)People of London after bombing, July 7 2005Israeli hospitals (bus bombings)
Success and failureFailure is normally explained as a breakdown or malfunctioning of a system and/or its components.
Individuals and organisations must adjust to the current conditions in everything they do. Because information, resources and time are finite such adjustments will always be approximate.
Failure is due to the absence of that ability — either temporarily or permanently.
Success is due to the ability of organisations, groups and individuals correctly to make these adjustments, in particular to anticipate failures before they occur.
This view assumes that success and failure are of a fundamentally different nature.
Safety must encompass strengthening this ability, rather than just avoiding or eliminating failures.
Disturbances, or disrupting events, which challenge the proper functioning of a process.
Organisation’s view on “surprises”
Exceptions that must be regimented.Uncertainty about the future.
A need constantly to update definitions of the difference between success and failure.
A recognition that models and plans are likely to be incomplete or wrong, despite best efforts.
Try to keep process under control and ensure people do not exceed given ‘limits.’
Focus of organisation’s response
Improve ability to detect and to respond when challenged. Prepare routines and plans.
Identify the variability that organisation should be aware of; ensure ability to cope with these variations.Search for the boundaries of own assessments in order to learn and revise.
Resilience is the intrinsic ability of an organisation to keep or recover a stable state, thereby allowing it to continue operations after a major mishap or in presence of continuous stress.
A practice of Resilience Engineering must comprise the followingcritical components:
Techniques to model and predict the short- and long-term effects of change and decisions on risk.
Tools and methods to improve an organisation’s resilience vis-à-vis the environment.
Ways to analyse, measure and monitor the resilience of organisations in their operating environment.