In this century society faces increasingly large-scale accidents and risks emerging from our own wondrous technologies. Two prominent organizational approaches to safety, Normal Accident Theory and High Reliability Organizations, have focused attention on a variety of industries that deal with hazardous situations, developed concepts to explicate organizational structure and culture, and debated whether accidents are inevitable in complex systems. We outline these approaches and identify some limitations, including narrow definitions, ambiguity about key concepts, confusion of reliability and safety, and overly pessimistic or optimistic conclusions. We believe that the debate between NAT and HRO can become a more productive three-way conversation by including a systems approach to safety emerging from engineering disciplines. The more comprehensive systems approach clarifies the strengths and weaknesses of NAT and HRO and offers a more powerful repertoire of analytic tools and intervention strategies to manage and control post modern risk in complex, high-tech, systems with their potential for catastrophic disruptions and losses.
A limiting factor in the industrial acceptance of formal specifications is their readability, particularly for large, complex engineering systems. We hypothesize that multiple visualizations generated from a common model will improve the requirements creation, reviewing and understanding process. Visual representations, when effective, provide cognitive support by highlighting the most relevant interactions and aspects of a specification for a particular use. In this paper, we propose a taxonomy and some preliminary principles for designing visual representations of formal specifications. The taxonomy and principles are illustrated by sample visualizations we created while trying to understand a formal specification of the MD-11 Flight Management System.
Most traditional hazard analysis techniques rely on discrete failure events that do not adequately handle software intensive systems or system accidents resulting from dysfunctional interactions between system components. This paper demonstrates a methodology where a hazard analysis based on the STAMP accident model is performed together with the system development process to design for safety in a complex system. Unlike traditional hazard analyses, this approach considers system accidents, organizational factors, and the dynamics of complex systems. The analysis is refined as the system design progresses and produces safety-related information to help systems engineers in making design decisions for complex safety-critical systems. The preliminary design of a Space Shuttle Thermal Tile Processing System is used to demonstrate the approach.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.