Highlights from the literature on accident causation and system safety: Review of major ideas, recent contributions, and challenges

Abstract This work constitutes a short guide to the extensive but fragmented literature on accident causation and system safety. After briefly motivating the interest in accident causation and discussing the notion of a safety value chain, we delve into our multi-disciplinary review with discussions of Man Made Disasters, Normal Accident, and the High Reliability Organizations (HRO) paradigm. The HRO literature intersects an extensive literature on safety culture, a subject we then briefly touch upon. Following this discussion, we note that while these social and organizational contributions have significantly enriched our understanding of accident causation and system safety, they have important deficiencies and are lacking in their understanding of technical and design drivers of system safety and accident causation. These missing ingredients, we argue, were provided in part by the development of Probabilistic Risk Assessment (PRA). The idea of anticipating possible accident scenarios, based on the system design and configuration, as well as its technical and operational characteristics, constitutes an important contribution of PRA, which builds on and extends earlier contributions made by the development of Fault Tree and Event Tree Analysis. We follow the discussion of PRA with an exposition of the concept of safety barriers and the principle of defense-in-depth, both of which emphasize the functions and “safety elements [that should be] deliberately inserted” along potential accident trajectories to prevent, contain, or mitigate accidents. Finally, we discuss two ideas that are emerging as foundational in the literature on system safety and accident causation, namely that system safety is a “control problem”, and that it requires a “system theoretic” approach to be dealt with. We clarify these characterizations and indicate research opportunities to be pursued along these directions. We conclude this work with two general recommendations: (1) that more fundamental research and cross-talk across several academic disciplines must be supported and incentivized for tackling the multi-disciplinary issues of accident causation and system safety (e.g., through the creation “academic hubs” or “centers of excellence” dedicated to system safety); and (2) that more interactions and partnerships between academia, industry, and government (especially accident investigation agencies) on accident causation and system safety issues would be particularly useful for all involved in advancing the safety agenda, from both research and education perspectives, and for disseminating research results, safety recommendations, and lessons learned from accident investigations.

[1]  B. Turner Man Made Disasters , 1995 .

[2]  Nijs Jan Duijm,et al.  Safety-barrier diagrams as a safety management tool , 2009, Reliab. Eng. Syst. Saf..

[3]  K. Weick,et al.  Organizing for high reliability: Processes of collective mindfulness. , 1999 .

[4]  J. Lopreato,et al.  General system theory : foundations, development, applications , 1970 .

[5]  Nijs Jan Duijm,et al.  Safety-barrier diagrams as a tool for modelling safety of hydrogen applications , 2009 .

[6]  G. Weinberg An Introduction to General Systems Thinking , 1975 .

[7]  Trevor A. Kletz,et al.  Hazop & Hazan: Identifying and Assessing Process Industry Hazards, Fouth Edition , 1999 .

[8]  Scott D. Sagan,et al.  The Problem of Redundancy Problem: Why More Nuclear Security Forces May Produce Less Nuclear Security † , 2004, Risk analysis : an official publication of the Society for Risk Analysis.

[9]  D. D. Drysdale,et al.  The explosion and fire on the Piper Alpha platform, 6 July 1988. A case study , 1998, Philosophical Transactions of the Royal Society of London. Series A: Mathematical, Physical and Engineering Sciences.

[10]  Karlene H. Roberts,et al.  The Self-Designing High- Reliability Organization , 1998 .

[11]  I. Svedung,et al.  Graphic representation of accident scenarios: mapping system structure and the causation of accidents , 2002 .

[12]  Erik Hollnagel,et al.  Barriers And Accident Prevention , 2004 .

[13]  P.J.M. Sonnemans,et al.  Accidents in the chemical industry: are they foreseeable? , 2006 .

[14]  N. Pidgeon SAFETY CULTURE: KEY THEORETICAL ISSUES , 1998 .

[15]  Nancy G. Leveson,et al.  An investigation of the Therac-25 accidents , 1993, Computer.

[16]  Eric Tucker,et al.  Book Review: Income and Social Security and Substandard Working Conditions: Managing Major Hazards: The Lessons of the Moura Mine Disaster , 2000 .

[17]  James T. Reason,et al.  Managing the risks of organizational accidents , 1997 .

[18]  Ali Mosleh,et al.  A framework for assessing influence of organization on plant safety , 1992 .

[19]  G. Apostolakis The concept of probability in safety assessments of technological systems. , 1990, Science.

[20]  Andrew Hopkins,et al.  Was Three Mile Island a ‘Normal Accident’? , 2001 .

[21]  J Saleh,et al.  Augmenting the traditional defense-in-depth strategy with the concept of a diagnosable safety architecture , 2009 .

[22]  Snorre Sklet,et al.  Safety barriers: Definition, classification, and performance , 2006 .

[23]  Karl E. Weick,et al.  Managing the unexpected: Assuring high performance in an age of complexity. , 2001 .

[24]  Snorre Sklet,et al.  Comparison of some selected methods for accident investigation. , 2004, Journal of hazardous materials.

[25]  Carl Rollenhagen,et al.  Can focus on safety culture become an excuse for not rethinking design of technology , 2010 .

[26]  Hui Zhang,et al.  Safety Culture: An Integrative Review , 2004 .

[27]  C. H. Lie,et al.  Fault Tree Analysis, Methods, and Applications ߝ A Review , 1985, IEEE Transactions on Reliability.

[28]  K. Weick Organizational Culture as a Source of High Reliability , 1987 .

[29]  Nancy G. Leveson,et al.  Safeware: System Safety and Computers , 1995 .

[30]  J.H. Saleh,et al.  Conceptualizing and communicating organizational risk dynamics in the thoroughness-efficiency space , 2008, Reliab. Eng. Syst. Saf..

[31]  Nancy G. Leveson,et al.  Using system dynamics for safety and risk management in complex engineering systems , 2005, Proceedings of the Winter Simulation Conference, 2005..

[32]  Joseph H. Saleh,et al.  Highlights from the early (and pre-) history of reliability engineering , 2006, Reliab. Eng. Syst. Saf..

[33]  D. L. Simms,et al.  Normal Accidents: Living with High-Risk Technologies , 1986 .

[34]  Aref Majdara,et al.  Development and application of a Risk Assessment Tool , 2008, Reliab. Eng. Syst. Saf..

[35]  Paul R Kleindorfer,et al.  Accident Epidemiology and the U.S. Chemical Industry: Accident History and Worst‐Case Data from RMP*Info , 2003, Risk analysis : an official publication of the Society for Risk Analysis.

[36]  S. Kaplan,et al.  On The Quantitative Definition of Risk , 1981 .

[37]  Karl E. Weick,et al.  Managing the unexpected: resilient performance in an age of uncertainty, second edition , 2007 .

[38]  K. Roberts Managing High Reliability Organizations , 1990 .

[39]  Nancy G. Leveson,et al.  A new accident model for engineering safer systems , 2004 .

[40]  Shahid Abbas Abbasi,et al.  Major accidents in process industries and an analysis of causes and consequences , 1999 .

[41]  Joseph H. Saleh,et al.  On the value of redundancy subject to common-cause failures: Toward the resolution of an on-going debate , 2009, Reliab. Eng. Syst. Saf..

[42]  C Norman Chernobyl: errors and design flaws. , 1986, Science.

[43]  Taeki Lee,et al.  Assessing safety culture in nuclear power stations , 2000 .

[44]  Thomas R. Rohleder,et al.  Learning from incidents: from normal accidents to high reliability , 2006 .

[45]  J. N. Sørensen,et al.  Safety culture: a survey of the state-of-the-art , 2002, Reliab. Eng. Syst. Saf..

[46]  M. D. Cooper Towards a model of safety culture , 2000 .

[47]  Zahra Mohaghegh,et al.  Incorporating organizational factors into Probabilistic Risk Assessment (PRA) of complex socio-technical systems: A hybrid technique formalization , 2009, Reliab. Eng. Syst. Saf..

[48]  Ioannis A. Papazoglou Mathematical Foundations of Event Trees , 1998 .

[49]  Mohammad Modarres,et al.  A historical overview of probabilistic risk assessment development and its use in the nuclear power industry: a tribute to the late Professor Norman Carl Rasmussen , 2005, Reliab. Eng. Syst. Saf..

[50]  Jens Rasmussen,et al.  Risk management in a dynamic society: a modelling problem , 1997 .

[51]  M. Elisabeth Paté-Cornell,et al.  Fault Trees vs. Event Trees in Reliability Analysis , 1984 .

[52]  Nancy G. Leveson,et al.  Incorporating Safety Risk in Early System Architecture Trade Studies , 2009 .

[53]  Ioannis A. Papazoglou,et al.  Technical modeling in integrated risk assessment of chemical installations , 2002 .

[54]  Zahra Mohaghegh,et al.  Measurement techniques for organizational safety causal models: Characterization and suggestions for enhancements , 2009 .

[55]  Andrew Hopkins,et al.  The limits of normal accident theory , 1999 .

[56]  T. Laporte,et al.  Working in Practice But Not in Theory: Theoretical Challenges of “High-Reliability Organizations” , 1991 .

[57]  F. Guldenmund The nature of safety culture: a review of theory and research , 2000 .

[58]  S. Shavell Risk Sharing and Incentives in the Principal and Agent Relationship , 1979 .

[59]  David L. Cooke,et al.  A system dynamics analysis of the Westray mine disaster , 2003 .

[60]  Joseph H. Saleh,et al.  Reliability: How much is it worth? Beyond its estimation or prediction, the (net) present value of reliability , 2006, Reliab. Eng. Syst. Saf..

[61]  Tore J. Larsson,et al.  Investigating accidents and reducing risks -- A dynamic approach , 1981 .

[62]  Nancy G. Leveson,et al.  Role of Software in Spacecraft Accidents , 2004 .

[63]  P. Shrivastava Bhopal: Anatomy of a Crisis , 1987 .

[64]  George E Apostolakis,et al.  How Useful Is Quantitative Risk Assessment? , 2004, Risk analysis : an official publication of the Society for Risk Analysis.

[65]  Diane Vaughan,et al.  The Challenger Launch Decision: Risky Technology, Culture, and Deviance at NASA , 1996 .

[66]  D. Vaughan THE DARK SIDE OF ORGANIZATIONS: Mistake, Misconduct, and Disaster , 1999 .

[67]  John Braithwaite,et al.  To Punish or Persuade: Enforcement of Coal Mine Safety , 1985 .

[68]  Markus Salge,et al.  Who is to blame, the operator or the designer? Two stages of human failure in the Chernobyl accident , 2006 .

[69]  M. Elisabeth Paté-Cornell,et al.  Uncertainties in risk analysis: Six levels of treatment , 1996 .

[70]  M. Mesarovic,et al.  Theory of Hierarchical, Multilevel, Systems , 1970 .

[71]  K. Roberts Some Characteristics of One Type of High Reliability Organization , 1990 .

[72]  T. L. Porte High Reliability Organizations: Unlikely, Demanding and At Risk , 1996 .

[73]  M. Paté-Cornell Learning from the Piper Alpha Accident: A Postmortem Analysis of Technical and Organizational Factors , 1993 .

[74]  E. Tucker,et al.  Managing Major Hazards: The Lessons of the Moura Mine Disaster , 2001 .

[75]  Angela E Summers,et al.  Introduction to layers of protection analysis. , 2003, Journal of hazardous materials.

[76]  K. Roberts New Challenges to Understanding Organizations , 1993 .

[77]  K. Weick,et al.  Collective mind in organizations: Heedful interrelating on flight decks. , 1993 .

[78]  J. W. Bethea,et al.  Organizing for Safety , 1958 .