Mishap investigations provide important information about adverse events and are intended to help avoid any recurrence of previous failures. However, the complexity of many safety critical systems poses new challenges for mishap analysis. Similarly, the recognition that many failures have complex, systemic causes has helped to widen the scope of many mishap investigations. A new generation of mishap analysis techniques has been proposed to help investigators address these problems. For instance, Leveson has recently developed the Systems Theory Accident Modelling and Process (STAMP) approach to address some of the weaknesses associated with previous ‘chain of event’ approaches that can miss the systemic causes of adverse events. There are relatively few examples of the STAMP approach. This paper, therefore, presents the results obtained when two analysts performed an independent application of this technique to analyse the causes, including software problems, which led to the mission interruption of the joint European Space Agency (ESA) and National Aeronautics and Space Administration (NASA) Solar and Heliocentric Observatory (SOHO). Copyright © 2003 John Wiley & Sons, Ltd.
[1]
Simon Brown,et al.
Overview of IEC 61508. Design of electrical/electronic/programmable electronic safety-related systems
,
2000
.
[2]
James T. Reason,et al.
Managing the risks of organizational accidents
,
1997
.
[3]
R. Byrne,et al.
Reasoning strategies for suppositional deductions
,
1997,
Cognition.
[4]
Peter K. Allen,et al.
The Analysis of a Friendly Fire Accident Using a Systems Model of Accidents
,
2002
.
[5]
Chris W. Johnson,et al.
A survey of logic formalisms to support mishap analysis
,
2003,
Reliab. Eng. Syst. Saf..