An Organizational Study into the Concept of Automation in a Safety Critical Socio-technical System

Part 3: Evaluations, Interactions and Applications International audience Although automation has been introduced in all areas of public life, what seems to be missing is a reflection at the organizational or societal level about a policy of automation. By this we intend appropriate declarations made at the level of rationale, future plans and strategies to achieve intended goals and most importantly how those achievements will impact on various aspects of societal life, from legal responsibilities to moral and socio economic issues. In some public spheres these issues are becoming quite controversial because automation opens up possibilities of profound structural re-organization; however, we lack a discussion across and within different work domains to help us review methods or even methodological principles needed to gather and organize knowledge towards the construction of automation policies. This paper uses the UK service organization for Air Traffic Management Domain called NATS National Air traffic Service, as a case study to illustrate an example of an organization currently undertaking critical self-reflection about automation policy or lack of such, along with the illustration of some unresolved deep concerns raised by the development, introduction, and continued use of automation. Document type: Part of book or chapter of boo

Identifying how automation can lose its intended benefit along the development process : a research plan

Doctoral Consortium Presentation © The Authors 2009Automation is usually considered to improve performance in virtually any domain. However it can fail to deliver the target benefit as intended by those managers and designers advocating the introduction of the tool. In safety critical domains this problem is of significance not only because the unexpected effects of automation might prevent its widespread usage but also because they might turn out to be a contributor to incident and accidents. Research on failures of automation to deliver the intended benefit has focused mainly on human automation interaction. This paper presents a PhD research plan that aims at characterizing decisions for those involved in development process of automation for safety critical domains, taken under productive pressure, to identify where and when the initial intention the automation is supposed to deliver can be lost along the development process. We tentatively call such decisions as drift and the final objective is to develop principles that will allow to identify and compensate for possible sources of drift in the development of new automation. The research is based on case studies and is currently entering Year 2

An analytic framework to assess organizational resilience

Background: Resilience Engineering is a paradigm for safety management that focuses on coping with complexity to achieve success, even considering several conflicting goals. Modern socio-technical systems have to be resilient to comply with the variability of everyday activities, the tight-coupled and underspecified nature of work and the nonlinear interactions among agents. At organizational level, resilience can be described as a combination of four cornerstones: monitoring, responding, learning and anticipating. Methods: Starting from these four categories, this paper aims at defining a semi-quantitative analytic framework to measure organizational resilience in complex socio-technical systems, combining the Resilience Analysis Grid (RAG) and the Analytic Hierarchy Process (AHP). Results: This paper presents an approach for defining resilience abilities of an organization, creating a structured domain-dependent framework to define a resilience profile at different levels of abstraction, to identify weaknesses and strengths of the system and thus potential actions to increase system’s adaptive capacity. An illustrative example in an anaesthesia department clarifies the outcomes of the approach. Conclusions: The outcome of the RAG, i.e. a weighted set of probing questions, can be used in different domains, as a support tool in a wider Safety-II oriented managerial action to bring safety management into the core business of the organization

FRAM for systemic accident analysis: a matrix representation of functional resonance

Due to the inherent complexity of nowadays Air Traffic Management (ATM) system, standard methods looking at an event as a linear sequence of failures might become inappropriate. For this purpose, adopting a systemic perspective, the Functional Resonance Analysis Method (FRAM) originally developed by Hollnagel, helps identifying non-linear combinations of events and interrelationships. This paper aims to enhance the strength of FRAM-based accident analyses, discussing the Resilience Analysis Matrix (RAM), a user-friendly tool that supports the analyst during the analysis, in order to reduce the complexity of representation of FRAM. The RAM offers a two dimensional representation which highlights systematically connections among couplings, and thus even highly connected group of couplings. As an illustrative case study, this paper develops a systemic accident analysis for the runway incursion happened in February 1991 at LAX airport, involving SkyWest Flight 5569 and USAir Flight 1493. FRAM confirms itself a powerful method to characterize the variability of the operational scenario, identifying the dynamic couplings with a critical role during the event and helping discussing the systemic effects of variability at different level of analysis

Extending the enterprise: An evaluation of ERP and EAI technologies within a Case Study organisation

It is widely understood that both Information Technology (IT) and Information Systems (IS), provide great benefits in improving the visibility of supply and value chains within and across organisational boundaries. Those enterprises which can realise the benefits of extending their core business processes outwards to clients and trading partners, will be able to create unique supply chain-dependent products and solutions. Thus, such business infrastructures have enabled organisations to expand and improve the effectiveness of their enterprise. One method to achieve this, has been to integrate Enterprise Resource Planning (ERP) systems with web-based and other IS systems, using Enterprise Application Integration (EAI) technologies. This paper seeks to investigate those factors which contributed to a case organisation’s extended enterprise experiences, by using extant ERP and EAI implementation IS evaluation criteria; and by placing the research results within the context of applicable IS research techniques in the area

Introducing the STAMP method in road tunnel safety assessment

After the tremendous accidents in European road tunnels over the past decade, many risk assessment methods have been proposed worldwide, most of them based on Quantitative Risk Assessment (QRA). Although QRAs are helpful to address physical aspects and facilities of tunnels, current approaches in the road tunnel field have limitations to model organizational aspects, software behavior and the adaptation of the tunnel system over time. This paper reviews the aforementioned limitations and highlights the need to enhance the safety assessment process of these critical infrastructures with a complementary approach that links the organizational factors to the operational and technical issues, analyze software behavior and models the dynamics of the tunnel system. To achieve this objective, this paper examines the scope for introducing a safety assessment method which is based on the systems thinking paradigm and draws upon the STAMP model. The method proposed is demonstrated through a case study of a tunnel ventilation system and the results show that it has the potential to identify scenarios that encompass both the technical system and the organizational structure. However, since the method does not provide quantitative estimations of risk, it is recommended to be used as a complementary approach to the traditional risk assessments rather than as an alternative. (C) 2012 Elsevier Ltd. All rights reserved

A Framework for Integrating Transportation Into Smart Cities

In recent years, economic, environmental, and political forces have quickly given rise to “Smart Cities” -- an array of strategies that can transform transportation in cities. Using a multi-method approach to research and develop a framework for smart cities, this study provides a framework that can be employed to: Understand what a smart city is and how to replicate smart city successes; The role of pilot projects, metrics, and evaluations to test, implement, and replicate strategies; and Understand the role of shared micromobility, big data, and other key issues impacting communities. This research provides recommendations for policy and professional practice as it relates to integrating transportation into smart cities

Human Performance Contributions to Safety in Commercial Aviation

In the commercial aviation domain, large volumes of data are collected and analyzed on the failures and errors that result in infrequent incidents and accidents, but in the absence of data on behaviors that contribute to routine successful outcomes, safety management and system design decisions are based on a small sample of non- representative safety data. Analysis of aviation accident data suggests that human error is implicated in up to 80% of accidents, which has been used to justify future visions for aviation in which the roles of human operators are greatly diminished or eliminated in the interest of creating a safer aviation system. However, failure to fully consider the human contributions to successful system performance in civil aviation represents a significant and largely unrecognized risk when making policy decisions about human roles and responsibilities. Opportunities exist to leverage the vast amount of data that has already been collected, or could be easily obtained, to increase our understanding of human contributions to things going right in commercial aviation. The principal focus of this assessment was to identify current gaps and explore methods for identifying human success data generated by the aviation system, from personnel and within the supporting infrastructure

Safety Sufficiency for NextGen: Assessment of Selected Existing Safety Methods, Tools, Processes, and Regulations

NextGen is a complex socio-technical system and, in many ways, it is expected to be more complex than the current system. It is vital to assess the safety impact of the NextGen elements (technologies, systems, and procedures) in a rigorous and systematic way and to ensure that they do not compromise safety. In this study, the NextGen elements in the form of Operational Improvements (OIs), Enablers, Research Activities, Development Activities, and Policy Issues were identified. The overall hazard situation in NextGen was outlined; a high-level hazard analysis was conducted with respect to multiple elements in a representative NextGen OI known as OI-0349 (Automation Support for Separation Management); and the hazards resulting from the highly dynamic complexity involved in an OI-0349 scenario were illustrated. A selected but representative set of the existing safety methods, tools, processes, and regulations was then reviewed and analyzed regarding whether they are sufficient to assess safety in the elements of that OI and ensure that safety will not be compromised and whether they might incur intolerably high costs

Mapeamento prospectivo de fatores de risco no sistema sociotécnico de assistência à saúde

Orientador: Saide Jorge CalilTese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: O grande número de mortes evitáveis na área de saúde revela a necessidade de mudar o mo-do como o sistema lida com eventos adversos. Apesar de esforços para promover uma abor-dagem sistêmica ao gerenciamento de risco, a cultura da culpa ainda predomina. O resultado é a resistência generalizada à investigação de incidentes e a incapacidade de promover mu-danças sistêmicas duradouras. O problema é amplificado pelo uso de ferramentas que se limitam aos fatores de risco no nível do ambiente de trabalho. O objetivo primário deste estudo é desenvolver um método prospectivo para mapear fatores de risco em múltiplos ní-veis hierárquicos do sistema de cuidado à saúde que possam contribuir com a ocorrência de eventos adversos no ambiente de trabalho. A maior parte das referências usadas nesta pes-quisa está associada a fatores de risco e gerenciamento de risco no cuidado à saúde, a mode-los de formação de acidentes e a ferramentas de gerenciamento de risco aplicadas na área de cuidado à saúde e em outras áreas. Como nenhum sistema ou ferramenta única pareceu completamente compatível com o objetivo primário deste trabalho, um conjunto básico de conceitos de gerenciamento de risco foi extraído das referências, especialmente do modelo do `Queijo Suíço¿ de Reason e da estrutura sociotécnica de Rasmussen. Os conceitos foram agrupados num modelo de formação de acidentes híbrido que abrange interações entre ele-mentos do ambiente de trabalho e malhas de controle sociotécnicas. O modelo foi então usa-do como base para o desenvolvimento de um método prospectivo para o mapeamento de fatores de risco. Devido aos requisitos de escopo, o Mapa de Fatores de Risco resultante to-ma emprestados elementos estruturais do AcciMap, de Rasmussen e pode mesmo ser consi-derado como inspirado por ele, embora tenha como foco análises prospectivas, não investi-gações retrospectivas de incidentes críticos. Três estudos de caso foram feitos como teste para o método: o primeiro foi baseado num relatório de avaliação de risco feito com uma ferramenta diferente de gerenciamento de risco; o segundo se concentrou no nível regulató-rio do sistema brasileiro de cuidado à saúde; e o terceiro foi um mapa genérico de fatores de risco baseado na literatura sobre bombas de infusão. Os resultados mostram que o método pode ser usado prospectivamente e que ele abrange os múltiplos níveis hierárquicos do sis-tema sociotécnico de cuidado à saúde. A natureza distinta dos estudos de caso mostra que o método é flexível o bastante para ser aplicado a uma variedade de objetivos e escopos e, se adaptado, também a outras áreas. O Mapa de Fatores de Risco é trabalhoso e a qualidade das análises depende da experiência dos analistas, mas estudos adicionais são necessários para avaliar sua efetividade em comparação com outras ferramentas de avaliação de risco, espe-cialmente o AcciMap. Outra limitação do Mapa de Fatores de Risco é sua natureza predomi-nantemente qualitativa, que reduz sua utilidade para a priorização de correções no sistema. Pesquisas futuras podem reduzir essa limitação pela integração dos Mapas de Fatores de Risco com dados quantitativos de sistemas de notificação de incidentesAbstract: The high volume of preventable deaths in health care reveals the necessity of adjusting how the system deals with adverse events. Despite efforts to promote a systemic approach to risk management, the culture of blame is still prevalent. The result is a general resistance to in-vestigating incidents and inability to promote lasting systemic changes. The problem is am-plified by the use of tools limited to risk factors at the workspace level of the system. The primary objective of this study is to develop a prospective method to map risk factors at mul-tiple hierarchical levels of the health care system that may contribute to the occurrence of adverse events at the workspace level. Most references used in this research are related to risk factors and risk management in health care, to accident causation models, and to risk management tools employed in health care and elsewhere. Because no single system or tool seemed fully compatible with the primary objective, a set of basic risk management concepts was extracted from the references, especially Reason¿s Swiss Cheese Model and Rasmus-sen¿s Socio-Technical framework. The concepts were assembled into a hybrid accident cau-sation model that encompasses both workspace element interactions and socio-technical controls. The model was then used as the foundation for developing a prospective risk fac-tors mapping method. Due to scope requirements, the resulting Risk Factors Map borrows structure elements from Rasmussen¿s AcciMap and may be considered inspired by it, though it is focused on prospective analyses, not retrospective critical incident investigations. Three case studies were conducted as a test of the method: the first one was based on a risk assessment report made with a different risk management tool, the second was focused at the regulatory level of the Brazilian health care system, and the third one was a generic Risk Factors Map based on the literature on infusion pumps. The results show the method can be used prospectively and it encompasses the multiple hierarchical levels of the socio-technical health care system. The distinct nature of the case studies shows the method is flexible enough to be applied to a variety of objectives and scopes and, with adaptations, also to oth-er domains. The Risk Factors Map requires much time to be completed and the quality of analyses depends on the expertise of the analysts, but additional studies are required to as-sess its effectiveness in comparison with other risk assessment tools, especially the Acci-Map. Another limitation of the Risk Factors Map is its predominantly qualitative nature, which reduces its usefulness for prioritizing system corrections. Further research may re-duce this limitation by integrating Risk Factors Maps with quantitative data from incident report systemsDoutoradoEngenharia BiomedicaDoutor em Engenharia Elétrica141021/2009-8CNP