Identifying how automation can lose its intended benefit along the development process : a research plan

Doctoral Consortium Presentation © The Authors 2009Automation is usually considered to improve performance in virtually any domain. However it can fail to deliver the target benefit as intended by those managers and designers advocating the introduction of the tool. In safety critical domains this problem is of significance not only because the unexpected effects of automation might prevent its widespread usage but also because they might turn out to be a contributor to incident and accidents. Research on failures of automation to deliver the intended benefit has focused mainly on human automation interaction. This paper presents a PhD research plan that aims at characterizing decisions for those involved in development process of automation for safety critical domains, taken under productive pressure, to identify where and when the initial intention the automation is supposed to deliver can be lost along the development process. We tentatively call such decisions as drift and the final objective is to develop principles that will allow to identify and compensate for possible sources of drift in the development of new automation. The research is based on case studies and is currently entering Year 2

A Taxonomy of Fallacies in System Safety Arguments

Safety cases are gaining acceptance as assurance vehicles for safety-related systems. A safety case documents the evidence and argument that a system is safe to operate; however, logical fallacies in the underlying argument may undermine a system s safety claims. Removing these fallacies is essential to reduce the risk of safety-related system failure. We present a taxonomy of common fallacies in safety arguments that is intended to assist safety professionals in avoiding and detecting fallacious reasoning in the arguments they develop and review. The taxonomy derives from a survey of general argument fallacies and a separate survey of fallacies in real-world safety arguments. Our taxonomy is specific to safety argumentation, and it is targeted at professionals who work with safety arguments but may lack formal training in logic or argumentation. We discuss the rationale for the selection and categorization of fallacies in the taxonomy. In addition to its applications to the development and review of safety cases, our taxonomy could also support the analysis of system failures and promote the development of more robust safety case patterns

Software and systems traceability for safety-critical projects: report from Dagstuhl Seminar 15162

This report documents the program and the outcomes of Dagstuhl Seminar 15162 on “Software and Systems Traceability for Safety-Critical Projects”. The event brought together researchers and industrial practitioners working in the field of safety critical software to explore the needs, challenges, and solutions for Software and Systems Traceability in this domain. The goal was to explore the gap between the traceability prescribed by guidelines and that delivered by manufacturers, and starting from a clean slate, to clearly articulate traceability needs for safety-critical software systems, to identify challenges, explore solutions, and to propose a set of principles and domain-specific exemplars for achieving traceability in safety critical systems

An investigation into error detection and recovery in UK National Health Service screening programmes

The purpose of this thesis is to gain an understanding of the problems that may impede detection and recovery of NHS laboratory screening errors. This is done by developing an accident analysis technique that isolates and further analyzes error handling activities, and applying it in four case studies; four recent incidents where laboratory errors in NHS screening programmes resulted in multiple misdiagnoses over months or even years. These errors resulted in false yet plausible test results, thus being masked and almost impossible to detect in isolated cases. This technique is based on a theoretical framework that draws upon cognitive science and systems engineering, in order to explore the impact of plausibility on the entire process of error recovery. The four analyses are then integrated and compared, in order to produce a set of conclusions and recommendations. The main output of this work is the “Screening Error Recovery Model”; a model which captures and illustrates the different kinds of activities that took place during the organizational incident response of these four incidents. The model can be used to analyze and design error recovery procedures in complex, inter-organizational settings, such as the NHS, and its Primary/Secondary care structure

An investigation into error detection and recovery in UK National Health Service screening programmes

The purpose of this thesis is to gain an understanding of the problems that may impede detection and recovery of NHS laboratory screening errors. This is done by developing an accident analysis technique that isolates and further analyzes error handling activities, and applying it in four case studies; four recent incidents where laboratory errors in NHS screening programmes resulted in multiple misdiagnoses over months or even years. These errors resulted in false yet plausible test results, thus being masked and almost impossible to detect in isolated cases. This technique is based on a theoretical framework that draws upon cognitive science and systems engineering, in order to explore the impact of plausibility on the entire process of error recovery. The four analyses are then integrated and compared, in order to produce a set of conclusions and recommendations. The main output of this work is the “Screening Error Recovery Model”; a model which captures and illustrates the different kinds of activities that took place during the organizational incident response of these four incidents. The model can be used to analyze and design error recovery procedures in complex, inter-organizational settings, such as the NHS, and its Primary/Secondary care structure.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Failure analysis and the safety-case lifecycle

Abstract: The failure of a safety-critical system, though undesirable, is often a source of valuable lessons that can help prevent future failures. Current analysis practices do not always yield as much knowledge as they might about possible flaws in the system safety argument. In this paper, we introduce the lifecycle for safety cases. We use it to develop a framework to guide the analysis process and the development of lessons and recommendations. We illustrate the ideas with an example using the failure history of an air-traffic-control safety system. Key words: failure analysis, safety cases, assurance 1