Engineering a Safer World Systems Thinking Applied to Safety

Engineering has experienced a technological revolution, but the basic engineering techniques applied in safety and reliability engineering, created in a simpler, analog world, have changed very little over the years. In this groundbreaking book, Nancy Leveson proposes a new approach to safety--more...

Full description

Saved in:
Bibliographic Details
Main Author Leveson, Nancy G
Format eBook Book
LanguageEnglish
Published Cambridge MIT Press 2012
The MIT Press
Edition1
SeriesEngineering Systems
Subjects
cybernetics
Cybernetics and systems theory
Engineering
Engineering Principles
Engineering: general
General Engineering & Project Administration
General Topics for Engineers
Industrial Health & Safety
Industrial safety
Information theory
Intermediate technology
Reference, Information and Interdisciplinary subjects
Research and information: general
safety
System safety
Systems Science & Engineering
Technology & Engineering
Technology, Engineering, Agriculture, Industrial processes
Technology: general issues
Online AccessGet full text
ISBN0262016621
9780262016629
0262533693
9780262533690
9780262298247
0262298244
DOI10.7551/mitpress/8179.001.0001

Cover

Table of Contents:
  • Front Matter Preface Table of Contents 1. Why Do We Need Something Different? 2. Questioning the Foundations of Traditional Safety Engineering 3. Systems Theory and its Relationship to Safety Part II. STAMP: An Accident Model Based on Systems Theory 4. A Systems-Theoretic View of Causality 5. A Friendly Fire Accident Part III. Using STAMP 6. Engineering and Operating Safer Systems Using STAMP 7. Fundamentals 8. STPA: A New Hazard Analysis Technique 9. Safety-Guided Design 10. Integrating Safety into System Engineering 11. Analyzing Accidents and Incidents (CAST) 12. Controlling Safety during Operations 13. Managing Safety and the Safety Culture 14. SUBSAFE: An Example of a Successful Safety Program Epilogue Appendices References Index
  • Chapter 8. STPA: A New Hazard Analysis Technique -- 8.1 Goals for a New Hazard Analysis Technique -- 8.2 The STPA Process -- 8.3 Identifying Potentially Hazardous Control Actions (Step 1) -- 8.4 Determining How Unsafe Control Actions Could Occur (Step 2) -- 8.5 Human Controllers -- 8.6 Using STPA on Organizational Components of the Safety Control Structure -- 8.7 Reengineering a Sociotechnical System: Pharmaceutical Safety and the Vioxx Tragedy -- 8.8 Comparison of STPA with Traditional Hazard Analysis Techniques -- 8.9 Summary -- Chapter 9. Safety-Guided Design -- 9.1 The Safety-Guided Design Process -- 9.2 An Example of Safety-Guided Design for an Industrial Robot -- 9.3 Designing for Safety -- 9.4 Special Considerations in Designing for Human Controllers -- 9.5 Summary -- Chapter 10. Integrating Safety into System Engineering -- 10.1 The Role of Specifications and the Safety Information System -- 10.2 Intent Specifications -- 10.3 An Integrated System and Safety Engineering Process -- Chapter 11. Analyzing Accidents and Incidents (CAST) -- 11.1 The General Process of Applying STAMP to Accident Analysis -- 11.2 Creating the Proximal Event Chain -- 11.3 Defining the System(s) and Hazards Involved in the Loss -- 11.4 Documenting the Safety Control Structure -- 11.5 Analyzing the Physical Process -- 11.6 Analyzing the Higher Levels of the Safety Control Structure -- 11.7 A Few Words about Hindsight Bias and Examples -- 11.8 Coordination and Communication -- 11.9 Dynamics and Migration to a High-Risk State -- 11.10 Generating Recommendations from the CAST Analysis -- 11.11 Experimental Comparisons of CAST with Traditional Accident Analysis -- 11.12 Summary -- Chapter 12. Controlling Safety during Operations -- 12.1 Operations Based on STAMP -- 12.2 Detecting Development Process Flaws during Operations -- 12.3 Managing or Controlling Change
  • 12.4 Feedback Channels -- 12.5 Using the Feedback -- 12.6 Education and Training -- 12.7 Creating an Operations Safety Management Plan -- 12.8 Applying STAMP to Occupational Safety -- Chapter 13. Managing Safety and the Safety Culture -- 13.1 Why Should Managers Care about and Invest in Safety? -- 13.2 General Requirements for Achieving Safety Goals -- 13.3 Final Thoughts -- Chapter 14. SUBSAFE: An Example of a Successful Safety Program -- 14.1 History -- 14.2 SUBSAFE Goals and Requirements -- 14.3 SUBSAFE Risk Management Fundamentals -- 14.5 Certification -- 14.6 Audit Procedures and Approach -- 14.7 Problem Reporting and Critiques -- 14.8 Challenges -- 14.9 Continual Training and Education -- 14.10 Execution and Compliance over the Life of a Submarine -- 14.11 Lessons to Be Learned from SUBSAFE -- 14.4 Separation of Powers -- Epilogue -- Appendixes -- A. Definitions -- B. The Loss of a Satellite -- B.1 The Physical Process -- B.2 Description of the Proximal Events Leading to the Loss -- B.3 Physical Process and Automated Controller Failures and Dysfunctional Interactions -- B.4 Launch Site Operations -- B.5 Air Force Launch Operations Management -- B.6 Software/System Development of the Centaur Flight Control System -- B.7 Quality Assurance (QA) -- B.8 Developer Testing Process -- B.9 Independent Verification and Validation (IV &amp -- V) -- B.10 Systems Engineering -- B.11 Prime Contractor Project Management -- B.12 Defense Contract Management Command (DCMC) -- B.13 Air Force Program Office -- C. A Bacterial Contamination of a Public Water Supply -- C.1 Proximate Events at Walkerton -- C.2 System Hazards, System Safety Constraints, and Control Structure -- C.3 Physical Process View of the Accident -- C.4 First-Level Operations -- C.5 Municipal Government -- C.6 Provincial Regulatory Agencies (Ministries) -- C.7 Provincial Government
  • C.8 The Structural Dynamics -- C.9 Addendum to the Walkerton Accident Analysis -- D. A Brief Introduction to System Dynamics Modeling -- References -- Index
  • Intro -- Contents -- Series Foreword -- Preface -- Relationship to Safeware -- Audience -- Contents -- Acknowledgments -- I. Foundations -- Chapter 1. Why Do We Need Something Different? -- Chapter 2. Questioning the Foundations of Traditional Safety Engineering -- 2.1 Confusing Safety with Reliability -- 2.2 Modeling Accident Causation as Event Chains -- 2.3 Limitations of Probabilistic Risk Assessment -- 2.4 The Role of Operators in Accidents -- 2.5 The Role of Software in Accidents -- 2.6 Static versus Dynamic Views of Systems -- 2.7 The Focus on Determining Blame -- 2.8 Goals for a New Accident Model -- Chapter 3. Systems Theory and Its Relationship to Safety -- 3.1 An Introduction to Systems Theory -- 3.2 Emergence and Hierarchy -- 3.3 Communication and Control -- 3.4 Using Systems Theory to Understand Accidents -- 3.5 Systems Engineering and Safety -- 3.6 Building Safety into the System Design -- II. Stamp: An Accident Model Based On Systems Theory -- Chapter 4. A Systems-Theoretic View of Causality -- 4.1 Safety Constraints -- 4.2 The Hierarchical Safety Control Structure -- 4.3 Process Models -- 4.4 STAMP -- 4.5 A General Classification of Accident Causes -- 4.6 Applying the New Model -- Chapter 5. A Friendly Fire Accident -- 5.1 Background -- 5.2 The Hierarchical Safety Control Structure to Prevent Friendly Fire Accidents -- 5.3 The Accident Analysis Using STAMP -- 5.4 Conclusions from the Friendly Fire Example -- III. Using Stamp -- Chapter 6. Engineering and Operating Safer Systems Using STAMP -- 6.1 Why Are Safety Efforts Sometimes Not Cost-Effective? -- 6.2 The Role of System Engineering in Safety -- 6.3 A System Safety Engineering Process -- Chapter 7. Fundamentals -- 7.1 Defining Accidents and Unacceptable Losses -- 7.2 System Hazards -- 7.3 System Safety Requirements and Constraints -- 7.4 The Safety Control Structure