A convenient notion ... the human is the problem
There is an almost irresistible notion that we are custodians of already safe systems that need protection from unreliable, erratic human beings (who get tired, distracted, do not communicate well, have all kinds of problems with perception, information processing, memory, recall, and much, much more). This notion is unsupported by empirical evidence when one examines how complex systems work. It is also counterproductive by encouraging researchers and consultants and organisations to treat errors as a thing associated with people as a component - the reification fallacy (a kind of over-simplification), treating a set of interacting dynamic processes as though they were a single object.
Behind Human Error, Woods et al, Ashgate 2010 p xviii
A convenient notion ... the human is the problem
There is an almost irresistible notion that we are custodians of already safe systems that need protection from unreliable, erratic human beings (who get tired, distracted, do not communicate well, have all kinds of problems with perception, information processing, memory, recall, and much, much more). This notion is unsupported by empirical evidence when one examines how complex systems work. It is also counterproductive by encouraging researchers and consultants and organisations to treat errors as a thing associated with people as a component - the reification fallacy (a kind of over-simplification), treating a set of interacting dynamic processes as though they were a single object.
Behind Human Error, Woods et al, Ashgate 2010 p xviii
Mechanistic thinking vs Systems thinking about Failures
Mechanistic thinking about failures, that is, the Newtonian-Cartesian approach, means going down and in. Undersanding why things went wrong comes from breaking open the system, diving down, finding the parts, and identifying which ones were broken. The approach is taken even if the parts are located in different areas of the system, such as procedural control, supervisory layers, managerial levels, regulatory oversight.
In contrast, systems thinking about failures means going up and out. Understanding comes from seeing how the system is configured in a larger network of other systems, of tracing the relationships with those, and how these spread out to affect, and be affected by, factors that lie far away in time and space from the moment things went wrong.
"Drift into Failure - From hunting broken components to understanding complex systems" Sydney Dekker, Ashgate 2011. Page 132
Things that go right
Resilience Engineering sees the "things that go wrong" as the flip side of the "things that go right" and therefore assumes that they are a result of the same underlying processes. In consequence of that, "things that go right" and "things that go wrong" should be explained in basically the same way.
Highly Resilient Organisations
Highly resilient organisations can be recognised by the following four behaviours:
- They anticipate critical disruptions and situations and their consequences
- They notice the critical disruptions and situations when they occur
- They plan how to respond
- They adapt and move into different actions.
Task descriptions and dynamic behaviour of systems
While a system traditionally is modeled by structural decomposition into structural elements, the dynamic behaviour of systems and their actors is modelled by decomposition of the behavioral flow into events, acts, decisions, and errors. Such decomposition is the basis for identification of activity elements in terms of 'tasks' and task elements in terms of 'acts.' The problem is, that all work situations leave many degrees of freedom for choice by the actors, even when the objectives of work are fulfilled.
Biological principles for future internet architecture design
Biological systems have remarkable capabilities of resilience and adaptability. These capabilities are found in various biological organisms, ranging from microorganisms to flocks of animals and even human society.
Network Resilience: A Systematic Approach
Whether used for professional or leisure purposes, for safety-critical applications or e-commerce, the Internet in particular has become an integral part of our everyday lives, affecting the way societies operate. However, the Internet was not intended to serve all these roles, and, as such, is vulnerable to a wide range of challenges. Malicious attacks, software and hardwired faults, human mistakes (eg software and hardware misconfigurations) and large-scale natural disasters threaten its normal operation.
Four Essential Capabilities of Resilience
Erik Hollnagel proposes that there are four essential capabilities of resilience.
Response to Stress
The response of an organisation to stress is strikingly similar to the response of a ductile metal to stress. For a ductile metal, as load (or stress) is increased, it is able to recover or return to its original form when the load is removed, up to a point.