|
I found Ann Waterman's article ["Opinion - Rocking the Boat, so that It Won't Sink," Vol. 43, No. 2] to be interesting, and pretty much on target. I, too, have become bored with the heavy emphasis on weapon systems (and software). Even when I was almost entirely involved in the weapon system business, I found it to be boring and trite in many ways. Now that I am doing almost all of my work in the private sector, I find the discussions to be largely irrelevant and unusable — which translates into boring.
However, just agreeing with the article's position on this is not enough to solve the problem. It has been blindingly obvious to me that we have had the problem of much too narrow a scope for decades. When I became its president during the first part of 1990, the Society had all but collapsed because of this problem — people within the military industry didn't find enough value to sign up, and people outside of that industry (and, to a small measure, aerospace) didn't find anything useful. It is just too difficult to translate what we are talking about into things that they can use in other industries. Several of us have made repeated attempts to broaden our scope, but with little success. I think this is because the vast majority of our members don't see any value in going beyond what they need in their current jobs. There seems to be little understanding of, or concern for, the concept that we need new blood, new ideas and someone else to fight (argue) with. As long as we just continue to talk to ourselves, we are talking to the choir — and we will either stay small and boring, or get smaller and more boring.
Every time I sign up to go to a Conference these days, I ask myself why I am spending the time and money to do so. It has gotten down to wanting to see two or three old friends, and an opportunity to visit someplace interesting. It certainly is not because of the speaker, the food or the very many sessions (once in a while there is a good session, but they are few and far between).
So, I agree with Ann. However, I don't know how to find a solution.
— Charles Hoes
We just read Ann Waterman's commentary in the March-April issue of the Journal of System Safety. It is true that the core of system safety remains defense oriented (aerospace and weapons), is limited in professional outlook and is, perhaps, somewhat territorial. Diversity and professional growth is indeed necessary for the long-term health and survival of the profession.
We believe that system safety can be enriched by greater emphasis on human factors (error reduction analysis), management skills (deeper integration and participation in enterprise objectives) and teamwork activities (better and varied subject matter content for incorporation into analytic procedures).
We believe that system safety should have more widespread application, which could be achieved by appropriate public relations (stressing the unique virtues of system safety) to those who need the benefits. This includes medical design (medical equipment, medical devices, etc.), energy and power (means, transmission, process control, pipelines, etc.) and transportation (maritime, vehicles, highways, etc.). Even building systems (such as large hospitals and big industrial production facilities) and consumer product systems (design of outsourced parts for international use, etc.). There are many opportunities for system safety in an increasingly complex worldwide technology in which defects and failures will not be tolerated or condoned without penalty.
Perhaps the readers of JSS may have suggestions as to how system safety can grow (such as the choice of invited speakers, placement of JSS in university libraries, lobbying, stories about system safety in general publications, joint meetings or conferences, etc.). Waterman's commentary should be the first step in advancing the interests of the System Safety Society as a unique and needed profession.
— George A. Peters
Barbara J. Peters
I found the "Outside the Lines" article by Ira Rimson and Ludi Benner ["Introducing the X-Tree," Vol. 43, No. 2] to be very thought provoking. I do disagree with a few of the details, such as their assertion that the crew of the airliner on the wrong runway "didn't recognize the potential criticality of the outcome." Of course the crew knew the potential criticality of trying to take off on a short runway, they just didn't know they were doing such a thing. They didn't know that the runway was far too short and decided to give it a go anyway. They were mistaken — they made an error, but not an error in judging the criticality of their decision.
However, beyond these types of unimportant concerns, their paper brought up the very real issue of trying to figure out what to do once the undesired event has occurred. In my example of the exhaust line that they referred to in their paper ["TBD," Vol. 42, No. 5], the rest of the story is that we have done many things to contain a reaction if one should occur. The temporary undesired event was a fire or explosion in the exhaust line. Once it became clear that this was not possible to prevent, then we took the next step of changing the undesired event to something like, "rupture of the exhaust line." This new end event opened up a number of new possibilities for providing control after the initial postulated event occurs.
I think this is generally what the authors are getting at in their article. They posit a tentative end event, then realize that it really isn't the end event at all; in fact, there are still many possible outcomes (identified as "Outcome 1 — Outcome 5" in Figure 2 — X Tree Analysis). Whether it is a worthwhile adventure to turn the tree on its side to illustrate this, or the analyst decides to just extend the tree to include these newly identified outcomes, is a matter of style. In any case, they are correct in pointing out that just because an undesired event has been identified does not mean that there are no more important issues to resolve, and introducing human actions is a very good idea. (Of course, if the original tree failed to include human actions, it would have been rather incomplete.)
An example that I have talked about several times over the years comes to mind. Automobile protection systems (seat belts, air bags, etc.) are generally designed to protect the occupant during the first few milliseconds after a crash. However, things occur after that. Even if they extended the time period to be until the vehicle comes to a complete stop, it is insufficient. After the crash, the rescue operators show up to deal with the mess. Since little or no attention was paid to this phase of an accident, the occupant and rescuers find themselves in renewed danger because of the design of these very protective devices. In order to enhance total system safety, the events following a crash are critical. Another related example has to do with the introduction of large, high-voltage, high-current batteries in the new electric or hybrid vehicles. The presence of these high-energy sources presents many severe and unpredictable risks to the occupants and rescue personnel.
Stopping too far down the logic tree can, of course, result in leaving out many, or maybe most, of the actual hazards. Having said that, I kind of like the idea of turning the tree on its side and taking a new look at what happens next. It seems like it might make it easier to think about the after-event events and controls.
— Charles Hoes
|
