View profile

🦉 10x curiosity - Tools to understand and manage complexity - Nancy Leveson and STAMP


🦉 10x curiosity

November 13 · Issue #232 · View online

🦉 A weekly sample of links that made me think 🤔

Also available on my 10x Curiosity Blog
Complexity in process industry’s require a suite of tools to manage. Nancy Leveson realised that the tools available to her to investigate or prevent incidents did not adequately achieve robust long term solutions. With this she developed a completely new framework she called STAMP (Systems-Theoretic Accident Model and Processes).
What Leveson realized is that as complexity increases within a system, this approach [RCA type problem solving] loses its effectiveness. Things can go catastrophically wrong even when every individual component is working precisely as its designers imagined. “It’s a matter of unsafe interactions among components,” she says. “We need stronger tools to keep up with the amount of complexity we want to build into our systems.” (Jeff Wise)
Writing in her seminal work “Engineering a Safer World: Systems Thinking Applied to Safety” Leveson identifies several important concepts differentiating safety and reliability.
Understanding the conflicts between reliability and safety requires distinguishing between requirements and constraints. Requirements are derived from the mission or reason for the existence of the organization. The mission of the chemical plant is to produce chemicals. Constraints represent acceptable ways the system or orga-nization can achieve the mission goals. Not exposing bystanders to toxins and not polluting the environment are constraints on the way the mission (producing chemicals) can be achieved.
There are always multiple goals and constraints for any system — the challenge in engineering design and risk management is to identify and analyze the conflicts, to make appropriate tradeoffs among the conflicting requirements and constraints, and to find ways to increase system safety without decreasing system reliability…
Bottom-up decentralized decision making can lead — and has led — to major accidents in complex sociotechnical systems. Each local decision may be “ correct ” in the limited context in which it was made but lead to an accident when the independent decisions and organizational behaviors interact in dysfunctional ways.
Safety is a system property, not a component property, and must be controlled at the system level, not the component level. (Leveson P33-35)
STAMP (Systems-Theoretic Accident Model and Processes) is an accident causality model based on systems theory and systems thinking …[it] integrates into engineering analysis causal factors such as software, human decision-making and human factors, new technology, social and organizational design, and safety culture, which are becoming ever more threatening in our increasingly complex systems.
STPA (Systems-Theoretic Process Analysis) is a powerful hazard analysis technique based on STAMP, while CAST (Causal Analysis based on STAMP) is the equivalent for accident and incident analysis. (Reykjavik University)
An excellent summary paper Applying STAMP in Accident Analysis outlines the principles :
In STAMP, accidents are conceived as resulting not from component failures, but from inadequate control or enforcement of safety-related constraints on the design, development, and operation of the system. Safety is viewed as a control problem: accidents occur when component failures, external disturbances, and/or dysfunctional interactions among system components are not adequately handled…
Systems are viewed, in this approach, as interrelated components that are kept in a state of dynamic equilibrium by feedback loops of information and control. A system is not treated as a static design, but as a dynamic process that is continually adapting to achieve its ends and to react to changes in itself and its environment. The original design must not only enforce appropriate constraints on behavior to ensure safe operation, but it must continue to operate safely as changes and adaptations occur over time. Accidents then are viewed as the result of flawed processes involving interactions among system components, including people, societal and organizational structures, engineering activities, and physical system components. STAMP is constructed from three basic concepts: constraints, hierarchical levels of control, and process models. These concepts, in turn, give rise to a classification of control flaws that can lead to accidents. 
The basic concept in STAMP is not an event, but a constraint. In systems theory and control theory, systems are viewed as hierarchical structures where each level imposes constraints on the activity of the level below it—that is, constraints or lack of constraints at a higher level allow or control lower-level behavior 
Instead of viewing accidents as the result of an initiating (root cause) event in a series of events leading to a loss, accidents are viewed as resulting from interaction among components that violate the system safety constraints. The control processes that enforce these constraints must limit system behavior to the safe changes and adaptations implied by the constraints. (Leveson et al)

A simplified STAMP Process
A simplified STAMP Process
… complex systems can produce unexpected behavior and that the human operators of those systems can struggle to respond effectively. We expect that as technology advances, it will necessarily become safer — and, for the most part, that’s been true. (More than twice as many people died in aviation accidents 20 years ago, even as the number of people flying has vastly increased.) But better technology comes with greater complexity, which can generate dangers all its own. (Jeff Wise)
Further Reading
 Let me know what you think? I’d love your feedback. If you haven’t already then sign up for a weekly dose just like this.   
Links that made me think...
10 design principles inspired by Spotify – guiding you towards aligned autonomy in Agile office spaces | Dandy People
Don't set goals for yourself—instead, create systems that make it easy for you to succeed — Quartz
What is Greenwashing? How to Spot It and Stop it - Disruptive Design - Medium
Learning & Creativity — Josh Waitzkin
Feeling Stuck? Try Appreciative Inquiry |
Did you enjoy this issue?
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue