What is the new verification method to look at the causes of failures and accidents from a view point different from conventional?

"Failure" and "accident" will happen even in modern technologies where advanced technology has advanced. Why can not we completely eliminate accidents at medical sites and transport facilities such as railroads, aircraft, automobiles, etc., and look at the cause from the perspective of the whole system "System · Safety Engineering"Technique has been advocated.

Understanding Society: System safety engineering
http://understandingsociety.blogspot.jp/2014/08/system-safety-engineering.html

MIT (Massachusetts Institute of Technology) who has led the field of safety engineering for over 30 yearsProfessor Nancy LevesonThe book that was published in 2012 "Engineering a Safer World"Describes the method of" system safety engineering "that verifies the cause of a problem or accident retroactively to the system itself.


According to Mr. Leveson's theory, the technical failure of the system is not caused by a defect of a specific component, but caused by a defect existing in a plurality of components and an unexpected behavior occurring between the components Therefore, safety is "Characteristics of the entire systemIt is said that it is "to be controlled not at the component level but at the system level" in order to realize safety.

Safety is a system property, not a component property, and must be controlled at the system level, not the component level.

In the danger / failure analysis that has been used so far, specific route analysis leading to the occurrence of the accident has been carried out, and efforts to find a single "cause" that caused the problem have been promoted. However, Mr. Leveson pointed out that this method is already obsolete, and is appealing the introduction of the "new accident model" to more accurately and comprehensively grasp the flow leading to the accident and the cause of the actual accident . This concept contains several important elements.

· Focus on elements other than component defects and human error and extend the viewpoint of accident analysis
· Introduce scientific methods to model accidents and pursue the cause eliminating subjective factors
· Include "system design fault" and "system interaction failure" as subjects
· Push for new disaster analysis and risk survey methods
· Focus on the part involved by human beings against the accident and analyze the mechanism that the system influenced human behavior
· Shift the purpose of the accident analysis from "cause" to "reason", and understand "why" accident occurred
· Analyze and interpret from multiple perspectives as necessary
· Assist in formulation of work standards and analysis of performance data

Leveson also pointed out that "safety" and "reliability" are confused and understood. Although raising reliable equipment has been introduced to automobiles, chemical plants and weapons systems, we raised that problem by mentioning that there have been accidents that had not been predicted on a large scale.

ByKiyo

In this way, Mr. Leveson said it was a mistake to conduct an accident analysis on a "component" basis, and it was important to advance engineering on a "system" basis, "the problem solving solution is modern I am convinced that it is to promote the introduction of system thinking and system theory. "

The solution, I believe, lies in creating approaches to safety based on modern systems thinking and systems theory.

One important thing in understanding the occurrence and safety of accidents is "to recognize the complexity of modern technology," Leveson says. Furthermore, its "complexity" includes "interactive complexity" "dynamic complexity" "decompositional complexity" and "nonlinear complexity" "And it is said that the difficulty of avoiding problems in advance is rising day by day.

However, Leveson said "Fly-fix-fly methodIt shows a very negative position on using. The fly-fix-fly method, which is a so-called post-chasing safety measure of correcting the procedure of problem solving to the development of aircraft "First skipping and correcting problems if there is a problem and then skipping" is a modern highly developed engineering That is why it is inappropriate for.

Leveson advocates as a method to replace it, "to escape from the analysis on a conventional one-way component unit and to verify the problem at the system level"STAMP(Systems-Theoretic Accident Model and Processes: System Theoretical Accident and Process Modeling Method) and the analysis method based on the modeling "STPA(System-Theoretic Process Analysis) ". In STPA, process analysis is carried out through the following two major steps.

1. Identify risk points that lead to "inappropriate control of the system" causing dangerous conditions
2. Identify the reason why "inappropriate control" confirmed in Step 1 occurs

The following flowchart is an example when NASA conducts risk analysis using STPA.


This STAMP and STPA are likely to be used for controlling the automatic driving car. The control of automatic operation itself can be analyzed by STAMP, and the road on which many vehicles go and go is also a system with high complexity. In the following movies, it was simulated that innumerable automatic driving cars passed through intersection without causing accidents at exquisite timing.

Untitled on Vimeo