Cognition and Safety
eBook - ePub

Cognition and Safety

An Integrated Approach to Systems Design and Assessment

  1. 288 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Cognition and Safety

An Integrated Approach to Systems Design and Assessment

About this book

Safety suffers from the variety of methods and models that are used to assess human performance. For example, operation is concerned primarily with human error, while design deals with aligning the system to workload or situational awareness, and the gap between the two disassociates safety assessment from design. As a result, system design creates constraints for the operator working at the sharp-end, which will inevitably lead to human error. Accidents and incidents across all industries have demonstrated the safety significance of this gap. Cognition and Safety provides an integrated view of cognitive human issues to better enhance safety. It combines operational with design-related concepts of cognitive performance to provide an approach for safely managing cognitive issues throughout the lifecycle of a system, from operational to senior management levels. The book will be of direct interest to operational managers, designers, training specialists, safety managers and operational staff dealing with human factors and safety issues; scientists in the area of safety, ergonomics and human factors; regulators dealing with safety and human factors, and practitioners in the field of human reliability.

Trusted by 375,005 students

Access to over 1.5 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Routledge
Year
2016
Topic
Politics & International Relations
eBook ISBN
9781351950749
Subtopic
Social Policy
Index
Politics & International Relations

Part I

Concerns

Chapter 1

The Need to Model Cognition in Safety

The Challenge of Cognition for Safe Design and Organization of Systems

Human society has become an information processing society. Virtually any industrial area is currently challenged by the impact of new technologies on human cognition. A car becomes much more of a computer by the increased use of navigation. Surveillance systems and power plants can be operated by a single person, and aircraft and airspace can be managed much more efficiently by the increased use of computer technology. New technologies also change the organizational structures of the industries. As the Internet provides communication around the world, staff become more remote and distributed. Reduced permanent staff in the operation of industrial systems goes hand-in-hand with increased hiring of external staff for maintenance or system development. Team-working and communication suffer from such developments (Sträter et al., 2003).
Disasters show that something is wrong in a system, and the list of disasters is long. Examples include
the Challenger explosion in 1986,
the fire on the Piper Alpha oil-platform in 1988,
the flight into terrain of an Airbus 320 in 1992,
the reactor explosion in Chernobyl in 1986,
the core melt of the TMI nuclear power plant in 1979,
the release of radioactivity in Tokai Mura in 1997, or
the mid-air collision at Lake Constance in 2002.
These accidents will be described in further detail in the course of this book, particularly regarding the cognitive aspects involved.
Besides such events with a high public perception, daily events show system deficiencies as well. The costs for occupational accidents in Germany for the year 2002 were about € 44.15 billion (BAUA, 2002). According to Helmreich (GIHRE, 2004) about 44,000 to 98,000 casualties were encountered in 2002 in US-hospitals due to inappropriate human actions in medical treatment and not due to illness itself. The study also refers to 2.7 errors per patient per day. The probability of receiving serious damage was observed as approximately 3.7% per patient. Night shifts were revealed as one of the most serious problems.
All accidents show weaknesses in design, maintenance or management, which affects the cognitive decision-making in operation, the sharp end of a system. Typically, those weaknesses are latently present for a long time before an accident happens (Reason, 1997). Often they are known and tolerated because one states:
(a) Nothing happened so far in my system => My system is safe.
However, the conclusion that nothing happens based on the experience so far is an invalid counter-conclusion from the rule:
(b) My system is safe => Nothing will happen in my system.
Statement b) is the basic rule of inference (modus pollens) of safety engineering. However, disasters show that statement b) may never be achieved. Any accident shows that the rule of negative inference (modus tollens) needs to be applied to both statements. The rule of negative inference states that the only valid solution of statement a) or b) for any system is (Popper, 1997):
(c) There are unsafe elements in my system.

Operational Levels

Independently from the industry, the humans at the front end of an operation are often identified as the cause of the malfunction and as the unsafe element, because they intervene directly with the technical system and are performing the actual action in incidents and accidents that breaks down the system. The term Human Factor was coined to describe the human role in operation. However, detailed analyses of the events usually show that other parties play a significant role in the cause and the development of the accidents. The staff at the operating level are requested to deal with many constraints stemming from several areas they have no influence on. The following operational levels may be distinguished as important contributors to safety (cf. Eurocontrol-Agenda, 2005):
The working-level of the staff that directly deals with the technical system. Staff at this level usually ‘perform’ the error (so-called active error; Reason, 1990). However, the operational staff are not necessarily responsible or guilty for the errors performed.
The maintenance-level. Level of the staff that maintain the system: Technical systems never work without maintenance. Consequently, maintenance actions may induce errors into the system, which are not apparent and do not directly lead to erroneous system states (latent errors according to Reason, 1990).
The organizational-level of the staff that organize the tasks at the working level. Every system needs staff and resource planning besides the working level. Staff at this level are also exposed to potential erroneous behaviour. Typically, such errors may be due to decisions between safety and effectiveness.
The design-level. Level of the staff that design the technical system. Errors in design are critical because they are latent and will probably not be mitigated because of the involved costs in doing so (Sträter & Bubb, 2003).
The regulator-level of the staff that regulate the system. In the highly complex world of today’s systems, extensive regulations are used to ensure that the systems and the staff meet the requirements for safety operation (e.g. driver licenses are a simple example). Certainly, errors can also be made at this level, which may cause unnecessary burdens at the working level and which finally leads indirectly to active errors. Overruling is a well-known problem.
These levels depend on each other in a complex way. According to Leveson (2002), Figure 1.1 depicts the human influences on system safety, covering the whole range from system development to system operations at all involved working levels.
fig1_1
Figure 1.1 Interrelation of operational levels from design-level to workinglevel (adapted from Leveson, 2002)
Furthermore, the discussion of the different levels indicates that the human influence cannot be eliminated or reduced by automation. The attempt to reduce the human impact by introducing automation merely shifts the human influence to other than the working level. Bainbridge (1987) entitled the fallacy that automation reduces the relevance of humans for system safety as Ironies of Automation. Automation simply changes the spectrum of persons involved in safety (from operators to technicians, managers, designers and regulators).
Considering increasing complexity and by longer-term impacts, one needs to consider safety impacts of the scientific and societal level. By defining paradigms and social recognition of a working environment, they play an important role in understanding human behaviour and error. For instance, the limited computer power in the early days of risk assessment did not allow for dynamic risk modelling approaches. The scientific community therefore decided to let fault-tree and event-tree approaches, which have inherent limitations, represent the dynamic aspects of human behaviour (see Part III of this book). Society in Germany, for instance, does currently not accept nuclear power. As a consequence, the regulation and operation suffer from the constraint that, any problem, even a slight one, in a nuclear plant is pilloried, which puts the operators under an enormous additional threat.

Cognitive Aspects of System Safety

The link of cognitive aspects to the working level Automated systems have a specified range of operation (design-bases or design specification). However, modus tollens also applies to automation. There is always the possibility that systems operate beyond their specification (beyond design-bases), either by internal failures, interference / interdependence with other automated systems, or by operating in situations they were not designed for. The user at the working level has to judge at any time, whether the automation is working properly or beyond specification. Automation therefore enhances the importance of decision-making and diagnosis in system safety as judgements and decisions are required at the working level on the status of the automated systems. Procedures for system failures are designed to support the user in beyond design-bases situations. With a growing number of automated systems, the number of procedures also increases. As a downside of procedural support in cases of failures, decisions need to be made on the status of the automated systems as well as on the applicability of procedures. Automation therefore increases the variety of contextual conditions under which decisions are to be made. These constraints need to be resolved, which requires prioritization, utilization and goal setting in cognitive processing (Montmollin, 1992; Mosneron-Dupin et al., 1997).
Humans at the working level are forced to make decisions based on constraints from targets set at the management level, the procedures and interfaces given, the required communication with working partners and the operational tasks to be performed. This leads to the phenomena of induced mental workload. The term ‘induced’ comprises the additional effort due to the type of interaction with the system. A frequently stated selling argument of automation is that it reduces workload. However, induced workload may cause an even higher net workload for the user than the workload an automated system is designed to reduce.
Cognitive psychology consequently becomes a considerable contribution to ensure safety at the working level. Examples of the importance are frequent and only two are mentioned here. In the field of Air Traffic Management (ATM), the new technology and the organizational changes following from the new capabilities (such as airspace harmonization in Europe) lead to an increased development of tools and methods in order to compensate for the impact of new technology on the controller (Sträter et al., 2004a). Distractions from car driving by advanced navigation systems have become a critical topic for the realization of such systems in transport (Schweigert, 2003).
Overall, the mental demand of the user at the working level is increasing (Figure 1.1). Increased mental demand changes the type of errors. Errors of commission or violation by the staff at the working level are an unavoidable downside of automation (or of complex systems in general). Automation, if not designed properly, does not eliminate human errors at the working level, but changes them (Bainbridge, 1987). However, the causes for erroneous human behaviour can be found in the levels preceding the working level.
fig1_2
Figure 1.2 Constraints on decision-making and induced mental workload
The link of cognitive aspects to the organizational level According to the discussion in the preceding section, cognitive aspects of system safety stem from constraints, under which humans operate at the working level. As these constraints may not only be of a negative nature, the term Context was introduced for those conditions triggering certain human information processing behaviours (Hollnagel, 1998). The consequences from context regarding the cognitive demands are well known. Highly automated industries such as Aviation and Nuclear power plants have suffered from the problem for a long time while others such as ATM or the automobile industry are currently experiencing the effects.
Generally, one can observe the portion of human induced accidents increasing. Often it is stated that the proportion is getting higher, because the technical equipment itself is becoming increasingly reliable and therefore necessarily increases the proportion of human impacts. However, the discussion of induced workload above shows that this cannot be the only reason. Technology may induce certain types of human error into the system, if it is not designed properly. In particular, those human errors occurring due to problems of human-machine interaction are often incorrectly assigned as errors of the humans at the working level.
Triggering cognitive mechanisms, the context plays a major role in understanding and preventing events. The reasons for inappropriate contextual conditions can often be identified at the organizational level. During the Challenger disaster, for instance, NASA was under public pressure to have a successful mission. The management therefore decided to launch the shuttle, although serious safety problems regarding the sealing of the hydrogen tanks were known internally. Another space shuttle accident, the Columbia explosion, where the shuttle lost a tile during the start and exploded due to overheating in the landing-phase, was investigated by Woods (2003). He summarizes the classic patterns of cognitive aspects on the organizational level involved as follows:
Drift toward failure as defences erode in the face of production pressure.
An organization that takes past success as a reason for confidence instead of investing in anticipating the changing potential for failure.
Fragmented problem solving process that clouds the big picture.
Failure to revise assessments as new evidence accumulates.
Breakdowns at the boundaries of organizational units that impede communication and coordination.
These patterns are widely independent from the industrial setting and the organizational level. As Woods manifests further, an organization is always a complex interdependent relationship between individuals with different backgrounds and experiences (a multi-disciplinary group of persons). The cognitive mechanism of these individuals is essential for understanding the organizational malfunctions. Organ...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Table of Contents
  6. List of Figures
  7. List of Tables
  8. Abbreviations
  9. Preface
  10. Acknowledgements
  11. Part I Concerns
  12. Part II Integration
  13. Part III Application
  14. Bibliography
  15. Author Index
  16. Keyword Index

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Cognition and Safety by Oliver Sträter in PDF and/or ePUB format, as well as other popular books in Politics & International Relations & Social Policy. We have over 1.5 million books available in our catalogue for you to explore.