Re: [SystemSafety] HROs and NAT (was USAF Nuclear Accidents prior to 1967)

From: Matthew Squair < >
Date: Tue, 24 Sep 2013 08:10:54 +1000

Slightly tangentially there's actually a theoretical underpinning for Perrow's NAT provided by the theory of Highly Optimised Tolerance. HOT was developed to explain the 'robust yet fragile' nature of complex systems designed to operate in uncertain environments (and are highly coupled with that environment).

Given you're trying to optimise performance under global resource constraints (like cost) while trading off against risk you end up with systems that are 'safe most of the time' but every so often a catastrophic event will occur due to an unanticipated combination of failures or environmental factors, robustness and fragility are inherently intertwined in such systems. The proponents also predict that you'll see power law failure distributions in HOT systems as a result.

I like HOT as a theory because it makes testable empirical predictions (power law behaviour) and you can also develop system simulations from the math and compare these to the real world.

Of course it also means that high consequence accidents will inevitably occur much more often than we'd like to think, and usually for unanticipated reasons, which brings us back to Perrow's original thesis.

On Tuesday, 24 September 2013, John Downer wrote:

> On Sep 23, 2013, at 5:50 AM, Andrew Rae <andrew.rae_at_xxxxxx > wrote:
> The strong interpretation is that there is empirical support for naming a
> particular set of characteristics as the most important, and that this
> support comes from identifying particular organisations as safety
> over-achievers. You can't support this strong interpretation via the weak
> interpretation. The weak interpretation is a _fallback_ position that
> requires abandoning the strong interpretation. What's left is not HRO. It
> is exactly the same space that Normal Accidents, Disaster Incubation
> Theory, HROs, Vulnerable System Syndrome, and (tangentially) STAMP, have
> been trying to fill. We know that organisation structure and attitude
> matters, but we don't have a successful model for how it matters. (I'm
> deliberately avoiding a definition of "successful" here. Choose one from
> reliable/repeatable, makes accurate predictions, is practically useful for
> safety management). I put STAMP tangentially into that list because it is
> oriented more towards "practically useful" than "has explanatory power".
> Each model deserves to be evaluated against its own claims.
> I'm not sure I buy this completely. Nancy already pointed to STAMP's
> distinctiveness. NAT focuses on accidents rather than the lack of them, as
> did Turner. Reason is a social psychologist first and foremost. HR(O/T) is
> its own thing.
> Show me an organizational sociologist who interrogates seemingly
> successful socio-technical systems and I'll show you an HRO person.
> Whether or not they accurately identify 'successful' systems or the
> organizational principles that contribute to those successes comes down to
> them as scholars, I suppose. There are plenty of differences on these
> issues within the HRT literature. It's true that most of the people we
> would immediately identify as HRO scholars broadly agree on some things
> (the value of redundancy, for instance), but I don't think that one *has*to agree with those things in order to call oneself an HRO scholar.

*Matthew Squair*

Mob: +61 488770655
Email: MattSquair_at_xxxxxx
Website: <>

_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Tue Sep 24 2013 - 00:11:04 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST