![Page 1: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/1.jpg)
Daniel Hartmann, PhD
Management & Safety Engineering Unit, Ben-Gurion University
Beer Sheva, Israel
Second STAMP Conference 2013
![Page 2: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/2.jpg)
A wider look at STAMP (System-Theoretic Accident Model and Processes)
Data – Information – Knowledge – Context [D.I.K.C.]
Daniel Hartmann STAMP 2013
System Theory
Hierarchical Safety Control Structure
Process Models
Safety Constraints
2
![Page 3: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/3.jpg)
Data is the lowest level of abstraction, collected by
"sensors" and leading to describing “something” or a
process.
Information is a medium level of abstraction, processed
by "brain" and an exciting "model" and leading to
understanding of "something" or a process.
Knowledge is the highest level of abstraction, processed
by "brain" and an exciting "model" and leading to action
related to "something" or a process.
Data – Information – Knowledge – Context [D.I.K.C.]
Daniel Hartmann STAMP 2013 3
![Page 4: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/4.jpg)
Virtual Risk
Risk
Perceived directly
Risk
Perceived through science
e.g. using fire, cutting with a knife, climbing a tree
e.g. cholera need a microscope to see it and a scientific training to understand it
Scientists don't know yet or cannot agree: e.g. global warming, mobile phones After Adams (1999) Virtual DIKC
However, Risk is dictated by D.I.K.C.
4
Natural DIKC
System 1 thinking
Scientific DIKC =
Complexity
System 2 thinking
Daniel Hartmann STAMP 2013
![Page 5: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/5.jpg)
Natural Risk
Scientific Risk
Virtual Risk Technological
Feasibility
Cultural Feasibility
Economical Feasibility
More Fundamentals dictating level of acceptable Risk
Daniel Hartmann STAMP 2013 5
![Page 6: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/6.jpg)
One Picture - Two Perceptions
Daniel Hartmann STAMP 2013 6
![Page 7: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/7.jpg)
D.I.K.C., Perception and Process Models?
Perception is the process of attaining awareness or
understanding of the situation by organizing and interpreting sensory information.
Whos Perception? Who Creates it? Who Controls it? Etc...
“End User”?
“Scientists”?
Low Level Controller?
Medium Level Controller?
High Level Sociotechnical Controller?
High Level Environmental Controller?
Daniel Hartmann STAMP 2013 7
![Page 8: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/8.jpg)
Data – Information – Knowledge – Context [D.I.K.C.]
System Theory
Hierarchical Safety Control Structure
Process Models
Safety Constraints
A wider look at STAMP (System-Theoretic Accident Model and Processes)
Daniel Hartmann STAMP 2013 8
![Page 9: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/9.jpg)
Environmental System of Systems
Daniel Hartmann STAMP 2013 9
![Page 10: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/10.jpg)
Environmental System of Systems The Rock Cycle
Daniel Hartmann STAMP 2013 10
![Page 11: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/11.jpg)
Environmental System of Systems
Eco-Systems
Daniel Hartmann STAMP 2013 11
![Page 12: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/12.jpg)
Modern Battlefield and the Environment
Daniel Hartmann STAMP 2013 12
![Page 13: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/13.jpg)
Sociotechnical Environmental-Sociotechnical
Some “New” Ideas about System Boundaries
Egocentric System-centric
Daniel Hartmann STAMP 2013 13
![Page 14: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/14.jpg)
Effort vs. Importance*
Latent System Weaknesses
Human Failure
Equipment Failure
Currently Actual
* Adapted from Kletz, T. (2001), An Engineer’s View of Human Error (3rd ed.); p.127.
Effort Expended Importance
Daniel Hartmann STAMP 2013 14
![Page 15: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/15.jpg)
Data – Information – Knowledge – “Context” [D.I.K.C.]
System Theory
Hierarchical Safety Control Structure
Process Models
Safety Constraints
A wider look at STAMP (System-Theoretic Accident Model and Processes)
Daniel Hartmann STAMP 2013 15
![Page 16: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/16.jpg)
Example Safety Control Structure
Where starts System safety Engineering?
Daniel Hartmann STAMP 2013 16
![Page 17: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/17.jpg)
Environmental-Sociotechnical System
Daniel Hartmann STAMP 2013 17
![Page 18: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/18.jpg)
Daniel Hartmann STAMP 2013 18
![Page 19: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/19.jpg)
Force Majeure - Superior Force - Act of God - Chance Occurrence - Unavoidable Accident
Resulting from:
hurricane
flooding
earthquake
volcanic eruption
Virus pandemic
Fire
Dust storm
Any unexpected / extreme environmental conditions
etc.
Daniel Hartmann STAMP 2013 19
![Page 20: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/20.jpg)
Accident Causality Using STAMP
Enough D.I.K.C. at
each system level?
Develop D.I.K.C.
Metrics! ?
?
?
Daniel Hartmann STAMP 2013 20
![Page 21: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/21.jpg)
Generic model for safety management system
• Conflicting Policies
• Biased Policies
• Partial correct Policies
• Wrong Policies
• Unrealistic Policies
• Disastrous Policies
• Etc.
Level N+1 Goals, Policies, Constraints, Control Commands
Reference Channel Measuring Channel (Feedback)
Level N Operational Experience
21
Policy
Planning
Implementation Checking & Corrections
Management Review
Daniel Hartmann STAMP 2013 21
![Page 22: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/22.jpg)
Drowning Prevention – Governmental Level Regulation
The Parliament Finance
Environmet
Immigrant Absorption
National Infrastru-
ctures
Prime Minister
Education
Interior
Welfare & Social Services
Health Industry Trade & Labor
Tourism
Transportation &
Road Safety
Internal Security
Justice
Science, Culture &
Sport
1
5
7
2 4
6
3
Supreme court
A
B
C
Daniel Hartmann STAMP 2013
Public
22
![Page 23: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/23.jpg)
System Dynamics perspective on Forest Fire
Daniel Hartmann STAMP 2013 23
![Page 24: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/24.jpg)
Mount Carmel [Israel] forest fire (2010) a very expensive lesson in risk management and safety
Daniel Hartmann STAMP 2013 24
![Page 25: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/25.jpg)
Reckoning without one’s host
(die Rechnung ohne den Wirt machen)
To act, plan, or conclude without adequate consideration of
significant factors or circumstances;
to fail to take into account the role of others, particularly those whose
position would make their input determinative.
This early meaning, dating from the 17th century, has been totally
lost in the now figurative one indicating shortsightedness,
improvidence, or lack of foresight.
Daniel Hartmann STAMP 2013 25
![Page 26: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/26.jpg)
Data – Information – Knowledge – Context [D.I.K.C.]
System Theory
Hierarchical Safety Control Structure
Process Models
Safety Constraints
A wider look at STAMP (System-Theoretic Accident Model and Processes)
Daniel Hartmann STAMP 2013 26
![Page 27: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/27.jpg)
Accidents occur when model of process is inconsistent with real state of process and controller provides inadequate control actions
Controlled Process
Control Actions
Control processes operate between levels of control
Feedback channels are critical -- Design -- Operation
Process Models 1. Goal Condition 2. Model Condition 3. Action Condition 4. Observability
Condition
Model of Process
Controller 1
2
3 4
27
enough D.I.K.C. to
create Models?
Feedback
Daniel Hartmann STAMP 2013 27
![Page 28: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/28.jpg)
A Classification of Control Flaws leading to Hazards
Inadequate Control Algorithm
(Flaws in creation, process changes,
incorrect modification or adaptation)
Controller Process Model
(inconsistent, incomplete, or
incorrect)
Control input or external information wrong or missing
Actuator Inadequate operation
Inappropriate, ineffective, or missing control action
Sensor Inadequate operation
Inadequate or missing feedback Feedback Delays
Component failures
Changes over time
Controlled Process
Unidentified or out-of-range disturbance
Controller
Process input missing or wrong Process output contributes to system hazard
Incorrect or no information provided
Measurement inaccuracies
Feedback delays
Delayed operation
Conflicting control actions
Missing or wrong communication with another controller
Controller
1
2
2
D.I.K.C. Flaws leading to Hazards
Daniel Hartmann STAMP 2013 28
![Page 29: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/29.jpg)
Data – Information – Knowledge – Context [D.I.K.C.]
System Theory
Hierarchical Safety Control Structure
Process Models
Safety Constraints
A wider look at STAMP (System-Theoretic Accident Model and Processes)
Daniel Hartmann STAMP 2013 29
![Page 30: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/30.jpg)
Safety Constraints Should be based on D.I.K.C.:
Data, Information, Knowledge & Context
Based on D.I.K.C. Each component in the control structure has Assigned responsibilities, authority, accountability Controls that can be used to enforce safety
constraints
Based on D.I.K.C. Each component’s behavior is influenced by Context (milieu) in which operating Level of Data, Information, Knowledge about current
state of process
Daniel Hartmann STAMP 2013 30
![Page 31: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/31.jpg)
Relationship Between Safety and Process Models Depending on D.I.K.C. and level of D.I.K.C.
Accidents occur when models (because of D.I.K.C.) do not match process and:
Required control commands are not given
Incorrect (unsafe) ones are given
Correct commands given at wrong time (too early, too late)
Control stops too soon
Explains software errors, human errors, component interaction accidents, and errors due to level of DIK …
Daniel Hartmann STAMP 2013 31
![Page 32: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/32.jpg)
Human Sensitivity to Environmental Hazards
Daniel Hartmann STAMP 2013 32
![Page 33: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/33.jpg)
Levels of D.I.K.C., Level of Resolution of D.I.K.C. Levels of Processes & Hazards
?
Geological Climate
Cosmological Climate?
Weather
Contemporary Climate
Climate Change
Hazards related to Climate Change
Daniel Hartmann STAMP 2013 33
![Page 34: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/34.jpg)
Another Source of Risk Control actions inadequately “coordinated” among multiple
controllers
Human Controller
Environment as Controller
Sociotechnical Process
Environmental Process
Boundary areas: Environmental conditions are “normal”
Overlap areas : Environmental conditions are “extreme”
Human Controller
Environment as Controller
Environmental- Sociotechnical
Process Daniel Hartmann STAMP 2013 34
![Page 35: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/35.jpg)
Sociotechnical system:
“enforce safety constraints on Sociotechnical system behavior”
Safety as a dynamic Control Problem
Environmental-Sociotechnical system:
“enforce safety constraints on Sociotechnical system behavior and avoid confrontation with Environmental system behavior”
Dutch: Living / Building with Nature
Daniel Hartmann STAMP 2013 35
![Page 36: Second STAMP Conference 2013psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Hartman… · A wider look at STAMP (System-Theoretic Accident Model and Processes) Data – Information](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4289956100d11ef35b1c2a/html5/thumbnails/36.jpg)
Dr. Daniel Hartmann Mail: [email protected]