Information Technology Reference
In-Depth Information
system (Vaughan
1997
). The vulnerability was only exploited after the decision
was made to launch the shuttle in very cold weather.
The general approach used to study errors focuses on how to understand errors
so that we can take appropriate steps to manage them before things get out of hand.
When, rather than if, things go wrong, the aim is to learn from what happened to
help prevent a repeat performance.
Immediately after a major accident of any kind the press coverage almost
invariably attributes the cause of the accident to human error. The problem is that
the term human error is ambiguous and has three subtly different meanings
(Hollnagel
1998
), which are often confused by the press. It is therefore worth
spelling out these different meanings, using examples from the field of aviation:
1. Human error is the cause of the event or action. An example of this would be if
an aircraft deviated from its assigned flight altitude to a different flight altitude
(either higher or lower than the one that the flight crew had been given by Air
Traffic Control) due to the actions of the flight crew.
2. Human error is the event or action itself. An example of this would be if an
aircraft pilot did not change the altimeter setting when they were supposed to.
Note that in this case the action is really a deliberate non-action.
3. Human error is the consequence of the event or action. An example of this
would be if an aircraft collided with another aircraft because the pilot started to
taxi before receiving clearance to taxi by air traffic control.
The differences between the meanings are quite subtle, but it is important to
ensure that you understand them. In most cases the press combines the first two
meanings, even though they may not intend that the primary attribution of blame
should fall on the human.
The interpretation of human error is further complicated by the fact that an
action can only be judged as erroneous in hindsight (Woods et al.
1994
). People
will generally do what they think is the right thing in that particular context at the
right time. So an action can only be judged as being erroneous after the fact, based
on:
• A comparison with some expected level of performance
• A degradation in performance
• The person who performed the act having been unable to choose to act in a way
that would not have been considered as erroneous.
There is one exception to this notion of erroneous actions being judgments
made in hindsight: violations. If a person deliberately decides to do the wrong
thing—to sabotage the system, for example—then this can be determined at the
point when the action occurs, rather than afterwards. In some cases, however, it
may be necessary to violate the established rules or procedures to keep a system
in a safe state, or to get it out of an unsafe one. The Federal Aviation Authority
(FAA)
in
the
US
acknowledges
this
type
of
violation—sometimes
called
safe
violations—and
explicitly
allows
them
under
its
regulations
in
certain
situations.
Search WWH ::
Custom Search