McDonald_Systemic safety from design to operations

Systemic safety from design
to operations: examples from
aviation
Nick McDonald
Centre for Innovative Human Systems
School of Psychology
Trinity College Dublin
OUTLINE
•
•
•
•
•
•
•
•
Basic components of a socio-technical system
What kind of system?
The ‘real system’
How do S-T systems work?
The process of change
Socio-technical design principles
The lifecycle from design to operations
Activity and culture
SYSTEMS – WHAT ARE WE TALKING ABOUT?
• The target operational system under focus
– Including its social and organisational dimensions
• A system for managing that operational system
– E.g. Safety Management System
• A ‘technical system’ for achieving certain functions
– Theory, model, methodologies, data
– Functional task support
– Transformation and flow of data, knowledge
REQUIREMENTS FOR A THEORY OR MODEL
• Relevance
– Address core determinants at appropriate level
– Support inferences that are verifiable and correct
• Leverage
– Generate cogent recommendations
– Support intervention design and evaluation
• Systematic comparison across cases
– Common set of dimensions for analysis
• Improve level of prediction
– Support prospective risk assessment
– Future system design
• No assumption that we can explain all the variance
– Just do better than now
– C. 50% failure of change, new technology implementation
Basic components of a socio-technical
system
Functional
System
Measure
performance
Action/
interaction
Culture
Change system
Change competence
Enable &
consolidate
culture
Know-how
WHAT KIND OF SYSTEM?
• Main sources of uncertainty in an operational or production
system
– Demand and availability of resources
• Materials, parts, tools, people
• E.g. Base Maintenance
– Task accomplishment
•
•
•
•
Complex and indeterminate tasks
E.g. Flight operations
Tightly controlled repetitive tasks that require sustained attention
E.g. Assembly
– Co-ordination
• Between tasks, between processes
• E.g. Aircraft turnaround at airport
– Goals
• Design and change processes
THE ‘REAL SYSTEM’
• Informal practice and embedded routines
– WIPIDO – Well Intentioned People in Dysfunctional
Organisations
• Inverse of Human Error
• Double standard – real system is partially hidden and deniable
– Cycles of stability
• When things go wrong much organisational effort addresses the
problem but ends up reinforcing the status quo
– 3-4 serious incidents before an effective solution is found
– ‘No-blame’ and train
– Tacit, partially shared knowledge and understanding
• Just sufficient to ensure functional co-ordination
• Creates inertia that reinforces stability / stasis
FOLLY:
IGNORING FUNDAMENTAL CONSTRAINTS
• Uncertainty about resources
– Create a local demonstration of how the system could
work perfectly
• Sucks resources from the rest of the system
– Optimal system performance depends on sub-optimised
units
• Uncertainty about task performance
– Seek to automate complex indeterminate decisions
• Uncertainty about co-ordination
– Ignore least visible partner
– Least visible may be key to critical path
How do S-T systems work?
SCOPE Analysis Framework
LOGICS OF ORGANISATION
Process logic
Knowledge logic
Social logic
Information,
knowledge
Relationships
between people
Relationships
Resources, tasks, coordination, critical
points
Transformation of
resources to output
Sequential
Transformation of
meaning
Circular - validation
Co-ordination of
activity
Reciprocal
Timeline
Real time
Key functional
parameter
Propagation /
control of
uncertainty
Transactional value
Relates past,
present and future
Common
understanding of
system and values
Possibility of change
Slow build up over
time
Team integration
and trust
Core concepts
Mechanism
Value delivered
Enduring
relationships sustain
value
SCOPE SOFTWARE
CASE STUDIES
Diagnosis
Prognosis
A/c Maintenance: “This is what we do but Project transformation of process enabled
I have never seen it written down before” by a/c health monitoring technologies
Collaborative process mapping,
improvement team, ‘blocker reports’,
management improvement process
Successful maintenance change
• Profitable
• Reduced incidents
• Release from frustration
Airport operational performance
Improved operational support
• Daily journal, anomalies report, Hazard Better hands-on management
ID
SMS development
Airline SMS
• Devlpt & integration of SPIs
• Common risk concept Mx & FO
SMS implementation phase
• Integrated management concept
• Link with Lean improvement
• Antecedents and consequences
Airport collaborative decision making
• Dispatch coordination at milestones
• All stakeholders involved
• Serious game fosters collaboration
Training and implementation to focus
more on collaboration
KNOWLEDGE AND INFORMATION
• Knowledge about how the system works
– Knowledge is partial and not fully shared
– Needs to be worked on to uncover and transform tacit
knowledge
• Information about what the system is doing
– System knowledge seeks data & transforms it into
information and enriches shared knowledge
– Antecedents and consequences to understand cause and
risk
Support for Knowledge Cycle
MASCA project
Analysing
Serious Gaming
Models
Evaluation
Simulation
Achieving value
Operational &
Management processes
Managing
information
Data
Risk & hazard analysis
Operational support
Capacity Building
Mentoring
Agile training
Masters
Information Cycles
Proactive Safety Performance for Operations
Dependencies
per Phase
Assessment
Dependency Analysis
Plan
Brief
Act
Decide
Delegate
Demand
Aggregator
Comparator
Alternatives &
Risk
Action list
……………..
……………..
……………..
……………..
……………..
Crew capacity
Synthesis
Manage
the
Operation
Check
Review
Operational
Process
Management
Process
Goals
Dependency Analysis
Identify
Needs &
Goals
Plan &
Prepare
Knowledge &
Information
Action list
……………..
……………..
……………..
……………..
……………..
Social
Relations
Execute
Plan
Manage
Change
Review
The process of change
CONVERGENCE OF DESIGN AND CHANGE
Generic logic of design for operations Operational System Change Logic
Require technologies that increase customer value
through improved system performance
Requirement to reduce cost, improve safety, (etc.)
drives demand to improve process.
Technology provides new information at operational
level. This changes a key dependency that transforms
the logic of supply, planning or ops management.
A new IT application is introduced to support a key
process task. This improves value created at local level
Increasing integration of the system-wide information
architecture (SWIM) raises the possibility of seamless
process integration
Data from applications on the SWIM creates
opportunity for integrated performance management.
New applications hosted on the SWIM make the
processes work in a new way to deliver new value to
the customer
New applications hosted on the SWIM provide better
services for internal and external stakeholders
(operations, planning & supply, quality & safety,
customer, national authority)
New knowledge and information from normal
operations enables design of smarter technologies
adding value for the customer
New knowledge services hosted on SWIM enhance
common understanding, trust in system, embedded
learning, change management, design for operations.
The lifecycle from design to
operations
Lifecycle Cost and Value Assessment
Design
Concept
Future system
model
Operational risk
assessment
Design risk
assessment
Design
Evaluation
Implement
&
Change
Knowledge Exchange and Transformation
Modeling
Data integration and analysis
Agile Learning
Change
Evaluation
Implementation
record
Change assessment
Operational risk
profile
Closing the System Loops
Activity
• More effective support for
operational performance
• More comprehensive data
from all stages of the
operation
• Core shared understanding
of the system minimizes
distortions of performance
management
Culture
• Participate in mapping,
understanding process
functions
• Contribute know-how to
improvement activity
• Receive benefits from
improvement
• Support for and renewal of
‘real system’
Activity and culture
Functional
System
Measure
performance
Action/
interaction
Design system to
foster culture
Culture
Change system
Change competence
Enable &
consolidate
culture
Support
performance
Know-how
UNDERLYING METHODOLOGICAL PRINCIPLES
• The organisational system is what needs to be changed to
improve the value delivered by the system. This needs to
happen at the following levels:
– Social and technical
– Operational and management processes
• The system should fully support the actions of people to
achieve that value. This involves:
– Progressively and decisively eliminate those blockers that inhibit
that performance
• All this needs to be understood in common
– Participative understanding by everyone of how the real system
works
– Flow of information about what the system is doing
Demand
Low cost
Integrated
service
Hyperperformance:
safety &
environment
Enabling Mechanism
System Modeling
Analyse System Risk
Design & Change the
Operation
Manage the Operation
Delivered Outcome
Real,
sustainable,
resilient value
Distributed
authority
Accountable
self-regulation
Support of the European Commission Framework Program is
acknowledged
THANK YOU