Systemic safety from design to operations: examples from aviation Nick McDonald Centre for Innovative Human Systems School of Psychology Trinity College Dublin OUTLINE • • • • • • • • Basic components of a socio-technical system What kind of system? The ‘real system’ How do S-T systems work? The process of change Socio-technical design principles The lifecycle from design to operations Activity and culture SYSTEMS – WHAT ARE WE TALKING ABOUT? • The target operational system under focus – Including its social and organisational dimensions • A system for managing that operational system – E.g. Safety Management System • A ‘technical system’ for achieving certain functions – Theory, model, methodologies, data – Functional task support – Transformation and flow of data, knowledge REQUIREMENTS FOR A THEORY OR MODEL • Relevance – Address core determinants at appropriate level – Support inferences that are verifiable and correct • Leverage – Generate cogent recommendations – Support intervention design and evaluation • Systematic comparison across cases – Common set of dimensions for analysis • Improve level of prediction – Support prospective risk assessment – Future system design • No assumption that we can explain all the variance – Just do better than now – C. 50% failure of change, new technology implementation Basic components of a socio-technical system Functional System Measure performance Action/ interaction Culture Change system Change competence Enable & consolidate culture Know-how WHAT KIND OF SYSTEM? • Main sources of uncertainty in an operational or production system – Demand and availability of resources • Materials, parts, tools, people • E.g. Base Maintenance – Task accomplishment • • • • Complex and indeterminate tasks E.g. Flight operations Tightly controlled repetitive tasks that require sustained attention E.g. Assembly – Co-ordination • Between tasks, between processes • E.g. Aircraft turnaround at airport – Goals • Design and change processes THE ‘REAL SYSTEM’ • Informal practice and embedded routines – WIPIDO – Well Intentioned People in Dysfunctional Organisations • Inverse of Human Error • Double standard – real system is partially hidden and deniable – Cycles of stability • When things go wrong much organisational effort addresses the problem but ends up reinforcing the status quo – 3-4 serious incidents before an effective solution is found – ‘No-blame’ and train – Tacit, partially shared knowledge and understanding • Just sufficient to ensure functional co-ordination • Creates inertia that reinforces stability / stasis FOLLY: IGNORING FUNDAMENTAL CONSTRAINTS • Uncertainty about resources – Create a local demonstration of how the system could work perfectly • Sucks resources from the rest of the system – Optimal system performance depends on sub-optimised units • Uncertainty about task performance – Seek to automate complex indeterminate decisions • Uncertainty about co-ordination – Ignore least visible partner – Least visible may be key to critical path How do S-T systems work? SCOPE Analysis Framework LOGICS OF ORGANISATION Process logic Knowledge logic Social logic Information, knowledge Relationships between people Relationships Resources, tasks, coordination, critical points Transformation of resources to output Sequential Transformation of meaning Circular - validation Co-ordination of activity Reciprocal Timeline Real time Key functional parameter Propagation / control of uncertainty Transactional value Relates past, present and future Common understanding of system and values Possibility of change Slow build up over time Team integration and trust Core concepts Mechanism Value delivered Enduring relationships sustain value SCOPE SOFTWARE CASE STUDIES Diagnosis Prognosis A/c Maintenance: “This is what we do but Project transformation of process enabled I have never seen it written down before” by a/c health monitoring technologies Collaborative process mapping, improvement team, ‘blocker reports’, management improvement process Successful maintenance change • Profitable • Reduced incidents • Release from frustration Airport operational performance Improved operational support • Daily journal, anomalies report, Hazard Better hands-on management ID SMS development Airline SMS • Devlpt & integration of SPIs • Common risk concept Mx & FO SMS implementation phase • Integrated management concept • Link with Lean improvement • Antecedents and consequences Airport collaborative decision making • Dispatch coordination at milestones • All stakeholders involved • Serious game fosters collaboration Training and implementation to focus more on collaboration KNOWLEDGE AND INFORMATION • Knowledge about how the system works – Knowledge is partial and not fully shared – Needs to be worked on to uncover and transform tacit knowledge • Information about what the system is doing – System knowledge seeks data & transforms it into information and enriches shared knowledge – Antecedents and consequences to understand cause and risk Support for Knowledge Cycle MASCA project Analysing Serious Gaming Models Evaluation Simulation Achieving value Operational & Management processes Managing information Data Risk & hazard analysis Operational support Capacity Building Mentoring Agile training Masters Information Cycles Proactive Safety Performance for Operations Dependencies per Phase Assessment Dependency Analysis Plan Brief Act Decide Delegate Demand Aggregator Comparator Alternatives & Risk Action list …………….. …………….. …………….. …………….. …………….. Crew capacity Synthesis Manage the Operation Check Review Operational Process Management Process Goals Dependency Analysis Identify Needs & Goals Plan & Prepare Knowledge & Information Action list …………….. …………….. …………….. …………….. …………….. Social Relations Execute Plan Manage Change Review The process of change CONVERGENCE OF DESIGN AND CHANGE Generic logic of design for operations Operational System Change Logic Require technologies that increase customer value through improved system performance Requirement to reduce cost, improve safety, (etc.) drives demand to improve process. Technology provides new information at operational level. This changes a key dependency that transforms the logic of supply, planning or ops management. A new IT application is introduced to support a key process task. This improves value created at local level Increasing integration of the system-wide information architecture (SWIM) raises the possibility of seamless process integration Data from applications on the SWIM creates opportunity for integrated performance management. New applications hosted on the SWIM make the processes work in a new way to deliver new value to the customer New applications hosted on the SWIM provide better services for internal and external stakeholders (operations, planning & supply, quality & safety, customer, national authority) New knowledge and information from normal operations enables design of smarter technologies adding value for the customer New knowledge services hosted on SWIM enhance common understanding, trust in system, embedded learning, change management, design for operations. The lifecycle from design to operations Lifecycle Cost and Value Assessment Design Concept Future system model Operational risk assessment Design risk assessment Design Evaluation Implement & Change Knowledge Exchange and Transformation Modeling Data integration and analysis Agile Learning Change Evaluation Implementation record Change assessment Operational risk profile Closing the System Loops Activity • More effective support for operational performance • More comprehensive data from all stages of the operation • Core shared understanding of the system minimizes distortions of performance management Culture • Participate in mapping, understanding process functions • Contribute know-how to improvement activity • Receive benefits from improvement • Support for and renewal of ‘real system’ Activity and culture Functional System Measure performance Action/ interaction Design system to foster culture Culture Change system Change competence Enable & consolidate culture Support performance Know-how UNDERLYING METHODOLOGICAL PRINCIPLES • The organisational system is what needs to be changed to improve the value delivered by the system. This needs to happen at the following levels: – Social and technical – Operational and management processes • The system should fully support the actions of people to achieve that value. This involves: – Progressively and decisively eliminate those blockers that inhibit that performance • All this needs to be understood in common – Participative understanding by everyone of how the real system works – Flow of information about what the system is doing Demand Low cost Integrated service Hyperperformance: safety & environment Enabling Mechanism System Modeling Analyse System Risk Design & Change the Operation Manage the Operation Delivered Outcome Real, sustainable, resilient value Distributed authority Accountable self-regulation Support of the European Commission Framework Program is acknowledged THANK YOU