SlideShare une entreprise Scribd logo

Human failure (LSCITS EngD 2012)

Télécharger en tant que PPTX, PDF
Ian Sommerville
Ian Sommerville

An introduction to human error and the implications for the design of socio-technical systems.

TechnologieSanté & Médecine
1  sur  35
Human failure Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 1
In this lecture… • What do we mean by human failure • Human error and socio-technical systems • Designing error tolerant systems Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 2
Human failure • Human failures are said to account for – 50-70% of aviation disasters – 44,000 – 98,000 deaths each year in America result from medication errors – 60-85% of shuttle incidents at NASA – 92-95% of car crashes – 70% of shipping accidents • A common reaction to human failure is to blame the user • But “To Err is Human”, so we should be concerned with designing systems that are resilient to human error Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 3
What is human error? Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 4
Definitions of human error • An inappropriate or undesirable human decision or behaviour that reduces or has the potential for reducing the effectiveness, dependability or performance of a system • Examples: – Errors of omission - forget to do something – Errors of commission - doing something incorrectly – Sequence errors - out of order – Timing errors - too slow - too fast - too late Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 5
System dependability model System fault System error A system An erroneous system characteristic that state that can (but need can (but need not) not) lead to a system lead to a system failure error System failure Externally- observed, unexpected and undesirable system behaviour Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 6
A dependability perspective • Human error – behaviour that leads to the introduction of a fault into a system – Development errors – Operational errors – Maintenance errors • Emphasises that human errors do not necessarily lead to system failures • We are not just interested in errors in system operation Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 7
Example • Operator specifies a value of 12 rather than -12 for the temperature of a freezer • Developer has not included a check that values set are below 0 degrees • The resultant system fault is that the system thermostat is set to the wrong value • The resultant system error (erroneous state) is that the refrigerant pump is not switched on • The observed system failure is that the freezer is warm and its contents have defrosted Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 8
What is an error? • Determining a human error often involves a judgment. – Sometimes a human action is clearly a human error – Sometimes a human action is only clearly an error with hindsight – Sometimes a human action that would ordinarily be an error is not an error. • Users are not just people who cause errors, but they are often the ones who trap and correct errors (human or technical errors) – Never simply assume that systems are inherently safe and humans introduce errors – Many now prefer the terms “human reliability” or “resilience” Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 9
Human error ambiguity? • It can be difficult to distinguish between safe and erroneous behaviour. – An action that is an error in one context may not be in another • Failing to follow procedures for the safe use of ladders • Not an error if the goal is to rescue a child trapped in a fire • Erroneous actions? – Following a rule or instruction if following it causes a failure – Deliberately not following a rule or instruction if resources are unavailable or if not following the rule avoids a failure – Deviating from a defined process or procedure to save time or improve quality Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 10
GEMS • GEMS (Generic Error Modelling System) was developed by a psychologist, James Reason, at Manchester University • Based on the notion that human actions are based around: • Intentions, Goals, Plans and Actions • In GEMS, human error occurs as: – The failure to perform some plan or task properly – The failure to apply the correct plan Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 11
Types of human activity • GEMS distinguishes three ways in which actions are performed: – Skills-based performance • Routine things done without much cognitive effort e.g. driving a car – Rule-based performance • Following a set of rules or procedure e.g. transferring data from one system to another – Knowledge based performance • Applying knowledge in completing some task e.g. planning travel from St Andrews to a meeting in Rome Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 12
Human error classification • Slips, which occur in skills based performance – Are an “execution failure”, where the operator‟s intentions are correct but actions are not carried out properly • Lapses, which also occur in skills based performance – Also are an “execution failure”, but this time where an operator forgets to do something, loses their place in a task, etc. • Mistakes, which occur in rule and knowledge based performance – These are “planning failures”, where an inappropriate set of actions is carried out Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 13
Human error in complex socio- technical systems Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 14
Influences on human actions Blunt Regulations Organisations Groups Users Technology Sharp End End Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 15
The socio-technical systems stack Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 16
Human fallibility and dependability • Human fallibility can influence the dependability of an LSCITS: – During the development process – During the deployment process – During the maintenance/management process – During the operational process • Errors made during development, deployment and maintenance create vulnerabilities that may interact with „errors‟ during the operational process to cause system failure Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 17
Example • Maintenance error leads to vulnerability in system – Say the automatic backup disk is switched from A to B to check that a change to the backup system has been made correctly. The maintainer then forgets to switch the backup disk back to A and dismounts B – Consequence of maintenance error is that backups are not made • Operator error leads to an erroneous command being input to the system – Operator accidentally overwrites a file in the system with incorrect data – Goes to backup system to recover previous version of file • File cannot be recovered Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 18
Failure trajectories • Failures rarely have a single cause. Generally, they arise because several events occur simultaneously – Loss of data in a critical system • User mistypes command and instructs data to be deleted • System does not check and ask for confirmation of destructive action • No backup of data available • A failure trajectory is a sequence of undesirable events that coincide in time, usually initiated by some human action. It represents a failure in the defensive layers in the system Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 19
Vulnerabilities and defences • Vulnerabilities – Faults in the (socio-technical) system which, if triggered by a human error, can lead to system failure – e.g. missing check on input validity • Defences – System features that avoid, tolerate or recover from human error – Type checking that disallows allocation of incorrect types of value • When an adverse event happens, the key question is not „whose fault was it‟ but „why did the system defences fail?‟ Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 20
Reason‟s Swiss Cheese Model Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 21
Active failures • Active failures – Active failures are the unsafe acts committed by people who are in direct contact with the system (slips, lapses, mistakes, and procedural violations). – Active failures have a direct and usually short-lived effect on the integrity of the defenses. • Latent conditions – Fundamental vulnerabilities in one or more layers of the socio- technical system such as system faults, system and process misfit, alarm overload, inadequate maintenance, etc. – Latent conditions may lie dormant within the system for many years before they combine with active failures and local triggers to create an accident opportunity. Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 22
Defensive layers • Complex IT systems should have many defensive layers: – some are engineered - alarms, physical barriers, automatic shutdowns, – others rely on people - surgeons, anesthetists, pilots, control room operators, – and others depend on procedures and administrative controls. • In an ideal word, each defensive layer would be intact. • In reality, they are more like slices of Swiss cheese, having many holes- although unlike in the cheese, these holes are continually opening, shutting, and shifting their location. Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 23
Dynamic vulnerabilities • While some vulnerabilities are static (e.g. programming errors), others are dynamic and depend on the context where the system is used. • For example – vulnerabilities may be related to human actions whose performance is dependent on workload, state of mind, etc. An operator may be distracted and forget to check something – vulnerabilities may depend on configuration – checks may depend on particular programs being up and running so if program A is running in a system then a check may be made but if program B is running, then the check is not made Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 24
Human error and complexity • System complexity and change adds to the ambiguity of human errors – Many human errors are insignificant and do not lead to failure – Many human errors are spotted and resolved by defensive layers in the system – Human actions that are correct may become erroneous because of a change elsewhere in the system – An error can be made many times without contributing to a failure, but then suddenly, because some system components has changed in some way, it will. Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 25
Human error and complexity • An error can be made many times without contributing to a failure, but then suddenly one day it will • Example – An operator logs information by sending it to an email address which uses an obsolete domain name (dcs.st- and.ac.uk) – Version X of the system relies on a DNS that maps the obsolete name to the new name (cs.st-andrews.ac.uk) so this works OK – no error is reported – Four years after the initial change, a new DNS is installed and the domain name mapping is removed – The day after this happens, the system fails because the 26 Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide email log message cannot be sent
Designing resilient systems Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 27
System resilience • Failure avoidance – Fault avoidance – Fault detection – Fault tolerance • Failure recovery – Returning to normal operation after the occurrence of a system failure Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 28
Incident reduction • Reduce the number of latent conditions in the different layers of the system (plug the holes) – If the number of faults in a software system is reduced, this increases the strength of the defensive layer – However, this technical approach ON ITS OWN cannot be completely effective as it is practically impossible to reduce the number of latent conditions in the system to zero • Increase the number of defensive layers and hence reduce the probability of an accident trajectory occurring • Reduce the number of active faults that occur Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 29
Conditions leading to human error • Distractions • Incomplete or incorrect data • Boredom • Inadequate resources • Cognitive overload • Stress • Illness • Time pressure Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 30
Systems design and human error • Once we begin to understand what human errors are possible and how they can come about, we can start designing systems that better withstand human error • Avoidance – Design the system so that certain classes of human error are eliminated • Detection – Make it easier for the operator and others to spot errors • Tolerance – Ensure that individual errors are unlikely to lead to system failure Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 31
Design guidelines • Minimise potential for slips, lapses and mistakes by designing systems and work environments where people aren‟t distracted or overwhelmed, but aren‟t bored either • Minimise potential for mistakes by designing systems and work environments where people are able to understand what is happening and the consequences of an action • Minimise potential for mistakes by making sure people are trained properly • Minimise potential for deliberate violations by making Human Failure, LSCITS, EngD course in Socio-technicaldesigned and well understood. sure rules are well Systems,, 2012 Slide 32
Detection and tolerance • Detecting and correcting error – Automated correction can be useful, but can be dangerous! – Alarms and alerts may be better than automated correction, but need to be well designed. – Allow for human correction, by making it possible to „undo‟ – Make it easier for the user or another person to spot errors • Tolerating human error – Remember, breaking the rules might be for good reasons. Think of users as people attempting to do things, rather than simply as operators of the system. – Human error is common, so try not to create systems where a single human error can cause a failure. Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 33
Recovery • Design for failure – Discussed in previous module on systems engineering for LSCITS • Make work visible • Switch from enforcing mode to auditing mode • Support role transferability • Balance recovery and security Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 34
Key points • Human error accounts for the majority of all systems failures • Human error is very common, and only occasionally leads to failure • The same human action may or may not be an error depending on the context of that action • There are methods for analysing and predicting human errors, and these can be used to improve system design • Some systems are more prone to accidents than others because of the way they have been designed • Critical systems should be designed to minimise or detect human error • Blaming the user is a common response to human error, but the fault lies with the system and the system engineers. Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 35

Recommandé

Managing Human Risk
Managing Human RiskManaging Human Risk
Managing Human RiskMuschara Error Management Consulting, LLC
 
Human error
Human errorHuman error
Human errorReza Zarei
 
Oral habits
Oral habitsOral habits
Oral habitsMohammed Zuhairy
 
Presentation: Cleaning and Contamination Control: A regulatory perspective
Presentation: Cleaning and Contamination Control: A regulatory perspectivePresentation: Cleaning and Contamination Control: A regulatory perspective
Presentation: Cleaning and Contamination Control: A regulatory perspectiveTGA Australia
 
Moisture control & soft tissue manipulation / fixed orthodontics courses
Moisture control & soft tissue manipulation / fixed orthodontics coursesMoisture control & soft tissue manipulation / fixed orthodontics courses
Moisture control & soft tissue manipulation / fixed orthodontics coursesIndian dental academy
 
Complications of teeth extraction
Complications of teeth extractionComplications of teeth extraction
Complications of teeth extractionMohammed Rhael
 
Furcation the problem and its management
Furcation the problem and its managementFurcation the problem and its management
Furcation the problem and its managementPeriowiki.com
 
Local anaesthesia - Basics in dentistry
Local anaesthesia - Basics in dentistryLocal anaesthesia - Basics in dentistry
Local anaesthesia - Basics in dentistryDr.Prashant Karasu
 

Recommandé

Managing Human Risk
Managing Human RiskManaging Human Risk
Managing Human RiskMuschara Error Management Consulting, LLC
 
Human error
Human errorHuman error
Human errorReza Zarei
 
Oral habits
Oral habitsOral habits
Oral habitsMohammed Zuhairy
 
Presentation: Cleaning and Contamination Control: A regulatory perspective
Presentation: Cleaning and Contamination Control: A regulatory perspectivePresentation: Cleaning and Contamination Control: A regulatory perspective
Presentation: Cleaning and Contamination Control: A regulatory perspectiveTGA Australia
 
Moisture control & soft tissue manipulation / fixed orthodontics courses
Moisture control & soft tissue manipulation / fixed orthodontics coursesMoisture control & soft tissue manipulation / fixed orthodontics courses
Moisture control & soft tissue manipulation / fixed orthodontics coursesIndian dental academy
 
Complications of teeth extraction
Complications of teeth extractionComplications of teeth extraction
Complications of teeth extractionMohammed Rhael
 
Furcation the problem and its management
Furcation the problem and its managementFurcation the problem and its management
Furcation the problem and its managementPeriowiki.com
 
Local anaesthesia - Basics in dentistry
Local anaesthesia - Basics in dentistryLocal anaesthesia - Basics in dentistry
Local anaesthesia - Basics in dentistryDr.Prashant Karasu
 
Surgical endodontics (Apicectomy) by Dr. Amit T. Suryawanshi, Oral Surgeon, ...
Surgical endodontics (Apicectomy) by Dr. Amit T. Suryawanshi, Oral Surgeon, ...Surgical endodontics (Apicectomy) by Dr. Amit T. Suryawanshi, Oral Surgeon, ...
Surgical endodontics (Apicectomy) by Dr. Amit T. Suryawanshi, Oral Surgeon, ...All Good Things
 
MANAGEMENT OF BRUXISM, LIP BITING AND MASOCHISTIC HABITS
MANAGEMENT OF BRUXISM, LIP BITING AND MASOCHISTIC HABITSMANAGEMENT OF BRUXISM, LIP BITING AND MASOCHISTIC HABITS
MANAGEMENT OF BRUXISM, LIP BITING AND MASOCHISTIC HABITSaanchalshruti
 
Resective osseous surgery
Resective osseous surgeryResective osseous surgery
Resective osseous surgerySyed Dhasthaheer
 
Gingival surgical techniques
Gingival surgical techniquesGingival surgical techniques
Gingival surgical techniquesshazia26
 
Periodontal plastic & esthetic surgery
Periodontal plastic & esthetic surgeryPeriodontal plastic & esthetic surgery
Periodontal plastic & esthetic surgeryDR. OINAM MONICA DEVI
 
Periodontal Flap Surgery
Periodontal Flap SurgeryPeriodontal Flap Surgery
Periodontal Flap SurgeryWendy Jeng
 
Local Anesthesia: Armanterium
Local Anesthesia: ArmanteriumLocal Anesthesia: Armanterium
Local Anesthesia: ArmanteriumIAU Dent
 
Anesthetic techniques - Maxillary anesthetic techniques
Anesthetic techniques - Maxillary anesthetic techniquesAnesthetic techniques - Maxillary anesthetic techniques
Anesthetic techniques - Maxillary anesthetic techniquesUmm Al-Qura University Faculty of Dentistry
 
Sedation in dentistry | Pediatric Sedation | Conscious Sedation
Sedation in dentistry | Pediatric Sedation | Conscious Sedation Sedation in dentistry | Pediatric Sedation | Conscious Sedation
Sedation in dentistry | Pediatric Sedation | Conscious SedationDr. Rajat Sachdeva
 
Dental implants
Dental implantsDental implants
Dental implantsMohammed Rhael
 
Implant failures/ dental implant courses
Implant failures/ dental implant coursesImplant failures/ dental implant courses
Implant failures/ dental implant coursesIndian dental academy
 
Class V Lesions
Class V LesionsClass V Lesions
Class V Lesionsnicholedicke
 
Medically compromised
Medically compromisedMedically compromised
Medically compromisedAlper Kaya
 
14. repairs
14. repairs 14. repairs
14. repairs shammasm
 
Gingiva
GingivaGingiva
GingivaDrTarannumTarannum
 
Risk assessment
Risk assessmentRisk assessment
Risk assessmentanuphowlader1
 
gingivectomy
gingivectomy gingivectomy
gingivectomy Yousif h.k
 
013.systemic diseases in the etiology of periodontal disease
013.systemic diseases in the etiology of periodontal disease013.systemic diseases in the etiology of periodontal disease
013.systemic diseases in the etiology of periodontal diseaseDr.Jaffar Raza BDS
 
034.gingivectomy
034.gingivectomy034.gingivectomy
034.gingivectomyDr.Jaffar Raza BDS
 
Disinfection control in Prosthodontics
Disinfection control in ProsthodonticsDisinfection control in Prosthodontics
Disinfection control in ProsthodonticsDr Jibi Sara Varghese
 
HUMAN ERROR
HUMAN ERRORHUMAN ERROR
HUMAN ERRORÜlger Ahmet
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million usersIan Sommerville
 

Contenu connexe

Tendances

Surgical endodontics (Apicectomy) by Dr. Amit T. Suryawanshi, Oral Surgeon, ...
Surgical endodontics (Apicectomy) by Dr. Amit T. Suryawanshi, Oral Surgeon, ...Surgical endodontics (Apicectomy) by Dr. Amit T. Suryawanshi, Oral Surgeon, ...
Surgical endodontics (Apicectomy) by Dr. Amit T. Suryawanshi, Oral Surgeon, ...All Good Things
 
MANAGEMENT OF BRUXISM, LIP BITING AND MASOCHISTIC HABITS
MANAGEMENT OF BRUXISM, LIP BITING AND MASOCHISTIC HABITSMANAGEMENT OF BRUXISM, LIP BITING AND MASOCHISTIC HABITS
MANAGEMENT OF BRUXISM, LIP BITING AND MASOCHISTIC HABITSaanchalshruti
 
Gingival surgical techniques
Gingival surgical techniquesGingival surgical techniques
Gingival surgical techniquesshazia26
 
Periodontal plastic & esthetic surgery
Periodontal plastic & esthetic surgeryPeriodontal plastic & esthetic surgery
Periodontal plastic & esthetic surgeryDR. OINAM MONICA DEVI
 
Periodontal Flap Surgery
Periodontal Flap SurgeryPeriodontal Flap Surgery
Periodontal Flap SurgeryWendy Jeng
 
Local Anesthesia: Armanterium
Local Anesthesia: ArmanteriumLocal Anesthesia: Armanterium
Local Anesthesia: ArmanteriumIAU Dent
 
Sedation in dentistry | Pediatric Sedation | Conscious Sedation
Sedation in dentistry | Pediatric Sedation | Conscious Sedation Sedation in dentistry | Pediatric Sedation | Conscious Sedation
Sedation in dentistry | Pediatric Sedation | Conscious SedationDr. Rajat Sachdeva
 
Implant failures/ dental implant courses
Implant failures/ dental implant coursesImplant failures/ dental implant courses
Implant failures/ dental implant coursesIndian dental academy
 
Medically compromised
Medically compromisedMedically compromised
Medically compromisedAlper Kaya
 
14. repairs
14. repairs 14. repairs
14. repairs shammasm
 
013.systemic diseases in the etiology of periodontal disease
013.systemic diseases in the etiology of periodontal disease013.systemic diseases in the etiology of periodontal disease
013.systemic diseases in the etiology of periodontal diseaseDr.Jaffar Raza BDS
 
Disinfection control in Prosthodontics
Disinfection control in ProsthodonticsDisinfection control in Prosthodontics
Disinfection control in ProsthodonticsDr Jibi Sara Varghese
 

Tendances (20)

Surgical endodontics (Apicectomy) by Dr. Amit T. Suryawanshi, Oral Surgeon, ...
Surgical endodontics (Apicectomy) by Dr. Amit T. Suryawanshi, Oral Surgeon, ...Surgical endodontics (Apicectomy) by Dr. Amit T. Suryawanshi, Oral Surgeon, ...
Surgical endodontics (Apicectomy) by Dr. Amit T. Suryawanshi, Oral Surgeon, ...
 
MANAGEMENT OF BRUXISM, LIP BITING AND MASOCHISTIC HABITS
MANAGEMENT OF BRUXISM, LIP BITING AND MASOCHISTIC HABITSMANAGEMENT OF BRUXISM, LIP BITING AND MASOCHISTIC HABITS
MANAGEMENT OF BRUXISM, LIP BITING AND MASOCHISTIC HABITS
 
Resective osseous surgery
Resective osseous surgeryResective osseous surgery
Resective osseous surgery
 
Gingival surgical techniques
Gingival surgical techniquesGingival surgical techniques
Gingival surgical techniques
 
Periodontal plastic & esthetic surgery
Periodontal plastic & esthetic surgeryPeriodontal plastic & esthetic surgery
Periodontal plastic & esthetic surgery
 
Periodontal Flap Surgery
Periodontal Flap SurgeryPeriodontal Flap Surgery
Periodontal Flap Surgery
 
Local Anesthesia: Armanterium
Local Anesthesia: ArmanteriumLocal Anesthesia: Armanterium
Local Anesthesia: Armanterium
 
Anesthetic techniques - Maxillary anesthetic techniques
Anesthetic techniques - Maxillary anesthetic techniquesAnesthetic techniques - Maxillary anesthetic techniques
Anesthetic techniques - Maxillary anesthetic techniques
 
Sedation in dentistry | Pediatric Sedation | Conscious Sedation
Sedation in dentistry | Pediatric Sedation | Conscious Sedation Sedation in dentistry | Pediatric Sedation | Conscious Sedation
Sedation in dentistry | Pediatric Sedation | Conscious Sedation
 
Dental implants
Dental implantsDental implants
Dental implants
 
Implant failures/ dental implant courses
Implant failures/ dental implant coursesImplant failures/ dental implant courses
Implant failures/ dental implant courses
 
Class V Lesions
Class V LesionsClass V Lesions
Class V Lesions
 
Medically compromised
Medically compromisedMedically compromised
Medically compromised
 
14. repairs
14. repairs 14. repairs
14. repairs
 
Gingiva
GingivaGingiva
Gingiva
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
 
gingivectomy
gingivectomy gingivectomy
gingivectomy
 
013.systemic diseases in the etiology of periodontal disease
013.systemic diseases in the etiology of periodontal disease013.systemic diseases in the etiology of periodontal disease
013.systemic diseases in the etiology of periodontal disease
 
034.gingivectomy
034.gingivectomy034.gingivectomy
034.gingivectomy
 
Disinfection control in Prosthodontics
Disinfection control in ProsthodonticsDisinfection control in Prosthodontics
Disinfection control in Prosthodontics
 

En vedette

Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million usersIan Sommerville
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureIan Sommerville
 
Human Error Prevention
Human Error PreventionHuman Error Prevention
Human Error PreventionToru Nakata
 
An Introduction to Software Failure Modes Effects Analysis (SFMEA)
An Introduction to Software Failure Modes Effects Analysis (SFMEA)An Introduction to Software Failure Modes Effects Analysis (SFMEA)
An Introduction to Software Failure Modes Effects Analysis (SFMEA)Ann Marie Neufelder
 

En vedette (6)

HUMAN ERROR
HUMAN ERRORHUMAN ERROR
HUMAN ERROR
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflow
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failure
 
Human Error Prevention
Human Error PreventionHuman Error Prevention
Human Error Prevention
 
An Introduction to Software Failure Modes Effects Analysis (SFMEA)
An Introduction to Software Failure Modes Effects Analysis (SFMEA)An Introduction to Software Failure Modes Effects Analysis (SFMEA)
An Introduction to Software Failure Modes Effects Analysis (SFMEA)
 

Similaire à Human failure (LSCITS EngD 2012)

Socio-technical systems failure (LSCITS EngD 2012)
Socio-technical systems failure (LSCITS EngD 2012)Socio-technical systems failure (LSCITS EngD 2012)
Socio-technical systems failure (LSCITS EngD 2012)Ian Sommerville
 
Socio technical systems (LSCITS EngD)
Socio technical systems (LSCITS EngD)Socio technical systems (LSCITS EngD)
Socio technical systems (LSCITS EngD)Ian Sommerville
 
Responsibility modelling for socio-technical systems
Responsibility modelling for socio-technical systemsResponsibility modelling for socio-technical systems
Responsibility modelling for socio-technical systemsIan Sommerville
 
CS5032 Lecture 5: Human Error 1
CS5032 Lecture 5: Human Error 1CS5032 Lecture 5: Human Error 1
CS5032 Lecture 5: Human Error 1John Rooksby
 
Automation to overcome human error: *true or illsion?
Automation to overcome human error: *true or illsion?Automation to overcome human error: *true or illsion?
Automation to overcome human error: *true or illsion?JLGChico
 
Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Ian Sommerville
 
Bug or Feature? Covert Impairments to Human Computer Interaction
Bug or Feature? Covert Impairments to Human Computer InteractionBug or Feature? Covert Impairments to Human Computer Interaction
Bug or Feature? Covert Impairments to Human Computer Interactionivaderivader
 
Sociotechnical systems resilience
Sociotechnical systems resilienceSociotechnical systems resilience
Sociotechnical systems resilienceJean-René RUAULT
 
Organizational Failure (LSCITS EngD 2012)
Organizational Failure (LSCITS EngD 2012)Organizational Failure (LSCITS EngD 2012)
Organizational Failure (LSCITS EngD 2012)Ian Sommerville
 
Cooperative work (LSCITS EngD 2012)
Cooperative work (LSCITS EngD 2012)Cooperative work (LSCITS EngD 2012)
Cooperative work (LSCITS EngD 2012)Ian Sommerville
 
Gruhn hmi design (reviewed)
Gruhn hmi design (reviewed)Gruhn hmi design (reviewed)
Gruhn hmi design (reviewed)ISA Interchange
 
HMI Design Reviewed by Paul Gruhn
HMI Design Reviewed by Paul GruhnHMI Design Reviewed by Paul Gruhn
HMI Design Reviewed by Paul GruhnISA Interchange
 
HMI Design: The Good, the Bad, and the Ugly
HMI Design: The Good, the Bad, and the UglyHMI Design: The Good, the Bad, and the Ugly
HMI Design: The Good, the Bad, and the UglyISA Interchange
 
Designing Complex Systems for Recovery (LSCITS EngD 2011)
Designing Complex Systems for Recovery (LSCITS EngD 2011)Designing Complex Systems for Recovery (LSCITS EngD 2011)
Designing Complex Systems for Recovery (LSCITS EngD 2011)Ian Sommerville
 
MEDTECH 2013 Closing Plenary, Andy Shaudt, Director of Usability Services, Na...
MEDTECH 2013 Closing Plenary, Andy Shaudt, Director of Usability Services, Na...MEDTECH 2013 Closing Plenary, Andy Shaudt, Director of Usability Services, Na...
MEDTECH 2013 Closing Plenary, Andy Shaudt, Director of Usability Services, Na...MedTechAssociation
 
Human factors in software reliability engineering - Research Paper
Human factors in software reliability engineering - Research PaperHuman factors in software reliability engineering - Research Paper
Human factors in software reliability engineering - Research PaperMuhammad Ahmad Zia
 

Similaire à Human failure (LSCITS EngD 2012) (20)

Socio-technical systems failure (LSCITS EngD 2012)
Socio-technical systems failure (LSCITS EngD 2012)Socio-technical systems failure (LSCITS EngD 2012)
Socio-technical systems failure (LSCITS EngD 2012)
 
human-error.ppt
human-error.ppthuman-error.ppt
human-error.ppt
 
Socio technical systems (LSCITS EngD)
Socio technical systems (LSCITS EngD)Socio technical systems (LSCITS EngD)
Socio technical systems (LSCITS EngD)
 
Responsibility modelling for socio-technical systems
Responsibility modelling for socio-technical systemsResponsibility modelling for socio-technical systems
Responsibility modelling for socio-technical systems
 
CS5032 Lecture 5: Human Error 1
CS5032 Lecture 5: Human Error 1CS5032 Lecture 5: Human Error 1
CS5032 Lecture 5: Human Error 1
 
Automation to overcome human error: *true or illsion?
Automation to overcome human error: *true or illsion?Automation to overcome human error: *true or illsion?
Automation to overcome human error: *true or illsion?
 
Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)
 
Bug or Feature? Covert Impairments to Human Computer Interaction
Bug or Feature? Covert Impairments to Human Computer InteractionBug or Feature? Covert Impairments to Human Computer Interaction
Bug or Feature? Covert Impairments to Human Computer Interaction
 
Human factors in railway
Human factors in railwayHuman factors in railway
Human factors in railway
 
Sociotechnical systems resilience
Sociotechnical systems resilienceSociotechnical systems resilience
Sociotechnical systems resilience
 
Organizational Failure (LSCITS EngD 2012)
Organizational Failure (LSCITS EngD 2012)Organizational Failure (LSCITS EngD 2012)
Organizational Failure (LSCITS EngD 2012)
 
Cooperative work (LSCITS EngD 2012)
Cooperative work (LSCITS EngD 2012)Cooperative work (LSCITS EngD 2012)
Cooperative work (LSCITS EngD 2012)
 
Gruhn hmi design (reviewed)
Gruhn hmi design (reviewed)Gruhn hmi design (reviewed)
Gruhn hmi design (reviewed)
 
HMI Design Reviewed by Paul Gruhn
HMI Design Reviewed by Paul GruhnHMI Design Reviewed by Paul Gruhn
HMI Design Reviewed by Paul Gruhn
 
HMI Design: The Good, the Bad, and the Ugly
HMI Design: The Good, the Bad, and the UglyHMI Design: The Good, the Bad, and the Ugly
HMI Design: The Good, the Bad, and the Ugly
 
Designing Complex Systems for Recovery (LSCITS EngD 2011)
Designing Complex Systems for Recovery (LSCITS EngD 2011)Designing Complex Systems for Recovery (LSCITS EngD 2011)
Designing Complex Systems for Recovery (LSCITS EngD 2011)
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
 
MEDTECH 2013 Closing Plenary, Andy Shaudt, Director of Usability Services, Na...
MEDTECH 2013 Closing Plenary, Andy Shaudt, Director of Usability Services, Na...MEDTECH 2013 Closing Plenary, Andy Shaudt, Director of Usability Services, Na...
MEDTECH 2013 Closing Plenary, Andy Shaudt, Director of Usability Services, Na...
 
Human factors in software reliability engineering - Research Paper
Human factors in software reliability engineering - Research PaperHuman factors in software reliability engineering - Research Paper
Human factors in software reliability engineering - Research Paper
 
Stupid bloody system
Stupid bloody systemStupid bloody system
Stupid bloody system
 

Plus de Ian Sommerville

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale SystemsIan Sommerville
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITSIan Sommerville
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems designIan Sommerville
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITSIan Sommerville
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITSIan Sommerville
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-studyIan Sommerville
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterIan Sommerville
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureIan Sommerville
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsIan Sommerville
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 

Plus de Ian Sommerville (20)

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITS
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disaster
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructure
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breach
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systems
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
 

Dernier

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 

Dernier (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

Human failure (LSCITS EngD 2012)

  • 1. Human failure Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 1
  • 2. In this lecture… • What do we mean by human failure • Human error and socio-technical systems • Designing error tolerant systems Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 2
  • 3. Human failure • Human failures are said to account for – 50-70% of aviation disasters – 44,000 – 98,000 deaths each year in America result from medication errors – 60-85% of shuttle incidents at NASA – 92-95% of car crashes – 70% of shipping accidents • A common reaction to human failure is to blame the user • But “To Err is Human”, so we should be concerned with designing systems that are resilient to human error Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 3
  • 4. What is human error? Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 4
  • 5. Definitions of human error • An inappropriate or undesirable human decision or behaviour that reduces or has the potential for reducing the effectiveness, dependability or performance of a system • Examples: – Errors of omission - forget to do something – Errors of commission - doing something incorrectly – Sequence errors - out of order – Timing errors - too slow - too fast - too late Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 5
  • 6. System dependability model System fault System error A system An erroneous system characteristic that state that can (but need can (but need not) not) lead to a system lead to a system failure error System failure Externally- observed, unexpected and undesirable system behaviour Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 6
  • 7. A dependability perspective • Human error – behaviour that leads to the introduction of a fault into a system – Development errors – Operational errors – Maintenance errors • Emphasises that human errors do not necessarily lead to system failures • We are not just interested in errors in system operation Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 7
  • 8. Example • Operator specifies a value of 12 rather than -12 for the temperature of a freezer • Developer has not included a check that values set are below 0 degrees • The resultant system fault is that the system thermostat is set to the wrong value • The resultant system error (erroneous state) is that the refrigerant pump is not switched on • The observed system failure is that the freezer is warm and its contents have defrosted Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 8
  • 9. What is an error? • Determining a human error often involves a judgment. – Sometimes a human action is clearly a human error – Sometimes a human action is only clearly an error with hindsight – Sometimes a human action that would ordinarily be an error is not an error. • Users are not just people who cause errors, but they are often the ones who trap and correct errors (human or technical errors) – Never simply assume that systems are inherently safe and humans introduce errors – Many now prefer the terms “human reliability” or “resilience” Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 9
  • 10. Human error ambiguity? • It can be difficult to distinguish between safe and erroneous behaviour. – An action that is an error in one context may not be in another • Failing to follow procedures for the safe use of ladders • Not an error if the goal is to rescue a child trapped in a fire • Erroneous actions? – Following a rule or instruction if following it causes a failure – Deliberately not following a rule or instruction if resources are unavailable or if not following the rule avoids a failure – Deviating from a defined process or procedure to save time or improve quality Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 10
  • 11. GEMS • GEMS (Generic Error Modelling System) was developed by a psychologist, James Reason, at Manchester University • Based on the notion that human actions are based around: • Intentions, Goals, Plans and Actions • In GEMS, human error occurs as: – The failure to perform some plan or task properly – The failure to apply the correct plan Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 11
  • 12. Types of human activity • GEMS distinguishes three ways in which actions are performed: – Skills-based performance • Routine things done without much cognitive effort e.g. driving a car – Rule-based performance • Following a set of rules or procedure e.g. transferring data from one system to another – Knowledge based performance • Applying knowledge in completing some task e.g. planning travel from St Andrews to a meeting in Rome Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 12
  • 13. Human error classification • Slips, which occur in skills based performance – Are an “execution failure”, where the operator‟s intentions are correct but actions are not carried out properly • Lapses, which also occur in skills based performance – Also are an “execution failure”, but this time where an operator forgets to do something, loses their place in a task, etc. • Mistakes, which occur in rule and knowledge based performance – These are “planning failures”, where an inappropriate set of actions is carried out Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 13
  • 14. Human error in complex socio- technical systems Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 14
  • 15. Influences on human actions Blunt Regulations Organisations Groups Users Technology Sharp End End Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 15
  • 16. The socio-technical systems stack Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 16
  • 17. Human fallibility and dependability • Human fallibility can influence the dependability of an LSCITS: – During the development process – During the deployment process – During the maintenance/management process – During the operational process • Errors made during development, deployment and maintenance create vulnerabilities that may interact with „errors‟ during the operational process to cause system failure Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 17
  • 18. Example • Maintenance error leads to vulnerability in system – Say the automatic backup disk is switched from A to B to check that a change to the backup system has been made correctly. The maintainer then forgets to switch the backup disk back to A and dismounts B – Consequence of maintenance error is that backups are not made • Operator error leads to an erroneous command being input to the system – Operator accidentally overwrites a file in the system with incorrect data – Goes to backup system to recover previous version of file • File cannot be recovered Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 18
  • 19. Failure trajectories • Failures rarely have a single cause. Generally, they arise because several events occur simultaneously – Loss of data in a critical system • User mistypes command and instructs data to be deleted • System does not check and ask for confirmation of destructive action • No backup of data available • A failure trajectory is a sequence of undesirable events that coincide in time, usually initiated by some human action. It represents a failure in the defensive layers in the system Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 19
  • 20. Vulnerabilities and defences • Vulnerabilities – Faults in the (socio-technical) system which, if triggered by a human error, can lead to system failure – e.g. missing check on input validity • Defences – System features that avoid, tolerate or recover from human error – Type checking that disallows allocation of incorrect types of value • When an adverse event happens, the key question is not „whose fault was it‟ but „why did the system defences fail?‟ Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 20
  • 21. Reason‟s Swiss Cheese Model Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 21
  • 22. Active failures • Active failures – Active failures are the unsafe acts committed by people who are in direct contact with the system (slips, lapses, mistakes, and procedural violations). – Active failures have a direct and usually short-lived effect on the integrity of the defenses. • Latent conditions – Fundamental vulnerabilities in one or more layers of the socio- technical system such as system faults, system and process misfit, alarm overload, inadequate maintenance, etc. – Latent conditions may lie dormant within the system for many years before they combine with active failures and local triggers to create an accident opportunity. Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 22
  • 23. Defensive layers • Complex IT systems should have many defensive layers: – some are engineered - alarms, physical barriers, automatic shutdowns, – others rely on people - surgeons, anesthetists, pilots, control room operators, – and others depend on procedures and administrative controls. • In an ideal word, each defensive layer would be intact. • In reality, they are more like slices of Swiss cheese, having many holes- although unlike in the cheese, these holes are continually opening, shutting, and shifting their location. Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 23
  • 24. Dynamic vulnerabilities • While some vulnerabilities are static (e.g. programming errors), others are dynamic and depend on the context where the system is used. • For example – vulnerabilities may be related to human actions whose performance is dependent on workload, state of mind, etc. An operator may be distracted and forget to check something – vulnerabilities may depend on configuration – checks may depend on particular programs being up and running so if program A is running in a system then a check may be made but if program B is running, then the check is not made Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 24
  • 25. Human error and complexity • System complexity and change adds to the ambiguity of human errors – Many human errors are insignificant and do not lead to failure – Many human errors are spotted and resolved by defensive layers in the system – Human actions that are correct may become erroneous because of a change elsewhere in the system – An error can be made many times without contributing to a failure, but then suddenly, because some system components has changed in some way, it will. Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 25
  • 26. Human error and complexity • An error can be made many times without contributing to a failure, but then suddenly one day it will • Example – An operator logs information by sending it to an email address which uses an obsolete domain name (dcs.st- and.ac.uk) – Version X of the system relies on a DNS that maps the obsolete name to the new name (cs.st-andrews.ac.uk) so this works OK – no error is reported – Four years after the initial change, a new DNS is installed and the domain name mapping is removed – The day after this happens, the system fails because the 26 Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide email log message cannot be sent
  • 27. Designing resilient systems Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 27
  • 28. System resilience • Failure avoidance – Fault avoidance – Fault detection – Fault tolerance • Failure recovery – Returning to normal operation after the occurrence of a system failure Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 28
  • 29. Incident reduction • Reduce the number of latent conditions in the different layers of the system (plug the holes) – If the number of faults in a software system is reduced, this increases the strength of the defensive layer – However, this technical approach ON ITS OWN cannot be completely effective as it is practically impossible to reduce the number of latent conditions in the system to zero • Increase the number of defensive layers and hence reduce the probability of an accident trajectory occurring • Reduce the number of active faults that occur Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 29
  • 30. Conditions leading to human error • Distractions • Incomplete or incorrect data • Boredom • Inadequate resources • Cognitive overload • Stress • Illness • Time pressure Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 30
  • 31. Systems design and human error • Once we begin to understand what human errors are possible and how they can come about, we can start designing systems that better withstand human error • Avoidance – Design the system so that certain classes of human error are eliminated • Detection – Make it easier for the operator and others to spot errors • Tolerance – Ensure that individual errors are unlikely to lead to system failure Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 31
  • 32. Design guidelines • Minimise potential for slips, lapses and mistakes by designing systems and work environments where people aren‟t distracted or overwhelmed, but aren‟t bored either • Minimise potential for mistakes by designing systems and work environments where people are able to understand what is happening and the consequences of an action • Minimise potential for mistakes by making sure people are trained properly • Minimise potential for deliberate violations by making Human Failure, LSCITS, EngD course in Socio-technicaldesigned and well understood. sure rules are well Systems,, 2012 Slide 32
  • 33. Detection and tolerance • Detecting and correcting error – Automated correction can be useful, but can be dangerous! – Alarms and alerts may be better than automated correction, but need to be well designed. – Allow for human correction, by making it possible to „undo‟ – Make it easier for the user or another person to spot errors • Tolerating human error – Remember, breaking the rules might be for good reasons. Think of users as people attempting to do things, rather than simply as operators of the system. – Human error is common, so try not to create systems where a single human error can cause a failure. Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 33
  • 34. Recovery • Design for failure – Discussed in previous module on systems engineering for LSCITS • Make work visible • Switch from enforcing mode to auditing mode • Support role transferability • Balance recovery and security Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 34
  • 35. Key points • Human error accounts for the majority of all systems failures • Human error is very common, and only occasionally leads to failure • The same human action may or may not be an error depending on the context of that action • There are methods for analysing and predicting human errors, and these can be used to improve system design • Some systems are more prone to accidents than others because of the way they have been designed • Critical systems should be designed to minimise or detect human error • Blaming the user is a common response to human error, but the fault lies with the system and the system engineers. Human Failure, LSCITS, EngD course in Socio-technical Systems,, 2012 Slide 35

Notes de l'éditeur

  1. Following rules leading to failureExample of departing train with no passengersNot following rules to avoid failureNot following rules because impractical to do soRules are application must be checked and approved by Finance but no-one available to checkApplication submitted without checkingNot following safety procedures (but no failure ensues)Ticket collector on train does not charge extra for an invalid ticket because the ticket holder genuinely misunderstood validity restrictions
  2. Example – taking a corner too fast when drivingForgetting to set the permissions on files copied from system A to system BFailing to understand that meeting is in Rome NY rather than Rome Italy
  3. Not sure what this slide contributes