Admin مدير المنتدى
عدد المساهمات : 19001 التقييم : 35505 تاريخ التسجيل : 01/07/2009 الدولة : مصر العمل : مدير منتدى هندسة الإنتاج والتصميم الميكانيكى
| موضوع: كتاب Handbook of Safety Principles الجمعة 19 يناير 2024, 11:19 am | |
|
أخواني في الله أحضرت لكم كتاب Handbook of Safety Principles Edited by Niklas Moller, Sven Ove Hansson, Jan-Erik Holmberg, Carl Rollenhagen
و المحتوى كما يلي :
CONTENTS Preface xxv List of Contributors xxvii 1 INTRODUCTION 1 Niklas Moller, Sven Ove Hansson, Jan-Erik Holmberg, ¨ and Carl Rollenhagen 1.1 Competition, Overlap, and Conflicts 1 1.2 A New Level in the Study of Safety Principles 2 1.3 Metaprinciples of Safety 3 1.4 Other Ways to Characterize Safety Principles 5 1.5 Conflicts Between Safety Principles 7 1.6 When Can Safety Principles Be Broken? 8 1.7 Safety in Context 9 References 10 2 PREVIEW 11 Niklas Moller, Sven Ove Hansson, Jan-Erik Holmberg, ¨ and Carl Rollenhagen 2.1 Part I: Safety Reserves 12 2.2 Part II: Information and Control 13 2.3 Part III: Demonstrability 16 2.4 Part IV: Optimization 17 2.5 Part V: Organizational Principles and Practices 20 vvi CONTENTS Part I Safety Reserves 23 3 RESILIENCE ENGINEERING AND THE FUTURE OF SAFETY MANAGEMENT 25 Erik Hollnagel 3.1 On the Origins of Resilience 25 3.2 The Resilience Engineering Understanding of “Resilience” 27 3.3 The Four Potentials for Resilience Performance 29 3.4 Safety Management Systems 31 3.5 Developing Definitions of Resilience 33 3.6 Managing the Potentials for Resilient Performance 34 3.6.1 Organizations of the First Kind 35 3.6.2 Organizations of the Second Kind 36 3.6.3 Organizations of the Third Kind 36 3.6.4 Organizations of the Fourth Kind 37 3.7 Resilience Management: LP-HI OR HP-LI? 37 References 39 4 DEFENSE-IN-DEPTH 42 Jan-Erik Holmberg 4.1 Introduction 42 4.2 Underlying Theory and Theoretical Assumptions 43 4.2.1 Definitions and Terminology 43 4.3 Redundancy, Diversity, and Separation Principles 44 4.3.1 Principle of Successive Barriers and Reducing Consequences 46 4.3.2 Principle of Accident Prevention and Mitigation 47 4.3.3 Classification of Barriers 49 4.3.4 Safety Classification 50 4.3.5 Overall Safety Goals and Risk Acceptance Criteria vs. Defense-in-Depth 51 4.4 Use and Implementation 53 4.4.1 Nuclear Power Plant Safety 53 4.4.2 Chemical Industry 54 4.4.3 Information Technology Security 55 4.4.4 Railway Safety 56 4.4.5 Automobile Safety 57CONTENTS vii 4.5 Empirical Research on use and Efficiency 57 4.6 Weaknesses, Limitations, and Criticism 57 4.7 Relations to Other Safety Principles 59 References 60 Further Reading 61 5 SAFETY BARRIERS 63 Lars Harms-Ringdahl and Carl Rollenhagen 5.1 Introduction 63 5.1.1 Classical and Radical Definitions of Barriers 64 5.1.2 Examples 64 5.2 Origin and Theoretical Background 65 5.2.1 Energy and Sequence Models 65 5.2.2 Extended Models 66 5.3 Definitions and Terminology 67 5.3.1 Examples of Barrier Definitions 67 5.3.2 Barriers and Barrier Systems 68 5.3.3 Alternatives to the Barrier Concept 69 5.3.4 Safety Functions 70 5.3.5 Conclusion 71 5.4 Classification of Barriers 71 5.4.1 General Considerations 71 5.4.2 System Level Classification 72 5.4.3 Classification Related to Accident Sequence 72 5.4.4 Physical and Non-physical Barriers 72 5.4.5 Administrative and Human Barriers 73 5.4.6 Passive and Active Barriers 73 5.4.7 Combined Models 74 5.4.8 Purpose of Barriers 75 5.5 Methods for Analysis of Safety Barriers 75 5.5.1 Energy Analysis 76 5.5.2 Event Tree Analysis 76 5.5.3 Fault Tree Analysis 77 5.5.4 Safety Barrier Diagrams 77 5.5.5 Management Oversight and Risk Tree 78viii CONTENTS 5.5.6 MTO Event Investigation 78 5.5.7 Safety Function Analysis 78 5.5.8 Reliability Techniques 78 5.6 Quality and Efficiency of Barriers 79 5.6.1 Design and Installation of Barriers 79 5.6.2 Management of Barrier Systems During Operation 80 5.6.3 Maintenance of Barriers 80 5.6.4 Summary of Barrier Management Principles 81 5.7 Discussion and Conclusions 82 5.7.1 The Classical and Radical Meaning 82 5.7.2 Empirical Research on Use and Efficiency 83 5.7.3 General Conclusions 83 5.7.4 Relations to the Other Chapters 84 References 84 6 FACTORS AND MARGINS OF SAFETY 87 Neelke Doorn and Sven Ove Hansson 6.1 Introduction 87 6.2 Origin and History 91 6.3 Definitions and Terminology 92 6.4 Underlying Theory and Theoretical Assumptions 94 6.4.1 Structural Engineering 95 6.4.2 Toxicology 97 6.5 Use and Implementation 98 6.5.1 Three Types of Numerical Safety Reserves 98 6.5.2 How Safety Factors are Determined 99 6.6 Empirical Research on Use and Efficiency 101 6.6.1 Engineering 101 6.6.2 Toxicology 102 6.7 Weaknesses, Limitations, and Criticism 103 6.8 Relations to Other Safety Principles 105 6.8.1 Probabilistic Analysis 105 6.8.2 Cost–Benefit Analysis 106 Acknowledgment 108 References 108 Further Reading 114CONTENTS ix Part II Information and Control 115 7 EXPERIENCE FEEDBACK 117 Urban Kjellen ´ 7.1 Introduction 117 7.1.1 Example 117 7.2 Origin and History 118 7.3 Definitions 121 7.4 Underlying Theories and Assumptions 122 7.4.1 Feedback Cycle for the Control of Anything 122 7.4.2 Safety Information Systems 124 7.4.3 The Diagnostic Process 125 7.4.4 Knowledge Management 126 7.5 Use and Implementation 127 7.5.1 Safety Practice in an Operational Setting 127 7.5.2 Risk Assessment 131 7.5.3 Transfer of Experience to New Construction Projects 132 7.5.4 Transfer of Experience from the Users to Design 133 7.6 Empirical Research on Use and Efficiency 135 7.7 Relations to Other Safety Principles 137 7.7.1 Safety Management 137 7.7.2 Resilience Engineering 138 7.7.3 Safety Indicators 138 7.7.4 Safety Culture 138 References 138 Further Reading 141 8 RISK AND SAFETY INDICATORS 142 Drew Rae 8.1 Introduction 142 8.2 Origin and History 143 8.3 Definitions and Terminology 145 8.4 Underlying Theory and Theoretical Assumptions 146 8.4.1 Past, Present, and Future Safety 146 8.4.2 Outcome Indicators 147 8.4.3 Risk Models and Precursor Events 148x CONTENTS 8.4.4 Status of Physical and Procedural Controls 150 8.4.5 Safe Behaviors 150 8.4.6 Amount and Quality of Safety Activity 151 8.4.7 Organizational Drivers and Attributes 151 8.4.8 Variability 152 8.5 Use and Implementation 152 8.5.1 Metrics Collection 152 8.5.2 Incentives and Accountability 153 8.5.3 Benchmarking and Comparison 153 8.5.4 Safety Management System Performance Monitoring 154 8.6 Empirical Research on Use and Efficacy 154 8.6.1 Usage of Indicators 154 8.6.2 Efficacy of Indicators 155 8.7 Weaknesses, Limitations, and Criticism 155 8.7.1 Underreporting and Distortion 155 8.7.2 The Regulator Paradox and Estimation of Rare Events 156 8.7.3 Confusion Between Process Safety and Personal Safety Indicators 157 8.7.4 Unintended Consequences of Indirect Measurement 157 8.8 Relations to Other Safety Principles 158 8.8.1 Ensurance Principles 158 8.8.2 Assessment and Assurance Principles 159 References 159 9 PRINCIPLES OF HUMAN FACTORS ENGINEERING 164 Leena Norros and Paula Savioja 9.1 Introduction 164 9.2 Principle 1: HFE is Design Thinking 167 9.2.1 Description 167 9.2.2 Theoretical Foundation 168 9.2.3 Use and Implementation 170 9.2.4 Empirical Research on Use and Efficiency 170 9.3 Principle 2: HFE Studies Human as a Manifold Entity 172 9.3.1 Description 172 9.3.2 Theoretical Foundations 172 9.3.3 Use and Implementation 174 9.3.4 Empirical Research on Use and Efficiency 175CONTENTS xi 9.4 Principle 3: HFE Focuses on Technology in Use 177 9.4.1 Description 177 9.4.2 Theoretical Foundations 177 9.4.3 Use and Implementation 180 9.4.4 Empirical Research on Use and Efficiency 181 9.5 Principle 4: Safety is Achieved Through Continuous HFE 182 9.5.1 Description 182 9.5.2 Theoretical Foundation 182 9.5.3 Use and Implementation 183 9.5.4 Empirical Research on Use and Efficiency 185 9.6 Relation to Other Safety Principles 187 9.7 Limitations 188 9.8 Conclusions 189 References 190 Further Reading 195 10 SAFETY AUTOMATION 196 Bjorn Wahlstr ¨ om ¨ 10.1 Introduction 196 10.1.1 Purpose of Safety Automation 197 10.1.2 Functions of I&C Systems 199 10.1.3 Allocation of Functions between Humans and Automation 200 10.2 Origin and History 201 10.2.1 Roots of Safety Automation 201 10.2.2 Systems Design 202 10.2.3 Typical Design Projects 203 10.2.4 Analog and Digital I&C 204 10.3 Definitions and Terminology 205 10.3.1 System Life Cycles 205 10.3.2 Process and Product 206 10.3.3 Phases of Design 206 10.3.4 Operations 210 10.4 Underlying Theories and Assumptions 211 10.4.1 Systems of Systems 212 10.4.2 Building Reliability with Unreliable Parts 213xii CONTENTS 10.4.3 Reusability of Designs 213 10.4.4 Vendor Capability 213 10.4.5 Project Management 214 10.4.6 Regulatory Oversight 215 10.5 Use and Implementation 215 10.5.1 From Systems Design to I&C Design 215 10.5.2 Physical Realizations of I&C 216 10.5.3 Initial Considerations 216 10.5.4 I&C Design 217 10.5.5 Practices in Different Domains 220 10.6 Research on Use and Efficiency 220 10.6.1 Estimates of Project Cost and Duration 220 10.6.2 Support Systems for Design and Construction 221 10.6.3 Benefits of Using Safety Principles 221 10.7 Weaknesses, Limitations, and Criticism 222 10.7.1 What is Safe Enough? 222 10.7.2 Quality of Design 224 10.7.3 Field Programmable Gate Arrays 224 10.7.4 Cyber Security 224 10.7.5 Regulatory Acceptance 225 10.8 Relations to Other Safety Principles 225 10.8.1 Safety Reserves 226 10.8.2 Information and Control 226 10.8.3 Demonstrability 227 10.8.4 Optimization 227 10.8.5 Organizational Principles and Practices 228 10.9 Summary and Conclusions 228 References 229 11 RISK COMMUNICATION 235 Jan M. Gutteling 11.1 Introduction 235 11.1.1 Example 1 236 11.1.2 Risk Perception, Awareness, and Communication 236 11.1.3 This Chapter 238CONTENTS xiii 11.2 The Origin and History of Risk Communication as Academic Field 238 11.2.1 Example 2 239 11.2.2 Changing Notions about Communication 239 11.2.3 Example 3 241 11.2.4 Conclusion 241 11.3 Underlying Assumptions, Concepts and Empirical Data on Risk Communication Models 241 11.3.1 Information versus Communication 241 11.3.2 Risk Communication Aims 243 11.3.3 Diagnostic Risk Communication Studies 244 11.3.4 Social Amplification of Risk 245 11.3.5 Trust in Risk Communication 246 11.3.6 Socio-Cognitive Models 247 11.3.7 Risk Information Seeking Models 247 11.3.8 Risk Communication and Social Media 249 11.3.9 Conclusion 250 11.4 Weaknesses, Limitations, and Criticism 250 11.5 Final Word 252 References 252 Further Reading 257 12 THE PRECAUTIONARY PRINCIPLE 258 Sven Ove Hansson 12.1 Introduction 258 12.2 History and Current Use 259 12.3 Definitions 263 12.4 Underlying Theory 267 12.5 Research on Use and Efficiency 271 12.6 Weaknesses, Limitations, and Criticism 271 12.6.1 Is the Principle Asymmetric? 271 12.6.2 Strawman Criticism 273 12.7 Relation to Expected Utility and Probabilistic Risk Assessment 273 12.8 Relations to Other Safety Principles 276 12.8.1 Maximin 276 12.8.2 A Reversed Burden of Proof 278 12.8.3 Sound Science 278xiv CONTENTS Acknowledgment 279 References 279 Further Reading 283 13 OPERATING PROCEDURE 284 Jinkyun Park 13.1 Introduction 284 13.2 Manual, Guideline, and Procedure 286 13.3 Existing Principles for Developing a Good Procedure 288 13.4 Additional Principle to Develop a Good Procedure 292 13.4.1 Tailoring the Level of Details 293 13.4.2 Tailoring the Complexity of Instructions 297 13.5 Concluding Remarks 299 References 301 Further Reading 304 14 HUMAN–MACHINE SYSTEM 305 Anna-Lisa Osvalder and Hakan Alm ˚ 14.1 Human–Machine System 306 14.2 Complex Systems 307 14.3 To Control a Complex System 307 14.4 Operator Demands 308 14.4.1 Mental Models 308 14.4.2 Situation Awareness 310 14.4.3 Decision-Making 310 14.4.4 Mental Workload 311 14.5 Performance-Shaping Factors 313 14.5.1 Stressors 314 14.6 User Interface Design 315 14.6.1 Information Design 315 14.6.2 Design for Attention 316 14.6.3 Design for Perception 317 14.6.4 Design for Memory Functions 319 14.6.5 Feedback 320 14.6.6 Alarms 321CONTENTS xv 14.7 Demands on the Environment 322 14.7.1 Organization 322 14.7.2 Communication 324 14.8 Handling Complexity 327 References 329 Part III Demonstrability 331 15 QUALITY PRINCIPLES AND THEIR APPLICATIONS TO SAFETY 333 Bo Bergman 15.1 Introduction 333 15.2 Improvement Knowledge and its Application to Safety 338 15.2.1 Understanding Variation 338 15.2.2 Knowledge Theory 345 15.2.3 Psychology 348 15.2.4 System Thinking 348 15.3 Health-Care Improvement and Patient Safety 349 15.4 Weaknesses, Limitations, and Criticism 351 15.5 Some Personal Experiences 352 15.6 Relations to Other Safety Principles 353 References 355 Further Reading 360 16 SAFETY CASES 361 Tim Kelly 16.1 Introduction 361 16.2 Origins and History 361 16.2.1 Windscale 362 16.2.2 Flixborough 362 16.2.3 Piper Alpha 363 16.2.4 Clapham 363 16.2.5 The Introduction of Safety Cases—A Shift in Emphasis 364 16.3 Definitions and Terminology 364 16.3.1 Safety Cases vs. Safety Case Reports 366 16.3.2 Other Terminology 367xvi CONTENTS 16.4 Underlying Theory 367 16.4.1 Safety Case Argumentation 367 16.4.2 Types of Safety Case Argument 369 16.4.3 Safety Case Lifecycle 372 16.4.4 Incremental Safety Case Development 373 16.4.5 Safety Case Maintenance 374 16.4.6 Safety Case Evaluation 375 16.4.7 Safety Case Confidence 376 16.5 Empirical Research on Use and Efficiency 377 16.6 Weaknesses, Limitations, and Criticisms 377 16.6.1 Other Criticisms 381 16.7 Relationship to Other Principles 382 References 383 Further Reading 385 17 INHERENTLY SAFE DESIGN 386 Rajagopalan Srinivasan and Mohd Umair Iqbal 17.1 Introduction 386 17.2 Origin and History of the Principle 387 17.3 Definitions and Terminology 388 17.4 Use and Implementation 389 17.4.1 Examples of Minimization 390 17.4.2 Examples of Substitution 391 17.4.3 Examples of Simplification 391 17.4.4 Example of Moderation 391 17.5 Empirical Research on Use and Efficiency 392 17.6 Weaknesses, Limitation, and Criticism 393 17.7 Relation to Other Principles 394 References 394 18 MAINTENANCE, MAINTAINABILITY, AND INSPECTABILITY 397 Torbjorn Ylip ¨ a¨a, Anders Skoogh, and Jon Bokrantz ¨ 18.1 Introduction 397 18.1.1 The Piper Alpha Disaster 398 18.2 Origin and History 399CONTENTS xvii 18.3 Underlying Theory, Theoretical Assumptions, Definition, and Terminology 400 18.4 Use and Implementation 405 18.5 Empirical Research on Use and Efficiency 408 18.6 Weaknesses, Limitations, and Criticism 409 18.7 Relations to Other Safety Principles 410 References 410 Further Reading 413 Part IV Optimization 415 19 ON THE RISK-INFORMED REGULATION FOR THE SAFETY AGAINST EXTERNAL HAZARDS 417 Pieter van Gelder 19.1 Introduction 417 19.2 Risk-Regulation in Safety Against Environmental Risks 421 19.3 Dealing with Uncertainties in Risk-Informed Regulation 422 19.4 Limitations of the Current Risk Measures 424 19.5 Spatial Risk 426 19.6 Temporal Risk 429 19.7 Conclusions and Recommendations 431 Acknowledgment 432 References 432 20 QUANTITATIVE RISK ANALYSIS 434 Jan-Erik Holmberg 20.1 Introduction 434 20.2 Origin and History 435 20.3 Underlying Theory and Theoretical Assumptions 438 20.3.1 Risk 438 20.3.2 Probability 438 20.3.3 Uncertainty 439 20.3.4 Expected Value and Utility Principle 441 20.3.5 Risk Criteria 442 20.3.6 ALARP 442 20.3.7 Subsidiary Risk Criteria 443xviii CONTENTS 20.3.8 Event Tree–Fault Tree Modeling 445 20.3.9 Bayesian Belief Network 448 20.3.10 Bow-Tie Method 449 20.3.11 Monte Carlo Simulation 449 20.4 Use and Implementation 449 20.4.1 National Risk Criteria 449 20.4.2 IEC 61508 and Safety Integrity Levels 450 20.4.3 Nuclear Power Plants 452 20.4.4 Oil and Gas Industry in Europe 453 20.4.5 Railway Safety in Europe 455 20.4.6 Other Industries 455 20.5 Empirical Research on Use and Efficiency 456 20.6 Weaknesses, Limitations, and Criticism 456 20.7 Relations to Other Safety Principles 458 References 458 Further Reading 460 21 QUALITATIVE RISK ANALYSIS 463 Risto Tiusanen 21.1 Introduction 463 21.2 Origin and History of the Principle 464 21.3 Definitions 465 21.4 Underlying Theory and Theoretical Assumptions 466 21.4.1 Brainstorming 467 21.4.2 Preliminary Hazard Analysis 468 21.4.3 Scenario Analysis 468 21.4.4 Operating Hazard Analysis 468 21.4.5 HAZOP Studies 469 21.4.6 Risk Matrixes 470 21.5 Use and Implementation 471 21.5.1 Systems Engineering Approach to Risk Assessment 472 21.5.2 System-Safety Engineering 473 21.5.3 Industrial Safety Engineering 476 21.5.4 Machinery-Safety Engineering 477 21.5.5 Functional Safety Engineering 478 21.6 Strengths, Weaknesses, Limitations and Criticism 480CONTENTS xix 21.7 Experiences of Preliminary Hazard Identification Methods 482 21.8 Experiences of Hazop Studies 482 21.9 Experiences of Risk Estimation Methods 483 21.10 Summary of Strengths and Limitations 484 21.11 Experiences from Complex Machinery Applications 484 21.11.1 Change from Machines to Automated Machine Systems 484 21.11.2 Case Studies on Qualitative Methods 489 21.11.3 Case Study Results 490 21.12 Relations to Other Safety Principles 491 References 491 22 PRINCIPLES AND LIMITATIONS OF COST–BENEFIT ANALYSIS FOR SAFETY INVESTMENTS 493 Genserik Reniers and Luca Talarico 22.1 Introduction 493 22.2 Principles of Cost–Benefit Analysis 495 22.3 CBA Methodologies 497 22.3.1 CBA for Type I Accidents 499 22.3.2 CBA for Type II Safety Investments 504 22.3.3 Disproportion Factor 505 22.4 Conclusions 511 References 512 23 RAMS OPTIMIZATION PRINCIPLES 514 Yan-Fu Li and Enrico Zio List of Acronyms 514 23.1 Introduction to Reliability, Availability, Maintainability, and Safety (RAMS) Optimization 515 23.2 Multi-Objective Optimization 516 23.2.1 Problem Formulation 517 23.2.2 Pareto Optimality 518 23.3 Solution Methods 519 23.3.1 Weighted-Sum Approach 519 23.3.2 ????-Constraint Approach 520 23.3.3 Goal Programming 521 23.3.4 Evolutionary Algorithms 521xx CONTENTS 23.4 Performance Measures 523 23.5 Selection of Preferred Solutions 524 23.5.1 “Min–Max” Method 524 23.6 Guidelines for Implementation and Use 525 23.7 Numerical Case Study 527 23.8 Discussion 536 23.9 Relations to Other Principles 536 References 537 Further Reading 539 24 MAINTENANCE OPTIMIZATION AND ITS RELATION TO SAFETY 540 Roger Flage 24.1 Introduction 540 24.2 Related Principles and Terms 541 24.2.1 Key Terms 541 24.2.2 Maintenance Optimization Models as Special Types of Cost–Benefit Analysis 542 24.2.3 Risk Assessment and Risk Management 543 24.2.4 The ALARP Principle and Risk Acceptance Criteria 545 24.3 Maintenance Optimization 547 24.3.1 Theory 547 24.3.2 Use and Implementation 550 24.4 Discussion and Conclusions 556 Further Reading 559 References 561 25 HUMAN RELIABILITY ANALYSIS 565 Luca Podofillini 25.1 Introduction With Examples 565 25.2 Origin and History of the Principle 569 25.3 Underlying Theory and Theoretical Assumptions 572 25.4 Use and Implementation 576 25.5 Empirical Research on Use and Efficiency 578 25.6 Weaknesses, Limitations, and Criticism 583 25.7 Relationship with Other Principles 585 References 586CONTENTS xxi 26 ALARA, BAT, AND THE SUBSTITUTION PRINCIPLE 593 Sven Ove Hansson 26.1 Introduction 593 26.2 Alara 594 26.2.1 History and Current Use 594 26.2.2 Definitions and Terminology 596 26.2.3 Theory and Interpretation 596 26.2.4 Effects of Applying the Principle 600 26.2.5 Weaknesses and Criticism 601 26.3 Best Available Technology 601 26.3.1 History and Current Use 601 26.3.2 Definitions and Terminology 603 26.3.3 Theory and Interpretation 603 26.3.4 Effects of Applying the Principle 605 26.3.5 Weaknesses and Criticism 605 26.4 The Substitution Principle 606 26.4.1 History and Current Use 606 26.4.2 Definitions and Terminology 609 26.4.3 Theory and Interpretation 612 26.4.4 Effects of Applying the Principle 613 26.4.5 Weaknesses and Criticism 614 26.5 Comparative Discussion 615 26.5.1 Comparisons Between the Three Principles 615 26.5.2 Comparisons with Other Principles 616 Acknowledgment 618 References 618 Further Reading 624 Part V Organizational Principles and Practices 625 27 SAFETY MANAGEMENT PRINCIPLES 627 Gudela Grote 27.1 Introduction 627 27.2 Origin and History of the Principle 629 27.3 Definitions 629 27.4 Underlying Theory and Theoretical Assumptions 630 27.5 Use and Implementation 633xxii CONTENTS 27.6 Empirical Research on Use and Efficiency 634 27.6.1 Contextual factors 635 27.6.2 Examples for the effects of context on safety management 638 27.7 Weaknesses, Limitations, and Criticism 640 27.8 Relations to Other Safety Principles 642 References 642 Further Reading 646 28 SAFETY CULTURE 647 Teemu Reiman and Carl Rollenhagen 28.1 Introduction 647 28.2 Origin and History 652 28.2.1 The Chernobyl Accident 652 28.2.2 Organizational Culture and Organizational Climate: The Broader Context 653 28.2.3 Safety Climate 654 28.2.4 Organizational Culture and Safety Culture 655 28.3 Definitions and Terminology 656 28.4 Underlying Theory and Theoretical Assumptions 658 28.4.1 Some Common Features of Safety Culture Models 658 28.4.2 Theoretical Frameworks 659 28.5 Empirical Research 662 28.6 Use and Implementation 663 28.6.1 When and Where to Use the Concept? 663 28.6.2 Safety Culture as an Evaluation Framework 664 28.6.3 Developing Safety Culture 666 28.7 Weaknesses and Critique 667 28.8 Main Messages and What the Concept Tells About Safety 670 References 671 29 PRINCIPLES OF BEHAVIOR-BASED SAFETY 677 Steve Roberts and E. Scott Geller 29.1 Introduction 677 29.2 Origin and History of BBS 678 29.3 Leadership 680 29.4 Physical Environment/Conditions 683 29.5 Systems 683CONTENTS xxiii 29.6 Behaviors 689 29.7 Employee Involvement and Ownership 695 29.8 Person States 699 29.9 The Benefits of Behavior-Based Safety 701 29.10 Weaknesses, Limitations, and Criticisms 703 29.11 Relationship with Other Principles 705 References 707 Further Reading 710 30 PRINCIPLES OF EMERGENCY PLANS AND CRISIS MANAGEMENT 711 Ann Enander 30.1 Introduction 711 30.1.1 Components in an Emergency Plan 712 30.1.2 Emergency Planning as a Process 713 30.1.3 Crisis Management in Theory and Practice 714 30.1.4 Crisis Leadership 715 30.2 Origin and History 716 30.3 Definitions and Terminology 717 30.3.1 Classifications and Typologies 719 30.4 Underlying Theory and Theoretical Assumptions 720 30.4.1 The Emergency Response Cycle 720 30.5 Use and Implementation 721 30.6 Empirical Research on Use and Efficiency 722 30.7 Weaknesses, Limitations, and Criticism 723 30.7.1 Myths and Misconceptions 724 30.7.2 Success or Failure 725 30.8 Relations to Other Safety Principles 725 References 726 Further Reading 731 31 SAFETY STANDARDS: CHRONIC CHALLENGES AND EMERGING PRINCIPLES 732 Ibrahim Habli 31.1 Introduction 732 31.2 Definitions and Terminology 734 31.3 Organization of Safety Standards 734 31.3.1 Safety Lifecycle Models 735xxiv CONTENTS 31.4 Domain Specific Principles 736 31.4.1 Software Safety Assurance Principles 737 31.4.2 Automotive Functional Safety Principles 741 31.5 Development of Standards 742 31.6 Rationale in Standards 743 31.7 Chapter Summary 744 References 744 Further Reading 746 32 MANAGING THE UNEXPECTED 747 Jean-Christophe Le Coze 32.1 Introduction 747 32.2 Defining the Unexpected 750 32.2.1 The Unexpected, What Are We Dealing With? Three Examples 750 32.2.2 Were These Disasters Unexpected, Surprising? 751 32.2.3 The Unexpected, a Highly Relative Category 752 32.3 Thirty Years of Research on the Unexpected 754 32.3.1 Conceptualizing the Unexpected: Four Different Threads 754 32.3.2 Charles Perrow and Normal Accident 756 32.3.3 Barry Turner and Man-Made Disaster: A “Kuhnian” Thread 758 32.3.4 Jens Rasmussen and Complexity: An Ashbyan Thread 760 32.3.5 Four Threads, Four Sensitivities, But Not Exclusive: A Synthesis 764 32.4 Managing the Unexpected 766 32.4.1 Building Favorable Power Configurations (vs. Marxian Thread) 767 32.4.2 Confronting Our Fallible (Cultural) Constructs (vs. Kuhnian Thread) 769 32.4.3 Keeping Sight of the Relation Between Parts and Whole (vs. Ashbyan Thread) 770 32.4.4 Limitations and Opening 771 32.5 Relation to Other Principles: Further Reading 771 32.6 Conclusion 772 References 772 Index 777 CONTENTS Preface xxv List of Contributors xxvii 1 INTRODUCTION 1 Niklas Moller, Sven Ove Hansson, Jan-Erik Holmberg, ¨ and Carl Rollenhagen 1.1 Competition, Overlap, and Conflicts 1 1.2 A New Level in the Study of Safety Principles 2 1.3 Metaprinciples of Safety 3 1.4 Other Ways to Characterize Safety Principles 5 1.5 Conflicts Between Safety Principles 7 1.6 When Can Safety Principles Be Broken? 8 1.7 Safety in Context 9 References 10 2 PREVIEW 11 Niklas Moller, Sven Ove Hansson, Jan-Erik Holmberg, ¨ and Carl Rollenhagen 2.1 Part I: Safety Reserves 12 2.2 Part II: Information and Control 13 2.3 Part III: Demonstrability 16 2.4 Part IV: Optimization 17 2.5 Part V: Organizational Principles and Practices 20 vvi CONTENTS Part I Safety Reserves 23 3 RESILIENCE ENGINEERING AND THE FUTURE OF SAFETY MANAGEMENT 25 Erik Hollnagel 3.1 On the Origins of Resilience 25 3.2 The Resilience Engineering Understanding of “Resilience” 27 3.3 The Four Potentials for Resilience Performance 29 3.4 Safety Management Systems 31 3.5 Developing Definitions of Resilience 33 3.6 Managing the Potentials for Resilient Performance 34 3.6.1 Organizations of the First Kind 35 3.6.2 Organizations of the Second Kind 36 3.6.3 Organizations of the Third Kind 36 3.6.4 Organizations of the Fourth Kind 37 3.7 Resilience Management: LP-HI OR HP-LI? 37 References 39 4 DEFENSE-IN-DEPTH 42 Jan-Erik Holmberg 4.1 Introduction 42 4.2 Underlying Theory and Theoretical Assumptions 43 4.2.1 Definitions and Terminology 43 4.3 Redundancy, Diversity, and Separation Principles 44 4.3.1 Principle of Successive Barriers and Reducing Consequences 46 4.3.2 Principle of Accident Prevention and Mitigation 47 4.3.3 Classification of Barriers 49 4.3.4 Safety Classification 50 4.3.5 Overall Safety Goals and Risk Acceptance Criteria vs. Defense-in-Depth 51 4.4 Use and Implementation 53 4.4.1 Nuclear Power Plant Safety 53 4.4.2 Chemical Industry 54 4.4.3 Information Technology Security 55 4.4.4 Railway Safety 56 4.4.5 Automobile Safety 57CONTENTS vii 4.5 Empirical Research on use and Efficiency 57 4.6 Weaknesses, Limitations, and Criticism 57 4.7 Relations to Other Safety Principles 59 References 60 Further Reading 61 5 SAFETY BARRIERS 63 Lars Harms-Ringdahl and Carl Rollenhagen 5.1 Introduction 63 5.1.1 Classical and Radical Definitions of Barriers 64 5.1.2 Examples 64 5.2 Origin and Theoretical Background 65 5.2.1 Energy and Sequence Models 65 5.2.2 Extended Models 66 5.3 Definitions and Terminology 67 5.3.1 Examples of Barrier Definitions 67 5.3.2 Barriers and Barrier Systems 68 5.3.3 Alternatives to the Barrier Concept 69 5.3.4 Safety Functions 70 5.3.5 Conclusion 71 5.4 Classification of Barriers 71 5.4.1 General Considerations 71 5.4.2 System Level Classification 72 5.4.3 Classification Related to Accident Sequence 72 5.4.4 Physical and Non-physical Barriers 72 5.4.5 Administrative and Human Barriers 73 5.4.6 Passive and Active Barriers 73 5.4.7 Combined Models 74 5.4.8 Purpose of Barriers 75 5.5 Methods for Analysis of Safety Barriers 75 5.5.1 Energy Analysis 76 5.5.2 Event Tree Analysis 76 5.5.3 Fault Tree Analysis 77 5.5.4 Safety Barrier Diagrams 77 5.5.5 Management Oversight and Risk Tree 78viii CONTENTS 5.5.6 MTO Event Investigation 78 5.5.7 Safety Function Analysis 78 5.5.8 Reliability Techniques 78 5.6 Quality and Efficiency of Barriers 79 5.6.1 Design and Installation of Barriers 79 5.6.2 Management of Barrier Systems During Operation 80 5.6.3 Maintenance of Barriers 80 5.6.4 Summary of Barrier Management Principles 81 5.7 Discussion and Conclusions 82 5.7.1 The Classical and Radical Meaning 82 5.7.2 Empirical Research on Use and Efficiency 83 5.7.3 General Conclusions 83 5.7.4 Relations to the Other Chapters 84 References 84 6 FACTORS AND MARGINS OF SAFETY 87 Neelke Doorn and Sven Ove Hansson 6.1 Introduction 87 6.2 Origin and History 91 6.3 Definitions and Terminology 92 6.4 Underlying Theory and Theoretical Assumptions 94 6.4.1 Structural Engineering 95 6.4.2 Toxicology 97 6.5 Use and Implementation 98 6.5.1 Three Types of Numerical Safety Reserves 98 6.5.2 How Safety Factors are Determined 99 6.6 Empirical Research on Use and Efficiency 101 6.6.1 Engineering 101 6.6.2 Toxicology 102 6.7 Weaknesses, Limitations, and Criticism 103 6.8 Relations to Other Safety Principles 105 6.8.1 Probabilistic Analysis 105 6.8.2 Cost–Benefit Analysis 106 Acknowledgment 108 References 108 Further Reading 114CONTENTS ix Part II Information and Control 115 7 EXPERIENCE FEEDBACK 117 Urban Kjellen ´ 7.1 Introduction 117 7.1.1 Example 117 7.2 Origin and History 118 7.3 Definitions 121 7.4 Underlying Theories and Assumptions 122 7.4.1 Feedback Cycle for the Control of Anything 122 7.4.2 Safety Information Systems 124 7.4.3 The Diagnostic Process 125 7.4.4 Knowledge Management 126 7.5 Use and Implementation 127 7.5.1 Safety Practice in an Operational Setting 127 7.5.2 Risk Assessment 131 7.5.3 Transfer of Experience to New Construction Projects 132 7.5.4 Transfer of Experience from the Users to Design 133 7.6 Empirical Research on Use and Efficiency 135 7.7 Relations to Other Safety Principles 137 7.7.1 Safety Management 137 7.7.2 Resilience Engineering 138 7.7.3 Safety Indicators 138 7.7.4 Safety Culture 138 References 138 Further Reading 141 8 RISK AND SAFETY INDICATORS 142 Drew Rae 8.1 Introduction 142 8.2 Origin and History 143 8.3 Definitions and Terminology 145 8.4 Underlying Theory and Theoretical Assumptions 146 8.4.1 Past, Present, and Future Safety 146 8.4.2 Outcome Indicators 147 8.4.3 Risk Models and Precursor Events 148x CONTENTS 8.4.4 Status of Physical and Procedural Controls 150 8.4.5 Safe Behaviors 150 8.4.6 Amount and Quality of Safety Activity 151 8.4.7 Organizational Drivers and Attributes 151 8.4.8 Variability 152 8.5 Use and Implementation 152 8.5.1 Metrics Collection 152 8.5.2 Incentives and Accountability 153 8.5.3 Benchmarking and Comparison 153 8.5.4 Safety Management System Performance Monitoring 154 8.6 Empirical Research on Use and Efficacy 154 8.6.1 Usage of Indicators 154 8.6.2 Efficacy of Indicators 155 8.7 Weaknesses, Limitations, and Criticism 155 8.7.1 Underreporting and Distortion 155 8.7.2 The Regulator Paradox and Estimation of Rare Events 156 8.7.3 Confusion Between Process Safety and Personal Safety Indicators 157 8.7.4 Unintended Consequences of Indirect Measurement 157 8.8 Relations to Other Safety Principles 158 8.8.1 Ensurance Principles 158 8.8.2 Assessment and Assurance Principles 159 References 159 9 PRINCIPLES OF HUMAN FACTORS ENGINEERING 164 Leena Norros and Paula Savioja 9.1 Introduction 164 9.2 Principle 1: HFE is Design Thinking 167 9.2.1 Description 167 9.2.2 Theoretical Foundation 168 9.2.3 Use and Implementation 170 9.2.4 Empirical Research on Use and Efficiency 170 9.3 Principle 2: HFE Studies Human as a Manifold Entity 172 9.3.1 Description 172 9.3.2 Theoretical Foundations 172 9.3.3 Use and Implementation 174 9.3.4 Empirical Research on Use and Efficiency 175CONTENTS xi 9.4 Principle 3: HFE Focuses on Technology in Use 177 9.4.1 Description 177 9.4.2 Theoretical Foundations 177 9.4.3 Use and Implementation 180 9.4.4 Empirical Research on Use and Efficiency 181 9.5 Principle 4: Safety is Achieved Through Continuous HFE 182 9.5.1 Description 182 9.5.2 Theoretical Foundation 182 9.5.3 Use and Implementation 183 9.5.4 Empirical Research on Use and Efficiency 185 9.6 Relation to Other Safety Principles 187 9.7 Limitations 188 9.8 Conclusions 189 References 190 Further Reading 195 10 SAFETY AUTOMATION 196 Bjorn Wahlstr ¨ om ¨ 10.1 Introduction 196 10.1.1 Purpose of Safety Automation 197 10.1.2 Functions of I&C Systems 199 10.1.3 Allocation of Functions between Humans and Automation 200 10.2 Origin and History 201 10.2.1 Roots of Safety Automation 201 10.2.2 Systems Design 202 10.2.3 Typical Design Projects 203 10.2.4 Analog and Digital I&C 204 10.3 Definitions and Terminology 205 10.3.1 System Life Cycles 205 10.3.2 Process and Product 206 10.3.3 Phases of Design 206 10.3.4 Operations 210 10.4 Underlying Theories and Assumptions 211 10.4.1 Systems of Systems 212 10.4.2 Building Reliability with Unreliable Parts 213xii CONTENTS 10.4.3 Reusability of Designs 213 10.4.4 Vendor Capability 213 10.4.5 Project Management 214 10.4.6 Regulatory Oversight 215 10.5 Use and Implementation 215 10.5.1 From Systems Design to I&C Design 215 10.5.2 Physical Realizations of I&C 216 10.5.3 Initial Considerations 216 10.5.4 I&C Design 217 10.5.5 Practices in Different Domains 220 10.6 Research on Use and Efficiency 220 10.6.1 Estimates of Project Cost and Duration 220 10.6.2 Support Systems for Design and Construction 221 10.6.3 Benefits of Using Safety Principles 221 10.7 Weaknesses, Limitations, and Criticism 222 10.7.1 What is Safe Enough? 222 10.7.2 Quality of Design 224 10.7.3 Field Programmable Gate Arrays 224 10.7.4 Cyber Security 224 10.7.5 Regulatory Acceptance 225 10.8 Relations to Other Safety Principles 225 10.8.1 Safety Reserves 226 10.8.2 Information and Control 226 10.8.3 Demonstrability 227 10.8.4 Optimization 227 10.8.5 Organizational Principles and Practices 228 10.9 Summary and Conclusions 228 References 229 11 RISK COMMUNICATION 235 Jan M. Gutteling 11.1 Introduction 235 11.1.1 Example 1 236 11.1.2 Risk Perception, Awareness, and Communication 236 11.1.3 This Chapter 238CONTENTS xiii 11.2 The Origin and History of Risk Communication as Academic Field 238 11.2.1 Example 2 239 11.2.2 Changing Notions about Communication 239 11.2.3 Example 3 241 11.2.4 Conclusion 241 11.3 Underlying Assumptions, Concepts and Empirical Data on Risk Communication Models 241 11.3.1 Information versus Communication 241 11.3.2 Risk Communication Aims 243 11.3.3 Diagnostic Risk Communication Studies 244 11.3.4 Social Amplification of Risk 245 11.3.5 Trust in Risk Communication 246 11.3.6 Socio-Cognitive Models 247 11.3.7 Risk Information Seeking Models 247 11.3.8 Risk Communication and Social Media 249 11.3.9 Conclusion 250 11.4 Weaknesses, Limitations, and Criticism 250 11.5 Final Word 252 References 252 Further Reading 257 12 THE PRECAUTIONARY PRINCIPLE 258 Sven Ove Hansson 12.1 Introduction 258 12.2 History and Current Use 259 12.3 Definitions 263 12.4 Underlying Theory 267 12.5 Research on Use and Efficiency 271 12.6 Weaknesses, Limitations, and Criticism 271 12.6.1 Is the Principle Asymmetric? 271 12.6.2 Strawman Criticism 273 12.7 Relation to Expected Utility and Probabilistic Risk Assessment 273 12.8 Relations to Other Safety Principles 276 12.8.1 Maximin 276 12.8.2 A Reversed Burden of Proof 278 12.8.3 Sound Science 278xiv CONTENTS Acknowledgment 279 References 279 Further Reading 283 13 OPERATING PROCEDURE 284 Jinkyun Park 13.1 Introduction 284 13.2 Manual, Guideline, and Procedure 286 13.3 Existing Principles for Developing a Good Procedure 288 13.4 Additional Principle to Develop a Good Procedure 292 13.4.1 Tailoring the Level of Details 293 13.4.2 Tailoring the Complexity of Instructions 297 13.5 Concluding Remarks 299 References 301 Further Reading 304 14 HUMAN–MACHINE SYSTEM 305 Anna-Lisa Osvalder and Hakan Alm ˚ 14.1 Human–Machine System 306 14.2 Complex Systems 307 14.3 To Control a Complex System 307 14.4 Operator Demands 308 14.4.1 Mental Models 308 14.4.2 Situation Awareness 310 14.4.3 Decision-Making 310 14.4.4 Mental Workload 311 14.5 Performance-Shaping Factors 313 14.5.1 Stressors 314 14.6 User Interface Design 315 14.6.1 Information Design 315 14.6.2 Design for Attention 316 14.6.3 Design for Perception 317 14.6.4 Design for Memory Functions 319 14.6.5 Feedback 320 14.6.6 Alarms 321CONTENTS xv 14.7 Demands on the Environment 322 14.7.1 Organization 322 14.7.2 Communication 324 14.8 Handling Complexity 327 References 329 Part III Demonstrability 331 15 QUALITY PRINCIPLES AND THEIR APPLICATIONS TO SAFETY 333 Bo Bergman 15.1 Introduction 333 15.2 Improvement Knowledge and its Application to Safety 338 15.2.1 Understanding Variation 338 15.2.2 Knowledge Theory 345 15.2.3 Psychology 348 15.2.4 System Thinking 348 15.3 Health-Care Improvement and Patient Safety 349 15.4 Weaknesses, Limitations, and Criticism 351 15.5 Some Personal Experiences 352 15.6 Relations to Other Safety Principles 353 References 355 Further Reading 360 16 SAFETY CASES 361 Tim Kelly 16.1 Introduction 361 16.2 Origins and History 361 16.2.1 Windscale 362 16.2.2 Flixborough 362 16.2.3 Piper Alpha 363 16.2.4 Clapham 363 16.2.5 The Introduction of Safety Cases—A Shift in Emphasis 364 16.3 Definitions and Terminology 364 16.3.1 Safety Cases vs. Safety Case Reports 366 16.3.2 Other Terminology 367xvi CONTENTS 16.4 Underlying Theory 367 16.4.1 Safety Case Argumentation 367 16.4.2 Types of Safety Case Argument 369 16.4.3 Safety Case Lifecycle 372 16.4.4 Incremental Safety Case Development 373 16.4.5 Safety Case Maintenance 374 16.4.6 Safety Case Evaluation 375 16.4.7 Safety Case Confidence 376 16.5 Empirical Research on Use and Efficiency 377 16.6 Weaknesses, Limitations, and Criticisms 377 16.6.1 Other Criticisms 381 16.7 Relationship to Other Principles 382 References 383 Further Reading 385 17 INHERENTLY SAFE DESIGN 386 Rajagopalan Srinivasan and Mohd Umair Iqbal 17.1 Introduction 386 17.2 Origin and History of the Principle 387 17.3 Definitions and Terminology 388 17.4 Use and Implementation 389 17.4.1 Examples of Minimization 390 17.4.2 Examples of Substitution 391 17.4.3 Examples of Simplification 391 17.4.4 Example of Moderation 391 17.5 Empirical Research on Use and Efficiency 392 17.6 Weaknesses, Limitation, and Criticism 393 17.7 Relation to Other Principles 394 References 394 18 MAINTENANCE, MAINTAINABILITY, AND INSPECTABILITY 397 Torbjorn Ylip ¨ a¨a, Anders Skoogh, and Jon Bokrantz ¨ 18.1 Introduction 397 18.1.1 The Piper Alpha Disaster 398 18.2 Origin and History 399CONTENTS xvii 18.3 Underlying Theory, Theoretical Assumptions, Definition, and Terminology 400 18.4 Use and Implementation 405 18.5 Empirical Research on Use and Efficiency 408 18.6 Weaknesses, Limitations, and Criticism 409 18.7 Relations to Other Safety Principles 410 References 410 Further Reading 413 Part IV Optimization 415 19 ON THE RISK-INFORMED REGULATION FOR THE SAFETY AGAINST EXTERNAL HAZARDS 417 Pieter van Gelder 19.1 Introduction 417 19.2 Risk-Regulation in Safety Against Environmental Risks 421 19.3 Dealing with Uncertainties in Risk-Informed Regulation 422 19.4 Limitations of the Current Risk Measures 424 19.5 Spatial Risk 426 19.6 Temporal Risk 429 19.7 Conclusions and Recommendations 431 Acknowledgment 432 References 432 20 QUANTITATIVE RISK ANALYSIS 434 Jan-Erik Holmberg 20.1 Introduction 434 20.2 Origin and History 435 20.3 Underlying Theory and Theoretical Assumptions 438 20.3.1 Risk 438 20.3.2 Probability 438 20.3.3 Uncertainty 439 20.3.4 Expected Value and Utility Principle 441 20.3.5 Risk Criteria 442 20.3.6 ALARP 442 20.3.7 Subsidiary Risk Criteria 443xviii CONTENTS 20.3.8 Event Tree–Fault Tree Modeling 445 20.3.9 Bayesian Belief Network 448 20.3.10 Bow-Tie Method 449 20.3.11 Monte Carlo Simulation 449 20.4 Use and Implementation 449 20.4.1 National Risk Criteria 449 20.4.2 IEC 61508 and Safety Integrity Levels 450 20.4.3 Nuclear Power Plants 452 20.4.4 Oil and Gas Industry in Europe 453 20.4.5 Railway Safety in Europe 455 20.4.6 Other Industries 455 20.5 Empirical Research on Use and Efficiency 456 20.6 Weaknesses, Limitations, and Criticism 456 20.7 Relations to Other Safety Principles 458 References 458 Further Reading 460 21 QUALITATIVE RISK ANALYSIS 463 Risto Tiusanen 21.1 Introduction 463 21.2 Origin and History of the Principle 464 21.3 Definitions 465 21.4 Underlying Theory and Theoretical Assumptions 466 21.4.1 Brainstorming 467 21.4.2 Preliminary Hazard Analysis 468 21.4.3 Scenario Analysis 468 21.4.4 Operating Hazard Analysis 468 21.4.5 HAZOP Studies 469 21.4.6 Risk Matrixes 470 21.5 Use and Implementation 471 21.5.1 Systems Engineering Approach to Risk Assessment 472 21.5.2 System-Safety Engineering 473 21.5.3 Industrial Safety Engineering 476 21.5.4 Machinery-Safety Engineering 477 21.5.5 Functional Safety Engineering 478 21.6 Strengths, Weaknesses, Limitations and Criticism 480CONTENTS xix 21.7 Experiences of Preliminary Hazard Identification Methods 482 21.8 Experiences of Hazop Studies 482 21.9 Experiences of Risk Estimation Methods 483 21.10 Summary of Strengths and Limitations 484 21.11 Experiences from Complex Machinery Applications 484 21.11.1 Change from Machines to Automated Machine Systems 484 21.11.2 Case Studies on Qualitative Methods 489 21.11.3 Case Study Results 490 21.12 Relations to Other Safety Principles 491 References 491 22 PRINCIPLES AND LIMITATIONS OF COST–BENEFIT ANALYSIS FOR SAFETY INVESTMENTS 493 Genserik Reniers and Luca Talarico 22.1 Introduction 493 22.2 Principles of Cost–Benefit Analysis 495 22.3 CBA Methodologies 497 22.3.1 CBA for Type I Accidents 499 22.3.2 CBA for Type II Safety Investments 504 22.3.3 Disproportion Factor 505 22.4 Conclusions 511 References 512 23 RAMS OPTIMIZATION PRINCIPLES 514 Yan-Fu Li and Enrico Zio List of Acronyms 514 23.1 Introduction to Reliability, Availability, Maintainability, and Safety (RAMS) Optimization 515 23.2 Multi-Objective Optimization 516 23.2.1 Problem Formulation 517 23.2.2 Pareto Optimality 518 23.3 Solution Methods 519 23.3.1 Weighted-Sum Approach 519 23.3.2 ????-Constraint Approach 520 23.3.3 Goal Programming 521 23.3.4 Evolutionary Algorithms 521xx CONTENTS 23.4 Performance Measures 523 23.5 Selection of Preferred Solutions 524 23.5.1 “Min–Max” Method 524 23.6 Guidelines for Implementation and Use 525 23.7 Numerical Case Study 527 23.8 Discussion 536 23.9 Relations to Other Principles 536 References 537 Further Reading 539 24 MAINTENANCE OPTIMIZATION AND ITS RELATION TO SAFETY 540 Roger Flage 24.1 Introduction 540 24.2 Related Principles and Terms 541 24.2.1 Key Terms 541 24.2.2 Maintenance Optimization Models as Special Types of Cost–Benefit Analysis 542 24.2.3 Risk Assessment and Risk Management 543 24.2.4 The ALARP Principle and Risk Acceptance Criteria 545 24.3 Maintenance Optimization 547 24.3.1 Theory 547 24.3.2 Use and Implementation 550 24.4 Discussion and Conclusions 556 Further Reading 559 References 561 25 HUMAN RELIABILITY ANALYSIS 565 Luca Podofillini 25.1 Introduction With Examples 565 25.2 Origin and History of the Principle 569 25.3 Underlying Theory and Theoretical Assumptions 572 25.4 Use and Implementation 576 25.5 Empirical Research on Use and Efficiency 578 25.6 Weaknesses, Limitations, and Criticism 583 25.7 Relationship with Other Principles 585 References 586CONTENTS xxi 26 ALARA, BAT, AND THE SUBSTITUTION PRINCIPLE 593 Sven Ove Hansson 26.1 Introduction 593 26.2 Alara 594 26.2.1 History and Current Use 594 26.2.2 Definitions and Terminology 596 26.2.3 Theory and Interpretation 596 26.2.4 Effects of Applying the Principle 600 26.2.5 Weaknesses and Criticism 601 26.3 Best Available Technology 601 26.3.1 History and Current Use 601 26.3.2 Definitions and Terminology 603 26.3.3 Theory and Interpretation 603 26.3.4 Effects of Applying the Principle 605 26.3.5 Weaknesses and Criticism 605 26.4 The Substitution Principle 606 26.4.1 History and Current Use 606 26.4.2 Definitions and Terminology 609 26.4.3 Theory and Interpretation 612 26.4.4 Effects of Applying the Principle 613 26.4.5 Weaknesses and Criticism 614 26.5 Comparative Discussion 615 26.5.1 Comparisons Between the Three Principles 615 26.5.2 Comparisons with Other Principles 616 Acknowledgment 618 References 618 Further Reading 624 Part V Organizational Principles and Practices 625 27 SAFETY MANAGEMENT PRINCIPLES 627 Gudela Grote 27.1 Introduction 627 27.2 Origin and History of the Principle 629 27.3 Definitions 629 27.4 Underlying Theory and Theoretical Assumptions 630 27.5 Use and Implementation 633xxii CONTENTS 27.6 Empirical Research on Use and Efficiency 634 27.6.1 Contextual factors 635 27.6.2 Examples for the effects of context on safety management 638 27.7 Weaknesses, Limitations, and Criticism 640 27.8 Relations to Other Safety Principles 642 References 642 Further Reading 646 28 SAFETY CULTURE 647 Teemu Reiman and Carl Rollenhagen 28.1 Introduction 647 28.2 Origin and History 652 28.2.1 The Chernobyl Accident 652 28.2.2 Organizational Culture and Organizational Climate: The Broader Context 653 28.2.3 Safety Climate 654 28.2.4 Organizational Culture and Safety Culture 655 28.3 Definitions and Terminology 656 28.4 Underlying Theory and Theoretical Assumptions 658 28.4.1 Some Common Features of Safety Culture Models 658 28.4.2 Theoretical Frameworks 659 28.5 Empirical Research 662 28.6 Use and Implementation 663 28.6.1 When and Where to Use the Concept? 663 28.6.2 Safety Culture as an Evaluation Framework 664 28.6.3 Developing Safety Culture 666 28.7 Weaknesses and Critique 667 28.8 Main Messages and What the Concept Tells About Safety 670 References 671 29 PRINCIPLES OF BEHAVIOR-BASED SAFETY 677 Steve Roberts and E. Scott Geller 29.1 Introduction 677 29.2 Origin and History of BBS 678 29.3 Leadership 680 29.4 Physical Environment/Conditions 683 29.5 Systems 683CONTENTS xxiii 29.6 Behaviors 689 29.7 Employee Involvement and Ownership 695 29.8 Person States 699 29.9 The Benefits of Behavior-Based Safety 701 29.10 Weaknesses, Limitations, and Criticisms 703 29.11 Relationship with Other Principles 705 References 707 Further Reading 710 30 PRINCIPLES OF EMERGENCY PLANS AND CRISIS MANAGEMENT 711 Ann Enander 30.1 Introduction 711 30.1.1 Components in an Emergency Plan 712 30.1.2 Emergency Planning as a Process 713 30.1.3 Crisis Management in Theory and Practice 714 30.1.4 Crisis Leadership 715 30.2 Origin and History 716 30.3 Definitions and Terminology 717 30.3.1 Classifications and Typologies 719 30.4 Underlying Theory and Theoretical Assumptions 720 30.4.1 The Emergency Response Cycle 720 30.5 Use and Implementation 721 30.6 Empirical Research on Use and Efficiency 722 30.7 Weaknesses, Limitations, and Criticism 723 30.7.1 Myths and Misconceptions 724 30.7.2 Success or Failure 725 30.8 Relations to Other Safety Principles 725 References 726 Further Reading 731 31 SAFETY STANDARDS: CHRONIC CHALLENGES AND EMERGING PRINCIPLES 732 Ibrahim Habli 31.1 Introduction 732 31.2 Definitions and Terminology 734 31.3 Organization of Safety Standards 734 31.3.1 Safety Lifecycle Models 735xxiv CONTENTS 31.4 Domain Specific Principles 736 31.4.1 Software Safety Assurance Principles 737 31.4.2 Automotive Functional Safety Principles 741 31.5 Development of Standards 742 31.6 Rationale in Standards 743 31.7 Chapter Summary 744 References 744 Further Reading 746 32 MANAGING THE UNEXPECTED 747 Jean-Christophe Le Coze 32.1 Introduction 747 32.2 Defining the Unexpected 750 32.2.1 The Unexpected, What Are We Dealing With? Three Examples 750 32.2.2 Were These Disasters Unexpected, Surprising? 751 32.2.3 The Unexpected, a Highly Relative Category 752 32.3 Thirty Years of Research on the Unexpected 754 32.3.1 Conceptualizing the Unexpected: Four Different Threads 754 32.3.2 Charles Perrow and Normal Accident 756 32.3.3 Barry Turner and Man-Made Disaster: A “Kuhnian” Thread 758 32.3.4 Jens Rasmussen and Complexity: An Ashbyan Thread 760 32.3.5 Four Threads, Four Sensitivities, But Not Exclusive: A Synthesis 764 32.4 Managing the Unexpected 766 32.4.1 Building Favorable Power Configurations (vs. Marxian Thread) 767 32.4.2 Confronting Our Fallible (Cultural) Constructs (vs. Kuhnian Thread) 769 32.4.3 Keeping Sight of the Relation Between Parts and Whole (vs. Ashbyan Thread) 770 32.4.4 Limitations and Opening 771 32.5 Relation to Other Principles: Further Reading 771 32.6 Conclusion 772 References 772 Index 777.INDEX A(H1N1) influenza, 725 abstraction hierarchy complexity, 298 acceptable risk, 17, 435 criterion of, 441 level of, 457 acceptance criterion, 296 accident investigation, 117, 123–125, 129–130, 133 accidents Challenger, Space Shuttle, 176, 647, 651, 655, 751, 757, 761, 765, 772 Chernobyl, xxviii, 20, 120, 394, 647, 649, 652–653, 656, 715, 717, 751, 757, 761 Clapham Junction, 763 Columbia, Space Shuttle, 647 explosion, in the port of Tianjin, 239 Exxon Valdez oil spill, 757 Fukushima, 572, 583, 647–649, 653, 758 Three Mile Island, 717, 756 Windscale, 361–362 Ackoff, Russell, 349 active failures, 69 actively caring for people, 680 age-based maintenance, 541 AHC, 298 Ahteensuu, Marko, 279, 594, 618 aircraft safety assessment, 736 air traffic management, 204, 364 ALAP, 595–596 ALARA, 2, 19–20, 451, 475, 491, 593–601, 615–618 alarm system, 58, 313, 321–322, 713, 715 ALARP, 19, 353, 436–437, 442–444, 451, 475, 477, 481, 483, 541, 543–547, 551–560, 596 algorithm evolutionary, 515, 521, 526, 530, 532, 536 genetic, 521–522, 531 allowed best technology, 606 Alm, Hakan, xxvii, 15, 305 ˚ Alphen aan den Rijn, 430–431 anthrax, 722 arguments deductive, 368 inductive, 368 layered model, 741 risk, 371 Ashby, Ross, 22, 754 Ashby’s Law of Requisite Variety, 123 as low as practicable, 595–596 as low as reasonably achievable, 2, 19–20, 451, 475, 491, 593–601, 615–618 as low as reasonably practicable, 19, 353, 436–437, 442–444, 451, 475, 477, 481, 483, 541, 543–547, 551–560, 596 assembly breakdown, 208 assessment of activity, 176 attention, divided, 317 auditory displays, 308, 317–320 automation, 328 automobile safety, 57 autonomy, 705 Handbook of Safety Principles, First Edition. Edited by Niklas Moller, Sven Ove Hansson, ¨ Jan-Erik Holmberg, and Carl Rollenhagen. 2018 John Wiley & Sons, Inc. Published 2018 by John Wiley & Sons, Inc. 777778 INDEX Bannon, Liam, 168 barrier, 63–71, 81 active and passive, 73 classical view of, 82 classification of, 71 design and installation of, 79 function, 66–69, 71, 74 functional, 150 human, 73 incorporeal, 150 maintenance of, 80 management, 69, 71, 79–82 non-physical, 73 physical, 72 primary, 74 purpose of, 75 quality and efficiency of, 79 radical interpretation of, 82 strategy, 69 system, 45–47, 57, 59, 68, 74, 78, 80, 82 Bayesian belief network, 448, 582 Bayesian paradigm, 432 Bayes’ theorem, 310 BBN, 448, 582 BBS, 21, 158–159, 300, 677–679, 686, 689, 691, 693, 695, 699, 701–706, 748 behavior direct, 690 improvement, 691 modification programs, 704 spurious, 206 behavioral sampling, 119 behavior-based coaching, 702 feedback, 678 goal-setting, 678 incentives and rewards, 678 incident analysis, 678 leadership development, 678 safety, 21, 119, 158–159, 300, 677–679, 686, 689, 691, 693, 695, 699, 701–706, 748 safety, benefits of, 701 safety, criticisms of, 703 safety-training, 678, 704–705 behaviorism, 150 Beninson, Dan J., 600 BEP, 603, 605 Bergman, Bo, xxvii, 16, 333 Beronius, Anna, 279 best available control technology, 603 best available technology, 593–594, 601–606, 615–618 concept of, 605 not entailing excessive costs, 603 methodology of, 605 reference documents, 602 regulations of, 606 strategies of, 606 best environmental practice, 603, 605 best practicable control technology, 603–604 environmental option, 603 means, 603 Bhopal, 757, 761 Birnbaum metric, 447–448 Bisphenol A, 259 Blackwell’s theorem, 554 blowout preventer, 750 Bokrantz, Jon, xxvii, 17, 397 bow-tie diagram, 449 method, 48, 449 brain cramp, 688 brainstorming, 467, 482, 485 branch probabilities, 446 breakdown assembly, 208 organizational, 208 product, 208 broad perspectives, 720 Buchanan, Richard, 169–170 capability, 718 capacitation, 4 capacity, 718 causality credo, 27, 34 causal primacy, 173 Challenger Space Shuttle accident, 176, 647, 651, 655, 751, 757, 761, 765, 772 check-lists, 485 of critical behavior, 691, 693INDEX 779 chemistry, green, 394, 608 Chernobyl accident, xxviii, 20, 120, 394, 647, 649, 652–653, 656, 715, 717, 751, 757, 761 cholera, 259–260 Clapham Junction accident, 763 climate change, 251 close-call reporting, 685 cognitive resources, 16 Columbia Space Shuttle accident, 647 common cause analysis, 736 failure, 45, 54, 80, 213, 222 hypothesis, 149 communicative function, 179 community of practice, 125–127, 132–133 completeness, 206, 219, 222–223, 225, 371, 440, 583 complex reliability models, 446 compliance, 372 computer aided design, 220 manufacturing, 220 conceptual design, 208–209, 214, 219, 226–227, 343, 464, 468, 482, 489–490 confidentiality, 225 configuration management, 205, 207, 210–211, 218, 221 consequence categories, 443 consequence-probability matrix, 470, 487 consistency, 181, 209, 219, 222–223, 225, 582, 735, 763 construction safety, 133 contextual analysis of activity, 175–176 contingency plan, 711 control chart, 339, 341 control, digital, 204 control engineering, 202, 220 control, and instrumentation, 196–202, 204–206, 209–211, 216, 218, 220–222, 227, 229 analog and digital, 204, 227 application of, 226 architecture of, 216, 218, 222, 225–226 digital, 218, 220, 228 failures of, 226 functions of, 218 platforms, 205, 215–216, 222 systems of, 14, 199, 202, 204–205, 217, 220, 224 vendors of, 216 control, internal, 118, 120, 137 controller action reliability analysis, 571 control technology best available, 603 best practicable, 603–604 maximum achievable, 603 reasonably achievable, 603 core-task analysis, 469 design, 172, 178–179, 183–184, 188–189 correctness, 222, 225 cost-benefit analysis, 4, 18, 106–108, 266, 274, 421, 430, 432, 441, 443, 458, 493, 495–499, 503–505, 507–509, 511–512, 541–543, 545–547, 559–560, 594, 604, 616, 734 ex ante, 496 ex post, 496 methodology of, 497 quantitative, 496, 507 cost-benefit framework, 430 cost-benefit optimization, 2, 4–5, 19, 267, 541, 544, 547, 556, 558 cost-benefit ratio, 498–499, 503 cost-benefit rationale, 540, 559 cost-effectiveness, 661 countervailing risks, 107 CPS, 168, 178, 190 crisis management, 711–712, 714–715, 717–720, 722, 724–726, 747 critical behavior checklist, 691, 693 critical risk, 454 cultural framework, 661 cultural-historical activity theory, 178, 184 culture, 660, 669 delineation of, 661 interpretive approach to, 660 national, 648 organizational, 648–649, 652, 665–666 subcultures, 649780 INDEX cyber-physical systems, 168, 178, 190 cyber security, 224–225, 229, 247 decision criteria, 453 theory, 436 deductive argument, 368 default toxicity, 276 defense, 69 defense-in-depth, 12, 42–49, 51–60, 63, 68–69, 72, 78, 84, 158, 212, 222–223, 226, 228, 368, 410, 445, 458, 649, 747, 760–761, 763 fallacy, 763 Delphi technique, 467 demand, physical, 312 Deming, Edwards W., 701 design core-task, 172, 178–179, 183–184, 188–189 detailed, 43, 209, 217, 219, 226, 374 fail-safe, 59, 388 industrial, 168, 185, 204 inherently safe, 6, 16, 355, 386–388, 390, 393–394, 478, 560 parameter, 344 pattern, 214, 228 safety in, 135, 137 of systems, xxxiv, 59, 132, 202, 215, 479 thinking, 14, 167–171, 190 development assurance level, 733–734 diagnostic process, 125–126 digital control, 204 digitalization, 408 direct behaviors, 690 disasters Katrina, Hurricane, 722, 724–725 Piper Alpha, 32, 120, 145, 361, 363, 398, 410, 494, 647, 761 Texas City Refinery, 145, 157, 495 displays, 317 disproportion factor, 505–506, 511 distribution arbitrariness, 96 diverse redundancy, 45 diversity, 59 divided attention, 317 Doorn, Neelke, xxvii, 12, 87 double-loop learning, 122, 138 Downer, John, 760 Dynes, Russell, 717 economic rate of return, 501 risk, 465 ecotoxicity, 274–275 ecotoxicology, 268 efficacy of indicators, 155 Ellul, Jacques, 22, 754, 756 embryonic theories, 720 emergency management, 718 emergency operations plan, 711 emergency plan, 711–713, 718, 721–722, 724 components of, 712 operations, 711 response, 711 emergency response cycle, 720 emergency response plan, 711 emission limit values, 602 lowest achievable rate, 603 employee participation, 684 Enander, Ann, xxviii, 711 energy analysis, 76 model, 119–130 engineering decision complexity, 298 design, 92, 168, 201–202, 220 ensurance principles, 158 environmental safety culture, 669 epistemic primacy, 173 equipment under control, 479 error, human, 688 analysis of, 706 assessment and reduction technique, 567, 570–575, 578–580 European Treaty, 261 event tree analysis, 76, 445, 543INDEX 781 evolutionary algorithm, 515, 521, 526, 530, 532 multi-objective, 526, 530, 536 single-objective, 526–527 expected consequence, 690 developer, 288 end user, 288 utility, 457 utility principle, 441 value-based calculations, 541 experience carrier, 131–135 explicit, 131 feedback, 13, 117–138, 121–122, 124, 131, 747 explosion, in the port of Tianjin, 239 extended parallel process model, 247 external hazard, 417 regulation, 637, 640, 642 Exxon Valdez oil spill, 757 factionalism, 2 fail-safe design, 59, 388 failure active, 69 concept of, 669 failure mode effect analysis, 79, 454, 477 effects and criticality analysis, 543 Falzon, Pierre, 168 fatality risk of groups, 442 fault hazard analysis, 475 fault-tolerant system, 688 fault tree analysis, 77, 446, 475, 543 Federal Aviation Administration, 736, 768 feedback control, 122, 137, 201–202 cycle, 13, 122 field instrument, 218 programmable gate arrays, 224 Findeli, A., 169–170 Flage, Roger, xxviii, 19, 540 floating point, 204, 216 focused attention, 316 formative intervention, 186 fractional contribution, 447 Fukushima accident, 572, 583, 647–649, 653, 758 function, instrumental, 179 functional barriers, 150 block, 204, 218–219 hazard assessment, 736 safety engineering, 478 safety standard, 735 Geller, Scott E., xxviii, 677 general quality principles, 2 generational distance, 523, 532–533 genetic algorithm, 521–522, 531 vector evaluated, 522 Giddens, Anthony, 751 Gilbert, T. F., 700 goal structuring notation, xxx–xxxi, 368–369, 380, 740 good programming technique, 219 governance process, 752 graded approach to safety, 212, 215, 222–223 green chemistry, 394, 608 Grice, H. P., 327 Grote, Gudela, xxix, 20, 627 group fatality risk, 442 GSN, xxx–xxxi, 368–369, 380, 740 Gutteling, Jan, xxix, 15, 235 Habli, Ibrahim, xxix, 21, 732 Hansson, Sven Ove, xxx, 12, 15, 19, 87, 258, 593 hard defenses, 69 hardware, 204–205, 211, 216–219, 224–225, 229 harmonization, 222, 225, 458, 628 Harms-Ringdahl, Lars, xxx, 12, 63 hazard identification, 121, 372, 454, 467, 470, 476–478, 482–483, 490, 683–684 marine, 454782 INDEX hazard (Continued) operability, 18, 454, 467, 469–470, 475, 477, 480, 482–483, 486, 489–490, 543, 577 operating analysis, 467–469, 482–483, 489–490 preliminary analysis, 467–468, 475, 486, 489–490 preliminary list, 482 HAZOP, 18, 454, 467, 469–470, 475, 477, 480, 482–483, 486, 489–490, 543, 577 Heinrich, H. W., 65, 144 Heinrich model, 66 Heinrich’s Pyramid, 144 hierarchical task analysis, 469, 576 high reliability organization, 323–324, 658, 726 Holling, C. S., 26 Hollnagel, Erik, 12, 25, 174, 179, 182, 764, 772 Holmberg, Jan-Erik, xxxi, 12, 17, 42, 434, 618 Hughes, Thomas, 756 human error, 688 analysis, 706 assessment and reduction technique, 567, 570–575, 578–580 human factor, 14, 32, 747 engineering, xxxii, 4, 14, 84, 164–170, 172–173, 175–179, 181–183, 185–190, 226, 469, 560, 706 models, 752 resilience-oriented engineering, 182–183 human-machine system, 306–307 human performance, 78, 166, 284, 299, 313, 570–571, 573, 584, 586, 666 human reliability analysis, xxxiii, 19, 84, 159, 166, 300, 439, 453, 458, 565–586, 706 applications, 566 prospective, 566 retrospective, 566 human technology interaction, 469 ideal safety culture, 677 incident reporting and analysis, 683, 685 incremental safety case development, 373 indicators efficacy of, 155 lagging, 146 individual risk, 429, 432 and fatality, 42 inductive argument, 368 industrial design, 168, 185, 204 influenza, A(H1N1), 725 information and control, 13 information technology security, 55 inherently safe design, 6, 16, 355, 386–388, 390, 393–394, 478, 560 inherent reliability, 410 inherent safety, 388, 607 sub-principles of, 16 injury lost time frequency, 146–148 rate, recordable, 129, 146 Institute of Nuclear Power Operations, 664 instrumental function, 179 instrumentation and control, 196–202, 204–206, 209–211, 216, 218, 220–222, 227, 229 analog and digital, 204, 227 application of, 226 architecture of, 216, 218, 222, 225–226 digital, 218, 220, 228 failures of, 226 functions of, 218 platforms, 205, 215–216, 222 systems of, 14, 199, 202, 204–205, 217, 220, 224 vendors of, 216 integrated system validation, 166 integration, 209 integrity, 225, 383, 402, 450, 452–453, 717, 733–734, 740 interim safety case report, 373 internal control, 118, 120, 137 internal rate of return, 501–503 International Atomic Energy Agency, 664 interpretive work, 176–177, 183 intervention hierarchy, 694–695 Iqbal, Moh Umair, xxxi, 16, 386 ISO 9000, 120, 333–335, 352INDEX 783 Katrina, Hurricane, 722, 724–725 Keinonen, Turkka, 185 Kelly, Tim, xxxi, 16, 361 Kjellen, Urban, xxxi, 13, 117 ´ knowledge, 127, 132, 135 engineering, 752 improvement, 350 management, 13, 126 professional, 350 tacit, 127, 132 theory, 345 Kolmogrov axioms, 436 Kuhn, Thomas, 22, 754–755, 759–760 Kuutti, Kari, 168 lagging indicators, 146 latent conditions, 69 layered argument model, 741 leadership, 666 leading indicators, 146 learning double-loop, 122, 138 spiral, 126, 132, 135 Le Coze, Jean-Christophe, xxxii, 22, 747, 772 Lewis, Clarence I., 345 lifecycle, 205, 207, 372–374, 376, 386, 389, 392–394, 486, 489, 734–736 Lindell, Bo, 600 Lisbon earthquake, 716 local circumstances, 69 logic, multi-valued, 445 Lord Cullen, 363 lost-time injury frequency rate, 146–148 lowest achievable emissions rate, 603 LTI-rate, 129–130 maintainability, 399–400, 404, 406, 514, 517, 542 field, 399 maintenance, 397–404, 516–517, 540–542, 548, 555–556, 559, 684, 747 age-based, 541 barriers, 80 clock-based, 541 condition-based, 401, 541 corrective, 210, 398, 400, 404, 409, 542, 549 efficiency of, 402 errors of, 398 failure-finding, 542 lean, 406–407 management of, 684 opportunistic, 542 optimization, 19, 540–541, 556, 559 planned, 401, 451 predictive, 210, 541 preventive, 541–543, 548 reactive, 401 risk-based, 401 supportability, 405 total productive, 17, 402 types, 402 value driven, 406 management air-traffic, 204, 364 barrier, 69, 71, 79–82 configuration, 205, 207, 210–211, 218, 221 crisis, 711–712, 714–715, 717–720, 722, 724–726, 747 emergency, 718 industrial safety, 119 integrated risk, 2 maintenance, 684 oversight and risk tree, 78, 119, 749 predictive safety, 32–33 proactive safety, 32–33 project, 15, 133, 201, 203–204, 212, 214, 484 quality, xxvii, 13, 16, 117, 119–120, 125–126, 144, 333, 335, 349, 355, 560, 617, 629 resilience, 37–39 safety principles, 627, 648 scientific, 193, 333, 636 system factors, 78 systems engineering, 472 and systems of occupational heath, 135 managing the unexpected, 22, 595, 747, 766 marine hazards, 454 Markov models, 447784 INDEX Marx, Karl, 22, 754–755, 758 maximin, 276 maximum achievable control technology, 603 McRae, Carl, 770 mean time between failures, 403 mean time to failure, 403 mean time to repair, 404 mental demand, 312 mental workload, 312 metaprinciples, 5, 9 of safety
كلمة سر فك الضغط : books-world.net The Unzip Password : books-world.net أتمنى أن تستفيدوا من محتوى الموضوع وأن ينال إعجابكم رابط من موقع عالم الكتب لتنزيل كتاب Handbook of Safety Principles رابط مباشر لتنزيل كتاب Handbook of Safety Principles
|
|