cnotes11

G redundancy interlocks failsafe design or through

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: µ Á · À ¿ · Ë » · ¾ À Ê » Å ¹ º É ¹ ¸ È Ç · Å µ Æ ¶ Å µ ´ à c  µ Á · À ¿ A Systems Theory Model of Accidents Safety is an emergent system property. Accidents arise from interactions among People Societal and organizational structures Engineering activities Physical system components that violate the constraints on safe component behavior and interactions. Not simply chains of events or linear causality, but more complex types of causal connections. Need to include the entire socio−technical system ý ½ » ‚ º  ¹ É ¸ · € µ ¿ ¶ µ ´ c ÿ ½ » ‚ º  ¹ É ¸ · € µ ¿ ¶ µ ´ c STAMP (Systems−Theoretic Accident Model and Processes) Based on systems and control theory Systems not treated as a static design A socio−technical system is a dynamic process continually adapting to achieve its ends and to react to changes in itself and its environment Preventing accidents requires designing a control structure to enforce constraints on system behavior and adaptation. STAMP (2) Views accidents as a control problem e.g., O−ring did not control propellant gas release by sealing gap in field joint Software did not adequately control descent speed of Mars Polar Lander. Events are the result of the inadequate control Result from lack of enforcement of safety constraints To understand accidents, need to examine control structu...
View Full Document

This note was uploaded on 11/07/2011 for the course AERO 16.36 taught by Professor Alexandremegretski during the Spring '09 term at MIT.

Ask a homework question - tutors are online