“What does the collapse of sub-prime lending have in common with a broken jackscrew in an airliner’s tailplane? Or the oil spill disaster in the Gulf of Mexico with the burn-up of Space Shuttle Columbia? These were systems that drifted into failure. (Dekker, 2011)
Traditionally accident investigation approaches have been driven by the need to pin down exactly what went wrong. The answer is demanded by our insurance and legal processes, which need to establish who, or what was to blame. People like Turner (1997) and Rasmussen, (1997) however, came to the conclusion that much of the blame, lay with the organisations that were supposed to be managing these situations, safely (i.e., without accidents). Perrow, (1984) on the other hand, theorised that in highly complex, tightly coupled, stiff systems, accidents were inevitable; indeed, were to be expected and regarded as “normal”. He quoted the 3 Mile Island (Elliot, 1980) nuclear accident as an example. Hopkins (1999) has articulated the problems and confusion inherent in this explanation (justification?) of such incidents; and further queried whether even 3 Mile Island fitted this definition in practice. (2001) Many of the methods employed in the study of these accidents are focussed on finding what failures caused the consequences observed, whether of components, individuals, or organisations.
More recent discussions (Hollnagel, Woods, Dekker) have highlighted that these failures perhaps represent extreme excursions in “normal” system behaviour and hence as Perrow indicates “to be expected. So, the questions of whether or not accidents are “normal” is relevant. . Hence more recent approaches (Hollnagel E. , 2014) to trying to understand what happens in these situations, has proposed that many of the accidents happen as a result of operating such systems in very much the same way as usual – i.e., normally.
What is now of interest as a research question is to determine what constitutes “normal” behaviour and why deviations from it are a problem. Variabilities in operational environments, personnel and conditions, Manifest themselves as a range of observed behaviours, with a (normal?) distribution of frequency of occurrence. Accidents, on this approach would thus represent excursions into a small section of the tails of a normal distribution. This is almost back full circle to Rasmussen’s idea that in real systems and operating environments, it is normal to expect such straying over safe limits inadvertently,)
The case study uses FRAM, (the Functional Resonance Analysis Method) (Hollnagel E. , FRAM: The Functional Resonance Analysis Method: Modelling Complex Socio-technical Systems, 2012), to examine the BP Macondo Well incident to determine its applicability and effectiveness as a diagnostic tool. The FRAM analysis employed, showed that there was indeed a range of conditions which were considered “normal” and acceptable in individual functions; and that their complex interdependencies could indeed explain the emergent accident conditions that were observed. It argued that if “normal” is understood as natural variabilities in operating environments i.e., in its normal usage, the Macondo Well incident was indeed a normal accident.
The study also showed that the Functions modelled, corresponded to the barriers identified in the Investigating Commission’s BOW TIE diagrams.
This led to a further publication showing how to use FRAM to quantify predictions of barrier performance on demand more realistically
Figure 1 – The FRAM Model showing the Instantiation for the procedure being operated
Publication
Slater, D. (2023), Was the Deepwater Horizon incident a “Normal” accident? Safety Science 168(2023):106290, DOI: 10.1016/j.ssci.2023.106290
Bow Tie paper
Slater, D. and Hill, R., (2024), Building Nonlinear, Systemic Bow Ties, Using Functional Barriers, System Engineering, DOI: 10.20944/preprints202406.1433.v1