Page 12 - Read Online
P. 12

Schmidt et al. J Surveill Secur Saf 2020;1:1-15  I  http://dx.doi.org/10.20517/jsss.2019.02                                                     Page 5

               and drilling down to the most basic events that are associated together through logic gates to examine the
               relationships among causal factors.


               Further, organisations can learn from specific and/or generic lessons of disasters. They can decide to
               adopt either the approach of Normal Accident Theory (NAT) or high-reliability theory. NAT, which was
                                  [26]
               introduced by Perrow , claims that complexity and lack of prevention measures will unavoidably result
               in a disaster. Thus, the main claim of this argument is that accidents cannot be predicted or prevented and
               hence are “normal” and unavoidable. In contrast, the approach of High-Reliability Organisation (HRO)
                                                                               [27]
               theory states that organisations can contribute to the prevention of disasters . Hence, the emphasis here is
               not how accidents happen, but what successful organisations do to promote and ensure safety in complex
               systems. NAT and HRO have created two schools of thought in the literature related to failure theories. For
               a comprehensive and a balanced account of both schools of thought, the reader is directed to the works of
                                    [29]
                        [28]
               Saleh et al.  and Rijpma .
               3 CASE STUDIES
               3.1 Rationale and methods applied
               This paper focuses on two case studies of different backgrounds; one relates to security and the other to
               safety. The first case analyses the Virginia Tech Shooting in 2007 relating to failure management from a
               security perspective. As the incident has been extensively researched and highly influenced policymakers
               such as universities and government in the U.S. in improving regulations, policies, and laws [30-33] , it is
               considered as a good example of learning from failure. The second case study concerns the Lion Air 610
               airplane crash, which occurred in October 2018. This case study was chosen due to its current relevance
               and relation to aspects of safety. Further, the case study reflects on aspects of not fully learning from
               failures. This poor example of organisational learning, or “unlearning”, is evident by the subsequent crash of
               Ethiopian Air shortly afterwards, which ultimately led Boeing to decide to halt the production of this type
               of aircraft. However, it needs to be acknowledged that the case studies are limited due to being secondary
               information collected by others and potentially being biased.

               The two methods applied in this paper are FTA and RBD. Both methods complement each other as the
               RBD is constructed based on the structure of the FTA . Combining both methods, as a hybrid model
                                                               [10]
               approach, can help to identify failures leading to a disaster, optimise the allocation of resources to address
                                                                       [10]
               safety gaps and thereby mitigate consequences for future disasters .
               An FTA identifies, models and evaluates the unique interrelationship of events leading to: (1) failure; (2)
               undesired events; or (3) unintended events. Those events are on the top of the FTA resulting from the input
               events indicated in the fault tree. Events are connected by “AND” and “OR” gates. An “OR” gate indicates
               that one or more events must occur to trigger the output event. In comparison, an “AND” gate is used when
               all failures indicated in connection with the output event must occur at the same time. The RBD gathers the
               events from the “AND” gate identified in the FTA into a parallel structure and the “OR” gate into a series
               one . This method is used to identify vulnerabilities and gaps.
                  [10]
               Addressing vulnerabilities can be an iterative and recursive process to help better understand and modify
               the original modelling in the form of a fault tree. This kind of analysis can be achieved either algebraically
               using the operational research method of minimum cut sets (a cut set is a combination of failure events,
               causing the top event in a fault tree) or by simply examining all possible failure scenarios of boxes in the
               RBD that will cause “cut-through” of the model. Such exercises build up critical mental problem-solving
               muscles, instead of simply reading a narrative of a report. It also helps to examine the logical combination
               of safety barriers that can mitigate against potential similar hazard.
   7   8   9   10   11   12   13   14   15   16   17