Normal Accident Theory [...]

Theory articulated to explain nature of accidents in complex systems. Big insight: accidents are normal, and best analyzed as recurring events. Other insights:

  • Redundancy can be a cause of error as much as a cure for it. Don’t make redundancy the default answer to safe design.
  • Move from “Oversight to Insight” where possible.
  • Centralization is necessary in tightly coupled systems, but not everything has to be centralized. Decentralization is a better fit for quick decision making.
  • Operator error is a lousy explanation for an accident in a complex system. Look at the system, not operators.
  • Close calls are useful as windows into “interactive complexity”.

More to be found on this NASA slideset: [ pdf]

Command and Control details the history of near-accidents with nuclear weapons in the Normal Accident Theory framework.

Redundancy in systems carries risks. See Three Dangers of Redundancy