Theory articulated to explain nature of accidents in complex systems. Big insight: accidents are normal, and best analyzed as recurring events. Other insights:
- Redundancy can be a cause of error as much as a cure for it. Don’t make redundancy the default answer to safe design.
- Move from “Oversight to Insight” where possible.
- Centralization is necessary in tightly coupled systems, but not everything has to be centralized. Decentralization is a better fit for quick decision making.
- Operator error is a lousy explanation for an accident in a complex system. Look at the system, not operators.
- Close calls are useful as windows into “interactive complexity”.
More to be found on this NASA slideset: [http://www.hq.nasa.gov/office/codeq/accident/accident.pdf pdf]
Command and Control details the history of near-accidents with nuclear weapons in the Normal Accident Theory framework.
Redundancy in systems carries risks. See Three Dangers of Redundancy