|
A system accident, or normal accident, is an "unanticipated interaction of multiple failures" in a complex system. This complexity can either be technological or organizational, and often has elements of both.〔Perrow, Charles (1984). (''Normal Accidents: Living with High-Risk Technologies, With a New Afterword and a Postscript on the Y2K Problem'' ), Princeton, New Jersey: Princeton University Press, ISBN 0-691-00412-9, 1984, 1999 (first published by Basic Books 1984)〕 A system accident can be very easy to see in hindsight, but very difficult to see in foresight. Ahead of time, there are simply too many possible action pathways. These accidents often resemble Rube Goldberg devices in the way that small errors of judgment, flaws in technology, and insignificant damages combine to form an emergent disaster. System accidents were described in 1984 by Charles Perrow, who termed them "normal accidents", as having such characteristics as interactive complexity, tight coupling, cascading failures, and opaqueness. James T. Reason extended this approach with human reliability and the Swiss cheese model, now widely accepted in aviation safety and healthcare. Once an enterprise passes a certain point in size, with many employees, specialization, backup systems, double-checking, detailed manuals, and formal communication, employees can all too easily recourse to protocol, habit, and "being right." Rather like attempting to watch a complicated movie in a language one is unfamiliar with, the narrative thread of what is going on can be lost. And other phenomena, such as groupthink, can be occurring at the same time for real-world accidents almost always have multiple causes. In particular, it is a mark of a dysfunctional organization to simply blame the last person who touched something. In a December 2012 article in a popular magazine, Charles Perrow writes, "A normal accident is where everyone tries very hard to play safe, but unexpected interaction of two or more failures (because of interactive complexity), causes a cascade of failures (because of tight coupling)."〔(GETTING TO CATASTROPHE: CONCENTRATIONS, COMPLEXITY AND COUPLING ), Charles Perrow, ''The Montréal Review'', December 2012.〕 There is an aspect of an animal devouring its own tail, in that more formality and effort to get it exactly right can make the situation worse.〔Langewiesche, William (March 1998). (The Lessons of Valujet 592 ), ''The Atlantic''. See especially the last three paragraphs of this four-part article: “ . . . Understanding why might keep us from making the system even more complex, and therefore perhaps more dangerous, too.”〕 For example, the more organizational rigmarole involved in adjusting to changing conditions, the more employees will delay in reporting the changing conditions, and the more emphasis on formality, the less likely employees and managers will engage in real communication. New rules can actually make the situation worse, both by adding a new additional layer of complexity and by reminding employees yet again that they are not to think but are just to follow the rules. Regarding the May 1996 crash of Valujet (AirTran) in the Florida Everglades and the lack of interplay between theory and practice, William Langewiesche writes, "Such pretend realities extend even into the most self-consciously progressive large organizations, with their attempts to formalize informality, to deregulate the workplace, to share profits and responsibilities, to respect the integrity and initiative of the individual. The systems work in principle, and usually in practice as well, but the two may have little to do with each other. Paperwork floats free of the ground and obscures the murky workplaces where, in the confusion of real life, system accidents are born."〔 In a 1999 article primarily focusing on health care, J. Daniel Beckham wrote, "It is ironic how often tightly coupled devices designed to provide safety are themselves the causes of disasters. Studies of the early warning systems set up to signal missile attacks on North America found that the failure of the safety devices themselves caused the most serious danger: false indicators of an attack that could have easily triggered a retaliation. Accidents at both Chernobyl and Three Mile Island were set off by failed safety systems."〔''The Crash of ValuJet 592: Implications for Health Care'', J. Daniel Beckham, Jan. '99. DOC file --> http://www.beckhamco.com/41articlescategory/054_crashofvalujet592.doc Mr. Beckham runs a health care consulting company, and this article is included on the company website.〕 Perhaps anticipating the concept of system accident, the Apollo 13 Review Board wrote, "It was found that the accident was not the result of a chance malfunction in a statistical sense, but rather resulted from an unusual combination of mistakes, coupled with a somewhat deficient and unforgiving design."〔 ==Possible system accidents== 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「system accident」の詳細全文を読む スポンサード リンク
|