Coordinability and consistency: Application of systems theory to accident causation and prevention

• Coordinability and consistency (C&C) from systems theory are important for safety.
• Lack of C&C are fundamental failure modes in hierarchical multilevel systems.
• C&C provides domain-independent templates and vocabulary for post-mortem accident analysis.
• C&C-based analysis can provide design and operational guidelines for system safety.
• C&C can be integrated with well-known ideas: HRO, QRA/PRA, and defense-in-depth.

Recent works in the safety literature report several fruitful attempts to introduce mathematically rigorous results from systems and control theory to bear upon accident prevention and system safety. Previously, we discussed the implications on safety of the systems theoretic principles of coordinability and consistency, and we identified the lack of coordinability and/or consistency as fundamental failure modes in hierarchical multilevel systems. In this work, we further develop system safety analysis techniques based on these principles. We demonstrate that these principles not only provide a domain-independent vocabulary for expressing the results of post-mortem accident analyses, but they can also be applied to guide design and operational choices for accident prevention and system safety. We develop these ideas with the help of an illustrative case study. This case study represents a broad class of systems where operational policies and procedures of individual stakeholders in the system interact with physical processes such that new system behaviors emerge, and unanticipated safety issues arise. We argue, and illustrate our arguments using this case study, that the coordinability and consistency principles can be developed to deliver a threefold impact on accident analysis and prevention: firstly, these principles provide domain-independent procedural templates and vocabulary for post-mortem accident analysis. Secondly, these principles provide theoretical safety specifications to be met during system design and operation. Finally, these safety specifications can precipitate the formulation of a series of questions directly related to safety-oriented choices in the design, operation, and control of systems.