The contribution of latent human failures to the breakdown of complex systems
Abstract
Several recent accidents in complex high-risk technologies had their primary origins in a variety of delayed-action human failures committed long before an emergency state could be recognized. These disasters were due to the adverse conjunction of a large number of causal factors, each one necessary but singly insufficient to achieve the catastrophic outcome. Although the errors and violations of those at the immediate human-system interface often feature large in the post-accident investigations, it is evident that these ‘front-line’ operators are rarely the principal instigators of system breakdown. Their part is often to provide just those local triggering conditions necessary to manifest systemic weaknesses created by fallible decisions made earlier in the organizational and managerial spheres. The challenge facing the human reliability community is to find ways of identifying and neutralizing these latent failures before they combine with local triggering events to breach the system’s defences. New methods of risk assessment and risk management are needed if we are to achieve any significant improvements in the safety of complex, well-defended, socio-technical systems. This paper distinguishes between active and latent human failures and proposes a general framework for understanding the dynamics of accident causation. It also suggests ways in which current methods of protection may be enhanced, and concludes by discussing the unusual structural features of ‘high-reliability’ organizations.