Abstract
Engineering systems are a typical example of complex socio-technical systems since they comprise technical, social, and managerial aspects. While their mission is to be in service for people by offering them high quality as well as profitable services and infrastructure, they are identified as safety-critical ones because a failure or a malfunction may result in death or serious injury to people. Indeed, practice has shown that even in engineering systems accidents are inevitable. Thus, it is apparent that there is a need for tools to support safety-driven system design and operations, as well as for accident prevention mechanisms that give critical engineering infrastructure freedom from accidents. Safety is thence listed as one of the major issues facing engineering systems.Just like in any complex socio-technical system, safety in engineering systems is treated as an emergent property. Namely, safety depends on the enforcement of constraints on the behaviour of the system components ...
Engineering systems are a typical example of complex socio-technical systems since they comprise technical, social, and managerial aspects. While their mission is to be in service for people by offering them high quality as well as profitable services and infrastructure, they are identified as safety-critical ones because a failure or a malfunction may result in death or serious injury to people. Indeed, practice has shown that even in engineering systems accidents are inevitable. Thus, it is apparent that there is a need for tools to support safety-driven system design and operations, as well as for accident prevention mechanisms that give critical engineering infrastructure freedom from accidents. Safety is thence listed as one of the major issues facing engineering systems.Just like in any complex socio-technical system, safety in engineering systems is treated as an emergent property. Namely, safety depends on the enforcement of constraints on the behaviour of the system components or the parts they compose together. Furthermore, regardless of whether they are located in the same or in different hierarchical system levels, components and parts are subject to constraints imposed on their potential interactions. Safety is also a control problem for the reason that to maintain it within acceptable levels, adequate feedback control processes should be designed and "installed" within a complex socio-technical system.A key factor in system safety is risk Situation Awareness (SA). Specifically, systems have a capability of perceiving and comprehending threats and vulnerabilities, as well as projecting what they may entail in response to system safety. On that account, what in this thesis is called risk SA is the individual SA of a system agent and refers to the presence of threats and vulnerabilities that may lead to system accidents. Nonetheless, in consideration of complex socio-technical systems, there is an inherent according to the system design and development, capability of each system part to provide its agent with SA about the presence of system threats and vulnerabilities, possibly leading to accidents. This capability is called risk SA provision capability and stems from the number, type, and characteristics of each one of the elements that together shape the different parts of the system, laying thus the foundation for the emergence of risk SA on a system level. Aside from the risk SA, this thesis introduces the term "risk DSA". The distinction between SA and DSA lies in the fact that the former can be found in individuals, while the latter is an emergent property of the socio-technical system. Risk DSA is a special case of DSA indicating that each agent, on the one hand, may have a detailed picture of the threats and vulnerabilities of the part he controls, but on the other hand retains a partial overview of the threats and vulnerabilities that are present in the entire system. Based on the above presented reasoning, the problem that this thesis investigates is the degree to which the various elements of a complex socio-technical system affect the risk SA provision capability of the system as a whole. Notwithstanding this problem, there is a lack of a measurable quantity indicating the degree of that capability. This raises the need of a means to facilitate engineers and designers in choosing the system, the composition of which is likely to maximise or at least enhance the risk SA provision capability. Hence, another contribution of this thesis is the proposition of the RiskSOAP methodology and its accompanying indicator.RiskSOAP provides a quantitative reflection of a system's performance in terms its risk SA provision capability, it tests the positive correlation between safety and risk SA, and encourages also the assessment of the risk DSA. Moreover, it is a comparison-based methodology that goes through three stages; that is, determine the desired composition of the system, then identify the as-is one(s), and finally employ a comparative strategy aiming to depict the distance between the compared units. To obtain that, the RiskSOAP methodology is founded on three existing approaches: the STAMP Based Process Analysis (STPA). the Early Warning Sign Analysis based on the STPA (EWaSAP) approach, and the Rogers-Tanimoto dissimilarity measure for binary data.To demonstrate how the RiskSOAP methodology applies in practice and examine the evidence of the main hypothesis and the sub-hypothesis of this research work, RiskSOAP is applied to three real engineering socio-technical systems: a robotic installation, an aviation system, and a road tunnel. Further attainments are reached in every case.Overall, the RiskSOAP indicator is assessed as complying with a group of standards and criteria. A discussion on its claimed contributions and results is also provided. Future research may bring new challenges, but it offers insight on how RiskSOAP can be further used and improved as well.
show more
