Readings

[Safeware] = Buy at Amazon Leveson, Nancy. Safeware: System Safety and Computers. Addison-Wesley Professional, 1995. ISBN: 9780201119725.

Buy at MIT Press [ESW] = Buy at Amazon ———. Engineering a Safer World: Systems Thinking Applied to Safety (Engineering Systems). MIT Press, 2011. ISBN: 9780262016629. (Online version)

LEC # TOPICS READINGS
1 Introduction

[Safeware], pp. 3-19, 129-35, 145-55, 163-8, and 515-53 (Appendix A).

Bogdanich, Walt, and Kristina Rebelo. "A Pinpoint Beam Strays Invisibly, Harming Instead of Healing," New York Times, December 29, 2010.
2 Traditional safety engineering techniques, discussion of responsibility assignment

[ESW], chapters 1-3 and reading questions. (PDF)

Robert Follensbee notes.

Rasmussen, Jens. "Risk Management in a Dynamic Society: A Modelling Problem." Safety Science 27, no. 2/3 (1997): 183-213. (This resource may not render correctly in a screen reader.PDF - 1.8MB)

Optional

Flach, John M., Sidney Dekker, et al. "Playing Twenty Questions with Nature (the Surprise Version): Reflections on the Dynamics of Experience." Theoretical Issues in Ergonomics Science 9, no. 2 (2008): 125-54. (This resource may not render correctly in a screen reader.PDF - 1.5MB)

[Safeware], chapter 14 (hazard analysis).
3 Why we need something different, presentation of accident reports

[ESW], chapters 4 and 5.

[Safeware], Appendix B.3.

Reading questions (for class discussion, not turning in)

  1. What is the difference between an accident causality model (like chain of events or STAMP) and a hazard analysis method (like fault tree or event tree analysis)?
  2. What is the hierarchical safety control structure for your selected accident?
4 Systems-theoretic accident modeling processes (STAMP) and accident analysis, presentation of more accident reports

[ESW], chapters 6 and 7, Appendices B (MilStar) and C (Walkerton).

Leveson, Nancy, Margaret Stringfellow, and John Thomas. "STAMP-Based Analysis of SBS Tank 731 Overflow Accident." (PDF) (Courtesy of the authors. Used with permission.)
5 Hindsight bias  
6 Causal analysis based on STAMP (CAST) accident presentations [ESW], pp. 179-96.
7 Systems-theoretic hazard analysis (STPA)

[ESW], chapters 9 and 10.

[Safeware], chapter 5.
8 Design for safety, Level 1 presentations of Nancy's Shuttle [ESW], pp. 196-212.
9 Safety in social systems [ESW], chapter 12.
10 Safety during operations, occupational safety

[ESW], chapter 13.

Dekker, Sidney. "Just Culture: Who Gets to Draw the Line?" Cognition, Technology and Work 11, no. 3 (2009).

Leveson, Nancy, Nicolas Dulac, et al. "Moving Beyond Normal Accidents and High Reliability Organizations: A Systems Approach to Safety in Complex Systems." Working paper. Massachusetts Institute of Technology, 2011.
11 Management and safety culture

[Safeware], chapter 1.

Leveson, Nancy. "The Use of Safety Cases in Certification and Assurance." Working paper. Massachusetts Institute of Technology, 2011.

Hamburger, Tom, and Christi Parsons. "Obama's Nominee for Regulatory Czar Faces Scrutiny," LA Times, January 26, 2009.

Dekker, Sidney. "Discontinuity and Disaster: Gaps and the Negotiation of Culpability in Medication Delivery." Journal of Law, Medicine and Ethics 35, no. 3 (2007): 463-70.

Colonial Pipeline Operations Philosophy. (Example of corporate safety policy)

Optional

Interesting links on ethics, professionalism, and Roger Boisjoly. (PDF)
12 Regulation, how safe is safe enough? SUBSAFE [ESW], chapters 14 and 15.
13 Presentations of final class project