Kevin X Li,Kevin Cullinane

DOI: https://doi.org/10.1057/palgrave.mel.9100078

2003-01-01

Maritime Economics & Logistics

Abstract:Following a description of the fundamental concepts and terms applicable in maritime risk management (MRM), the various methods by which shipowners might reduce their maritime liability risk are analysed. The advantages and disadvantages of each of the methods are addressed and examples of their potential use are provided. Based upon the premise of rational decision-making, an economic explanation for MRM is deduced from first principles and a distinction is drawn between the choice context of individual shipowners and that of maritime regulatory authorities. By integrating these two contexts, a conceptual approach to the application of cost–benefit analysis in maritime safety regulation is derived. The paper concludes by advocating the adoption of such an approach as a means of ensuring that safety regulation sets optimum targets such that the level of compliance yields maximum economic benefit and that the MRM which shipowners implement is effective in satisfying the regulatory targets that are set.

Wencong Zhao,Xianhui Yang

DOI: https://doi.org/10.1109/CECNET.2011.5768508

2011-01-01

Abstract:In the design of Safety Instrumented System (SIS), the cost of construction and maintenance of the system should be taken into account comprehensively under the circumstance that the safety level is guaranteed. The average possibility of failure on demand (PFDavg) of SIS is the main criteria to assess its safety performance. The paper focuses on the safety performance and cost optimization of SIS. Based on discrete Markov model and the concept of “margin cost” in microeconomics, the concept of “margin cost based on PFDavg (MCPFDavg)” is put forward. Moreover, the paper puts forward a method to deal with the safety performance and cost optimization of SIS simultaneously. Finally, an example is given to prove the feasibility of the method which can reduce total cost when the safety performance of SIS can also be ensured. It gives a new method to design SIS and helps people further realize the relationship of safety performance and cost.

Guy A. Boy,Kara A. Schmitt

DOI: https://doi.org/10.1016/j.anucene.2012.08.027

IF: 1.9

2013-02-01

Annals of Nuclear Energy

Abstract:This paper presents an analytical approach to design for safety that is based on 30years of experience in the field of Human-centered design. This field is often qualified as governing safety–critical systems where risk management is a crucial issue. We need to better understand what the main facets of safety are that should be taken into account during the design and development processes. There are many factors that contribute to design for safety. We propose some of these factors and an articulation of them from requirement gathering and synthesis to formative evaluations to summative evaluations. Among these factors, we analyze complexity, flexibility, stability, redundancy, support, training, experience and testing. However, we cannot design a safe and reliable product in one shot; design is incremental. A product and its various uses become progressively mature. When we deal with new products, issues come from the fact that practice features emerge from the use of the product and are difficult, even impossible, to predict ahead of time. The automation within is an important portion of this maturity, and must be understood well. This is why design for safety is not possible without anticipatory simulations and a period of tests in the real world, such as operational testing in nuclear power plants. In addition, designing for safety is not finished when the product is delivered; experience feedback, or human-in-the-loop simulation (HITLS) is an important part of the overall global design process. The AUTOS pyramid approach can assist in simplifying the understanding, and improving the design of a complex system by describing and relating Artifacts, Users, Tasks, Organizations, and Situations.

nuclear science & technology

D. Sornette,T. Maillart,W. Kröger

DOI: https://doi.org/10.1016/j.ijdrr.2013.04.002

IF: 4.842

2013-12-01

International Journal of Disaster Risk Reduction

Abstract:From biotechnology to cyber-risks, most extreme technological risks cannot be reliably estimated from historical statistics. Therefore, engineers resort to predictive methods, such as fault/event trees in the framework of probabilistic safety assessment (PSA), which consists in developing models to identify triggering events, potential accident scenarios, and estimate their severity and frequency. However, even the best safety analysis struggles to account for evolving risks resulting from inter-connected networks and cascade effects. Taking nuclear risks as an example, the predicted plant-specific distribution of losses is found to be significantly underestimated when compared with available empirical records. Using a novel database of 99 events with losses larger than $50000 constructed by Sovacool, we document a robust power law distribution with tail exponent μ≈0.7. A simple cascade model suggests that the classification of the different possible safety regimes is intrinsically unstable in the presence of cascades. Additional continuous development and validation, making the best use of the experienced realized incidents, near misses and accidents, is urgently needed to address the existing known limitations of PSA when aiming at the estimation of total risks.

geosciences, multidisciplinary,meteorology & atmospheric sciences,water resources

M. Guarascio,Emin Alakbarli,Mohammad Mehdi Hamedanian

DOI: https://doi.org/10.5220/0011947600003485

Abstract:: It has not been far, over a century, since humankind conceived that hazardous incidents should be substantially managed to procrastinate the future could-be hazards. In the middle of the twentieth century, nonetheless, safety measures were passed by officials and introduced to authorities, and private sectors, so as to reduce risks, environmental impacts of the hazards and to evaluate probable outcomes. Therefore, the concept of ALARP, meaning ‘as low as reasonably practicable’ presented back then, has been implemented in risk reduction management to make decisions upon acceptability and tolerability of risks. In order to do so, a few so-called tools, such as Cost-Benefit Analysis, are specified to societal and other types of risks so that we could weigh the balance of the amount of capital to be invested on safety on the one hand, and the extracted benefit attained out of the investment on the other. This implementation opaquely carries on several social, socio-economic, political and even environmental implications. Nevertheless, it has brought up some concerns into proponents’ mindset, ranging from practicality and political reality to calling into question whether ALARP is mainly theoretical. The aim of this study is to figure out whether Cost-Benefit Analysis can be an appropriate tool to analyse the true outcome(s) of ALARP. This paper will offer a critical point of view over the risk-evaluating concept to discern how much it has been practically efficient.

Computer Science,Environmental Science,Engineering

Scott Ferguson Arindam Brahma Claudia Eckert Ola Isaksson a Department of Mechanical and Aerospace Engineering,North Carolina State University,Raleigh,NC,USAb Division of Product Development,Department of Industrial and Materials Science,Chalmers University of Technology,Gothenburg,Swedenc School of Engineering and Innovation,The Open University,Milton Keynes,UKd Division of Product Development,Department of Industrial and Materials Science,Chalmers University of Technology,Gothenburg,Sweden

DOI: https://doi.org/10.1080/09544828.2024.2414130

2024-10-19

Journal of Engineering Design

Abstract:Engineers use margins throughout the design process to manage uncertainty and to systematically address perceived risks. Evidence of margins appears in various design terms such as room for growth, overdesign, safety factors, buffers and excesses. This variety of terms further suggests that the notion of margin is intuitively understood across many disciplines. While the practice of margin resonates strongly with many practitioners, the heterogeneity of margin terminology underscores a significant challenge. The interdisciplinary nature of margins has resulted in a proliferation of definitions, complicating how engineers represent margins and communicate them across different teams and organisations. Consequently, margins are often hidden from many of the relevant stakeholders, limiting the detailed analyses and discussions of margins. Because of this, the full potential of margins as a design concept has yet to materialise.

engineering, multidisciplinary

Alexander Grushin,Walt Woods,Alvaro Velasquez,Simon Khan

2024-09-27

Abstract:State of the art reinforcement learning methods sometimes encounter unsafe situations. Identifying when these situations occur is of interest both for post-hoc analysis and during deployment, where it might be advantageous to call out to a human overseer for help. Efforts to gauge the criticality of different points in time have been developed, but their accuracy is not well established due to a lack of ground truth, and they are not designed to be easily interpretable by end users. Therefore, we seek to define a criticality framework with both a quantifiable ground truth and a clear significance to users. We introduce true criticality as the expected drop in reward when an agent deviates from its policy for n consecutive random actions. We also introduce the concept of proxy criticality, a low-overhead metric that has a statistically monotonic relationship to true criticality. Safety margins make these interpretable, when defined as the number of random actions for which performance loss will not exceed some tolerance with high confidence. We demonstrate this approach in several environment-agent combinations; for an A3C agent in an Atari Beamrider environment, the lowest 5% of safety margins contain 47% of agent losses; i.e., supervising only 5% of decisions could potentially prevent roughly half of an agent's errors. This criticality framework measures the potential impacts of bad decisions, even before those decisions are made, allowing for more effective debugging and oversight of autonomous agents.

Machine Learning,Artificial Intelligence,Systems and Control

M. Mathews,D. Karydas,M. Delichatsios

DOI: https://doi.org/10.3801/iafss.fss.5-595

1997-01-01

Fire Safety Science

Abstract:This paper presents a systematic approach for fire safety engineering, utilizing risk analysis principles. The described methodology is the foundation for a computer program developed for the performance-based fire risk assessment of buildings and the evaluation of alternative safety systems that may maintain the risk of building occupants and equipment, in respect to fire hazards, at tolerable levels. The computer program evaluates fire risk of a specified facility by automatically (1) generating an event tree and enumerating all credible accident scenarios that may follow a range of initiating events, (2) assessing of resulting consequences and associated impact, and (3) calculating the corresponding likelihood of occurrence of each accident scenario. This methodology and the corresponding computer program comprise modeled physical phenomena and stochastic characteristics associated with each elemental event of a scenario. A case study is presented wherein various strategies of risk reduction are compared by implementation of this technique and by deployment of the developed computer tool.

Alexander Grushin,Walt Woods,Alvaro Velasquez,Simon Khan

DOI: https://doi.org/10.1109/CAI54212.2023.00026

2024-10-09

Abstract:Any autonomous controller will be unsafe in some situations. The ability to quantitatively identify when these unsafe situations are about to occur is crucial for drawing timely human oversight in, e.g., freight transportation applications. In this work, we demonstrate that the true criticality of an agent's situation can be robustly defined as the mean reduction in reward given some number of random actions. Proxy criticality metrics that are computable in real-time (i.e., without actually simulating the effects of random actions) can be compared to the true criticality, and we show how to leverage these proxy metrics to generate safety margins, which directly tie the consequences of potentially incorrect actions to an anticipated loss in overall performance. We evaluate our approach on learned policies from APE-X and A3C within an Atari environment, and demonstrate how safety margins decrease as agents approach failure states. The integration of safety margins into programs for monitoring deployed agents allows for the real-time identification of potentially catastrophic situations.

Machine Learning,Artificial Intelligence,Systems and Control

Martin Wortman,Ernest Kee,Pranav Kannan

DOI: https://doi.org/10.48550/arXiv.2203.04315

2022-03-08

Systems and Control

Abstract:Probability Quantification (PQ) predictions of the efficacy of safety-critical protective systems is challenging. Yet, the popularity of PQ methodologies (e.g., Probabilistic Risk Assessment (PRA), Quantitative Risk Analysis (QRA) and Probabilistic Safety Analysis (PSA)) is growing and can now be found written into regulatory rules. PQ in predictive modeling is attractive because of its grounding in probability theory. But, certain important safety related events are not probability-measurable which is problematic for risk-analytic methodologies that rely on PQ computations. Herein, we identify why the dynamics of available information play an essential role in governing the fidelity of PQ, and why PQ in the analysis of safety-critical protective systems is limited by the un-measurability of certain critical events. We provide an historical example that provides a practical context for our observations. Finally we discuss the implications of measurability for regulatory decision-making governed by recent nuclear industry legislation advocating increased use of risk informed, performance-based regulation for advanced reactor licensing.

Kaj Hänninen,Hans Hansson,Henrik Thane,Mehrdad Saadatmand

DOI: https://doi.org/10.48550/arXiv.1808.10308

2018-08-30

Software Engineering

Abstract:In the early 90s, researchers began to focus on security as an important property to address in combination with safety. Over the years, researchers have proposed approaches to harmonize activities within the safety and security disciplines. Despite the academic efforts to identify interdependencies and to propose combined approaches for safety and security, there is still a lack of integration between safety and security practices in the industrial context, as they have separate standards and independent processes often addressed and assessed by different organizational teams and authorities. Specifically, security concerns are generally not covered in any detail in safety standards potentially resulting in successfully safety-certified systems that still are open for security threats from e.g., malicious intents from internal and external personnel and hackers that may jeopardize safety. In recent years security has again received an increasing attention of being an important issue also in safety assurance, as the open interconnected nature of emerging systems makes them susceptible to security threats at a much higher degree than existing more confined products.This article presents initial ideas on how to extend safety work to include aspects of security during the context establishment and initial risk assessment procedures. The ambition of our proposal is to improve safety and increase efficiency and effectiveness of the safety work within the frames of the current safety standards, i.e., raised security awareness in compliance with the current safety standards. We believe that our proposal is useful to raise the security awareness in industrial contexts, although it is not a complete harmonization of safety and security disciplines, as it merely provides applicable guidance to increase security awareness in a safety context.

Kush R. Varshney

DOI: https://doi.org/10.48550/arXiv.1601.04126

IF: 5.414

2016-01-16

Machine Learning

Abstract:Machine learning algorithms are increasingly influencing our decisions and interacting with us in all parts of our daily lives. Therefore, just like for power plants, highways, and myriad other engineered sociotechnical systems, we must consider the safety of systems involving machine learning. In this paper, we first discuss the definition of safety in terms of risk, epistemic uncertainty, and the harm incurred by unwanted outcomes. Then we examine dimensions, such as the choice of cost function and the appropriateness of minimizing the empirical average training cost, along which certain real-world applications may not be completely amenable to the foundational principle of modern statistical machine learning: empirical risk minimization. In particular, we note an emerging dichotomy of applications: ones in which safety is important and risk minimization is not the complete story (we name these Type A applications), and ones in which safety is not so critical and risk minimization is sufficient (we name these Type B applications). Finally, we discuss how four different strategies for achieving safety in engineering (inherently safe design, safety reserves, safe fail, and procedural safeguards) can be mapped to the machine learning context through interpretability and causality of predictive models, objectives beyond expected prediction accuracy, human involvement for labeling difficult or rare examples, and user experience design of software.

Nathaniel B. Price,Mathieu Balesdent,Sébastien Defoort,Rodolphe Le Riche,Nam H. Kim,Raphael T. Haftka

DOI: https://doi.org/10.48550/arXiv.1904.08978

2019-04-19

Abstract:At the initial design stage engineers often rely on low-fidelity models that have high epistemic uncertainty. Traditional safety-margin-based deterministic design resorts to testing (e.g. prototype experiment, evaluation of high-fidelity simulation, etc.) to reduce epistemic uncertainty and achieve targeted levels of safety. Testing is used to calibrate models and prescribe redesign when tests are not passed. After calibration, reduced epistemic model uncertainty can be leveraged through redesign to restore safety or improve design performance; however, redesign may be associated with substantial costs or delays. In this paper, a methodology is described for optimizing the safety-margin-based design, testing, and redesign process to allow the designer to tradeoff between the risk of future redesign and the possible performance and reliability benefits. The proposed methodology represents the epistemic model uncertainty with a Kriging surrogate and is applicable in a wide range of design problems. The method is illustrated on a cantilever beam bending example and then a sounding rocket example. It is shown that redesign acts as a type of quality control measure to prevent an undesirable initial design from being accepted as the final design. It is found that the optimal design/redesign strategy for maximizing expected design performance includes not only redesign to correct an initial design that is later revealed to be unsafe, but also redesign to improve performance when an initial design is later revealed to be too conservative (e.g. too heavy).

Applications

Van-Dung Truong,William Brace

DOI: https://doi.org/10.1016/j.fusengdes.2024.114690

IF: 1.905

2024-10-23

Fusion Engineering and Design

Abstract:The engineering design of components and systems in a fusion power plant, an example of a complex system with extreme conditions, requires careful consideration and balance of the numerous associated risks. Key risks are observed from several perspectives and categorised as failure modes, situational and quality risks. Several methods exist for the separate consideration of these risks at the various design phases. However, an optimum approach is to consider all risks and balance the effects during the early design phase. The paper introduces a novel methodology to consider all associated risks at the conceptual design phase by combining a generalised Π-theorem and dimensional analysis for qualitative physics reasoning. The method is applied to a Balance of Plant components as a case study. Initial results show positive concurrent consideration and analysis of all risks in the conceptual stage.

nuclear science & technology

Duncan McLachlan

DOI: https://doi.org/10.4043/30618-ms

2020-05-04

Abstract:Abstract This paper demonstrates how the adoption of systems engineering practices, where functional requirements are established and interdependencies are dynamically modelled, allows optimisation of the project holistically to create value at the earliest stage, and for this value to be protected throughout the lifecycle. We will explain how functional requirements and project value drivers are identified; causal loop diagrams are utilised to ensure causal precision; the conversion of causal loop diagrams to stock flow diagrams to allow the incorporation of algorithms, which dynamically model the interdependencies. We will demonstrate how this model is utilised to optimise and protect value. This has been implemented successfully on several projects. Two case studies will be presented: one where systems engineering was used where field production from a complex group of 350 offshore wells producing from different reservoirs was anticipated to decline in the medium term and a best technical solution to maximise Net Present Value (NPV) for the asset was required. The second application of this approach was the development of a Normally Unmanned Installation (NUI) concept that removes 250t of topsides equipment, a 90% reduction based on previous wellhead towers in the same basin, achieves a 98% reduction in power consumption, and only requires planned offshore working once per year. The systems model was established in concept and is continuing to be used through the Front End Engineering and Design (FEED) phase of the project to protect this value created and prevent "death by a thousand cuts", or the slow process of erosion of value brought about by individual, seemingly inconsequential, decisions that aggregate over time to cause project failure.

J B Wasserfallen,P O Droz,J D Tissot

Abstract:Medicine can be dangerous for the patients, the caregivers, the visitors and the environment. Technological progress provides devices and drugs that are always more powerful, more efficacious, but at the same time able to lead to severe side effects. This paper describes the system set up in a university hospital to fulfill legal requirements. Specialists in specific fields build up commissions, which are united in a coordination office. A general policy for the hospital has been decided, but each commission is responsible for managing the risks in its field. The overall philosophy moved from a quality assurance to a quality management system, in which the employee involved in an incident or an accident is no longer considered the only culprit except in cases of obvious violation of established procedures. In order to be efficient, the system must be as simple as possible, and well known, so that collaborators gain confidence in it. Once this cultural revolution is accomplished, quality but also security of the procedures will be improved. Its impact on cost is more questionable, as the system generates running costs which might be higher than the savings it might bring.

Kush R. Varshney,Homa Alemzadeh

DOI: https://doi.org/10.48550/arXiv.1610.01256

2017-08-22

Abstract:Machine learning algorithms increasingly influence our decisions and interact with us in all parts of our daily lives. Therefore, just as we consider the safety of power plants, highways, and a variety of other engineered socio-technical systems, we must also take into account the safety of systems involving machine learning. Heretofore, the definition of safety has not been formalized in a machine learning context. In this paper, we do so by defining machine learning safety in terms of risk, epistemic uncertainty, and the harm incurred by unwanted outcomes. We then use this definition to examine safety in all sorts of applications in cyber-physical systems, decision sciences, and data products. We find that the foundational principle of modern statistical machine learning, empirical risk minimization, is not always a sufficient objective. Finally, we discuss how four different categories of strategies for achieving safety in engineering, including inherently safe design, safety reserves, safe fail, and procedural safeguards can be mapped to a machine learning context. We then discuss example techniques that can be adopted in each category, such as considering interpretability and causality of predictive models, objective functions beyond expected prediction accuracy, human involvement for labeling difficult or rare examples, and user experience design of software and open data.

Computers and Society,Machine Learning

Craig S. Webster

DOI: https://doi.org/10.1080/08109028.2017.1279873

2016-06-01

Prometheus

Abstract:The increasing complexity and power of our technologies compels us to find new ways in which to conceptualise, understand and maintain their safety in the long term. Some complex technological industries have performed better than others in terms of applying sustained and systematic approaches to the maintenance of safety. The United States nuclear power industry can be seen as an ideal test-bed for the development of safety initiatives, being responsible for the control of potentially unpredictable technology that involves extraordinary forces and costs. This paper describes and formalises a framework for better understanding the safety of complex socio-technological systems, based on key events in the development of safety in the United States nuclear power industry. The framework comprises two components: (1) a state-space approach for better conceptualising system failures, the benefits of incident reporting and remedial safety initiatives; and (2) a set of milestones that can be used to assess the development of safety in socio-technological industries. Healthcare and the United States nuclear power industry both represent complex socio-technological systems with similar technical characteristics. However, safety strategies in healthcare have not kept pace with the increasing complexity of clinical practice, and there have been international calls for improvements in patient safety. The framework is applied to the analysis of safety in healthcare, demonstrating its utility as an alternative safety analogy in healthcare. Use of the framework indicates substantial scope for improvements in healthcare safety through major evidence-based system redesign. By lowering the threshold for the reporting of incident data to include accident precursors, it is possible to identify problem areas before patient harm occurs.

Lars Harms-Ringdahl

DOI: https://doi.org/10.1016/j.ssci.2008.06.004

IF: 6.392

2009-03-01

Safety Science

Abstract:A new method for accident investigations is presented. It is based on the concept of safety function, which is defined as a technical or organisational function, a human action or a combination of these, that can reduce the probability and/or consequences of accidents and other unwanted events in a system. An analysis starts with the identification of safety functions related to the event. These are structured; an assessment is then made of whether they worked or not, and finally safety improvements are proposed.The method has been applied to five different incidents, coming from different types of work sites, such as electrical power distribution, a railway, and hospitals. For each case, around 40 safety functions were identified, of which less than half had worked. It was found that technical, organisational and human safety features existed side-by-side. The method supports a consistent analysis of a variety of safety features, and can integrate them into a common format.Each system contained formal and informal elements in parallel, often overlapping. This can be seen as safety redundancy, which makes the safety system less vulnerable to change that supports the preservation of safety. It might be more adequate to describe this as a safety web rather than a distinct set of barriers, and there is also an analogy with the concept of safety resilience.

engineering, industrial,operations research & management science

Chao Chen,Genserik Reniers,Nima Khakzad,Ming Yang

DOI: https://doi.org/10.1016/j.ssci.2021.105326

IF: 6.392

2021-09-01

Safety Science

Abstract:<p>Due to the COVID-19 pandemic in 2020, the trade-off between economics and epidemic prevention (safety) has become painfully clear worldwide. This situation thus highlights the significance of balancing the economy with safety and health. Safety economics, considering the interdependencies between safety and micro-economics, is ideal for supporting this kind of decision-making. Although economic approaches such as cost-benefit analysis and cost-effectiveness analysis have been used in safety management, little attention has been paid to the fundamental issues and the primary methodologies in safety economics. Therefore, this paper presents a systematic study on safety economics to analyze the foundational issues and explore the possible approaches. Firstly, safety economics is defined as a transdisciplinary and interdisciplinary field of academic research focusing on the interdependencies and coevolution of micro-economies and safety. Then we explore the role of safety economics in safety management and production investment. Furthermore, to make decisions more profitable, economic approaches are summarized and analyzed for decision-making about prevention investments and/or safety strategies. Finally, we discuss some open issues in safety economics and possible pathways to improve this research field, such as security economics, risk perception, and multi-criteria analysis.</p>

engineering, industrial,operations research & management science