System safety principles: A multidisciplinary engineering perspective

System safety is of particular importance for many industries. Broadly speaking, it refers to the state or objective of striving to sustainably ensure accident prevention through actions on multiple safety levers (technical, organizational, and regulatory). While complementary to risk analysis, it is distinct in one important way: risk analysis is anticipatory rationality examining the possibility of adverse events (or accident scenarios), and the tools of risk analysis support and in some cases quantify various aspects of this analysis effort. The end-objective of risk analysis is to help identify and prioritize risks, inform risk management, and support risk communication. These tools however do not provide design or operational guidelines and principles for eliminating or mitigating risks. Such considerations fall within the purview of system safety.In this work, we propose a set of five safety principles, which are domain-independent, technologically agnostic, and broadly applicable across industries. While there is a proliferation of detailed safety measures (tactics) in specific areas and industries, a synthesis of high-level safety principles or strategies that are independent of any particular instantiation, and from which specific safety measures can be derived or related to, has pedagogical value and fulfills an important role in safety training and education. Such synthesis effort also supports creativity and technical ingenuity in the workforce for deriving specific safety measures, and for implementing these principles and handling specific local or new risks. Our set of safety principles includes: (1) the fail-safe principle; (2) the safety margins principle; (3) the un-graduated response principle (under which we subsume the traditional “inherently safe design” principle); (4) the defense-in-depth principle; and (5) the observability-in-depth principle. We carefully examine each principle and provide examples that illustrate their use and implementation. We relate these principles to the notions of hazard level, accident sequence, and conditional probabilities of further hazard escalation or advancement of an accident sequence. These principles are a useful addition to the intellectual toolkit of engineers, decision-makers, and anyone interested in safety issues, and they provide helpful guidelines during system design and risk management efforts.     

安全降变原理及C-S-R事故致因新模型

为发展安全科学原理和给事故防控与调查提供新的方法,根据变化对系统安全的影响机制,开展安全降变原理及事故致因新模型研究。首先,提出安全降变原理并解析其内涵及研究意义。其次,基于安全降变原理,给出不同层级安全系统变化的分类实例,并对作业场所事故及其致因重新定义和分类。再次,构建基于安全降变原理的C-S-R事故致因新模型。最后,基于事故案例分析,验证所提出的C-S-R事故致因新模型与安全降变原理的有效性。结果表明,各级安全系统中自发或是受联动的变化超出系统的变化承受水平时,将导致事故的发生。经事故案例分析验证可知,安全降变原理及C-S-R事故致因新模型具有充分的实用性。     

复杂社会技术系统安全事故的成因结构敏感性及预防对策研究

简要回顾现有复杂社会技术系统安全事故的成因理论存在的局限性,根据大量统计资料和经验总结构建事故成因理论的缺陷。该研究试图从分析和推理入手,根据复杂社会技术系统运行机制及事故成因结构敏感性特征,探索由于新技术快速普及应用而不断涌现的复杂社会技术系统的失效机制及事故的成因理论;解释复杂社会技术系统安全事故的严重程度差异性、时间方向性及情境依赖性;为任何因新技术普及应用而产生的人造系统的安全分析及事故预防提供理论和方法支撑。     

STAMP模型在危化品道路运输事故分析中的应用研究

为保障危化品道路运输行车安全,基于STAMP模型构建危化品道路运输的分层安全控制结构,将安全问题看作是控制问题,并将系统工程思想融入事故预防中。在此基础上,引入沪昆高速湖南邵阳段“7.19”特别重大道路交通危化品爆燃事故并对其进行实证分析,从物理层、基础层、运营层及监管层动态分析导致事故发生的控制缺失。结果表明:基于STAMP模型的安全分析方法不仅可考虑由组件失效引起的事故,还可发现组件之间的组织问题及决策背景,并对事故致因做出更为详细的解释,为类似事故的分析和预防提供思路与参考。     

An urban pipeline accident model based on system engineering and game theory

Urban pipeline accidents are caused by complex social-technical factors, in which urban communities and pipeline systems are involved. Such accidents can thus be investigated from the viewpoint of system engineering. System-Theoretic Accident Model and Processes (STAMP) is a systemic method for safety assessment, which has been adopted in many domains. This approach can provide deep insights of accident causes by considering direct and indirect factors. Meanwhile, competition and cooperation between stakeholders in accidents are observed. Therefore, these parties can also be analyzed with the game theory. That is, stakeholders in STAMP can be regarded as players in game. The aim of this paper is to provide a new insight to analyze urban pipeline accidents by considering both STAMP and game theory. In this paper, we proposed an accident model for urban pipelines, with a case study of China-Qingdao pipeline accident occurred in 2013. We concluded that accident reasons can be investigated in-depth and lessons can be learned from analyzing causal factors by using STAMP. Based on results generated from STAMP, we applied the game theory to analyze roles that government and companies act in the China-Qingdao urban pipeline accident. The results show that current punishment and incentive systems are incomplete, lacking of the driving force and constraining force for the stakeholders involved in the accident.     

城市轨道交通运营安全事故多圈层匹配创新研究*

为了实现城市轨道交通运营安全事故管理经验的有效重用,运用主题爬虫技术和Access数据库构建城市轨道交通运营安全事故案例库;细分事故文本数据,提取案例关键特征属性,形成相似案例匹配基础;针对案例推理技术在实践应用中存在的不足,创新提出多圈层相似案例匹配策略,并用实例进行验证。研究结果表明:多圈层相似案例匹配策略在城市轨道交通运营安全事故检索应用中具有可行性和高效性。研究结果可对实现事故管理经验重用提供有效借鉴。     

核电厂人因事故预防的定量化决策

人因事故的分析与预防是核电厂安全运行和管理的重要内容。笔者提出的系统安全性层次分析法主要从两种角度考虑系统的安全性:专家能力权值和安全性矩阵的建立。采用专家判断矩阵确定事故原因对系统安全性的重要度排序。举例某核电厂事故定量分析进行说明,在对事故进行原因分析基础上,构建事故影响因素层次模型,利用层次分析法分析得出事故原因重要度排序由高到低依次为组织管理、操作人员、人机界面、培训与设备状态,并据此提出了相应的预防与改进措施,为安全性要求较高的复杂工业系统提供事故预防的定量化决策依据。     

基于大数据的大型活动拥挤踩踏事故预警分析研究

为预防大型活动拥挤踩踏事故发生,以拥挤踩踏事故为研究对象,结合系统安全理论和预警原理,运用大数据技术建立拥挤踩踏事故预警模型。以上海外滩拥挤踩踏事故为实例,通过热力图预警分析、人群流向预警分析和地图搜索量预警分析,在事故发生前进行监测、识别、诊断和评价,得出存在事故早期征兆,属于Ⅱ级预警范围,应启动预警对控措施;并将预控对策与当晚实际事故发生过程中采取的对策进行对比,进一步说明基于大数据技术的拥挤踩踏预警对上海外滩拥挤踩踏事故预防和控制的有效性,相关预警技术和方法可为大型活动科学预防和控制拥挤踩踏事故提供技术支撑。     

外部安防系统在海洋石油固定平台中的应用

为了弥补传统的海洋石油固定平台内部安防系统的不足,达到海洋石油固定平台全天候自动监测、自动报警、无人值守、主动防御、预防为主的目的,以便提早发现灾害或事故的苗头,提供及时报警,并采取适当的预防措施。根据主动防御、准确测报、防范未然和规避事故的原则方针,按区域警戒与要地防范相结合的方法,介绍了外部安防系统在海洋石油固定平台中的应用,包括六个子系统、工作流程、各个子系统在海洋石油固定平台中的应用以及特点和价值,从监控、应急、监管等多角度出发,实现了一体化的安全监控。     

基于系统理论事故模型与过程的危险性分析方法

传统危险性分析方法将事故视为开始事件诱发的一连串事件所造成的不幸后果,适于处理相对简单或由物理组件构成的系统,但无法胜 任较为复杂的社会技术系统,有必要研究和探索推广性更好、更为有效的系统安全分析手段。系统理论事故模型与过程（STAMP）将安全视为系 统组件间交互的一种涌现特性,并认为事故起因除了组件失效,组件间交互失常而违背安全约束也是重要诱因。主张在系统开发、设计和运行 中通过加强控制和强化有关安全约束来预防事故。基于此,先引入了STAMP的基本概念,并介绍了其分析步骤,然后,以贴近真实的导弹拦截系 统危险性分析案例,阐述了基于STAMP的分析过程。该分析方法可为开发较高安全性水平的社会技术系统提供技术支持。     

事故致因理论对自主系统开发与安全运行的启示

在现代工业中,自主智能系统处在创新与探索阶段。由于先验知识的缺乏,其自身所带来的风险问题,越发得到学术界与工业界的关注。本文对于如何应用国际主流的事故致因理论以提高自主系统开发与运营的安全性进行了探讨。指出,现有的事故致因理论可用来从不同角度识别已知风险源,提高对未知风险源的警惕性,并通过描述事故场景,来辅助设计技术安全屏障与运行策略提高自主系统的安全性。为更好的理解自主系统如何会做出错误或不恰当决策,需对现有事故致因理论未涉及到的脑科学与认知心理学进一步的探讨与研究。     

Accident analysis model based on Bayesian Network and Evidential Reasoning approach

In this paper, an accident analysis model is proposed to develop the cost-efficient safety measures for preventing accidents. The model comprises two parts. In the first part, a quantitative accident analysis model is built by integrating Human Factors Analysis and Classification System (HFACS) with Bayesian Network (BN), which can be utilized to present the corresponding prevention measures. In the second part, the proposed prevention measures are ranked in a cost-effectiveness manner through Best-Fit method and Evidential Reasoning (ER) approach. A case study of vessel collision is analyzed as an illustration. The case study shows that the proposed model can be used to seek out accident causes and rank the derived safety measures from a cost-effectiveness perspective. The proposed model can provide accident investigators with a tool to generate cost-efficient safety intervention strategies.     

基于熵理论的重大事故复杂链式演化机理及其建模

为完善重大事故演化的本质规律和探究事故后果累积放大原理,从安全物质学的视角提出事故链定义和形成机理,并解析其内涵;通过物质、能量和信息表征事故链演化过程的载体反映;基于物质流、能量流和信息流构建事故链式演化概念模型;基于熵理论和耗散结构理论论述事故阶段演化特性;在此基础上,提炼事故预防与控制策略框架。研究结果丰富了事故链式演化理论,可为事故预防与控制提供更深层次的理论基础。     

论生产安全事故救援费用的承担机制

为了实现重大生产安全事故救援费用的公平负担,保障救援机制的可持续性,通过规范分析和比较分析,探讨了在第三方队伍参与救援的情况下,重大生产安全事故救援费用的承担原则和实现机制。研究结果表明:第三方队伍参与事故救援所产生的当次费用原则上必须由事故责任单位承担,但在其拖欠费用或者暂时缺乏支付能力的情况下,应当由承担应急救援职责的事发地政府先行垫付;由此在事发地政府和事故责任单位之间产生的是公法之债,可以通过行政强制执行的方式加以追偿。     

Safety in the mining industry and the unfinished legacy of mining accidents: Safety levers and defense-in-depth for addressing mining hazards

Mining remains one of the most hazardous occupations worldwide and underground coal mines are especially notorious for their high accident rates. In this work, we provide an overview of the broad and multi-faceted topic of safety in the mining industry. After reviewing some statistics of mining accidents in the United States, we focus on one pervasive and deadly failure mode in mines, namely explosions. The repeated occurrence of mine explosions, often in similar manner, is the loud unfinished legacy of mining accidents and their occurrence in the 21st century is inexcusable and should constitute a strong call for action for all stakeholders in this industry to settle this problem. We analyze one such recent mine disaster in which deficiencies in various safety barriers failed to prevent the accident initiating event from occurring, then subsequent lines of defense failed to block this accident scenario from unfolding and to mitigate its consequences. We identify the technical, organizational, and regulatory deficiencies that failed to prevent the escalation of the mine hazards into an accident, and the accident into a “disaster”. This case study provides an opportunity to illustrate several concepts that help describe the phenomenology of accidents, such as initiating events, precursor or lead indicator, and accident pathogen. Next, we introduce the safety principle of defense-in-depth, which is the basis for regulations and risk-informed decisions by the US Nuclear Regulatory Commission, and we examine its relevance and applicability to the mining system in support of accident prevention and coordinating actions on all the safety levers, technical, organizational, and regulatory to improve mining safety. The mining system includes the physical confines and characteristics of the mine, the equipment in the mine, the individuals and the organization that operate the mine, as well as the processes and regulatory constraints under which the mine operates. We conclude this article with the proposition for the establishment of defense-in-depth as the guiding safety principle for the mining industry and we indicate possible benefits for adopting this structured hazard-centric system approach to mining safety.     

人因失误与人不安全行为相关原理的分析与探讨

从人因失误的机理、分类和特点等方面,对人因失误与人不安全行为间的相关原理进行系统的对比分析与探讨,笔者认为,应从安全教育、技术培训、人机系统设计等方面预防人因失误,从建立和维持操作者对安全工作的兴趣、作业标准化、安全管理等方面来控制人的不安全行为。以煤矿斜井提升事故为例,说明人因失误与人不安全行为的判定原则和方法,从而为预防、控制人因事故提供理论依据。     

传统中医学理论与企业安全生产风险管理

笔者将传统中医学理论与企业安全生产风险管理相结合,在事故致因、事故预防、安全管理等方面,借鉴中医的预防思想、整体观念、五行学说、辨证施治等理论方法,分析研究指出:企业发生安全事故如同人体得病,正气不足是发病的内在根据,邪气入侵是发病的重要条件。因此,发生事故的根本原因在于企业本身;要从研究企业自身的影响安全生产诸要素之间的相互滋生和相互制约的关系入手,加强事故预防工作,坚持整体性的原则,辨证分析事故原因,加大企业生产安全的精神和物质保障,才能全面提高企业的生产安全风险管理水平。     

煤矿安全监控系统研究

鉴于我国煤矿安全生产的严峻现状,将安全监控预警技术应用于煤矿安全生产具有重要现实意义。首先,对煤矿常见危险有害因素和主要事故类型进行了分析,然后,提出了事故预防控制措施;最后,提出了煤矿安全监控预警系统的总体架构、硬件组成和软件功能设计方案。该系统通过对煤矿各类安全参数与视频图像的信息融合与智能分析处理,及时发现事故隐患,提供多种形式的事故报警和预警及应急处置的指导,为煤矿安全生产和防灾救灾的正确决策提供快速有效的信息支持。     

基于三维可视化技术的典型生产安全事故防控与应急处置场景设计与实现

为了进一步提高目前生产安全事故防控与应急处置过程的科学化、可视化,从典型生产安全事故场景的构成以及事故演化过程分析入手,基于目前主流的三维可视化技术的分析与对比,讨论相关典型场景构建的业务需求、技术路线与关键实现方法,并以某危化品运输槽罐车运输途中火灾爆炸事故场景的构建为例进行举例说明,研究结果可为生产安全领域其他典型事故场景的三维可视化实现提供技术参考和借鉴。     

Validity and consistency assessment of accident analysis methods in the petroleum industry

Background. Accident analysis is the main aspect of accident investigation. It includes the method of connecting different causes in a procedural way. Therefore, it is important to use valid and reliable methods for the investigation of different causal factors of accidents, especially the noteworthy ones. Objective. This study aimed to prominently assess the accuracy (sensitivity index [SI]) and consistency of the six most commonly used accident analysis methods in the petroleum industry. Methods. In order to evaluate the methods of accident analysis, two real case studies (process safety and personal accident) from the petroleum industry were analyzed by 10 assessors. The accuracy and consistency of these methods were then evaluated. The assessors were trained in the workshop of accident analysis methods. Results. The systematic cause analysis technique and bowtie methods gained the greatest SI scores for both personal and process safety accidents, respectively. The best average results of the consistency in a single method (based on 10 independent assessors) were in the region of 70%. Conclusion. This study confirmed that the application of methods with pre-defined causes and a logic tree could enhance the sensitivity and consistency of accident analysis.