The NAT and HRO theories both simplify the cause of accidents. HRO underestimates the problems of uncertainty. NAT recognizes the difficulty of dealing with uncertainty but underestimates and oversimplifies the potential ways to cope with uncertainty. Both theories believe that redundancy is the only way to handle risk.
Limitations of Both NAT and HRO
Perrow contributed with his definition of NAT, by identifying interactive complexity and tight coupling as critical factors which shouldn’t be discounted. His top-down system view of accidents versus the bottom-up, component reliability view of the HRO theorists is critical in understanding and preventing future accidents. While the HRO theorists do offer more suggestions, most of them are inapplicable to complex systems or oversimplify the problems involved.
A top-down, systems approach to safety
First, it is important to recognize the difference between reliability and safety. HRO researchers talk about a “culture of reliability” where it is assumed that if each person and component in the system operates reliably, there will be no accidents.
Highly reliable systems are not necessarily safe and highly safe systems are not necessarily reliable. Reliability and safety are different qualities and should not be confused. In fact, these two qualities often conflict. Increasing reliability may decrease safety and increasing safety may decrease reliability.
Reliability in engineering is defined as the probability that a component satisfies its specified behavioral requirements over time and under given conditions. If a human operator does not follow the specified procedures, then they are not operating reliably. In some cases that can lead to an accident. In other cases, it may prevent an accident when the specified procedures turn out to be unsafe under the circumstances.
If the goal is to increase safety, then we should be talking about enhancing the safety culture, not the reliability culture. The safety culture is that part of organizational culture that reflects the general attitude and approaches to safety and risk management. Aircraft carriers do have a very strong safety culture and many of the aspects of this culture observed by the HRO researchers can and should be copied by other organizations but labeling these characteristics as “reliability” is misleading and can lead to misunderstanding what is needed to increase safety in complex, tightly coupled systems.
Safety is an emergent or system property, not a component property. Determining whether a plant is acceptably safe is not possible by examining a single valve in the plant (although conclusions can be reached about the valve’s reliability). Safety can be determined only by the relationship between the valve behavior and the other plant components and often the external environment of the plant—that is, in the context of the whole. A component and its specified behavior may be perfectly safe in one system but not when used in another.
Sources:
Shrivastava, S., Sonpar, K. &Pazzaglia F. (2009) ”Normal accident theory versus High reliability theory: a resolution and call for an open systems view of accidents”, find it here
Marais, K., Dulac, N. & Leveson, N.: ”Beyond normal accidents and hugh reliability organizations: The need for an alternative approach to safety in Complex systems”, MIT find it here
