Resilience Engineering Concepts and Precepts
Edited by Erik Hollnagel, David Woods & Nancy Leveson
The advertising for this book makes some substantial claims. The publisher says that the book “presents a completely new way forward for safety and risk management”. James Reason is quoted as saying “This is the most thought provoking collection of papers I’ve read for a very long time. They are written by the best in the field at the top of their form.”
Resilience engineering is a paradigm for safety management that focuses on how to help people achieve success in the face of complexity and pressure. It stands in contrast to the current paradigm of tabulating errors as if they were things that can be counted, followed by interventions aimed at reducing this count. A resilient organisation treats safety as a core value, not a commodity that can be counted. Resilience may be viewed in terms of the capacity of an organisation to handle disruptions, variations, disturbances and surprises that fall outside of those that it was designed to accommodate. Metaphorically, given a performance envelope or set of boundary conditions a resilient organisation will adapt the model to accommodate changing demands and will understand how changing demands and pressures may lead to incidents by stressing or breaching the performance envelope. The better an organisation understands the dynamics of its systems and can adjust to accommodate changing demands or a changing environment the more resilient it is.
The book comprises a collection of papers, twenty-one in all, many of which were presented at an International Symposium on Resilience Engineering held in Söderköping, Sweden, between October 20th and 25th 2004. The authors of some of these papers are world experts in the safety world. As with any collection of papers there is a lot of repetition and some papers are more thought provoking than others. However, as a collection there are many insights to be gleaned. The book is divided into three sections.
The seven chapters in section one discuss resilience from different perspectives. Different accident models are highlighted and the most appropriate for handling dynamic behaviour identified. The concepts of acute goals (e.g. efficiency, timeliness) and chronic goals (e.g. safety, equitable) are introduced and methods for balancing the trade offs and tensions between them compared. Safety is seen as something that a system does rather than a property that it possesses and safety is linked to resilience as resilience is the ability to prevent something bad from happening or, if is has happened, to prevent it getting worse and to recover. As part of this discussion the issue of sacrificing decisions is also examined at length and the importance of distinguishing between how a system is actually operated and how it was designed to operate is stressed. Resilience is seen as an emergent property, a concept that is discussed in some detail. The section includes an interesting paper on resilience typologies in terms of different types of threats that systems face. The section ends with a summary of the main themes discussed during the workshop
The second section contains nine papers and examines resilience from a practical perspective. A method for designing and modelling resilience in systems is presented and the approach is used to model the safety culture of the NASA space shuttle program. Other papers look at resilience in railway systems, operating theatres, airlines, NASA and business systems in general.
The final section contains five papers covering the design of a safety organisation, auditing for resilience, learning from near misses and accidents, the need for resilient organisations to be able to change state to accommodate unusual situations and then to return to normality when needs be. Another paper examines the existence of various types of resilience corresponding to different classes of human activity and notes that resilience should be understood as a property of a professional system. The paper looks at the pressures and incentives needed to cause a change in resilience level and notes that a professional system will only change when it cannot continue making effective business with its existing level of resilience. The paper on safety organisations observes that to be successful it needs to provide an independent voice that can challenge conventional assumptions, that it must be involved with everyday decision making, that it must generate useful information on how the organisation actually operates and must be informative in that weakness are identified and addressed. This paper also views safety as a common pool resource, i.e. a resource that is impacted by decisions across the organisation and provides guidance on how to manage such a commonly influenced resource.
This book contains a lot of useful information. I came across many references to material I had not read before and that I think will be useful. Although the book offers no packaged solution to the attainment of resilience there are many pointers to the way a creative and active risk manager could go about building the foundations for a resilient organisation. Does the book live up to the publishers claims? My answer is yes because there are insights her over and above those promulgated by the traditional view of safety engineering. There are many useful ideas in this book that, coupled with the way we manage risk today, could lead to significantly improved organisational resilience.