"The risks of socio-technical systems can't be analysed/managed by considering only system components & failure probabilities. #readingToday
Risk assessment traditionally relies on representations of events that have been explicitly defined by the analysts, such as trees, hierarchies, and nets, and assumes that developments will take place as described by the representation. However, these methods cannot be used when nothing as such goes wrong and when the systems we consider are intractable. The risks of socio-technical systems can neither be analysed nor managed by considering only the system components and their failure probabilities. In order to think about what can happen in intractable systems there is a need of more powerful methods, and in particular of methods that offer an alternative to cause–effect thinking. For such systems, the premises for risk assessment must look something like the following:
• Systems cannot be described adequately in terms of their components or structures.
• Neither the system as a whole, nor the individual functions can be described as bimodal.
• While some outcomes may be determined by the failure probability of components, others are determined by interactions among the variability of normal performance.
• Risk assessment should try to understand the nature of the variability of normal performance and use that to identify conditions that may lead to both positive and adverse outcomes.
The ETTO Principle, Erik Hollnagel