Normal Accident Theory and Swiss Cheese Model Essay Example
Normal Accident Theory and Swiss Cheese Model Essay Example

Normal Accident Theory and Swiss Cheese Model Essay Example

Available Only on StudyHippo
  • Pages: 5 (1135 words)
  • Published: January 14, 2017
  • Type: Essay
View Entire Sample
Text preview

1. Executive Summary Normal accident theory and Swiss cheese model are influential models in studying system accident causation. This paper is going to help us to gain understanding of both models and to critically compare them. The first part of the study is an introduction of the both models. In the second part, Three Mile Island nuclear accident will be taken as an example to see how the models analyse causations of an accident. In this part, the fact of the accident will be presented first, then normal accident theory and Swiss cheese model will be invited to identify the causes of the accident respectively.

The evaluation and comparison of the two models will be discussed in the final part. Both models conclude that accidents are unavoidable, while Swiss cheese model provides general methods to reduce accidents. Normal acc

...

ident theory views technology itself as the main factor that contributes to accidents, however, Swiss cheese model has the opinion that accidents resulted from interaction of multiple factors from different levels in organization.

2. Introduction and Aims System accident is regarded as unpredictable and inevitable in high-risk system because of the system’s complexity. Both normal accident theory and Swiss cheese model are accident theories to study accident causation. The study aims to understand how both accident models work and compare the two models to see what contributions and limitations of each of them. Three Mile Island accident is one of the most significant nuclear accidents in history. It is a typical accident in complex and high-hazard system. There have been plenty of studies to analyse the accident. Therefore, Three Mile Island accident will

View entire sample
Join StudyHippo to see entire essay

be a helpful case for us to study the models.

3. Accident Models Study 3.1 Introduction of Accident Models Normal Accident Theory Charles Perrow termed the system accidents as “normal accident”. He described systems by two important dimensions, interaction and coupling. Interaction can be divided to linear interaction and complex interaction. For systems with complex interaction, when unexpected and unplanned problem occur, they are not visible because there are many interrelated and interdependent elements in the system, it is hard to predict all of the possible failures. Coupling means how the interconnected components affect each other.

For tightly coupled systems, if something happened to one component, it will directly influence other components around and connected to it, the chain reactions are easier to happen in tightly coupled system. Crossing the two dimensions, we can see four categories of systems. They are Linear Interaction, Loose Coupling; Complex Interaction, Loose Coupling; Linear Interaction, Tight Coupling; Complex Interaction, Tight Coupling. Perrow augured that those systems which are complex interaction, tight coupling are accident-prone. When a technology is with sufficiently complex interaction and tight coupling, accidents are inevitable and therefore in a normal sense.

Swiss Cheese Model Swiss cheese model is an organizational model developed by James Reason to explain accident causation in complex technological systems. In Reason’s theory, high technology systems have many defensive layers to prevent accidents: some are engineered others rely on people. However, in real world, no defense is perfect, just like Swiss cheese slices. The holes in Swiss cheese are the imperfections and weakness of the defenses, although they are changing their location, opening and shutting all the time instead of

staying statically.

As long as the holes in all slices do not line up, the hazards which can go through one or several slices will be blocked by a slice after. In some rare circumstances, holes in all successive slices will line up, and allow hazards pass all defenses, the accidents will happen. There are two reasons to explain the holes arising: active failures and latent conditions. Active failures are unsafe acts committed by people who are in direct contact with the patient or system. They have a direct and usually short impact on the integrity of the defenses. Latent conditions are the inevitable “resident pathogens” within the system. They exist from the beginning, when procedure writers, designers and top management making decisions.

3.2 Analysis of Three Mile Island Nuclear Accident I will take Three Mile Island (TMI) nuclear accident as an example to further understand how these two models work for recognizing the causations of accidents.

3.2.1 Fact of Accident Three Mile Island nuclear plant is located in Pennsylvania, United State. The accident began on 28 March, 1979, a core meltdown in TMI-2 reactor. According to accident report, it was attributed by both human factors and mechanical failures: Something wrong happened in TMI-2’s secondary system, and resulted in a series of failures. The pilot-operated relief valve (PORV) automatically opened, but did not closed, which led coolant water to escape. The operator misread the situation and did not take proper actions in the first place due to inadequate training. The accident finally led to the release of about 2.5 million curies of radioactive gases, and 15 curies of radioiodine.

3.2.2 Analysing

TMI Accident by Normal Accident Theory The causes of the accident was quite complex. In brief, it began with a closed bypass valve, which stopped the water flowing to the secondary main feed water pumps, once the steam generators could not receive water, they stopped and the reactor emergently shutdown. Control rods were inserted into the core to try to stop the nuclear chain reaction, but the decay heat could not be removed from the primary water loop. Three auxiliary pumps should have been activated because the secondary feed water pumps stopped. However, the valves had been closed for routine maintenance, the system was unable to pump any water. The failure to remove the heat resulted in primary loop pressure increasing, and then triggered the PORV to open. When the pressure had been released, the PORV should have closed but it stuck open because of a mechanical fault.

This is how failure triggered other ones in a complex interaction system, just like domino-effects. It is not easy to trade back and locate all failures. Some parts seemed like not having obvious connection with another part, but they do intimate connected due to the big and complex system.

Perrow concluded that “All these parts are highly interdependent, so that one affects the other, they are not in direct operational sequence.” Also, the failures are incomprehensible. That means the experts should know the interacted multiple failures that not occurred in expected sequence to understand the accident.

In addition, nuclear plant has the characteristics of tightly coupling, such as invariant sequence which means there is a fix and only sequence to produce; only one method

to achieve the goal and little substitutes of supplies, that is the nuclear power plant is not able to replace the nuclear with water, coal or other things to generate power.

There is a normal accident model graph presented by Perrow (graph below). Nuclear power plant is at the corner of complex interaction and tightly coupled area.

Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New