News Safety

Aviation Safety Newsletter March 2021

Written by Sergio Romero

Dormant means inactive until…

Holes align through the barriers and the accident happens. What could be told about it? in his article “Human Error: Models and Management”, back in 2000, Professor James Reason states “unlike active failures, whose specific forms are often hard to foresee, la-tent conditions can be identified and remedied before an adverse event occurs. Understanding this leads to proactive rather than reactive risk management.”

So, I took all the data I gathered for years and began making a presentation about this, entitled “Actual Latent Conditions Management” with such purpose of achieving identification and remedy of the latent conditions.

What was the objective of such presentation? To design a documented procedure to detect, monitor and control latent conditions in aeronautical organizations based on Professor James Reason’s Swiss Cheese Model (SCM) complemented by his system approach of human error. Of course, this needed to be supported by a relevant research on matters such as hole causation in slices, and ways of identifying such hole causation.

Key terms for the research above are: (i) Latent conditions (Ii) Swiss Cheese Model, (iii) Human Error, and (iv) System Approach on Human Error.

As I was contextualizing the relevant research, I found an article whose title was “Revisiting the ‘Swiss Cheese’ Model of Accidents” by J. Reason, E. Hollnagel, and J. Paries from October, 2006 which established that latent conditions are “the conditions that are present in the organization long before a specific incident occurs. Most of them are due to the organization itself, as a result of its design or of managerial decisions. The presence of latent conditions is universal in all organizations nevertheless of their incident and accident record”.
With that in mind, I realized critical issues for the research were both when holes appear in the SCM and the control of holes occurrence.

Holes in the Slices of the SCM

Holes are in continuous motion, moving from one place to another, and opening and shutting. Holes are caused by latent conditions and active failures. Thus:

  1. Potential accidents and losses can be avoided by preventing holes from lining up. This means that when holes that have been lined up as a result of latent conditions are shut, accidents and losses do not occur.
  2. Some holes in defensive layers will either be present at the time of system establishment or will develop in an unnoticed or uncorrected manner during system operation.
  3. If holes can be visualized and the relationship between holes and latent conditions can be made clear, it is possible to control the occurrence of holes and thereby reduce the number of accidents.

What does a hole mean in the SCM?

Whenever a not tolerable risk rises, a hole opens in any of the barriers of the SCM.
What can be told about it?

  • Holes causation.– Holes are caused by latent conditions and active failures.
  • Time of holes causation.- Some holes in defensive layers caused by latent conditions will be present from the time of system establishment or will develop unnoticed or uncorrected during system operation.
  • Active failures.- Holes caused by active failures are triggered by operators’ unsafe acts and appear immediately.
  • Opening of a hole.- The opening of a hole in a defensive layer is defined as an unacceptable risk in an organization or at a local workplace. This means risks were not reduced to within the tolerable region.
  • Accident scenarios.- No one can foresee all possible accident scenarios.
  • Holes movement.– Holes move through the risk management process until an accident occurs.


What Safety Publication to Read?

“Error will be taken as a generic term to encompass all those occasions in which a planned sequence of mental or physical activities fails to achieve its intended outcome, and when these failures cannot be attributed to the intervention of some chance agency.”
Such quote was taken for our recommendation to read this month, according to Professor James Reason in his book “Human Error”, published by the University of Chicago Press in 1990.

Human Error and Managing Approaches

According to UK’s CAA CAP 716 Aviation Maintenance Human Factors, human error is referred to “those occasions in which a planned sequence of mental or physical activities fails to achieve its intended outcome, and when these failures cannot be attributed to the intervention of some chance agency.”

At this time we need to recognize abundant publications that tell us human error is inherent to all of us, human beings.
What can be told about it? We need to detect human error at its early stage of occurrence. Taking this into account, we can use what ICAO’s Doc. 9683 states on Strategies Against Errors. Such publication establishes three relevant strategies: (i) Error Reduction, (ii) Error Capturing, and (iii) Error Tolerance.

Nevertheless, human error is also abundantly viewed in accordance to a person approach. It means we humans are unsafe and as nothing could be made about it, warnings against this must be made. In contrast, a system approach must prevail, which deems human error is a consequence rather than a cause. Let’s see what Professor James Reason has to say about the System Approach on Human Error:
“The basic premise in the system approach is that humans are fallible and errors are to be expected, even in the best organizations. Errors are seen as consequences rather than causes, having their origins not so much in the perversity of human nature as in “upstream” systemic factors. Countermeasures are based on the assumption that though we cannot change the human condition, we can change the conditions under which humans work.”

Strategies Against Errors
ICAO’s Doc. 9683-AN/950. Part I. Paragraph 6.7.12. Human Factors Training Manual tells there are three strategies against errors.

  • Error Reduction.– Error reduction strategies are intended to intervene directly at the source of the error itself. Examples include improving access to a part, improving the lighting in which a task is performed and providing better training to the maintenance technician. Most error management strategies used in aircraft maintenance fall into this category.
  • Error Capturing.– Error capturing assumes the error is made. It attempts to “capture” the error before the aircraft departs. Examples of error-capturing strategies include post-task inspection, verification steps within task and post-task functional and operational tests.
  • Error Tolerance.– It refers to the ability of a system to accept an error without catastrophic (or even serious) consequences. In the case of aircraft maintenance, error tolerance can refer to both the design of the aircraft itself as well as the design of the maintenance system. Examples of error tolerance include the incorporation of multiple hydraulic or electrical systems on the aircraft (so that a single hu-man error can only take out one system).

The Purpose of Risk Management

Pursuant to ISO Standard 31000:2018, it establishes the purpose is to assist the organization in integrating risk management into significant activities and functions. The effectiveness of risk management will depend on its integration into the governance of the organization, including decision-making. This requires support from stakeholders, particularly top management.
To complement this, it’s fair to add as follows:

  • To create a cultural mindset in which every organization’s member at all levels are trained and motivated.
  • To integrate risk management into operation and activity planning processes.

About the author

Sergio Romero