Normal Accident theory attempts to explain nature of accidents in complex systems. Its big insight is that accidents are normal, and best analyzed as recurring events. Other insights:
- Redundancy can be a cause of error as much as a cure for it. Don’t make redundancy the default answer to safe design.
- Move from “Oversight to Insight” where possible.
- Centralization is necessary in tightly coupled systems, but not everything has to be centralized. Decentralization is a better fit for quick decision making.
- Operator error is a lousy explanation for an accident in a complex system. Look at the system, not operators.
- Close calls are useful as windows into “interactive complexity”.
More to be found on this NASA slideset: (pdf)
See also Three Dangers of Redundancy.
The last point seems to relate to Confession Inconsistencies. We don’t focus on the fact that something is wrong — that is bound to happen. But what do we learn from the *way* it went wrong that gives us insight into the larger system?
Command and Control details the history of near-accidents with nuclear weapons in the Normal Accident Theory framework.
Source: Normal Accident Theory