Quantification of margins and uncertainties: A probabilistic framework

Quantification of margins and uncertainties (QMU) was originally introduced as a framework for assessing confidence in nuclear weapons, and has since been extended to more general complex systems. We show that when uncertainties are strictly bounded, QMU is equivalent to a graphical model, provided confidence is identified with reliability one. In the more realistic case that uncertainties have long tails, we find that QMU confidence is not always a good proxy for reliability, as computed from the graphical model. We explore the possibility of defining QMU in terms of the graphical model, rather than through the original procedures. The new formalism, which we call probabilistic QMU, or pQMU, is fully probabilistic and mathematically consistent, and shows how QMU may be interpreted within the framework of system reliability theory.     

飞行机组人为差错风险分析方法研究

提出了一个新的飞行机组人为差错风险评估方法F HECA,识别和分析航空公司的机组人为差错风险。该方法在对机组人为差错类型进行总结和分类的基础上,选取人为差错严重度作为评价指标,将该指标中的3个变量人为差错概率、人为差错后果严重度、人为差错影响概率与灰色综合评价法结合,定量评估机组人为差错的严重度,实现机组人为差错风险评估。通过实例分析验证此方法可用于分析机组人为差错风险,为飞行训练和飞行操作手册内容的改进提供技术支持,是民航人为因素研究中可借鉴的一种方法。     

Risk estimation studies in the context of a machine control function

Nowadays the safety requirements of a machine are increasingly associated with programmable electronic control systems. Risk estimation is an essential part of risk analysis in a machine development process, because the categorisation and allocation of safety requirements is based on this. It is important to know how the risk estimation is performed, since wrong safety integrity level (SIL) or performance level (PL) selection may lead to multiple costs of the safety-related part of the control system. On the other hand, wrong PL or SIL selection can weaken the safety of the system. In this article, a risk estimation process of a safety-related control function is presented. Different groups carried out three case studies including risk estimation for the same safety-related control function of a machine. The results of the risk estimations of the groups differ from each other. The possible reasons for the variations are discussed.     

Understanding the impact of non-standard customisations in an engineer-to-order context: A case study

Companies operating with an engineer-to-order (ETO) manufacturing strategy produce customised solutions for their customers. While they may be able to build on a base of existing sub-solutions, e.g. standard product structures, modules or parts when engineering a customer-specific solution, they often have to create something completely new to satisfy customers’ requirements. However, it is not always clear to ETO companies what the costs associated with making customer specific solutions are, or which product or project characteristics drive costs and in what business processes. Therefore, it is not clear to companies if it is actually profitable for them to fulfil all of their customers’ requirements. Hence, making it relevant to understand how creating non-standard customisations impact project profitability. This paper presents a framework for how ETO companies can quantify the impact of the complexity associated with non-standard customisations when cost data is only available at the project level. The framework is theoretically founded; it is based on statistical regression and a definition of a complexity index for non-standard customisations. The framework is validated in the context of an ETO case company and empirical data is presented.     

Delays and safety in airline maintenance

Airline maintenance operations affect the potential for flight delays and can also affect flight safety if signals of technical problems are missed or misinterpreted. In this paper, we use a probabilistic risk analysis model, represented by an influence diagram, to quantify the effect of an airline's maintenance policy on delays, cancellations and in-flight safety. The model represents the leading edge (LE) sub-system of a commercial passenger jet and consists of three tiers: (1) a set of management decision variables (e.g. the level of qualification of maintenance personnel); (2) a ground model linking policy decisions and flight delays; and (3) an in-flight model, linking policy decisions, maintenance quality and flight safety. To illustrate this model, we use data adapted (for confidentiality reasons) from a study of an existing airline. Clearly, the LE devices of an airplane are not among the most safety-critical and the risk of an accident due to poor maintenance is extremely small, but non-zero. The same model can be used for other, more critical parts of the aircraft to support maintenance policy decisions in which the trade-off between delays and safety may be more pronounced.     

Assessment of fire vulnerability for nuclear power plant safety systems by combining fault-and success-oriented logic with physical models

The time behaviour of potential accident sequences may carry important information regarding nuclear power plant (NPP) safety operation and shutdown. In the case of external and environmental events, the ability of NPP components to operate correctly can be changed dramatically in a short time. In contrast to the failures caused by internal events, these two groups of undesirable events may lead to dynamic dependent failures among components of one or several systems. Such kinds of failure should be taken into account in the models of NPP behaviour. To evaluate how successfully the tasks of the safety systems will be carded out, logical models such as fault trees are usually used. The fault trees are not efficient at describing the short-term changes of the failure probabilities for system components. A method that has some advantages over the pure fault tree logic is proposed. The main features of the method are demonstrated by using examples.     

DPIF: A Framework for Distinguishing Unintentional Quality Problems From Potential Shilling Attacks

Maliciously manufactured user profiles are often generated in batch for shilling attacks. These profiles may bring in a lot of quality problems but not worthy to be repaired. Since repairing data always be expensive, we need to scrutinize the data and pick out the data that really deserves to be repaired. In this paper, we focus on how to distinguish the unintentional data quality problems from the batch generated fake users for shilling attacks. A two-steps framework named DPIF is proposed for the distinguishment. Based on the framework, the metrics of homology and suspicious degree are proposed. The homology can be used to represent both the similarities of text and the data quality problems contained by different profiles. The suspicious degree can be used to identify potential attacks. The experiments on real-life data verified that the proposed framework and the corresponding metrics are effective.     

The next generation of macroergonomics: Integrating safety climate

To date little research has examined safety climate in relation to macroergonomics and how the two distinct sub-disciplines can be integrated to affect safety outcomes. The purpose of macroergonomics is to design a fully “harmonized” work system that improves numerous aspects of organizational performance and effectiveness, and this is accomplished by incorporating the foundational theoretical framework of sociotechnical systems theory (STS). Two broad subsystems within such a system are the personnel subsystem, the ways individuals perform tasks, and the technological subsystem, the tasks to be performed. Management is an important aspect of the personnel subsystem, and there is a growing body of research regarding supervisors’ influence over employee safety. One such area of research is safety climate, which is based on the perception of workers regarding safety and organizational practices. Two major factors of safety climate are management commitment to safety and communication pertaining to safety as a true priority from both top management and direct supervisors. This article describes the conceptual overlaps of macroergonomics and safety climate in order to present a conceptual model that integrates these domains using the framework of mesoergonomics. In conclusion, we discuss how this model can serve as a framework to guide the analysis and design of work systems and subsequent organizational interventions.     

STABILITY ANALYSIS AND DESIGN OF TIME-STEPPING SCHEMES FOR GENERAL ELASTODYNAMIC BOUNDARY ELEMENT MODELS

In the literature there is growing evidence of instabilities in standard time-stepping schemes to solve boundary integral elastodynamic models. However, there has been no theory to support scientists and engineers in assessing the stability of their boundary element algorithms or to help them with the design of new, more stable algorithms. In this paper we present a general framework for the analysis of the stability of any time-domain boundary element model. We illustrate how the stability theory can be used to assess the stability of existing boundary element models and how the insight gained from this analysis can be used to design more stable time-stepping schemes. In particular, we describe a new time-stepping procedure that we have developed, which has substantially enhanced stability characteristics and greater accuracy for the same computational effort. The new scheme, which we have called ‘the half-step scheme’, is shown to have substantially improved performance for the displacement discontinuity boundary element method commonly used to model dynamic fracture interaction and propagation. © 1997 by John Wiley & Sons, Ltd.     

Application of Bayesian statistical decision theory for a maintenance optimization problem

Reliability-centered maintenance (RCM) is a rational approach that can be used to identify the equipment of facilities that may turn out to be critical with respect to safety, to availability, or to maintenance costs. Is is dor these critical pieces of equipment alone that a corrective (one waits for a failure) or preventive (the type and frequency are specified) maintenance policy is established.But this approach has limitations:

• •when there is little operating feedback and it concerns rare events affecting a piece of equipment judged critical on a priori grounds (how is it possible, in this case, to decide whether or not it is critical, since there is conflict between the gravity of the potential failure and its frequency?);

• •when the aim is propose an optimal maintenance frequency for a critical piece of equipment - changing the maintenance frequency hitherto applied may cause a significant drift in the observed reliability of the equipment, an aspect not generally taken into account in the RCM approach.

In these two situations, expert judgments can be combined with the available operating feedback (Bayesian approach) and the combination of risk of failure and economic consequences taken into account (statistical decision theory) to achieve a true optimization of maintenance policy choices.This paper presents an application on the maintenace of diesel generator component.     

The potential for a generic approach to certification of safety critical systems in the transportation sector

This paper investigates the potential for common treatment of certification of safety critical programmable electronic systems in the transportation industries. It contains a comparative review of new, emerging international standards that are likely to influence certification procedures in the railway, automotive and aerospace sectors in the future. These include the EUROCAE/SAE aerospace guidelines, the CENELEC railway standards and IEC-61508, the draft international standard on safety related systems. The review identifies the common and divergent requirements for certification among these standards. Based on significant commonalities, we have developed a common process model for the development, assessment and certification of safety critical programmable electronic systems which could be acceptable in the framework of each standard in consideration. The proposed model contains a system development and a safety assessment process which rationalises and unifies the common requirements among the standards in these areas. In addition, it defines a common evolutionary process for the development of the system's safety case. The safety case process determines how the evidence produced in the progression of safety assessment can be structured in order to form an overall convincing argument about the safety of the system. We conclude that it is possible to use this model as the basis of a generic method for the certification of systems across the transportation sector and outline a suitable approach to such certification.     

Sequence Algebra, Sequence Decision Diagrams and Dynamic Fault Trees

A large attention has been focused on the Dynamic Fault Trees in the past few years. By adding new gates to static (regular) Fault Trees, Dynamic Fault Trees aim to take into account dependencies among events. Merle et al. proposed recently an algebraic framework to give a formal interpretation to these gates.In this article, we extend Merle et al.'s work by adopting a slightly different perspective. We introduce Sequence Algebras that can be seen as Algebras of Basic Events, representing failures of non-repairable components. We show how to interpret Dynamic Fault Trees within this framework. Finally, we propose a new data structure to encode sets of sequences of Basic Events: Sequence Decision Diagrams. Sequence Decision Diagrams are very much inspired from Minato's Zero-Suppressed Binary Decision Diagrams. We show that all operations of Sequence Algebras can be performed on this data structure.     

Human factors issues in implementation of advanced aviation technologies: a case of false alerts and cockpit displays of traffic information

This paper provides a framework for identifying and evaluating the human performance implications of new avionics technology such as the cockpit display of traffic information (CDTI). Several important human factors issues in developing and implementing the CDTI are discussed in terms of their effects on the two primary flight tasks associated with the CDTI: conflict detection and conflict resolution. One issue is the development of alerting algorithms, which are defined by how uncertainty, false alarms and look-ahead times are dealt with. Another issue concerns understanding how time pressure, display dimensionality and conflict geometry affect pilot preferences for certain avoidance maneouvres over others. A third issue is the proposed shift in responsibility of flight safety away from air traffic control to the pilot after CDTIs make it possible for pilots to perform tasks related to self-separation. These issues and the factors affecting them are classified into several categories of dependent and independent variables and placed into a framework illustrating their effects on false alarm rates and human tolerance for false alarms. A review of the literature reveals gaps in understanding of the impact of these issues under various operational situations and new directions for research are proposed.     

Dual bases and discrete reproducing kernels: a unified framework for RBF and MLS approximation

Moving least squares (MLS) and radial basis function (RBF) methods play a central role in multivariate approximation theory. In this paper we provide a unified framework for both RBF and MLS approximation. This framework turns out to be a linearly constrained quadratic minimization problem. We show that RBF approximation can be considered as a special case of MLS approximation. This sheds new light on both MLS and RBF approximation. Among the new insights are dual bases for the approximation spaces and certain discrete reproducing kernels.     

Diversity and network coherence as indicators of interdisciplinarity: case studies in bionanoscience

The multidimensional character and inherent conflict with categorisation of interdisciplinarity makes its mapping and evaluation a challenging task. We propose a conceptual framework that aims to capture interdisciplinarity in the wider sense of knowledge integration, by exploring the concepts of diversity and coherence. Disciplinary diversity indicators are developed to describe the heterogeneity of a bibliometric set viewed from predefined categories, i.e. using a top-down approach that locates the set on the global map of science. Network coherence indicators are constructed to measure the intensity of similarity relations within a bibliometric set, i.e. using a bottom-up approach, which reveals the structural consistency of the publications network. We carry out case studies on individual articles in bionanoscience to illustrate how these two perspectives identify different aspects of interdisciplinarity: disciplinary diversity indicates the large-scale breadth of the knowledge base of a publication; network coherence reflects the novelty of its knowledge integration. We suggest that the combination of these two approaches may be useful for comparative studies of emergent scientific and technological fields, where new and controversial categorisations are accompanied by equally contested claims of novelty and interdisciplinarity.     

Challenges in supply chain redesign for the Circular Economy: a literature review and a multiple case study

Despite companies face several challenges when redesigning their supply chain for the Circular Economy, the literature lacks a systematisation of such challenges and of the ways to overcome them. Through a systematic literature review, this paper identifies and systematises 24 challenges that may hamper a supply chain redesign for the Circular Economy. Sixteen among these challenges are well known from research in related topics. On the contrary, the remaining eight are relatively new or take a different relevance within the Circular Economy context. A multiple case study in the household appliance supply chain is carried out, to explore how these challenges appear in practice and how companies may tackle them. The cases analysed involve actors at different supply chain levels, and findings suggest that a great degree of vertical integration by one actor in the supply chain is not a necessary condition for Circular Economy implementation. The empirical study, in conjunction with the literature analysis, leads to the development of a framework linking the challenges to specific levers that companies may pursue to overcome them. The framework can be seen as a reference for managers undertaking the path towards Circular Economy.     

Augmenting defense-in-depth with the concepts of observability and diagnosability from Control Theory and Discrete Event Systems

Defense-in-depth is a fundamental principle/strategy for achieving system safety. First conceptualized within the nuclear industry, defense-in-depth is the basis for risk-informed decisions by the U.S. Nuclear Regulatory Commission, and is recognized under various names in other industries (e.g., layers of protection in the Chemical industry). Accidents typically result from the absence or breach of defenses or violation of safety constraints. Defense-in-depth is realized by a diversity of safety barriers and a network of redundancies. However, this same redundancy and the intrinsic nature of defense-in-depth - the multiple lines of defense or “protective layers” along a potential accident sequence - may enhance mechanisms concealing the occurrence of incidents, or that the system has transitioned to a hazardous state (accident pathogens) and that an accident is closer to being released. Consequently, the ability to safely operate the system may be hampered and the efficiency of defense-in-depth may be degraded or worse may backfire. Several accidents reports identified hidden failures or degraded observability of accidents pathogens as major contributing factors.In this work, we begin to address this potential theoretical deficiency in defense-in-depth by bringing concepts from Control Theory and Discrete Event Systems to bear on issues of system safety and accident prevention. We introduce the concepts of controllability, observability, and diagnosability, and frame the current understanding of system safety as a “control problem” handled by defense-in-depth and safety barriers (or safety constraints). Observability and diagnosability are information-theoretic concepts, and they provide important complements to the energy model of accident causation from which the defense-in-depth principle derives. We formulate a new safety-diagnosability principle for supporting accident prevention, and propose that defense-in-depth be augmented with this principle, without which defense-in-depth can degenerate into a defense-blind safety strategy. Finally, we provide a detailed discussion and illustrative modeling of the sequence of events that lead to the BP Texas City Refinery accident in 2005 and emphasize how a safety-diagnosable architecture of the refinery could have supported the prevention of this accident or mitigated its consequences. We hope the theoretical concepts here introduced and the safety-diagnosability principle become useful additions to the intellectual toolkit of risk analysts and safety professionals and stimulate further interaction/collaboration between the control and safety communities.     

Safety,health or the environment--which comes first?

This paper describes the development and application of two integrated models which can be used for assessing the life cycle risk (to life) and environmental impact of a number of possible concept options for new offshore oil and gas developments. The two models can also be used for ranking the designs in terms of lowest human risk and environmental impact. The paper also gives values/criteria for both risks to safety, health and the environment by which the total safety, health and environmental assessment/impact may be balanced as a whole. The paper illustrates the use of the models and shows that the pragmatic or cosmetic improvement to safety, health or the environment may not be advantageous to the overall safety, health and environmental objectives. While the models were developed originally for offshore installations, the basic framework can be readily adapted for use on onshore petrochemical processes.     

The relationship between continuous improvement and rapid improvement sustainability

While rapid improvement efforts, e.g. Kaizen events, and continuous improvement efforts, i.e. kaizen, remain popular approaches to operational excellence, it is rare that organisations fully sustain change from these initiatives. The impact of both Kaizen events and kaizen may be substantially lower, if not entirely eliminated, after significant time has elapsed from initial implementation of changes. In this paper, we examine how having a continuous improvement culture can support rapid improvement sustainability via an examination of the impact of Kaizen events several months after implementation. Employing a dynamic capabilities perspective and using the institutionalisation of planned change framework, we empirically examine this relationship via a field study of 65 Kaizen events in eight manufacturing organisations. In short, we find that the extent to which work area employees exhibit peer learning, as well as awareness and responsibility both inside and outside of their work area, and the extent to which changes are accepted are significantly related to the perceived impact of Kaizen events several months after implementation. This research adds to current understanding of Kaizen events and kaizen, providing evidence to guide the use of Kaizen events and to inform areas for future research.     

Draw me Science

In 1751, Jean le Rond d’Alembert had a dream: “to make a genealogical or encyclopedic tree which will gather the various branches of knowledge together under a single point of view and will serve to indicate their origin and their relationships to one another”. In this paper, we address the question identifying the branches of science by taking advantage of the massive digitization of scientific production. In the framework of complex systems studies, we first formalize the notion of level and scale of knowledge dynamics. Then, we demonstrate how we can reconstruct a reasonably precise and concise multi-scale and multi-level approximation of the dynamical structures of Science: phylomemies. We introduce the notion of phylomemetic networks—projections of phylomemies in low dimensional spaces that can be grasped by the human mind—and propose a new algorithm to reconstruct both phylomemies and the associated phylomemetic networks. This algorithm offers, passing, a new temporal clustering on evolving semantic networks. Last, we show how phylomemy reconstruction can take into account users’ preferences within the framework of embodied cognition, thus defining a third way between the quest for objective “ground truth” and the ad-hoc adaptation to a particular user’s preferences. The robustness of this approach is illustrated by several case studies.