Peering through the lens of high-reliability theory: A competencies driven security culture model of high-reliability organisations

To improve organisational safety and enhance security efficiency, organisations seek to establish a culture of security that provides a foundation for how employees should approach security. There are several frameworks and models that provide a set of requirements for forming security cultures; however, for many organisations, the requirements of the frameworks are difficult to meet, if not impossible. In this research, we take a different perspective and focus on the core underlying competencies that high-reliability organisations (HROs) have shown to be effective in achieving levels of risk tolerance consistent with the goals of a security culture. In doing so we draw on high-reliability theory to develop a Security Culture Model that explains how a firm's supportive and practical competencies form its organisational security culture. To refine and test the model, we conducted a developmental mixed-method study using interviews and survey data with professional managers involved in the information security (InfoSec) programs within their respective HROs. Our findings emphasise the importance of an organisation's supportive and practical competencies for developing a culture of security. Our results suggest that organisations' security cultures are a product of their InfoSec practices and that organisational mindfulness, top management involvement and organisational structure are key to the development of those practices.     

Cognitive performance-altering effects of electronic medical records: an application of the human factors paradigm for patient safety

According to the human factors paradigm for patient safety, health care work systems and innovations such as electronic medical records do not have direct effects on patient safety. Instead, their effects are contingent on how the clinical work system, whether computerized or not, shapes health care providers’ performance of cognitive work processes. An application of the human factors paradigm to interview data from two hospitals in the Midwest United States yielded numerous examples of the performance-altering effects of electronic medical records, electronic clinical documentation, and computerized provider order entry. Findings describe both improvements and decrements in the ease and quality of cognitive performance, both for interviewed clinicians and for their colleagues and patients. Changes in cognitive performance appear to have desirable and undesirable implications for patient safety as well as for quality of care and other important outcomes. Cognitive performance can also be traced to interactions between work system elements, including new technology, allowing for the discovery of problems with “fit” to be addressed through design interventions.     

Differences in safety climate between hospital personnel and naval aviators

We compared results of safety climate survey questions from health care respondents with those from naval aviation, a high-reliability organization. Separate surveys containing a subset of 23 similar questions were conducted among employees from 15 hospitals and from naval aviators from 226 squadrons. For each question a "problematic response" was defined that suggested an absence of a safety climate. Overall, the problematic response rate was 5.6% for naval aviators versus 17.5% for hospital personnel (p < .0001). The problematic response was 20.9% in high-hazard hospital domains such as emergency departments and operating rooms. Problematic response among hospital workers was up to 12 times greater than that among aviators on certain questions. Although further research on safety climate in health care is warranted, hospitals may need to make substantial changes to achieve a safety climate consistent with the status of high-reliability organizations.     

Impact of an ERP system’s capabilities upon the realisation of its business value: a resource-based perspective

Using the resource-based view as a frame of reference, this study seeks to explore the potential link between the essential characteristics of an ERP system, defined as ERP capabilities, and its contribution to organisational performance. This contribution is conceptualised and measured through the value added by automational, informational and transformational effects of ERP capabilities upon the firm??s operational and managerial processes. Empirical data were obtained for the study??s purpose from three case studies of manufacturing firms, through 25 in-depth interviews of various managers, including the firm??s CIO. In addition to proposing an instrument to characterise an ERP system ??as installed?? in terms of three capabilities (ERP integration, ERP flexibility, ERP transversality), the study confirms that these capabilities are crucial in determining the contribution of an ERP system to organisational performance. The study also highlights different ERP effects on organisational processes and their relative importance in providing business value. While exploratory in nature, this study derives interesting implications from the data analysis in the form of propositions that may serve as research hypotheses in future studies.     

A human performance programme to improve front-line nuclear operations

Safe and reliable operations in high-hazard industries are of paramount importance not only to the managers of the organisation and the people that work for them but also to the members of the public who live near the facilities or who may be affected if something was to go wrong. Any operational high-hazard industry should have systems and processes in place to ensure that the likelihood of a significant event occurring is very low. However, taken on a global scale, such events still occur and investigations into them have highlighted a range of problems ranging from engineering deficiencies through to organisational cultures that do not support safe and reliable operations. The challenge is, therefore, for all industries, which have systems in place to guard against such low-frequency, high-consequence events to ensure that the barriers remain robust and not weakened in any way. Through the experience of the National Nuclear Laboratory (NNL), this paper outlines work carried out to increase the levels of awareness of human fallibility in the workplace at NNL as a part of a high-reliability organisation strategy to protect against a low-frequency, high-consequence event.     

Sustaining safety across organizational boundaries: a qualitative study exploring how interorganizational complexity is managed on a petroleum-producing installation

A qualitative study was undertaken to explore how interorganizational complexity is managed on a petroleum-producing installation. Fourteen semi-structured interviews were conducted. Data were analysed by means of thematic analysis. Long-term organizational relations, management’s role in the field and worker involvement appear to facilitate high-quality work relations which, along with similar safety practices and philosophies across companies, appear to foster commitment to mutual operational goals and contribute to an open environment in which employees were inclined to report errors and problems. Still, due to the vast number of companies involved and the vast amount of information, coordinating work processes among companies was regarded as a constant challenge. Moreover, variations in experience among sharp-end workers from sub-contractor companies in periods of high activity and marked fluctuations were identified as a challenge. The quality of interorganizational work relations appears to have important implications for safety performance in this context, indicating that high-quality work relations across collaborating companies constitute an important component for achieving and sustaining safety. As research addressing relational factors in safety research to date has been sparse, more research is needed to further explore the safety functions of high-quality work relations. Theoretically, the current study contributes to extend the high-reliability organizations framework by highlighting the role of high-quality work relations as an element for achieving mindfulness.     

The Use of a Formalised Risk Model in NHS Information System Development

Information systems (IS) and technology are used extensively throughout the National Health Service (NHS), and the 1998 national information strategy, ‘Information for Health’, sets out how the NHS will be developing and implementing IS to support patient care within the next decade. This new IS initiative is set against a mixed record of success of IS projects in the NHS, with a number of high-profile failures. This paper highlights the need to consider the ‘organisational issues’ involved in systems implementation to avoid failures. It goes on to advocate the use of a process-oriented and organisation studies-based model for risk analysis and management for use in NHS IS projects. Two famous NHS case studies are used to validate the model. It is concluded that there is a real need in the NHS for tools to better control the inherent risks involved in IS development and implementation. Ultimately, the success of IS projects in the NHS is crucial if they want to best utilise clinical and patient information, with the overall aim of improving the efficiency and standard of the nation’s health care.     

Do organisational and environmental factors moderate the effects of Internet-based interorganisational systems on firm performance?

We developed a model of the relationships among several organisational, interorganisational and technological factors, the adoption of Internet-based interorganisational systems (IBIS) and various measures of firm performance. We used structural equation modelling to empirically test these relationships. The findings showed that adopting IBIS indirectly improves the operational performance of firms through business process performance. The positive effect on financial performance of adopting IBIS is not direct, but through the mediating effects of operational performance and business process performance. We also utilised multiple group analysis to test some of the model relationships across firms using several organisational and environmental factors as moderators. The organisational factors tested are firm type, age and ownership type. The environmental factors consisted of dynamism, complexity and hostility. We found that the organisational factors are significant moderators and that complexity and hostility are not significant moderators. However, the effects of dynamism as a moderator are less clear.     

Information systems and internal control: evidence from China

Chinese companies are required to disclose weaknesses in their internal control systems, including information system weaknesses. This paper evaluates the impacts of information system weaknesses on firm performance relative to other internal control weaknesses to provide firms guidance on the construction of internal control. The organizational information processing theory suggests that firms with greater operational complexity demand better information systems to meet their greater informational needs, i.e., the quality of information systems has a stronger effect on the performance of more complex firms. We find that the adverse effects of information system weaknesses on performance relative to other internal control weaknesses are stronger for firms with greater operational complexity, consistent with the organizational information processing theory.     

Computers in engineering risk and hazard management

Summary The engineering of large scale facilities, such as dams, power stations, bridges etc, involves the handling of large amounts of information. Managers of the design and construction process have to take on a wide range of roles to cope with it all. One important aspect of this information is that concerned with safety, risk and hazard management. This paper is divided into three sections each covering different aspects of a common approach to this problem. The analysis of risk using traditional reliability techniques is not covered. The concern here is rather with the use of computers to support and inform the direct management of quality, safety and hazard and hence to indirectly control risk. Firstly, the approach based on the use of “Interacting Objects” will be outlined. This will be illustrated through the use of IT to support business processes in quality management. Product and process models will be compared. Safety, risk and hazard are part of quality. Secondly, the use of these objects in physical process simulation will be described. Here the motivation for the work is to begin to look at the implications for risk analysis of the sensitivity of the behaviour of simulated non-linear systems to initial conditions. Thirdly, the identification and management of “proneness to failure” in a project will be outlined. Here the problem is how to deal with the difficult interaction between technology and human and organisational factors.     

Operational predictive optimal control of Barcelona water transport network

This paper describes the application of model-based predictive control (MPC) techniques to the supervisory flow management in large-scale drinking water networks including a telemetry/telecontrol system. MPC is used to generate flow control strategies (set-points for the regulatory controllers) from the sources to the consumer areas to meet future demands, optimizing performance indexes associated to operational goals such as economic cost, safety storage volumes in the network and smoothness of the flow control actions. The designed management strategies are applied to a model of a real case study: the drinking water transport network of Barcelona (Spain).     

Modeling agent organizations using roles

Agent-based and active object systems are no longer contained within the boundaries of a single, small organization. To meet the demands of large-scale software and systems modeling, we need useful analogies for modeling and constructing large-scale systems of autonomous, interactive software entities. In this paper, we employ social and organizational systems theory as a way to guide our understanding of the notion of role and its implications on how agents (and active objects) might behave in group settings.     

Adaptive knowledge-based system for health care applications with RFID-generated information

Health care organizations are under increased pressure to continually improve their operational efficiency while simultaneously decreasing the overall operating costs with no appreciable degradation in the delivered quality of health care. Given the nature of such an environment where lives are at stake, it is natural to operate under a larger safety factor where risks are kept close to their necessary minimum. RFID tags are increasingly being used in health care organizations to reduce errors and to generally improve the effectiveness of the core processes. We develop an adaptive knowledge-based system framework for health care and illustrate the proposed framework using three example applications from the French health care environment. Specifically, we consider management of bottled gas delivery as well as tracking and tracing surgical equipment and prosthetic ancillaries within a health care environment using the proposed framework with item-level information generated through RFID tags. We use simulation analyses to study the underlying dynamics.     

Intelligent planning and the design of a new risk-based,intelligent flight plan

A safe flight starts with effective performance of the pre-flight flight planning and briefing task. However, several problems related to the execution of this task can be identified. Potentially, the introduction of an improved flight plan provides an opportunity to improve the quality and availability of information provided to Flight Crew, thereby enhancing the quality of crew briefings. The proposed risk-based, intelligent flight plan is designed from the perspective of the current operational concept (e.g. fixed routes and ATC managerial role for separation), and associated airline Flight Planning and Dispatch functions. In this case, the focus is sharing information across specific airline stakeholders (e.g. Flight Operations Management and Safety functions) and Maintenance, to support a safe and efficient flight operation. Overall, the introduction of this new flight plan will result in the definition of new operational and organisational processes, along with a new way of performing the pre-flight, planning and briefing task. It is anticipated that this will impact positively on the operational and safety outcome of the flight.     

A contemporary view of organizational safety: variability and interactions of organizational processes

Studies of qualitative assessment of organizational processes (e.g., safety audits and performance indicators) and their incorporation into risk models have been based on a ‘normative view’ that decomposes organizations into separate processes that are likely to fail and lead to accidents. This paper discusses a control theoretic framework of organizational safety that views accidents as a result of performance variability of human behaviors and organizational processes whose complex interactions and coincidences lead to adverse events. Safety-related tasks managed by organizational processes are examined from the perspective of complexity and coupling. This allows safety analysts to look deeper into the complex interactions of organizational processes and how these may remain hidden or migrate toward unsafe boundaries. A taxonomy of variability of organizational processes is proposed and challenges in managing adaptability are discussed. The proposed framework can be used for studying interactions between organizational processes, changes of priorities over time, delays in effects, reinforcing influences, and long-term changes of processes. These dynamic organizational interactions are visualized with the use of system dynamics. The framework can provide a new basis for modeling organizational factors in risk analysis, analyzing accidents and designing safety reporting systems.     

Eye‐safety analysis of current laser‐based scanned‐beam projection systems

Abstract— Scanned‐beam projection systems have attracted much interest recently, with claimed advantages including power efficiency and potential miniaturization consistent with embedding in mobile devices. However, the laser‐safety classification and concomitant performance implications, which are arguably the most important issues pertaining to this technology, remain widely misunderstood. In this paper, Class 1 and 2 laser‐safety radiometric image power limits for scanned‐beam systems are derived with reference to the IEC 60825‐1 standard. By calculating the equivalent photometric measure of luminous flux, it is possible to show that the brightness limits for scanned‐beam projection systems using current technology are approximately 1 and 1 7 lm for Class 1 and 2 safety classifications, respectively.     

Human Error and Disturbance Occurrence in Manufacturing Systems (HEDOMS): A Framework and a Toolkit for Practical Analysis

New demands on modern manufacturing systems, such as increased flexibility, higher quality standards, customer responsiveness, and higher innovative capacities, have emphasised the need for higher levels of overall system reliability. Within this context disturbances play a critical role, because of the effects they may have on production or on safety, which are both strong determinants of overall system performance. The main focus of this paper is the reliability of manufacturing personnel and the way in which this interrelates with overall system performance. A framework – Human Error and Disturbance Occurrence in Manufacturing Systems (HEDOMS) – integrates human reliability with overall system performance, relating human error with disturbance occurrence and handling. HEDOMS has been extended into a toolkit to enable the identification of potential for human error and disturbance occurrence in manufacturing systems, as well as the definition of suitable error reduction measures.     

Regularly irregular: how groups reconcile cross-cutting agendas and demand in healthcare

The flow of technical work in acute healthcare varies unpredictably, in patterns that occur regularly enough that they can be managed. Acute care organizations develop ways to hedge resources so that they are available if they are needed. This pragmatic approach to the distribution of work among and across groups shows how rules can be used to manage a response to irregular demands for care. However, no rule set can be complete enough to cover this setting’s variety of care demands. Expertise is also needed to tie together the loose ends of conflicts that remain where rules no longer suffice. Many informal solutions to systemic problems go unnoticed unless they are the subjects of study. Naturalistic decision making (NDM) methods such as observational study, interviews, and process tracing reveal the activities of workers in their natural settings. Results of findings from such explorations of technical work can improve understanding of large scale work processes and, ultimately, patient safety. We have explored how practitioners cope with the demands that the system presents to them. While not all succeed, successful initiatives workers have developed demonstrate how their solutions create resilience at large scale.     

Implementing organisational interoperability—The SUddEN approach

Dynamic markets require enterprises to collaborate in organisational networks. Current support for automotive supply networks is limited to logistic aspects. In the European project SUddEN an approach to support coordination and organisational interoperability in supply networks is researched. These networks are seen as complex adaptive systems, with their structure changing permanently and dynamically. This has impact on the flow of materials and information across the network. Coordination and interoperability are important aspects that enable the required business performance in order to survive in today's global competing business environment. The SUddEN ICT approach supports collaborative performance measurement system development. This allows network partners to adapt their individual processes to improve organisational interoperability. For this approach, an architecture has been designed and a prototype has been implemented.