Chapter 10 Quiz


The chapter mentions Reason’s Swiss cheese model of system failure. What is this? What is the point?


In this model, the defenses built into a system are compared to slices of Swiss cheese. Some types of Swiss cheese, such as Emmental, have holes and so the analogy is that the latent conditions are comparable to the holes in cheese slices. The position of these holes is not static but changes depending on the state of the overall sociotechnical system. If each slice represents a barrier, failures can occur when the holes line up at the same time as a human operational error. An active failure of sys- tem operation gets through the holes and leads to an overall system failure. Normally, of course, the holes should not be aligned so operational failures are trapped by the system. To reduce the probability that system failure will result from human error, designers should:

  1. Design a system so that different types of barriers are included. This means that the ‘holes’ will probably be in different places and so there is less chance of the holes lining up and failing to trap an error.
  2. Minimize the number of latent conditions in a system. Effectively, this means reducing the number and size of system ‘holes’.
Of course, the design of the system as a whole should also attempt to avoid the active failures that can trigger a system failure. This may involve designing the operational processes and the system to ensure that operators are not overworked, distracted, or presented with excessive amounts of information.
  • cheese.png
Topic attachments
I Attachment Action Size Date Who Comment
Pngpng cheese.png manage 20.8 K 2014-03-24 - 17:27 JimSkon Cheese
Topic revision: r2 - 2016-01-10 - JimSkon
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback