Dynamics of safety within socio-technical systems: The Dutch railway system

Abstract
As different safety paradigms acknowledge accidents are caused by a chain of unnoticed
factors, safety analysis within socio-technical systems requires to account for multiple
intertwined processes operating simultaneously. Therefore, we adopted the system
dynamics model which was previously developed by Rudolph and Repenning (2002), and
extended it for the Dutch railway system. In addition to discussing its relevance to
practice, we also analyzed the model and found a threshold behavior. That is, depending
on the capability of a system and flows of interruptions within it, the system could remain
in a stable mode or turn into a disaster.

Introduction
With increasing interdependencies in the globalized world, and emerging rapid
technological/societal changes, nowadays challenges, disruptions, and disasters are
occurring at an unprecedented rate. Subsequently, organizations and managers need to
address escalating concerns about disruptions and accidents in their systems. However,
that could be a demanding task as organizational systems are becoming more complex,
dynamic, and interdependent.
Different fields and communities have studied system safety in general and sociotechnical
systems safety in particular. Among them, relevant paradigms and models
acknowledge that accidents are caused by a chain of unnoticed factors/events that often
happen over time prior to the occurrence of the accident. The earliest one, Turner’s manmade
disasters theory, states that in a so-called incumbation period, “the failure of
foresight develops”, and “a chain of discrepant events develop and accumulate unnoticed”
(page 381, Turner 1976). Moreover, this theory indicates that not only. technical issues,
but also managerial/organizational issues contribute to accidents. Another relevant
theory, the Normal Accident Theory (NAT) discusses that systems characterized by
“interactive complexity and tight coupling” among its components, accidents are
“normal” and unavoidable. In this theory, also, Perrow (2011) expects that the
contributing factors of accidents go beyond the temporal vicinity of the moment when the
accident occurred, and include those events occurred in a longer past period of time.
Similar to the previous theories, the Swiss cheese model also views accident trajectory
as complex interactions among latent failures and triggering events (Reason 1990). This
model portrays a series of safety layer/barriers (e.g., alarms) that are designed to prevent
a system failure (and can be conceptualized as slices of Swiss cheese). However, there
could be (inconstant or time-varying) unintended weakness or holes (e.g., latent
conditions) that do not normally cause negative outcomes. More importantly, system
failure occurs only when the holes in the layers of safety barriers are aligned, and an
accident trajectory can pass through the defensive layers (page 101, Reason 2017).
Incorporating the aforementioned system safety models for socio-technical systems
requires having both proper understanding of those systems and using a suitable research
method. For the former one, we have been studying socio-technical systems (e.g.,
Songhori et al. 2020), and next we briefly describe those systems.
Early attempts to study socio-technical systems are those by Trist and Bamforth
(1951), Emery and Trist (1960). They state that those systems can only be understood
when social, psychological, environmental and technological systems are assessed as a
whole. In streams of the relevant literature, different definitions have been provided for
socio-technical systems. For instance, these systems are considered to “involve both
complex physical-technical systems and networks of inter-dependent actors” De Bruijn
and Herder (2009). Another field’s specific definition is from the Information Systems
(IS) field, where IS are contemplated as “socio-technical systems involving the interplay
of technology components (hardware and software), people (with cognitive capabilities
and associated shortcomings), data (to capture real-life situations) and organizational
issues (processes and management)” (page 284 in Georgantzas and Katsamakas 2008).
In order to describe socio-technical systems (STS), scholars have examined the
common attributes of those systems. In general, common features of STS include (1) large
number of elements (Carayon 2006), (2) nonlinear interactions (Geels 2004, Perrow 2011,
Snowden and Boone 2007, Williams 1999), (3) adaptive capacity (Kurtz and Snowden
2003), (4) feedback loops (Luna-Reyes et al. 2005, Li and Madnick 2015), and (5)
emergent properties (Reiman and Oedewald 2007). A more comprehensive list of those
attributes can be found in the following papers; see Carayon (2006), Saurin and Gonzalez
(2013), and Soliman et al. (2018).
Our computational modelling approach also addresses the suitability of our research
method for socio-technical systems. In particular, our effort aimed to progress and
develop a general explanation of how stream of small events occurring within a sociotechnical
facilitate crises. Unlike traditional methods, that have limitations in analysing
multiple intertwined processes operating simultaneously (Harrison et al. 2007),
simulation methods enabled us to examine complex interactive systems and gain
theoretical insights through computational experimentation (Burton and Obel 2011). By
our chosen method (system dynamics), we could consistently model the temporal causal
(cause-and- effect) relationships between theoretically relevant variables to our research
question.
Following Rudolph and Repenning (2002), we conceptualize accidents and crises to
occur as results of dynamic flows of non-novel interruptions in any organization. They
consider interruption as unanticipated changes to ongoing activities/plans which are
repeatedly as a “generic accompaniment” of crisis (Weick 1990, Perrow 2011). This view
is in line with the organizational routine literature. Routines are “repetitive, recognizable
patterns of interdependent actions, carried out by multiple actors” (page 93, Feldman and
Pentland 2003). Moreover, although routines are repetitive, since each performance of a
routine unfolds over time, it can always unfold in a new direction (Feldman & Pentland,
2003).

Figure 1 – Stock and flow diagram of interruptions within the train operating subsystem.


Essentially, Rudolph and Repenning (2002) illustrate how overaccumulation of
interruptions, each of which posing little threat, can lead to a disaster. We extent their
model/approach for a socio- technical system (like a railway system). In particular, if not
managed properly, interruptions in each subsystem of such systems can reinforce those
of the other subsystems and cause a disaster. Therefore, it is critical to understand how
flow of non-novel interruptions within and across subsystems of a socio-technical system
trigger and precipitate disaster.

Discussion and Conclusion
In this paper, we developed and presented a system dynamics model of interruptions in
socio-technical systems. Specially, we adopted the system dynamic model developed by
Rudolph and Repenning (2002) in which interruptions or unexpected changes to ongoing
activities flow through a system: they arrive, accumulate, and exist the system. However,
depending on their flow and accumulation rates within a system, such a system could stay
in a stable situation or turn into a disaster.
As discussed earlier, such perspective on safety seems to be consistent with the safety
paradigms which acknowledge that an accident is often caused by a chain of unnoticed
factors/events over time and prior to the occurrence of that accident (Turner 1976, Reason
1990). Consequently, concentration on dynamics of interruptions within a socio-technical
system could be a feasible pathway to understand safety dynamics within a sociotechnical
system.

Our model considers a railway system like the Dutch railway system to have two
subsystems: (i) train operator and (ii) infrastructure manager. Moreover, interruptions
arrive, accumulate, and dissipate within either of those two subsystems. Each subsystem
also interacts with another one such that its accumulated interruption level affects that of
the other subsystem.
We have also analysed our model in two steps. Firstly, we examine the behaviour of
the system when one (two) sudden increase(s) in interruption arrival rate of one (two)
subsystem(s) occur(s). Interestingly, and in line with work of Rudolph and Repenning
(2002), we observe a threshold behaviour. That is, for situations with interruption arrival
rate having a value below a threshold, the system manages to handle the effects of
pressure, and hence, the accumulated number of interruptions within a subsystem (and
the whole system) remain limited. Secondly, by simulation, we demonstrate how a sociotechnical
system can move from stable to crisis: (1) when the accumulated number of
interruptions in either of the subsystems are limited, it is in a stable situation, (2) however,
as the interruption arrival rates increase, the system moves to the crisis state.
Our study has some limitations which need to be addressed in subsequent and relevant
work. Validation and linkage of our work by using practical cases or datasets can extend
our research to more informative one. Moreover, our model needs further development
by contemplating other subsystems, or non-safety aspects of socio-technical systems.

References
Burton, R. M., and B. Obel. (2011), “Computational modeling for what-is, what-might-be, and whatshould-
be studies-and triangulation”, Organization Science, Vol 22, No 5, pp. 1195-1202.
Carayon, P. (2006), “Human factors of complex sociotechnical systems” Applied Ergonomics, Vol 37, No
4, pp. 525-535.
De Bruijn, H., and P. M. Herder. (2009), “System and actor perspectives on sociotechnical systems”, IEEE
Transactions on systems, man, and cybernetics-part A: Systems and Humans, Vol 39, No 5, pp. 981-992.
Emery, F. E., and E. L. Trist. (1960), Socio-technical systems. management sciences, models and
techniques, churchman cw et al.
Feldman, M. S., and B. T. Pentland. (2003), “Reconceptualizing organizational routines as a source of
flexibility and change”, Administrative Science Quarterly, Vol 48, No 1, pp. 94-118.
Geels, F. W. (2004), “From sectoral systems of innovation to socio-technical systems: Insights about
dynamics and change from sociology and institutional theory”, Research Policy, Vol 33, No 6-7, pp. 897-
920.
Georgantzas, N. C., and E. G. Katsamakas. (2008), “Information systems research with system dynamics”,
System Dynamics Review: The Journal of the System Dynamics Society, Vol 24, No 3, pp. 247-264.
Harrison, J. R., Z. Lin, G. R. Carroll, and K. M. Carley. (2007), “Simulation modeling in organizational
and management research”, Academy of Management Review, Vol 32, No 4, pp. 1229-1245.
Islam, D. M. Z., K. Laparidou, and A. Burgess. (2016), “Cost effective future derailment mitigation
techniques for rail freight traffic management in Europe”, Transportation Research Part C: Emerging
Technologies, Vol 70, pp. 185-196.
Kurtz, C. F., and D. J. Snowden. (2003), “The new dynamics of strategy: Sense-making in a complex and
complicated world”, IBM systems journal, Vol 42, No 3, pp. 462-483.
Li, X., and S. E. Madnick. (2015), “Understanding the dynamics of service-oriented architecture
implementation”, Journal of Management Information Systems, Vol 32, No 2, pp. 104-133.
Luna-Reyes, L. F., J. Zhang, J. Ramon Gil-Garcia, and A. M. Cresswell. (2005), “Information systems
development as emergent socio-technical change: a practice approach”, European Journal of Information
Systems, Vol 14, No 1, pp. 93-105.
Mandler, G. (1984), Mind and body: Psychology of emotion and stress. WW Norton & Company
Incorporated.
Manz, C. C., and G. L. Stewart. (1997), “Attaining flexible stability by integrating total quality management
and socio-technical systems theory”, Organization Science, Vol 8, No 1, pp. 59-70.
Perrow, C. (2011), Normal accidents: Living with high risk technologies-updated edition. Princeton
University Press.
Reason, J. (1990), Human error. Cambridge University Press.
Reason, J. (2017), The human contribution: unsafe acts, accidents and heroic recoveries. CRC Press.
12
Reiman, T., and P. Oedewald. (2007), “Assessment of complex sociotechnical systems-theoretical issues
concerning the use of organizational culture and organizational core task concepts”, Safety Science, Vol 45,
No 7, pp. 745-768.
RIVM, Y. K.-P., and P. T. RIVM. (2014), Towards a new risk-calculation method for the transport of
dangerous goods by rail technical report on failure frequencies of Dutch freight wagons based on incident
data-RIVM report 620550010/2014.
Rudolph, J. W., and N. P. Repenning. (2002), “Disaster dynamics: Understanding the role of quantity in
organizational collapse”, Administrative Science Quarterly, Vol 47, No 1, pp. 1-30.
Saurin, T. A., and S. S. Gonzalez. (2013), “Assessing the compatibility of the management of standardized
procedures with the complexity of a sociotechnical system: Case study of a control room in an oil refinery”,
Applied Ergonomics, Vol 44, No 5, pp. 811-823.
Snowden, D. J., and M. E. Boone. (2007), “A leader’s framework for decision making”, Harvard business
Review, Vol 85, No 11, pp. 68.
Soliman, M., T. A. Saurin, and M. J. Anzanello. (2018), “The impacts of lean production on the complexity
of socio-technical systems”, International Journal of Production Economics, No 197, pp. 342-357.
Songhori, M. J., L. A. van Dongen, and M. Rajabalinejad. (2020), “A multi-domain approach toward
adaptations of socio-technical systems: The Dutch railway case”, In System of Systems Engineering
Conference: IEEE. Budapest, Hungary.
Trist, E. L., and K. W. Bamforth. (1951), “Some social and psychological consequences of the longwall
method of coal-getting: An examination of the psychological situation and defences of a work group in
relation to the social structure and technological content of the work system”, Human Relations, Vol 4, No
1, pp. 3-38.
Turner, B. A. (1976), “The organizational and interorganizational development of disasters”,
Administrative Science Quarterly, pp. 378-397.
Weick, K. E. (1990), “The vulnerable system: An analysis of the tenerife air disaster”, Journal of
Management, Vol 16, No 3, pp. 571-593.
Williams, T. M. (1999), “The need for new paradigms for complex projects”, International Journal of
Project Management, Vol 17, No 5, pp. 269-273.