Three System Failures and a Model of Organizational Accidents

The technological advances of the last 30 years have made it highly unlikely that a single technical failure or an isolated human error would be enough to cause a major accident. To penetrate a modern industrial system’s many defences, barriers and engineered safeguards, now requires the unlikely combination of several contributing factors, each necessary but none sufficient to cause the accident by itself. Exhaustive investigations of accidents in high-technology systems have made it clear that bad events do not usually start at the ‘sharp end’. Rather, they involve an interaction between long-standing system weaknesses, termed latent conditions, and local triggering events.