Responsibility modelling for socio-technical systems

1,013 views

Published on

Overview of approach to socio-technical system analysis based on responsibilities

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,013
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • How are the two responsibilities held by the Environment agency coordinated, what is the dependency between them?How is the Flood Warning resource used by other agencies, what responsibilities will need to be discharged if it is issued?HAZOPS analysis
  • Responsibility modelling for socio-technical systems

    1. 1. Responsibility modelling in socio- technical systems Ian Sommerville St Andrews UniversityResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 1
    2. 2. Socio-technical systems Social and political environment Laws, regulations, custom & practiceSystem Business Software-intensive system processes users Organisational policies and culture Organisational strategies and goalsResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 2
    3. 3. System failureResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 3
    4. 4. Normal failures A system failure occurs when a direct or indirect user of a system has to carry out extra work, over and above that normally required to carry out some task, in response to some inappropriate system behaviourResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 4
    5. 5. System dependability • Many system „failures‟ are due to inadequate consideration of social, organisational and cultural factors that affect a computer-based system • Often manifested as a misfit between a system and the organisation using that system, resulting in: – User interaction „errors‟ – Unreliable and inefficient processes – Provision of incorrect or inappropriate information to system usersResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 5
    6. 6. Bridging the modelling chasm Organisation al models Software models Responsibility modelsResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 6
    7. 7. Responsibility • A suitable abstraction for modelling the components and interactions of socio-technical systems of systems “A duty, held by some agent, to achieve, maintain or avoid some given state, subject to conformance with organisational, social and cultural norms.”Responsibility Modelling in Socio-technical Systems, Feb 2012 Slide 7
    8. 8. Responsibility as an Abstraction “Financial Responsibilities Management” Improve GoalsProfitabilityby 5% over Tasks FY Activities Functions ... Responsibility Modelling in Socio-technical Systems, Feb 2012 Slide 8
    9. 9. Why responsibility? • Responsibilities are high-level abstractions that define (informally) what is expected of a human or automated agent. No assumptions are made about how an agent will discharge its responsibilities • Responsibilities are natural abstractions that people can relate to and talk about – In system design, technical abstractions (such as objects) that are alien to system stakeholders are often usedResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 9
    10. 10. Responsibility vulnerabilities – Unassigned responsibility – Duplicated responsibility – Uncommunicated responsibility – Misassigned responsibility – Responsibility System failures can result from overload misunderstandings about – Responsibility responsibilities and failures of people fragility to discharge their responsibilities as expectedResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 10
    11. 11. What is a responsibility model? • A succinct definition of the responsibilities in a system, the agents who have been assigned these responsibilities and the resources that should be available to these agents in discharging their responsibilities.Responsibility Modelling in Socio-technical Systems, Feb 2012 Slide 11
    12. 12. Responsibility models • Simple graphical presentation that shows: – Responsibilities – Organisations/people/automated systems who are assigned specific responsibilities (agents) – Authority structures (where appropriate) i. e. information about accountability in an organisation – Responsibility dependencies – Information, and other resources required to discharge responsibilitiesResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 12
    13. 13. Responsibility planning model | Reactor Status Report | Appoint Govt. <<Scottish Executive>> <Site Emergency Declaration ofTechnical Advisor Controller>, Emergency <<Secretary of State>> <Deputy Site Emergency Controller> <<Site Owner>> Activate Central Nuclear Emergency Support Centre Activate North Activate Site Activate Scottish Ayrshire Emergency Control Exec. Emergency Emergency Room Centre RoomResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 13
    14. 14. Information resources Channels [ VHF Radio ] [ MF Radio ] | Gunfacts |Check on safety of | Subfacts | Broadcast Marine vessels in <<MRCC Clyde>> Safety Information incident area | Weather warnings | | Navigation warnings | | Incident information | | Alert Broadcast | << Police | NAECC Liaison Officer >> Information resourcesResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 14
    15. 15. Emergency Planning • Development of contingency scenarios and plans for coping with incidents • Single agency plans document resources, procedures etc to be utilised by the agency to discharge responsibilities • Inter-organisational plans document the responsibilities that each organisation holds and can expect others to discharge • Planning is evaluated through emergency exercisesResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 15
    16. 16. Problems in Emergency Planning • Emergency plans are often verbose and rarely used during emergency responses • Misunderstandings occur between organisations regarding: – Who holds particular responsibilities – How responsibilities are interpreted • Circumstances may require unexpected agents to discharge responsibilities • The appropriate information may not be available to an agent for a responsibility to be discharged – E.g. Communication infrastructure or process failuresResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 16
    17. 17. Responsibility modelling benefits • Responsibility models are a way of facilitating the analysis of responsibilities and discussing responsibilities across organisations • They support risk analysis and the identification of a class of potential vulnerabilities in a system • They serve as a means of identifying information requirements and help identify redundancy and diversity that should be planned for in a system • They may be useful as a means of documenting responsibilities and learning from experienceResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 17
    18. 18. Coordination system for EP • Scenarios from a (socio-technical) coordination system for emergency management are used as the driver for our work • Each agency involved has its own C & C system and does not wish to invest in a shared C & C system for managing emergencies • System has to support – Joint planning – Sharing of information from different systems – Audit trail of actions taken during an emergency – Provision of information to managers in the fieldResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 18
    19. 19. Systems of systems • When systems are created by integrating and configuring existing systems, their behaviour is constrained. There is limited scope for defining the functionality of a system • For systems of systems, a behavioural approach to requirements specification should be replaced by a focus on the information produced, consumed and shared by the agents in the systemResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 19
    20. 20. Information requirements • Requirements for information to be provided to agents to help them do their work, requirements for information sharing and access control and requirements for information that is to be generatedResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 20
    21. 21. Information analysis • We assume that the holder of a responsibility needs some information to discharge that responsibility • Information requirements are concerned with: – What: The information required – Where: The source of that information – How: The channel (or channels) through which that information is delivered – Structure: How the information is organised/should be organised – Presentation: How the information should be presented to a user of that informationResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 21
    22. 22. Talking to stakeholders What information is required to discharge a responsibility? Where does the information come from? What channels are used to communicate this information? What information is recorded in the discharge of this responsibility? What channels are used to communicate the recorded information? What are the consequences if the information is unavailable, inaccurate, incomplete, late, early, etc.?Responsibility Modelling in Socio-technical Systems, Feb 2012 Slide 22
    23. 23. Flood emergencies << Environment agency >> << Local authority >> << Silver command >> Flood Declare Initiate forecasting emergency Evacuation | Flood warnings |Responsibility Modelling in Socio-technical Systems, Feb 2012 Slide 23
    24. 24. Initiate Evacuation • Information requirements – Risk assessment showing properties at risk from predicted flooding, predicted times of flooding and the likelihood of flooding in specific areas (Environment agency, local authority) – Information about „special properties‟ e.g. hospitals, care homes, schools, where the residents will require help to be evacuated (Local authority) – Availability of resources from emergency services and other agencies (Emergency services liaison officers)Responsibility Modelling in Socio-technical Systems, Feb 2012 Slide 24
    25. 25. Information analysis • Risk assessment – An assessment of the areas that are of risk from the flood and the probabilities of flooding in these areas (What info) – Based on flood warnings from environment agency and local knowledge (Where from) – Telephone, web, meetings (Channels) – Areas at risk and imminence of risk; Who made decision and what local knowledge used (What recorded) – Fax to silver command or meeting – Vulnerabilities - discussed laterResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 25
    26. 26. Initiate evacuation << Environment agency >> << Environment agency, Local authority >> Flood Risk | Flood warnings | Analysis forecasting << Silver command >> | Risk assessment | | Resource assessment | Initiate Evacuation | Special properties |Responsibility Modelling in Socio-technical Systems, Feb 2012 Slide 26
    27. 27. Vulnerability analysis • The responsibility model reflects the understanding of an organisation about who is responsible for what and what that responsibility entails • Examining and comparing models allows us to identify: – Responsibility omissions • responsibilities that each organisation assumes are assigned to some other organisation or which are simply not assigned to any organisation – Responsibility misunderstandings • situations where different organisations understand a responsibility in different waysResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 27
    28. 28. HAZOPS • A HAZOPs-style „what if‟ analysis can be applied to the information requirements for each responsibility – Analyses the robustness of the contingency plan in failure circumstances • Guide words were selected to query information channel failure for each requirement: – Early – Late – Never – InaccurateResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 28
    29. 29. HAZOPS AnalysisResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 29
    30. 30. Evacuation responsibilities << Silver command >> Evacuation << District council >> Initiate Evacuation Arrange Transportation Establish Inland SearchCoordinate Collect Evacuee Security Reception and RescueEvacuation Information Centres << Police >> << County council >> << Fire service >>Responsibility Modelling in Socio-technical Systems, Feb 2012 Slide 30
    31. 31. Evacuation coordination Coordinate<< Police >> Evacuation | Assembly points | Transportation | Reception centre locations | | Evacuee list | << District council >> Establish Inland Search ReceptionCollect Evacuee and Rescue Centres Information << Fire service >> << County council >> Responsibility Modelling in Socio-technical Systems, Feb 2012 Slide 31
    32. 32. HAZOPS AnalysisResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 32
    33. 33. Deviations • HAZOPS style keyword/consequence method for assessing each information resource: • Example: Priority Premises Resource – Unavailable: Manual premises check required to see if vulnerable people to be evacuated. – Inaccurate: Manual premises check may be necessary. Possible delay in evacuation of vulnerable people. People may be left behind. – Incomplete: Possible delay in evacuation. – Late: Information has to be communicated to units in the field rather than at local coordination centre. – Early: No consequence.Responsibility Modelling in Socio-technical Systems, Feb 2012 Slide 33
    34. 34. Requirements • The coordination system shall maintain a list of priority premises to be evacuated for each town in the local area. – This shall be updated by the local council when the coordination centre is established. (The premises list is maintained by the local government authority but may not be immediately available outside of normal working hours; While a central list may be out of date, it is better than nothing.) • The coordination centre system shall maintain a list of premises evacuated along with the time of evacuation and the units involved in the evacuation.Responsibility Modelling in Socio-technical Systems, Feb 2012 Slide 34
    35. 35. Take-home messages • Software cannot be isolated from the wider socio- technical system in which it is used • Improving software dependability through technical improvements will not have a significant effect on improving system dependability • Responsibilities are a useful abstraction for facilitating discussions about systems • Understanding how responsibilities are discharged helps you understand the requirements for a software systemResponsibility Modelling in Socio-technical Systems, Feb 2012 Slide 35

    ×