Re: [sc] [Scanned] One for the Hazard IDs!



Re: [sc] [Scanned] One for the Hazard IDs!

From: Andrew Rae <ajrae_at_xxxxxx>
Date: Wed, 09 Feb 2011 08:36:45 +0000
Message-ID: <4D52521D.5010803@xxxxxx>
In the UK, coroner's findings are usually verbal. If the coroner decides 
you are a "properly interested person" you can get hold
of a transcript or the coroner's notes (one or the other is usually the 
official record). Otherwise the media reports are the only
public record. It seems unlikely that all of the news outlets were 
actually there, so many of the reports would be copied and
paraphrased.

If there is a matter for action to prevent future deaths, they send a 
"rule 43" report to the Lord Chancellor. These are published twice 
yearly by the Minister for Justice.
It isn't clear from any of the press reports I've read that a rule 43 
report was issued in his case.

On 09/02/2011 01:47, tracyinoz@xxxxxx wrote:
> News 9 (news.ninemsn.com.au) reported:
>
> 	- The traffic lights at both ends of the bridge turned green at the same time, an inquest has heard.
> 	- "As I crossed the bridge, I did see headlights but I continued driving, not thinking the car was going to come onto the bridge at the same time," he told the court.
>
> it was also reported in wordnews.com and iolnews, but maybe they got it from the dailymail (??).
>
> I would be interested in getting a copy of the coroner's findings if you have it.
>
> On 09/02/2011, at 9:21 AM, ajrae@xxxxxx wrote:
>
>> Just so we are all on the same page in discussing this ...
>>
>> There is nothing in the public record to suggest that the lights were both
>> green. All of the reported direct quotes from the coroner refer to a
>> "short circuit" and "malfunction". The direct quotes from the other driver
>> indicate that he observed the lights to not be working (indicating that
>> they weren't showing green).
>>
>> With the exception of the Daily Mail, none of the newspapers report both
>> lights being green. I suggest people use the existing reputations of the
>> various news outlets to evaluate which is most likely to be factually
>> correct.
>>
>>>> If the failed light sent a message to the maintenance department, why
>>>> did it not also send a message to its companion light to stop it from
>>>> showing green?
>>> We are assuming that the error detection reflected the entire failure
>>> picture. It could well be that only one element of the total failure had
>>> been detected i.e. erroneous green in one light-set, but the design
>>> clearly has at least one component of detecting the really dangerous state
>>> of all-greens
>>>
>>>> You can't make something idiot proof, because "idiots are so damned
>>>> ingenious".
>>>
>>> agree your point on the idiots, so perhaps we should be designing a world
>>> where they can remove themselves from the gene pool whilst minimising the
>>> damage to others in the process (?)
>>>
>>> On 09/02/2011, at 2:03 AM, Driscoll, Kevin R wrote:
>>>
>>>>> I would not like to see the roads configured for idiots
>>>> You can't make something idiot proof, because "idiots are so damned
>>>> ingenious".
>>>>
>>>>> he had seen a green light
>>>> If the failed light sent a message to the maintenance department, why
>>>> did it not also send a message to its companion light to stop it from
>>>> showing green?
>>>>
>>>> While I haven't seen it anywhere, it seems to me that the best failure
>>>> indication would be to alternatively flash red and yellow, with
>>>> reserving flashing red by itself and flashing yellow by itself to mean
>>>> "failure, proceed with caution".
>>>>
>>>>> -----Original Message-----
>>>>> From: safety-critical-request@xxxxxx [mailto:safety-critical-
>>>>> request@xxxxxx] On Behalf Of tracyinoz@xxxxxx
>>>>> Sent: Tuesday, February 08, 2011 05:44
>>>>> To: safety-critical@xxxxxx
>>>>> Subject: Re: [sc] [Scanned] One for the Hazard IDs!
>>>>>
>>>>> You hit the nail on the head when you stated that it is 'expected'
>>>> that
>>>>> drivers can cope with all-lights-out condition; clearly this failure
>>>>> mode does not warrant any additional controls as the mode is readily
>>>>> recognisable by the motorist and they will compensate accordingly -
>>>>> there is no need for 'mitigation' for the all-lights-out as you
>>>>> suggest, nor have I suggested this need be the case at any point in
>>>>> these discussions. Essentially therefore you agree with me that it is
>>>>> better to default to all-lights-out than to allow the unfettered all-
>>>>> green condition; you did not need a library of signs to tell you how
>>>> to
>>>>> proceed when confronted with the all-lights-out, so no superfluous
>>>>> nanny-signage should be required here.
>>>>>
>>>>> The traffic lights to the bridge operated the SAME as  all other
>>>>> lights, so why would you expect drivers to treat them any differently
>>>>> (nor would you want them to!), so again no need for superfluous
>>>>> signage. When you see a set of lights, there is reasonable assumption
>>>>> that they are there for a reason, so if they are out only a complete
>>>>> idiot would proceed without caution and I would not like to see the
>>>>> roads configured for idiots - there are a enough idiots signs being
>>>>> thrown up by idiot so-called H&S 'practitioners' as it is - I'm more
>>>>> aligned with Hans Monderman when it comes to the use of road signs...
>>>> I
>>>>> did suggest a proceed with caution sign for the all-lights out
>>>>> condition so I am not totally against 'appropriate' signage.
>>>>>
>>>>> The driver reported: "I did see headlights but I continued driving,
>>>> not
>>>>> thinking the car was going to come on to the bridge at the same time".
>>>>> Of course he didn't think a driver would be coming over at the same
>>>>> time because he had seen a green light, he would have been a lot more
>>>>> circumspect had the lights been out completely ... as you were when
>>>> you
>>>>> encountered the same.
>>>>>
>>>>> I remember a junction when I drove to work that had a far more
>>>>> expeditious for traffic flow when they failed as drivers reacted
>>>>> dynamically to the the prevailing traffic volume (they were at there
>>>>> worst when PC-plod turned up to control the junction manually);
>>>> traffic
>>>>> lights by definition are fixed, so do not naturally support
>>>> expeditious
>>>>> traffic; they primary purpose is to 'control' traffic, regulating
>>>>> priorities, as in this instance.
>>>>>
>>>>> Read more:
>>>> http://www.metro.co.uk/news/854188-snail-led-to-fatal-crash-
>>>>> at-traffic-lights#ixzz1DMdZ6VUJ
>>>>>
>>>>> On 08/02/2011, at 8:35 PM, David Crocker wrote:
>>>>>
>>>>>> I am not familiar with the bridge in question, but I don't think we
>>>>> can assume that traffic lights were installed because the bridge was
>>>>> considered unsafe without them - it might have been done to promote
>>>>> expeditious traffic flow.
>>>>>> The all-lights-off condition would also result if there was a power
>>>>> failure. As far as I am aware, traffic lights in the UK do not
>>>> normally
>>>>> have backup power supplies. So an engineering solution to the problems
>>>>> of rain/slug ingress does not eliminate the need for mitigating the
>>>>> effect of the all-lights-out condition.
>>>>>> I have come across traffic lights at junctions in the all-lights-out
>>>>> condition on several occasions, and it seems to me that drivers are
>>>>> expected to cope with this on rare occasions. Do we know whether the
>>>>> bridge in question has clear signage to ensure that drivers
>>>> approaching
>>>>> the bridge and unfamiliar with it are aware that it is single-track
>>>> and
>>>>> normally controlled by lights?
>>>>>> David Crocker, Escher Technologies Ltd.
>>>>>> http://www.eschertech.com
>>>>>> Tel. +44 (0)20 8144 3265 or +44 (0)7977 211486
>>>>>>
>>>>>>
>>>>>> On 08/02/2011 03:02, tracyinoz@xxxxxx wrote:
>>>>>>> Given that signage and/or procedures are low on the totem pole of
>>>>> controls (for a very good reason), the first port of call has to be an
>>>>> engineering solution.
>>>>>>> I agree that it may help the situation to provide signage to
>>>>> emphasis the increase safety risk in the situation of know failure
>>>> e.g.
>>>>> 'proceed with caution when lights off', but this should never be
>>>>> discussed over an engineering solution which can detect and mitigate
>>>>> for a know 'dangerous' failure. By fitting lights to this section of
>>>>> road, we have decided that the safety of the road users warrant the
>>>>> cost of the lights. Drivers will reasonably be expected to place some
>>>>> reliance on the operations of traffic lights, so to push that
>>>>> responsibility back on the driver is not acceptable.
>>>>>>> I am not convinced that any signage could mitigate a driver
>>>> ignoring
>>>>> a signal (what would it say, 'don't ignore this signal'?).
>>>>>>> Signage should only ever be supplemental and should not be an
>>>>> alternative to an engineering solution.
>>>>>>> On 08/02/2011, at 3:17 AM, Royalty, Chuck wrote:
>>>>>>>
>>>>>>>> Not to dismiss the importance of identifying signal failure modes
>>>>> and dealing with them, when it comes to this accident (based only info
>>>>> in the article), part of the question is whether the design and the
>>>>> safety case should depend on things other than the signals themselves.
>>>>> The first driver to cross the bridge noted that the traffic signal
>>>>> wasn't working, but assumed oncoming traffic would see and avoid him.
>>>>> There's no indication as to what other signage was present, but given
>>>>> the unusual nature of the hazard it would have been prudent to warn
>>>>> drivers with fixed signs.  Perhaps:
>>>>>>>> a) it's a one-lane bridge and they should be alert for oncoming
>>>>>>>> traffic,
>>>>>>>> B) they should yield to oncoming traffic and use caution when
>>>>>>>> crossing
>>>>>>>> b) they should obey the traffic signals (which indicates that
>>>> there
>>>>>>>> *are* traffic signals)
>>>>>>>>
>>>>>>>> None of that might have prevented this accident, but given that
>>>> the
>>>>> signals weren't placed at an intersection (the common usage), trained
>>>>> or 'natural' driver reactions to their failure might be expected to
>>>>> vary from the norm, so extra warnings might be warranted.  In
>>>> addition,
>>>>> the signs would help mitigate another hazard - the driver who simply
>>>>> ignores the signal.  One does not know whether the accident would have
>>>>> occurred if the signals had been working.  A few moments of
>>>> inattention
>>>>> on the part of one driver is all that's required.  In that case, the
>>>>> cautious driver must depend entirely on him- or herself.
>>>>>>>> There are a few common behaviors of traffic signals that appear to
>>>>> be universal for safety, but clearly different countries have
>>>> different
>>>>> rules regarding signal failure, and signals are used in contexts (and
>>>>> sometimes as temporary installations) other than for the classic
>>>>> control of crossing traffic.  The signal and its failure modes are
>>>> only
>>>>> part of the required mitigation, and the overall installation should
>>>>> consider that, I would think.
>>>>>>>> Regards
>>>>>>>> Chuck Royalty
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: safety-critical-request@xxxxxx
>>>>>>>> [mailto:safety-critical-request@xxxxxx] On Behalf Of
>>>>>>>> tracyinoz@xxxxxx
>>>>>>>> Sent: Monday, February 07, 2011 1:16 AM
>>>>>>>> To: safety-critical@xxxxxx
>>>>>>>> Subject: Re: [sc] [Scanned] One for the Hazard IDs!
>>>>>>>>
>>>>>>>> I obviously see this entirely differently, but I see the issue,
>>>> not
>>>>> in the sense of dealing with the snail ingress, but of recognising the
>>>>> failure mode (the effect) whereby both lights are set to green
>>>> (clearly
>>>>> a hazardous state and one which should have been recognised).
>>>>>>>> If this failure mode can be detected (in reality it should be
>>>>> possible,  and the serious nature of the possible outcome should also
>>>>> be appreciated) then the system can default to a 'safer' state such as
>>>>> all lights inhibited (a previous standard was referred to which
>>>> defined
>>>>> some of these configurations) ; failure is is less of a safety problem
>>>>> when  you are aware of that failure, you will modify your behaviour to
>>>>> account for the changed circumstances and thereby lessen the safety
>>>>> risk  (it is the dormant ones that have the biggest bite).
>>>>>>>> The approach of managing  the 'effect' (thereby making the
>>>>> 'hazard') would cater for all manner of causes including any form of
>>>>> environmental ingress and covert snail action (in some ways, you do
>>>> not
>>>>> have to worry about identify all possible ways that may arise, if you
>>>>> cater for it by detecting its arising).
>>>>>>>> Regards,
>>>>>>>> Tracy White
>>>>>>>>
>>>>>>>> On 07/02/2011, at 9:03 AM, Robin Cook wrote:
>>>>>>>>
>>>>>>>>> I am of the view that snail ingress should have been addressed
>>>> but
>>>>> generically rather than specifically (unless your system is to be
>>>>> installed in a snail farm).  A few more thoughts:
>>>>>>>>> The fact that the system needs to comply with the environmental
>>>>> requirement is often assumed to be addressed by others. It is just as
>>>>> important that all environmental requirements are captured correctly,
>>>>> met and verified as for the functional requirements if the system is
>>>> to
>>>>> perform safely throughout its life. Where equipment is deployed in the
>>>>> vicinity of animals and other life, it is relevant that the
>>>>> specification addresses this.
>>>>>>>>> Salt water, mist etc can often be found in environmental
>>>>> specifications but has anyone seen canine (dog) urine in the
>>>>> specifications.  I haven't.  Is it less corrosive? Perhaps I should
>>>>> look at an environmental specification for a lamp post.
>>>>>>>>> Snail ingress should be covered by the IP ratings but are these
>>>>> maintained over time especially following damage? The attention of the
>>>>> maintenance procedures to environmental issues is also relevant.
>>>>>>>>> Best regards
>>>>>>>>> Robin Cook
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ----- Original Message ----- From: "Peter Sheppard"
>>>>>>>>> <peter.sheppard@xxxxxx>
>>>>>>>>> To:<safety-critical@xxxxxx>
>>>>>>>>> Sent: Wednesday, February 02, 2011 9:41 AM
>>>>>>>>> Subject: [sc] [Scanned] One for the Hazard IDs!
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> http://www.thisistamworth.co.uk/news/Little-angel-killed-cruel-
>>>>> twis
>>>>>>>>> t-fate/article-3149898-detail/article.html
>>>>>>>>>
>>>>>>>>> Peter Sheppard
>>>>>>>>> Principal Safety Engineer
>>>>>>>>> BSc (Hons), FIET, FIRSE, FSaRS
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>> ___________________________________________________________________
>>>>>>>>> ___ This email has been scanned by the MessageLabs Email Security
>>>>>>>>> System.
>>>>>>>>> For more information please visit
>>>> http://www.messagelabs.com/email
>>>>> ___________________________________________________________________
>>>>>>>>> ___
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>
>>>
>>>
>>
>>
>
>
> [The content of this part has been removed by the mailing list software]



[The content of this part has been removed by the mailing list software]
Received on Wed 09 Feb 2011 - 08:36:52 GMT