EWaSAP: An Early Warning Sign Identification Approach Based on a Systemic Hazard Analysis Ioannis M. Dokas 1 , John Feehan, Syed Imran Cork Constraint Computation Centre University College Cork, Cork, Ireland E-mails: {i.dokas; j.feehan; s.imran}@4c.ucc.ie Keywords: Early Warning signs; Early warning signals, EWaSAP; STPA; STAMP; Drinking water safety. Abstract Early warning signs and signals are perceivable sets of data which indicate in a timely manner the presence of flaws and threats to a system. Unfortunately, the structured identification and analysis of early warning signs is not readily supported by conventional hazard and risk analysis approaches. To address this problem, the STAMP Based Process Analysis (STPA) has been extended to incorporate the identification of early warning signs. The result is the Early Warning Sign Analysis based on the STPA (EWaSAP) approach. EWaSAP is described in this paper as well as the results of a case study using it in a critical process at a real world drinking water treatment works. After using EWaSAP, a significant increase on the predefined list of early warning signs was noted. 1. Introduction The evolution of scientific knowledge and technology has contributed to improved safety management in complex socio-technical systems. However, resent catastrophes highlight the need to further advance existing safety engineering approaches and to introduce new approaches, which will effectively support proactive risk management strategies. According to (Rasmussen and Svedung, 2000), a proactive approach to risk management aims at designing a strategy based on: a) an identification of the boundaries of safe performance, b) efforts to make these boundaries visible to decision makers and c) efforts to counteract pressures that drive decision-makers toward the boundaries. When trying to design proactive risk management strategies, concepts such as safety, reliable performance and accidents need careful consideration. An accident is defined as an undesired and unplanned (but not necessarily unexpected) event that results in (at least) a specified level of loss (Leveson, 1995a). Reliable performance, on the other hand is explained as the result of the enforcement of dynamic non-events. As Weick (1987) put it “what produces the stable outcome is constant change rather than continuous repetition. To achieve the stability, a change in one system parameter must be compensated for by change in other parameters”. Finally, safety is the freedom from accidents and is an emergent property of systems, not components (Leveson, 2008). Emergent properties, like safety, arise when system components operate together (Leveson, 1995b). In order to maintain safety, it is important to know, among other things, how accidents occur and from which threats a system must be protected (Dokas, 2009). A range of hazard analysis techniques can be applied to “ensure” the safety of complex socio-technical systems in practice. Hazard analysis aims at defining models of possible accident scenarios. Based on these accident scenario models and on their assumptions, a series of barriers and control processes are designed to maintain safety and to properly react, when a potential threatening change is detected into the system or in its environment. Hazard analysis techniques are based on accident models, which provide descriptions of the conceptual elements needed to explain the phenomenon of accidents. Hollanger (2005) classified accident 1 Corresponding Author. Tel: +353 21 420 5960