At 02:16 PM 7/20/97 -0400, David Mercer wrote:
On Sun, 20 Jul 1997, Paul Trotter wrote: Seems to me that NSI have shown that their training procedures don't work,
That's not the problem. The problem is bad procedures, not the failure to follow them correctly. The procedures should have prevented the operator from installing the update, absent serious overrides. Since it is far, far more dangerous to add a bad update than it is to delay the update, the procedures should have prevented the update as soon as the update data failed any of its validity tests. To override preventative mechanisms should require the intervention of senior operations staff. In other words, besides requiring a positive override, it should require additional staff who are not part of the regular, daily activity. Merely issuing passive alarms that can be ignored is representative of basic ignorance about well-understood operator human factors. I said well-understood. That, of course, means that one must use designers knowledgeable in such matters. NSI didn't. That's a management error, not an operator error.
I personally don't find their assurance that such duties will now be
Indeed, you shouldn't. It's more important to change the procedures than it is to change the staff. d/ -------------------- Internet Mail Consortium +1 408 246 8253 675 Spruce Dr. fax: +1 408 249 6205 Sunnyvale, CA 94086 USA info@imc.org , http://www.imc.org