A universal system for how work gets done
Transportation Safety Incidents
Organizational Context
This case examines transportation safety incident handling across the Department of Transportation, including modal administrations (FAA, NHTSA, FRA, FMCSA, PHMSA, MARAD), state transportation agencies, transport operators, and emergency response partners.
Safety incidents enter DOT systems through accident reports, near‑miss reporting, sensor and telemetry feeds, law enforcement notifications, operator disclosures, and public reporting.
• Incidents range from minor operational deviations to catastrophic failures.
• Most reported events do not require federal escalation.
• Public visibility often exceeds actual systemic risk.
• Investigative and regulatory authorities differ by mode.
How the Work Was Intended to Function
From a transportation safety perspective, incident handling was expected to function as a structured control loop:
• Incidents are reported and logged.
• Immediate safety actions are taken if needed.
• Root cause is investigated.
• Corrective or enforcement actions are determined.
• System‑level lessons are captured.
Because reporting requirements, investigation authorities, and safety programs existed, the system appeared governed at an aggregate level.
What Was Actually Happening
Observed reality diverged materially:
• Low‑risk incidents consumed disproportionate attention due to visibility.
• Serious precursor events were sometimes under‑escalated.
• Thresholds for federal involvement varied by mode and region.
• Early actions were taken before the incident was properly framed.
• After‑action justification relied on severity narratives rather than structure.
The underlying issue was not safety expertise, but the absence of a shared way to interpret one transportation safety incident before committing investigative and regulatory resources.
How FLOW Was Introduced
Leadership sought a stabilizing lens that preserved safety judgment while improving consistency. Specifically, they needed:
• A common language to explain why safety incidents behave differently.
• A method to separate immediate severity from systemic consequence.
• A unit‑centered lens instead of managing incident volume.
• Governance aligned to impact breadth rather than public attention.
FLOW was introduced as a classification lens applied early in safety incident assessment—before full investigations, enforcement posture, or public commitments were made.
Identifying the Unit of Effort
The organization anchored safety handling on a single, stable unit of work:
• Unit of Effort: one transportation safety incident requiring assessment and disposition.
• Multiple reports, sensor alerts, or witness statements may inform the same unit.
• Parallel investigations do not create new units.
• The incident remains constant as understanding and response deepen.
How Complexity Was Determined
Complexity was defined strictly as the amount of judgment required to understand causality and appropriate response.
• Low complexity: clear cause with established corrective actions.
• Higher complexity: multiple contributing factors or ambiguous fault.
• Higher complexity: interaction between human, technical, and environmental factors.
• Higher complexity: uncertainty around recurrence or systemic exposure.
This definition of complexity was applied uniformly across all FLOW levels.
How Scale Was Determined
Scale was defined as the breadth of impact created by one transportation safety incident.
• Number of passengers, operators, or communities affected.
• Degree of dependency across transportation networks if mishandled.
• Need for cross‑modal or cross‑jurisdiction coordination.
• Extent to which the incident constrains future operations or policy.
Incidents confined to a single asset with no downstream effects were treated as low scale; incidents affecting networks, modes, or national confidence were treated as higher scale.
Other Measures of Scale Considered
• Injury or fatality count.
• Media coverage and public concern.
• Operational disruption duration.
• Cost of recovery or repair.
• Political or congressional interest.
These measures were operationally visible, but were not used as the primary definition of scale in this walkthrough.
Applying FLOW to Transportation Safety Incidents
With complexity and scale definitions fixed, each safety incident was classified using the same logic. The unit remains constant across all examples below—this is still one safety incident.
• Classify complexity first.
• Classify scale second.
• Assign the single FLOW classification that best fits the unit.
FLOW A — Local, Contained Incidents
This example involves one safety incident. The unit does not change.
Example: a minor vehicle collision involving a commercial operator with no injuries and no regulatory breach.
• Complexity: low (cause is clear; response is standard).
• Scale: low (limited exposure; no network impact).
• Handling implication: rapid documentation and closure.
Built‑out handling: the incident is logged, operator corrective actions are verified, and no further escalation is required.
FLOW B — Broader Operational Impact from One Incident
This example still involves one safety incident. The unit remains the same; the impact surface expands.
Example: a derailment or runway excursion causes service disruption across multiple routes without systemic failure.
• Complexity: low (known failure mode).
• Scale: moderate (coordination across operators and jurisdictions required).
• Handling implication: synchronized response and oversight.
Built‑out handling: DOT coordinates with operators and state agencies, monitors corrective actions, and ensures consistent safety messaging. The distinguishing factor from FLOW A is coordination breadth, not deeper analysis.
FLOW C — Complex, Judgment‑Driven Incidents
This example still involves one safety incident. Judgment requirements increase.
Example: a near‑miss event reveals ambiguous contributing factors across human performance, technology, and procedures.
• Complexity: high (interpretation and hypothesis testing required).
• Scale: low‑to‑moderate (impact localized, but misclassification risk is high).
• Handling implication: deliberate analysis before action.
Built‑out handling: investigators analyze multiple causal paths, test recurrence risk, and advise leadership on proportionate safety actions without over‑correcting.
FLOW D — System‑Level Impact from One Incident
This example still involves one safety incident. The unit remains unchanged; dependency becomes enterprise‑wide.
Example: a safety failure undermines confidence in a class of aircraft, vehicles, or infrastructure nationwide.
• Complexity: variable.
• Scale: high (system‑wide exposure and cascading effects).
• Handling implication: elevated governance and sequencing.
Built‑out handling: DOT leadership coordinates investigations, regulatory actions, operator restrictions, and public communication. One incident constrains many downstream decisions.
FLOW S — Exceptional Incidents
This example still involves one safety incident, but normal governance pathways are insufficient.
Example: imminent risk to life requires immediate federal action before investigation completion.
• Complexity and scale vary.
• Handling implication: explicit exception authority.
• Key risk: bypassing controls without accountability.
Built‑out handling: emergency orders are issued, operations are halted if necessary, and executive oversight is direct. FLOW S is defined by handling exception, not visibility.
What Changed After FLOW Classification
• Escalation decisions became explainable and consistent.
• Low‑impact incidents moved faster.
• High‑impact incidents received appropriate governance.
• After‑action learning improved due to explicit classification.
Organizational Implications
• Safety resources were aligned to true risk.
• Public trust improved through consistent responses.
• Operators received clearer expectations.
• Regulatory actions became more defensible.