Human Factors - Kathy Kas

advertisement
Human Factors
Risk Management Services
Department
Are You Perfect?
• Have you ever pushed the wrong
button on a soda machine, left your
car headlights on, or unintentionally
deleted a file on your computer?
• Wonder how often these (and more
serious) errors occur?
Laws of Nature
We accept and design for the laws of
nature.
Example: If a bridge falls down, we don’t
list “gravity” as the root cause.
Example: If there is an asphyxiation, we
don’t list “people need oxygen” as the
root cause of an injury.
Human Error
• Law of nature:
HUMANS MAKE MISTAKES!
• DON’T BLAME IT…PLAN FOR IT!
How Often Do Humans Make Mistakes?
• Trained, not under stress, not fatigued
or overloaded, and enough time:
Error occurs about 1 in every 100 times
the operation is done
How Often Do Humans Make Mistakes?
• Not trained, or under stress, or
overloaded or short period of time:
Error occurs about ½ to every time the
operation is done
How Often Do Humans Make Mistakes?
• Trained and not under stress and not
fatigued and not overloaded and
enough time AND with built in
feedback:
Error occurs about 1 in every 1,000
times the operation is done
What is Feedback?
• Buzzer when you leave your lights on
• Bell if the keys are in the ignition when the
car door is opened
• Control system asking you to confirm that
the charge amount you entered was correct
and showing the proper pumps and valves
are open/closed
If you can see that you are doing the right
thing, then you can be sure that you did
it.
Can a Human Check a Human?
• Principle: If a person knows that
someone else checked, they are not
likely to reliably recheck
Human checking is not generally a
reliable safeguard against errors made
by other humans
(Exception: airline industry, although it
is not 100% reliable…)
Helios Plan Crash Aug. 2005
3 checks by two pilots missed the
switch in the wrong position
Ineffective response
to loss of cabin
pressure and
incapacitation of
crew
Is Technology the Panacea?
Principle: If a safety system is installed
to protect against human error, the
human will depend on it. Then the
safety system becomes the only layer
of protection.
Principle: All mechanical things break.
Safety systems need to be tested to
ensure that they are working properly.
Real-Life Example
• An operator loading a tank overflowed
the tank
• Management put a high level shutoff
on the pump
• The operator relied on the switch and
did not watch the tank level closely
• One day, the switch failed and the tank
overflowed
BP Texas City
• Operators did not fully understand Raffinate
Splitter Tower operation
•Startup procedures not fully followed
•Material fed to column but did not exit; critical
valve not opened during startup
•Level exceeded safe limits; level device failed; not
recognized
•Level instrumentation in blow-down tank failed, but
not repaired
•Blow-down tank overflowed, material reached an
ignition source, and a vapor cloud explosion resulted
BP Texas City Explosion / Fire
March 23, 2005
Caveat
Any system human beings devise to
prevent failure can be overcome by
human beings with sufficient
determination and authority
If there is a will, there is a way!
Guiding Principles for
Preventing Human Error
• Humans and systems designed by
them are vulnerable to error
• Existing facilities contain many traps
that can cause human error
• Designers can provide systems to
facilitate error/deviation detection and
to enable recovery before the
error/deviation becomes serious
Design Considerations
• Ergonomics – Can the operator reach what
he needs to and work safely?
• Operability – Is the work flow designed to
minimize taking shortcuts?
• Procedures – Are they clear, easy to follow,
and explain the consequences of
deviations?
• Maintenance – Is there access and
capability to maintain equipment?
• Simplify – less chance of error
Design Considerations
• Be consistent – orient valves the same
way, use computer diagrams that look like
the equipment layout
• Human limitations – consider color-blind
operators, different heights
• Safety systems – make sure they can’t be
bypassed
• Alarm management – Don’t shower the
operator with alarms he can’t process at
once!
Chernobyl Nuclear Reactor Runaway
April 26th 1986
Chernobyl, Soviet Union 1986
• Nuclear meltdown resulted in 56 direct
deaths, relocation of 336,000 people,
and a plume of radioactive fallout
• Significant design flaws in reactor
• Safety systems switched off
• Operator errors/training
• Alarm showers confused the operators
(also at Three Mile Island)
Cultural Stereotypes
• GREEN is on, RED is off…but not in
Japan!
• H is hot water, C is cold…except in
non-English countries (chaud or
caliente both mean hot in French and
Spanish)
• Light switch is up for on…except in the
UK!
Human Factors Philosophy
1. Make the right way THE ONLY WAY
2. Make the right way THE EASIEST WAY
3. Give the operators feedback that it was
done the wrong way
4. Provide safeguards for when it is done the
wrong way
Remember Other Operations…
Don’t forget about maintenance,
startup, and shutdown. These are the
most risky times in a process. There
must be EHS reviews, management of
change, permitting procedures,
training and communication systems
to avoid human error.
Piper Alpha, 1987
Piper Alpha, 1987
Piper Alpha, North Sea, UK
• Operators switched on a pump that
was undergoing maintenance – poor
lockout/tagout and communications
• Significant leak/fire ensued
• Piper Alpha was destroyed
• 167 fatalities, loss of millions in
revenue per day
Safety Culture
A safety culture that promotes and
reinforces safety as a fundamental value is
inherently safer than one which does not
- Do we have to follow the standards?
- Do we really have to shut down?
- Do we have to install this safety system?
If these questions are asked, it is an indication
of a poor safety culture!
Summary
•
•
•
•
•
•
•
•
Human error is a fact of nature – plan on it
Design process to minimize “traps”
Provide training and clear guidance
Provide feedback that the operator action taken
is right/wrong
Don’t expect humans to check humans
Provide safety systems
Remember to consider startup, shutdown, and
maintenance
Support an interdependent safety culture
Download