Embed Size (px)
Citation preview
1
Hum
an E
rror
in R
isk
Ass
essm
ent
and
Safe
ty
Man
agem
ent
Syst
ems
Chri
s Jo
hnso
n
Uni
vers
ity
of G
lasg
ow, S
cotl
and.
http
://w
ww.d
cs.g
la.a
c.uk
/~jo
hnso
n
3rd
May
200
3
2
Som
e Ch
ange
s
•A
fter
the
fir
st f
ew d
ays:
–M
ore
indi
vidu
al e
xerc
ises
;–
Mor
e on
aut
omat
ed s
yste
ms;
–Le
ss o
n te
chni
ques
….
•I’
ll pu
t th
e re
vise
d no
tes
on t
he w
eb.
3
Ove
rvie
w
•Ke
y to
pics
:
–W
hat
is h
uman
err
or?
–H
uman
err
or in
ris
k as
sess
men
t.–
Hum
an e
rror
in s
afet
y m
anag
emen
t.
4
Tim
etab
le•
08.0
0 –
regi
stra
tion
–08
.30-
09.3
0 –
Wha
t is
hum
an e
rror
?•
09.3
0-10
.00
–Br
eak
and
grou
p se
ssio
n 1
(TRI
POD
ana
lysi
s).
–10
.00-
11.0
0 -
Hum
an e
rror
& R
isk
anal
ysis
.•
11.0
0-11
.30
–Br
eak
and
grou
p se
ssio
n 2
(FM
ECA
stu
dy).
–11
.30-
12.3
0 -
Hum
an r
elia
bilit
y an
alys
is.
•12
.30-
13.0
0 –
Brea
k an
d gr
oup
sess
ion
3 (H
RA e
xerc
ise)
.
–13
.00-
14.0
0 -
Hum
an e
rror
& S
afet
y m
anag
emen
t.•
14.0
0-14
.30
–wr
ap-u
p
•14
.30
Lunc
h
5
Mot
ivat
ion:
Milf
ord
Hav
en
Debu
tani
zer
Nap
tha
Split
ter
Deet
hani
ser
Debu
tani
zer
over
head
ac
cum
ulat
or
Valv
e A
Valv
e B
Valv
e C
Flar
e lin
es
Wet
gas
co
mpr
esso
rFl
are
knoc
kout
dr
um Fl
are
6
Mot
ivat
ion:
Milf
ord
Hav
en
Debu
tani
zer
Nap
tha
Split
ter
Deet
hani
ser
Debu
tani
zer
over
head
ac
cum
ulat
or
Valv
e A
Valv
e B
Valv
e C
Flar
e lin
es
Wet
gas
co
mpr
esso
rFl
are
knoc
kout
dr
um Fl
are
7
8
•R
ob
osc
op
eT
he r
emov
al o
f dee
p-se
ated
bra
in tu
mou
rs r
equi
res
endo
scop
icsu
rger
y an
d hi
gh p
reci
sion
. As
part
of a
mul
ti-na
tiona
l E
urop
ean
proj
ect,
a ro
bot i
s be
ing
deve
lope
d th
at h
olds
an
endo
scop
e an
d al
low
s a
surg
eon
to m
anip
ulat
e it
with
in th
e br
ain.
The
rob
ot c
onst
rain
s m
otio
ns to
a s
peci
fic r
egio
n us
ing
the
Act
ive
Con
stra
int p
rinci
ple.
Thi
s pr
ojec
t is
mul
ti-di
scip
linar
y an
d in
volv
es M
RI p
roce
ssin
g, u
ltras
ound
gui
danc
e, r
obot
ics
and
visu
alis
atio
n.
(http
://w
ww
.me.
ic.a
c.uk
/cas
e/m
im/)
9
Part
1
> 1. W
hat
is h
uman
err
or?
2. H
uman
err
or in
ris
k as
sess
men
t.3.
Hum
an R
elia
bilit
y A
naly
sis
tech
niqu
es.
4. H
uman
err
or in
saf
ety
man
agem
ent.
10
Indi
vidu
al H
uman
Err
or
11
12
Hum
an E
rror
in T
eam
s•
Tosc
o A
von
Refi
nery
, Cal
ifor
nia.
•H
ydro
crac
ker
kills
1 a
nd 4
6 in
jure
d.
•Re
acto
r te
mpe
ratu
re r
uptu
res
effl
uent
pip
e.
•SO
P re
quir
ed u
sers
to
depr
essu
rize
2nd
rea
ctor
:–
if t
empe
ratu
res
exce
eds
800F
.–
But
oper
ator
s un
sure
wha
t wa
s oc
curr
ing.
•O
pera
tor
read
ing
fiel
d pa
nels
und
er r
eact
ors.
“ope
rato
rs h
eard
a r
adio
mes
sage
fro
m t
he N
o. 2
Ope
rato
r th
at w
as g
arbl
ed a
nd u
ncle
ar. T
he O
pera
tor
thou
ght
he
hear
d “1
250"
on
the
radi
o, b
ut w
asnt
sure
. Two
uns
ucce
ssfu
l at
tem
pts
were
mad
e to
con
tact
him
. Two
ope
rato
rs w
ent
outs
ide
to c
heck
on
him
. The
rea
ctor
out
let
tem
pera
ture
re
adin
g on
the
dat
a lo
gger
def
ault
ed t
o 0
at 7
:39:
40 p
m.”
•ht
tp:/
/www
.epa
.gov
/cep
po/p
ubs/
tosc
o.pd
f
13
Hum
an E
rror
and
Tec
hnol
ogy
14
Hum
an E
rror
and
Tec
hnol
ogy
•Sh
ell D
eer
Park
pla
nt.
•O
pera
tors
kno
w st
artu
p SO
Ps if
con
diti
ons
norm
al.
•SO
Ps d
idn’t
cov
er u
nexp
ecte
d eg
com
pres
sor
trip
s.•
Fore
men
and
ope
rato
rs u
sed
thei
r ow
n di
scre
tion
. •
Qui
ckly
re-
star
t co
mpr
esso
r af
ter
high
-vib
rati
on t
rip.
•Sh
ould
che
ck f
or s
ucti
on c
heck
val
ve’s
imm
inen
t fa
ilure
.
•O
nce
leak
had
occ
urre
d:-
no c
ontr
ol r
oom
indi
cati
ons
of le
ak, d
elay
s op
erat
or s
hut
down
of
syst
em.
-po
or c
omm
unic
atio
ns a
dd t
o se
veri
ty, h
inde
rs c
ontr
ol r
oom
ope
rato
rs.
http
://y
osem
ite.
epa.
gov/
oswe
r/ce
ppow
eb.n
sf/v
wRes
ourc
esBy
File
nam
e/sh
ellr
pt.p
df/$
File
/she
llrpt
15
Hum
an E
rror
and
Tec
hnol
ogy
Fish
ing
boat
0.3
5 m
iles
from
rig
, aut
o. r
adar
ala
rm a
t 0.
3 m
iles.
VHF
radi
o of
f be
caus
e sk
ippe
r sa
id t
oo m
uch
dist
ract
ion.
Stan
d-by
ves
sel f
inds
nob
ody
on b
ridg
e/de
ck a
fter
sou
ndin
g ho
rns.
Rig
goes
to
‘aban
don
plat
form
sta
tion
s’ as
a p
reca
utio
nary
mea
sure
.
Supp
ort
vess
el c
rew
find
ski
pper
asl
eep.
Skip
per
com
plai
ns a
bout
bei
ng w
oken
, sa
ys it
s ‘un
der
cont
rol’.
(MA
IB, 2
002b
).
16
09.3
0-10
.00:
Brea
k an
d gr
oup
sess
ion
1 (in
cide
nt a
naly
sis)
.
17
TRIP
OD
•D
evel
oped
for
She
ll Ex
plor
atio
n &
Prod
ucti
on.
•Tw
o di
ffer
ent
vers
ions
:–
Del
ta u
sed
for
proa
ctiv
e sa
fety
man
agem
ent;
–Be
ta u
sed
for
inci
dent
inve
stig
atio
n.
•Fo
r m
ore
info
rmat
ion
see:
–
J. R
easo
n, M
anag
ing
the
Risk
s of
Org
anis
atio
nal A
ccid
ents
, A
shga
te, 1
997,
ISB
N 1
-840
14-1
05-0
.
18
TRIP
OD
•Ge
nera
l Fai
lure
Typ
es:
1. H
ardw
are
2. M
aint
enan
ce m
anag
emen
t.
3.D
esig
n.
4. O
pera
ting
pro
cedu
res.
5. E
rror
-enf
orci
ng c
ondi
tion
s.6.
Hou
seke
epin
g
7. I
ncom
pati
ble
goal
s8.
Com
mun
icat
ion
9. O
rgan
isat
ion
10. T
rain
ing
11. D
efen
ce p
lann
ing
19
Act
ive
Failu
re: O
pera
tor
fails
to
resp
ond
to f
lare
dis
char
ge t
ank
warn
ing.
Haz
ard
Targ
et
Faile
d de
fenc
e
Prec
ondi
tion
:O
pera
tor
dist
ract
ed
by m
ulti
ple
low
prio
rity
war
ning
s
Prec
ondi
tion
: M
odif
icat
ion
to p
lant
re
mov
e au
tom
ated
hi
gh-c
apac
ity
disc
harg
e pu
mps
.
Late
nt F
ailu
re: i
nade
quat
e ri
sk a
sses
smen
t fo
r pl
ant
mod
ific
atio
ns.
Gene
ral f
ailu
re t
ypes
:1.
Har
dwar
e;
5. E
rror
enf
orci
ng c
ondi
tion
s.
Late
nt F
ailu
re: f
ailu
re t
o tr
ain
and
rehe
arse
em
erge
ncy
scen
ario
s wi
th c
ontr
ol d
ispl
ays.
Gene
ral f
ailu
re t
ypes
:3.
Des
ign;
5.
Err
or-e
nfor
cing
con
diti
ons;
10
. Tra
inin
g;
11. D
efen
ce p
lann
ing
Succ
essf
ul
defe
nce
20
Case
Stu
dy I
ncid
ent
Blad
e m
ill p
re-c
ondi
tion
s ag
greg
ates
bef
ore
wet
scre
enin
g.
Cons
ists
of
2 sc
rews
dri
ven
by 2
x40-
hors
e po
wer
mot
ors.
Spir
al g
roov
es in
terl
ocke
d to
hel
p pr
epar
e th
e gr
avel
.
Mot
ors
oper
ated
by
cont
rol c
entr
e in
tra
iler
30m
fro
m m
ill.
US
Dep
t. o
f La
bor,
Min
e Sa
fety
and
Hea
lth
Adm
inis
trat
ion.
http
:www
.msh
a.go
v/FA
TALS
/199
7/FT
L97M
01.H
TM
21
Case
Stu
dy I
ncid
ent
•M
echa
nic
and
fore
man
tha
w fr
ozen
mat
eria
l ins
ide
mill
, rep
lace
pad
dle
tips
etc
. •
Mec
hani
c si
gnal
s fo
rem
an in
con
trol
cen
ter
to s
tart
mot
ors
to s
ee if
bla
des
free
.
•M
otor
s st
art,
so
fore
man
leav
es o
n an
othe
r ta
sk a
way
from
mill
. •
Befo
re le
avin
g, h
e sw
itch
ed m
ill’s
star
t/st
op b
utto
ns t
o ‘o
ff’p
osit
ion.
•
Fore
man
ret
urns
to
help
but
cal
led
to a
ssis
t el
ectr
icia
n wi
th f
ault
y ci
rcui
t br
eake
r.
•El
ectr
icia
n sw
itch
es b
reak
er ‘o
n’an
d th
ey w
atch
ed it
for
sev
eral
min
utes
wit
h no
tri
p.
•El
ectr
icia
n tu
rns
it o
ff, b
egin
s to
dia
gnos
e pr
oble
m, f
orem
an r
etur
ns t
o ch
eck
mec
hani
c.
•O
n le
avin
g co
ntro
l cen
ter,
for
eman
not
iced
two
bla
de m
ill b
utto
ns in
"ru
n" p
osit
ion.
•
Push
ed t
hem
"of
f“, g
oes
to m
ill w
here
he
foun
d m
echa
nic
in t
he b
lade
s.
22
Case
Stu
dy I
ncid
ent
•M
echa
nic
star
ts m
ill t
o cl
ear
froz
en m
ater
ial a
fter
for
eman
left
on 1
stta
sk a
way
from
mill
.
•Bl
ades
wor
k as
mec
hani
c ex
pect
s bu
t ci
rcui
t br
eake
r tr
ips,
bef
ore
elec
tric
ian’s
insp
ecti
on.
•Fo
r so
me
reas
on, m
echa
nic
goes
bac
k to
wor
k in
mill
wit
hout
shu
ttin
g of
f an
y sw
itch
es.
•Fa
ulty
bre
aker
con
trol
s ce
nter
light
ing
& Pr
ogra
mm
able
Log
ic C
ontr
olle
r (P
LC) m
ill c
ontr
ol.
•PL
C m
odif
icat
ion,
pow
er u
nint
enti
onal
ly r
etur
ned
afte
r po
wer
down
if s
witc
hes
left
"on
".
•M
ill o
pera
tes
when
bre
aker
res
et d
urin
g tr
oubl
esho
otin
g by
for
eman
and
ele
ctri
cian
.
23
Your
Tas
k
•IN
DIV
IDU
ALL
Y or
in p
airs
.
•U
se T
RIPO
D o
n ca
se s
tudy
.
•Id
enti
fy f
aile
d ba
rrie
rs, l
aten
t fa
ilure
s…
•H
ere
we u
se it
pos
t ho
c bu
t ca
n gu
ide
desi
gn.
•H
ow?
24
Act
ive
Failu
re: M
echa
nic
work
s on
bla
des
when
mot
or b
utto
ns a
re in
‘on’
pos
itio
n
Haz
ard:
En
trap
men
t in
the
bl
ades
Targ
et:
oper
ator
Faile
d de
fenc
e
Prec
ondi
tion
: m
echa
nic
belie
ves
mot
or is
dis
able
d.
Late
nt F
ailu
re: b
lade
mot
or
cont
rols
not
vis
ible
fro
m m
ill.
Gene
ral f
ailu
re t
ypes
: 3.
Des
ign
5. E
rror
enf
orci
ng c
ondi
tion
s
Succ
essf
ul
defe
nce • G
ener
al F
ailu
re T
ypes
: 1.
Har
dwar
e 2.
Mai
nten
ance
man
agem
ent.
3.
Desi
gn.
4. O
pera
ting
pro
cedu
res.
5.
Err
or-e
nfor
cing
con
diti
ons.
6.
Hou
seke
epin
g 7.
Inc
ompa
tibl
e go
als
8. C
omm
unic
atio
n 9.
Org
anis
atio
n 10
. Tra
inin
g 11
. Def
ence
pla
nnin
g
25
Som
e in
cide
nt in
vest
igat
ions
ca
n ge
t ve
ry c
ompl
ex…
26
27
Grou
nd-b
ased
soft
ware
uses
impe
rial n
otme
tric
units
for
thru
ster
toco
mpile
AMD
data
file.
File f
orma
tpr
oblem
s for
AMD
data
isfix
edN/
4/99
It is
appa
rent
that
the A
MDfil
e dat
a is
anom
alous
N+7/
4/99
Cruis
e pha
seen
ds(2
3/9/
99)
TCM-
5 is
discu
ssed
but
not e
xecu
ted
(16-2
3/9/
99)
Sign
ifica
nce o
f the
anom
alous
AMD
data
is no
tfu
lly ap
prec
iated
.
Two p
eople
head
the
oper
ation
navig
ation
in ke
yst
ages
of th
e pro
ject
Oper
ation
al na
vigat
ion an
dsp
acec
raft
oper
ation
s tea
msdid
not f
ully u
nder
stan
d the
attit
ude c
ontr
ol sy
stem
.Oper
ation
al na
vigat
ion st
aff
fail t
o com
munic
ate t
heir
conc
erns
to th
e spa
cecr
aft
oper
ation
s tea
m.
Vaca
ncies
and
repla
ceme
nt of
senio
rst
aff.
Limite
d tra
ining
ofth
e gro
und s
oftw
are
deve
lopme
nt st
aff.
SM_F
orce
sro
utine
s are
writt
en us
ingim
peria
l and
not
metr
ic un
its fo
rth
rust
erpe
rfor
manc
e.
Limite
dind
epen
dent
test
ing of
the
grou
nd ba
sed
SM_F
orce
sro
utine
s.
Perc
eptio
n tha
t gro
und-
base
d AMD
data
was
not
miss
ion cr
itica
l.
The f
ailur
e to c
onfo
rm w
ithth
e SIS
inte
rfac
e is n
otde
tect
ed du
ring
deve
lopme
nt.
The a
noma
ly is
not r
epor
ted
thro
ugh t
he IS
Asc
heme
.
Lack
of tr
aining
for
oper
ation
s sta
ff in
the I
SAsc
heme
.
Lack
of m
anag
erial
leade
rship
in pr
omot
ingre
spon
sible
attit
udes
tore
porti
ng
Mars
Orb
ital
Inse
rtion
(MOI
) beg
ins(0
9:00:4
6,23
/9/9
9)
Last
sign
alfr
om M
CO(0
9:04:5
2,23
/9/9
9)
MCO
is lo
st.
Oper
ation
sNa
vigat
ion te
amco
nsult
with
spac
ecra
ften
ginee
rs to
disc
uss
discr
epan
cies i
nve
locity
chan
gemo
del.
(27/
9/99
)
MCO
Mish
apIn
vest
igatio
nBo
ard i
s for
med
(15/1
0/99
)Ma
rs Cl
imat
eOr
biter
(MCO
) Lau
nch
(11/1
2/98
)
Angu
larMo
ment
umDe
satu
ratio
nev
ents
.
10-14
time
s mor
e oft
en th
anpla
nned
to co
mbat
mome
ntum
indu
ced b
y sola
rra
diatio
n bec
ause
the M
COso
lar ar
ray i
s asy
mmet
ric to
the c
raft
’s bo
dy.
Syst
ems e
ngine
ering
decis
ion: S
olar a
rray
isas
ymme
tric t
o MCO
body
unlik
e Mar
s Glob
al Su
rvey
or.
Syst
ems e
ngine
ering
decis
ion: r
ejec
t dail
y 180
degr
ee fl
ip to
canc
el an
gular
mome
ntum
build
-up.
Minim
al nu
mber
of de
velop
ment
staf
f tra
nsiti
onto
oper
ation
s(11
-12/9
8)
Plan f
or th
e han
d-ov
erles
s tha
n ade
quat
e.
MCO
is fir
st pr
oject
for
multi
-miss
ion M
ars S
urve
yOp
erat
ions p
roje
ct.
Oper
ation
s tea
m ma
kes i
nacc
urat
eas
sump
tions
abou
t har
dwar
e and
soft
ware
simi
lariti
es be
twee
nGl
obal
Surv
eyor
and C
limat
eOr
biter
Decis
ion no
t to
perf
orm
an a
prior
i ana
lysis
o fwh
at co
uld go
wron
g on t
heMC
O.
Perc
eptio
n tha
t ‘or
biting
Mars
is ro
utine
’ bas
ed on
inade
quat
e risk
miti
gatio
n.
Proje
ct ov
ersig
ht pr
oblem
sst
em fr
om co
mplex
relat
ionsh
ip be
twee
n JPL
and L
MA.
Requ
ireme
nts a
re no
tpa
ssed
on in
suff
icien
tde
tail n
or ar
e the
y bac
ked
by an
adeq
uate
valid
ation
plan.
28
29
30
Part
2
1. W
hat
is h
uman
err
or?
> 2. H
uman
err
or in
ris
k as
sess
men
t.3.
Hum
an R
elia
bilit
y A
naly
sis
tech
niqu
es.
4. H
uman
err
or in
saf
ety
man
agem
ent.
31
How
do
we g
o fr
om in
cide
nts
to h
azar
d an
alys
is?
32
Four
Sta
ges
to R
isk
Ass
essm
ent
1. Id
enti
fy H
azar
ds2.
Ide
ntif
y co
ntro
ls3.
Im
plem
ent
cont
rols
4. S
uper
vise
and
eva
luat
e
33
Des
ign
And
Rede
sign
Iden
tify
sy
stem
stru
ctur
e
Iden
tify
fa
ilure
m
odes
Iden
tify
fa
ilure
ef
fect
s
Det
erm
ine
crit
ical
ity
Failu
re M
odes
, Eff
ects
and
Cri
tica
lity
Ana
lysi
s
34
Failu
re is
inab
ility
to
perf
orm
re
quir
ed f
unct
ion
2 ty
pes
of f
ailu
re m
odes
:-
Nee
ded
stat
e ch
ange
not
ach
ieve
d;-
Spur
ious
sta
te c
hang
e oc
curs
.
35
Failu
re M
odes
of
Rem
otel
yO
pera
ted
Valv
e•
Fail
to c
lose
on
com
man
d•
Fail
to o
pen
on c
omm
and
•U
ncom
man
ded
open
•U
ncom
man
ded
clos
e•
Leak
age
to e
nvir
onm
ent
•Le
ak t
o en
viro
nmen
t •
...
36
Syst
em:
Dat
e:A
utho
r:A
ppro
ved
by:
Func
tion
Failu
reM
ode
Failu
re E
ffec
t
Loc
alSy
stem
Det
ectio
nM
etho
dS
ever
ityN
otes
Occ
urre
nce
rate
FMEC
A W
orks
heet
Rem
ote
cont
rol b
lock
va
lve
C20
11
Unc
omm
ande
dop
enP
ress
ure
rise
,w
orst
cas
e ru
ptur
e
Una
ble
to
cont
rol f
low
into
sec
tor?
I -
Cat
astr
ophi
cO
ccas
iona
lR
CM
sc
hedu
led
insp
ectio
ns
FME
CA
ana
lysi
s in
com
plet
e –
requ
ires
mor
e de
tail
on
failu
re m
odes
.
Occ
urre
nce:
Very
unl
ikel
y, 1
per
100
0 ye
ars
or m
ore
seld
om;
Rem
ote,
1 p
er 1
00 y
ears
; O
ccas
iona
l, 1
per
10 y
ears
; Pr
obab
le, 1
per
yea
r;
Freq
uent
, 1 p
er m
onth
or
mor
e of
ten
Seve
rity
:
I –
Cata
stro
phic
, may
cau
se d
eath
;
II –
Crit
ical
, inj
ury,
maj
or p
rope
rty
dam
age
III
–M
argi
nal,
min
or in
jury
, min
or p
rope
rty
dam
age;
IV –
Min
or, n
o in
jury
/dam
age
but
mor
e m
aint
enan
ce.
37U
S En
viro
nmen
t Pr
otec
tion
Age
ncy,
htt
p://
www.
epa.
gov/
eart
h1r6
/6en
/xp/
lppt
ab6.
38
Why
Do
Failu
re M
odes
Occ
ur?
•Fa
il to
clo
se o
n co
mm
and:
–lin
es b
lock
ed; w
orn
seal
s, v
olta
ge r
egul
ator
fai
ls…
Caus
e of
Fa
ilure
Mod
e
Des
ign
Man
ufac
turi
ngIn
stal
lati
onU
se LTA
Viol
atio
nTr
aini
ng…
LTA
Risk
ana
lysi
sM
anag
emen
t…
LTA
Raw
mat
eria
lsPr
oces
s is
sues
…
LTA
Trai
ning
Doc
umen
tati
on…
39
11.0
0-11
.30:
–Br
eak
and
grou
p se
ssio
n 2
(FM
ECA
exe
rcis
e)
40
Case
Stu
dy I
ncid
ent
Faci
lity
prod
uces
pre
ssur
ized
con
tain
ers:
pro
duct
+ p
rope
llant
to
form
spr
ay.
Pres
suri
zed
cont
aine
rs f
illed
in 4
sta
ges:
1.pr
oduc
t pl
aced
in c
onta
iner
in p
rodu
ctio
n bu
ildin
g.2.
conv
eyor
bri
ngs
cont
aine
rs t
o ga
s ho
use
;3.
prop
ella
nt p
lace
d in
to c
onta
iner
in t
he G
as H
ouse
. 4.
fille
d co
ntai
ners
con
veye
d ba
ck t
o Pr
oduc
tion
Bui
ldin
g fo
r le
ak a
nd q
ualit
y co
ntro
l.
41
Case
Stu
dy I
ncid
ent
Inci
dent
occ
urs
when
fill
ing
ethy
lene
oxi
de c
onta
iner
s fo
r st
erila
nt in
hos
pita
ls.
Do
not
need
an
aero
sol a
nd j
ust
use
one
chem
ical
-et
hyle
ne o
xide
.
All
filli
ng o
f et
hyle
ne o
xide
tak
es p
lace
in G
as H
ouse
.
Ethy
lene
oxi
de is
a h
ighl
y to
xic
chem
ical
:-
clas
sifi
ed b
y th
e N
atio
nal F
ire
Prot
ecti
on A
ssoc
iati
on a
s a
1A f
lam
mab
le li
quid
,-
liste
d by
EPA
as
“ext
rem
ely
haza
rdou
s su
bsta
nce”
.
So, o
pera
tor
wear
s pr
otec
tive
clo
thin
g an
d re
spir
ator
dur
ing
ethy
lene
oxi
de f
illin
g.
Brea
thin
g ai
r is
pum
ped
to o
pera
tor’s
res
pira
tor
via
air
hose
.
42
Case
Stu
dy I
ncid
ent
Stee
l pip
e et
hyle
ne o
xide
liqu
id f
rom
sto
rage
tan
k to
Gas
Hou
se a
t 55
-65
psig
.
In G
as H
ouse
, eth
ylen
e ox
ide
fed
pres
suri
zed
to 6
00-6
50 p
sig
and
sent
to
“und
er-t
he-c
up”
filli
ng m
achi
ne.
Smal
l am
ount
of
ethy
lene
oxi
de r
elea
sed
into
Gas
Hou
se d
urin
g fi
lling
and
sea
ling
of e
ach
cont
aine
r.
Filli
ng m
achi
ne m
eter
s ou
t ap
prox
. 105
gra
ms
of e
thyl
ene
oxid
e fo
r ea
ch 1
00-g
ram
con
tain
er.
Targ
et a
mou
nt f
or e
ach
100-
gram
con
tain
er is
101
.5-1
02.5
gra
m.
Any
exc
ess
ethy
lene
oxi
de s
ent
to r
ecla
mat
ion
tank
in G
as H
ouse
.
43
Case
Stu
dy I
ncid
ent
Gas
Hou
se u
ses
cata
lyti
c ox
idiz
er t
o br
eak
down
eth
ylen
e ox
ide
vapo
r to
avo
id e
nvir
onm
enta
l rel
ease
.
The
pum
p th
at s
uppl
ied
brea
thin
g ai
r to
ope
rato
r in
Gas
Hou
se s
topp
ed.
Una
ble
to b
reat
he, o
pera
tor
forc
ed t
o sh
ut d
own
filli
ng a
nd le
ave.
Aft
er b
reat
hing
-air
pum
p wa
s fi
xed,
ope
rato
r re
turn
ed t
o Ga
s H
ouse
to
rest
art
prod
ucti
on.
How
ever
, he
noti
ced
that
a h
ydro
carb
on v
apor
ala
rm w
as t
rigg
ered
.
This
indi
cate
d th
e le
vel o
f hy
droc
arbo
n va
por
had
exce
eded
40%
of
lowe
r ex
plos
ive
limit
.
Gas
Hou
se is
use
d pr
imar
ily f
or p
roce
ssin
g hy
droc
arbo
ns s
uch
as p
ropa
ne a
ndis
o-bu
tane
.
Ethy
lene
oxi
de is
not
a h
ydro
carb
on, l
evel
of
ethy
lene
oxi
de t
hat
woul
d tr
igge
r al
arm
unk
nown
.
Ope
rato
r im
med
iate
ly le
ft G
as H
ouse
to
chec
k on
inst
rum
ents
in a
djac
ent
Prod
ucti
on B
uild
ing.
44
Case
Stu
dy I
ncid
ent
Larg
e ex
plos
ion
as h
e ex
ited
.
Ope
rato
r th
rown
10
feet
and
inju
red
shou
lder
.
Gas
Hou
se d
oors
blo
wn o
ff.
Doo
r fa
cing
Pro
duct
ion
Build
ing
impa
cted
Pro
duct
ion
Build
ing
door
.
Prod
ucti
on b
uild
ing
door
dis
lodg
ed w
ith
its
fram
e.
They
wer
e bl
own
into
Pro
duct
ion
Build
ing,
str
uck
and
kille
d em
ploy
ee.
http
://y
osem
ite.
epa.
gov/
oswe
r/ce
ppow
eb.n
sf/v
wRes
ourc
esBy
File
nam
e/ac
crap
ac.p
df/$
File
/acc
rapa
c.pd
f
45
Your
Tas
k
•In
cide
nts
trig
ger
re-e
ngin
eeri
ng.
•U
se F
MEC
A t
o an
alys
e us
ers
task
…
•Id
enti
fy o
ther
fai
lure
s m
odes
.
46
Syst
em:
Dat
e:A
utho
r:A
ppro
ved
by:
Func
tion
Failu
reM
ode
Failu
re E
ffec
t
Loc
alSy
stem
Det
ectio
nM
etho
dS
ever
ityN
otes
Occ
urre
nce
rate
FMEC
A W
orks
heet
Ope
rato
r br
eath
ing
supp
ly f
ails
Unc
omm
ande
d st
opT
otal
loss
of
con
trol
on
the
filli
ng
oper
atio
n.
Wor
stas
sum
ed –
loss
of
cons
ciou
snes
s
I –
Cat
astr
ophi
cO
ccas
iona
l(1
in 1
0yrs
)Fl
ow v
alve
Ala
rm s
yste
m
Ope
rato
r fo
otpl
ate
alar
m.
FME
CA
ana
lysi
s in
com
plet
e –
requ
ires
mor
e de
tail
on
failu
re m
odes
.
Occ
urre
nce:
Very
unl
ikel
y, 1
per
100
0 ye
ars
or m
ore
seld
om;
Rem
ote,
1 p
er 1
00 y
ears
; O
ccas
iona
l, 1
per
10 y
ears
; Pr
obab
le, 1
per
yea
r;
Freq
uent
, 1 p
er m
onth
or
mor
e of
ten
Seve
rity
:
I –
Cata
stro
phic
, may
cau
se d
eath
;
II –
Crit
ical
, inj
ury,
maj
or p
rope
rty
dam
age
III
–M
argi
nal,
min
or in
jury
, min
or p
rope
rty
dam
age;
IV –
Min
or, n
o in
jury
/dam
age
but
mor
e m
aint
enan
ce.
47
Part
3
1. W
hat
is h
uman
err
or?
2. H
uman
err
or in
ris
k as
sess
men
t.
> 3. H
uman
Rel
iabi
lity
Ana
lysi
s to
ols.
4. H
uman
err
or in
saf
ety
man
agem
ent.
48
Resi
dual
risk
Tole
rabl
eri
skIn
itia
l ris
k fr
om
appl
icat
ion
desi
gn
Part
of
risk
re
duct
ion
cove
red
by
tech
nica
lsy
stem
s
Part
of
risk
re
duct
ion
cove
red
by
oper
ator
in
terv
enti
on?
Part
of
risk
re
duct
ion
cove
red
bysy
stem
and
fa
cilit
y re
desi
gn.
Nec
essa
ry r
isk
redu
ctio
n
Act
ual r
isk
redu
ctio
n
Incr
easi
ng r
isk
Safe
tym
argi
n
49
ALA
RPVe
ry li
kely
Rem
ote
Occ
asio
nal
Prob
able
Fr
eque
nt
I –
Cata
stro
phic
II –
Crit
ical
III
–M
argi
nal
IV -
Min
or
Key
Broa
dly
acce
ptab
le.
Acc
epta
ble
only
if r
isk
as lo
w as
rea
sona
bly
prac
tica
ble.
Una
ccep
tabl
e, r
isk
redu
ctio
n re
quir
ed.
50
Failu
re o
f wa
ter
cool
ing
syst
em o
n de
man
d No
wate
r to
no
zzle
No
wate
r fr
om n
ozzl
e
Pum
p1
fails
Rese
rve
tank
em
pty
P1
Noz
zle
bloc
ked
Seal
s co
rrod
ed
P2P3
P4
G1
G2G3
P(G1
) =
P(G2
) +
P(G3
) –
P(G2
).P(
G3)
= (P
1.P2
)+(P
3.P4
) –
(P1.
P2).(P
3.P4
)
G2G3
51
λ
h(t)
Burn
-in p
erio
dU
sefu
l-lif
e pe
riod
Wea
r-ou
t pe
riod
Tim
e
Life
exp
ecta
ncy
Rand
om
failu
re
rate
Gene
ralis
ed m
echa
nica
l eq
uipm
ent
So w
hat’s
the
pro
blem
?
52
Acc
umul
ator
Leak
ing
Seiz
edW
orn
Cont
amin
ated
.47
.23
.20
.10
Act
uato
rSp
urio
us P
osit
ion
Chan
geBi
ndin
gLe
akin
gSe
ized
.36
.27
.22
.15
Ala
rmFa
lse
Indi
cati
onFa
ilure
to
Ope
rate
Spur
ious
Ope
rati
onD
egra
ded
Ala
rm
.48
.29
.18
.05
Ant
enna
No
Tran
smis
sion
Sign
al L
eaka
geSp
urio
us T
rans
mis
sion
.54
.21
.25
Batt
ery,
Lit
hium
Deg
rade
d O
utpu
tSt
artu
p D
elay
Shor
tO
pen
.78
.14
.06
.02
Batt
ery,
Lea
d A
cid
Deg
rade
d O
utpu
tSh
ort
Inte
rmit
tent
Out
put
.70
.20
.10
Batt
ery,
Ni-C
dD
egra
ded
Out
put
No
Out
put
.72
.28
Λ or
ran
dom
ised
fai
lure
Rate
on
the
prev
ious
slid
e
……
…
53
h(t)
Star
ts jo
bW
orks
too
har
dD
ivor
ceTi
me
Gene
ralis
ed m
echa
nica
l eq
uipm
ent
So w
hat’s
the
pro
blem
?
Hum
an 1
54
h(t)
Star
ts jo
bD
ispl
ay
desi
gn
chan
ges
Lear
ns n
ewO
pera
ting
pr
oced
ure
Tim
e
Gene
ralis
ed m
echa
nica
l eq
uipm
ent
So w
hat’s
the
pro
blem
?
Hum
an 1
Hum
an 2
55
1. Ta
sk A
naly
sis
(des
crib
e wh
at t
he u
ser
mus
t do
)
2. H
uman
Err
or I
dent
ific
atio
n(p
erfo
rman
ce s
hapi
ng f
acto
rs e
tc)
3. H
uman
Err
or Q
uant
ific
atio
n
Qua
lity
Ass
uran
ce,
espe
cial
ly c
onsi
der
impa
ct o
f m
odif
icat
ion
and
chan
ge.
Hum
an
Relia
bilit
y A
LARP
?
4. T
ask
rede
sign
and
Erro
r re
duct
ion
tech
niqu
esN
o
Yes
56
1. Ta
sk A
naly
sis
Ethy
lene
Oxi
de
Filli
ng O
pera
tion
1. Cl
ean-
up p
roce
ss
1.2
Vacu
um
purg
e pi
pelin
es
1.1 C
lose
pi
pelin
es1.3
Sea
l un
used
fille
r he
ads
2.1
Plac
e 2x
400l
bet
hyle
ne
oxid
e ta
nks
on
scal
es
2.2
Conn
ect
ethy
lene
ox
ide
supp
ly
pipi
ng
2.3
Conn
ect
Nit
roge
n,pr
essu
rize
pr
oces
s lin
e
2. P
roce
ss s
et-u
p
2.3.
4 En
sure
no
n-re
turn
va
lve
prot
ects
ta
nks.
3. O
pera
te p
roce
ss4.
Hal
t pr
oces
s
1.3.1
Dra
w co
rrec
t se
als
from
sto
res
1.3.2
Fi
t se
als
1.3.3
En
sure
fi
t fo
r le
aks
2.3.
1 Co
nnec
t ho
ses.
2.3.
2 O
pen
test
va
lves
.
2.3.
3 En
sure
ni
trog
en p
ushe
s et
hyle
ne o
xide
th
roug
h pi
ping
Plan
: in
orde
r
Plan
: in
orde
rPl
an: 2
.1 in
ord
er,
2.2
& 2.
3 in
eit
her
orde
r
Plan
: in
orde
r,
iter
ate
1.3.2
& 1
.3.3
Plan
: in
orde
r
Hie
rarc
hica
l Tas
k A
naly
sis
(HTA
)
57
2. H
uman
Err
or I
dent
ific
atio
nHum
an
Erro
r Gu
idew
ords
Exam
ple
Task
om
itte
d Fo
rget
to
seal
unu
sed
fille
r he
ads
(1.3
) A
chie
ved
less
tha
n go
al/l
apse
Onl
y ac
hiev
e a
seal
on
som
e of
the
fi
ller
head
s (1
.3)
Exce
eded
go
al
Leav
e te
st v
alve
s op
en d
urin
g pr
oduc
tion
(2.3
.2)
Ach
ieve
d op
posi
te
goal
Intr
oduc
e co
ntam
inat
ion
of p
ipel
ine
duri
ng v
acuu
m p
urge
(1.2
)
Add
itio
nal
task
/act
ion
Ope
n te
st v
alve
s di
scon
nect
s a
hose
(2
.3.2
) Sl
ip
Crac
k fi
ller
head
dur
ing
seal
fit
(1.3
.2)
Erra
tic
task
pe
rfor
man
ce
Ensu
re f
it f
or le
aks
on s
ome
seal
s (1
.3.3
) Pe
rfor
med
go
al/
task
to
o so
on
Purg
e pi
pelin
es b
efor
e pi
pelin
es a
re
clos
ed (1
.1 an
d 1.2
)
Perf
orm
ed
goal
/ ta
sk
too
late
Att
empt
to
seal
fill
er h
eads
(1.3
) be
fore
vac
uum
pur
ge is
com
plet
e (1
.2)
Calc
ulat
ion
erro
r M
isca
lcul
ate
nitr
ogen
pre
ssur
e (2
.3.3
)
Inst
alla
tion
er
ror
Poor
con
nect
ion
of e
thyl
ene
oxid
e (2
.2)
Sche
dulin
g er
ror
No
tim
e fo
r cl
ean-
up p
roce
ss t
o co
mpl
ete
(1)
1. Cl
ean-
up p
roce
ss
1.2
Vacu
um
purg
e pi
pelin
es
1.1 C
lose
pi
pelin
es1.3
Sea
l un
used
fille
r he
ads
1.3.1
Dra
w co
rrec
t se
als
from
sto
res
1.3.2
Fi
t se
als
1.3.3
En
sure
fi
t fo
r le
aks
Plan
: in
orde
r Plan
: in
orde
r,
iter
ate
1.3.2
& 1
.3.3
NB
rela
ted
to H
AZO
PS
58
But
how
likel
y ar
e th
ese
erro
rs?
59
3. H
uman
Err
or Q
uant
ific
atio
nCa
tego
ry
Failu
re P
roba
bilit
y Si
mpl
e, f
requ
entl
y pe
rfor
med
tas
k un
der
min
imal
str
ess
0.00
1 M
ore
com
plex
tas
ks, l
ess
tim
e av
aila
ble
and
som
e ca
re n
eces
sary
0.
01
Com
plex
, unf
amili
ar t
ask
with
litt
le f
eedb
ack
and
som
e di
stra
ctio
ns0.
1 H
ighl
y co
mpl
ex t
ask,
con
side
rabl
e st
ress
litt
le t
ime
to p
erfo
rm it
0.
3 Ex
trem
e st
ress
, rar
ely
perf
orm
ed t
ask
1
•Gen
eric
Hum
an E
rror
Pro
babi
litie
s (K
irwa
n)•F
orge
t to
cle
an u
p pr
oces
s (1
.)=
0.00
1 (1
in 1
000
clea
n-up
ope
rati
ons?
)
•Did
n’t n
otic
e le
ak f
rom
sea
ls (1
.3.3
) = 0
.3 (3
in 1
0 op
erat
ions
giv
enle
ak o
ccur
s).
60
•Bu
t ev
en a
sim
ple
task
can
be
com
plex
:–
If y
ou’re
hur
ried
;–
If y
ou’re
und
er s
tres
s;–
If t
here
are
poo
r SO
Ps…
•PE
RFO
RMA
NCE
SH
API
NG
FACT
ORS
…
61
Situ
atio
nal
char
acte
rist
ics
(PSF
sge
nera
l to
one
or m
ore
jobs
in
a
work
situ
atio
n)
Arc
hite
ctur
al f
eatu
res.
Qua
lity
of e
nvir
onm
ent:
(Tem
pera
ture
, hum
idit
y, a
irqu
alit
y an
d ra
diat
ion,
ligh
ting
,no
ise
and
vibr
atio
n, d
egre
e of
gene
ral c
lean
lines
s).
Wor
k ho
urs/
work
bre
aks.
Ava
ilabi
lity/
adeq
uacy
of
spec
ial e
quip
men
t, t
ools
and
supp
lies.
Shif
t ro
tati
on.
Staf
fing
par
amet
ers.
Org
anis
atio
nal s
truc
ture
(aut
hori
ty, r
espo
nsib
ility
,co
mm
unic
atio
n ch
anne
ls).
Act
ions
by
supe
rvis
ors,
co-
work
ers,
uni
onre
pres
enta
tive
s an
dre
gula
tory
per
sonn
el.
Rewa
rds,
rec
ogni
tion
and
bene
fits
.
Job
and
task
inst
ruct
ions
; si
ngle
mos
t im
port
ant
tool
for
mos
t ta
sks.
Proc
edur
es r
equi
red
(wri
tten
or
unwr
itte
n).
Caut
ions
and
war
ning
s.
Wri
tten
or
oral
com
mun
icat
ions
.W
ork
met
hods
.Pl
ant
polic
ies
(sho
p pr
acti
ces)
.
Task
an
d eq
uipm
ent
char
acte
rist
ics
(PSF
ssp
ecif
ic t
o ta
sks
in a
job)
Perc
eptu
al r
equi
rem
ents
.M
otor
req
uire
men
ts (s
peed
,st
reng
th, p
reci
sion
).Co
ntro
l-dis
play
rel
atio
nshi
ps.
Ant
icip
ator
y re
quir
emen
ts.
Inte
rpre
tati
on.
Dec
isio
n-m
akin
g.Co
mpl
exit
y (in
form
atio
n lo
ad).
Nar
rown
ess
of t
ask.
Freq
uenc
y an
d re
peti
tive
ness
.Ta
sk c
riti
calit
y.Lo
ng a
nd s
hort
-ter
m m
emor
y
Calc
ulat
ion
requ
irem
ents
.Fe
edba
ck (k
nowl
edge
of
resu
lts)
.D
ynam
ic v
s st
ep-b
y-st
epac
tivi
ties
.Te
am s
truc
ture
and
com
mun
icat
ion.
Man
-mac
hine
inte
rfac
e fa
ctor
s(d
esig
n of
prim
e/te
st/m
anuf
actu
ring
equi
pmen
t, jo
b ai
ds, t
ools
,fi
xtur
es).
Perf
orm
ance
Sha
ping
Fac
tors
62
Psyc
hol
ogic
al s
tres
sors
(PS
Fs
wh
ich
d
irec
tly
affe
ct m
enta
l st
ress
)
Sud
den
ness
of
onse
t.D
urat
ion
of s
tres
s.T
ask
spee
d.
Hig
h j
eopa
rdy
task
s.T
hre
ats
(of
failu
re,
job
los
set
c).
Mon
oton
ous,
deg
rad
ing
orm
eani
ngle
ss w
ork.
Long
, un
even
tful
vig
ilanc
epe
riod
s.
Con
flic
ts o
f m
otiv
es a
bou
t jo
bpe
rfor
man
ce.
Rei
nfor
cem
ent
abse
nt o
rne
gati
ve.
Sen
sory
dep
riva
tion
.D
istr
acti
ons
(noi
se,
glar
e,m
ovem
ent,
flic
ker,
col
our)
.In
cons
iste
nt c
uein
g.
Phys
iolo
gica
l st
ress
ors
(PS
Fs
that
d
irec
tly
affe
ct p
hys
ical
str
ess)
Dur
atio
n of
str
ess.
Fat
igue
.Pa
in o
r d
isco
mfo
rt.
Hun
ger
or t
hir
st.
Tem
pera
ture
ex
trem
es.
Rad
iati
on.
G-f
orce
ex
trem
es.
Atm
osph
eric
pre
ssur
eex
trem
es.
Ox
ygen
ins
uffi
cien
cy.
Vib
rati
on.
Mov
emen
t co
nstr
icti
on.
Lack
of
phys
ical
ex
erci
se.
Dis
rupt
ion
of c
irca
dia
n rh
yth
m.
Org
anis
mic
fa
ctor
s(c
hara
cter
isti
cs
ofpe
ople
re
sult
ing
from
inte
rnal
an
d ex
tern
alin
flue
nces
)
Prev
ious
tra
inin
g/ex
peri
ence
.S
tate
of
curr
ent
prac
tice
or
skill
.Pe
rson
alit
y an
d in
telli
genc
eva
riab
les.
Mot
ivat
ion
and
atti
tude
s.Kn
owle
dge
requ
ired
(per
form
ance
sta
ndar
ds).
Str
ess
(men
tal o
r bo
dily
tens
ion)
.
Emot
iona
l sta
te.
Sex
dif
fere
nces
.Ph
ysic
al c
ondi
tion
.A
ttit
udes
bas
ed o
n in
flue
nce
of f
amily
and
oth
er o
utsi
depe
rson
s or
age
ncie
s.G
roup
iden
tifi
cati
on.
Perf
orm
ance
Sha
ping
Fac
tors
63
3. H
uman
Err
or Q
uant
ific
atio
n
•H
uman
Err
or A
sses
smen
t &
Redu
ctio
n, H
EART
:
1.Co
nduc
t ta
sk a
naly
sis;
2. F
or e
ach
task
ass
ign
init
ial h
uman
rel
iabi
lity;
3. F
or e
ach
task
con
side
r Pe
rfor
man
ce S
hapi
ng F
acto
rs;
4. L
ikel
ihoo
d of
fai
lure
=F(
init
ialr
elia
bilit
y, P
erfo
rman
ce S
hapi
ng F
acto
rs).
64
Gene
ric
task
Pr
opos
ed n
ominal
human
reliabi
lity
(5
th-9
5th pe
rcen
tile)
A) t
otal
ly u
nfam
iliar
, per
form
ed a
t sp
eed
with
no
real
idea
of
the
likel
y co
nseq
uenc
es.
0.55
(0
.35-
0.97
)
B) S
hift
or
rest
ore
syst
em t
o a
new
or o
rigi
nal s
tate
on
a si
ngle
att
empt
wi
thou
t su
perv
isio
n or
pro
cedu
res.
0.
26
(0.14
-0.4
2)
C) C
ompl
ex t
ask
requ
irin
g hi
gh-le
vel o
f co
mpr
ehen
sion
and
ski
ll.
0.16
(0
.12-0
.28)
D
) Fai
rly
sim
ple
task
per
form
ed r
apid
ly o
r gi
ven
scan
t at
tent
ion.
0.
09
(0.0
6-0.
13)
E) R
outi
ne, h
ighl
y-pr
acti
ced
rapi
d ta
sk in
volv
ing
rela
tive
ly lo
w le
vel o
f sk
ill.
0.02
(0
.007
-0.0
45)
F) S
hift
or
rest
ore
syst
em t
o a
new
or o
rigi
nal s
tate
fol
lowi
ng
proc
edur
es, w
ith
som
e ch
ecki
ng.
0.00
3 (0
.000
8-0.
007)
G) C
ompl
etel
y fa
mili
ar, w
ell d
esig
ned,
hig
hly
prac
tice
d, r
outi
ne t
ask
occu
rrin
g se
vera
l tim
es p
er h
our
and
perf
orm
ed t
o hi
gest
pos
sibl
e st
anda
rds
by t
rain
ed s
taff
…
0.00
04
(0.0
0008
-0.0
009)
H) R
espo
nd c
orre
ctly
to
syst
em c
omm
and
even
whe
n th
ere
is a
n au
gmen
ted
or a
utom
ated
sup
ervi
sory
sys
tem
pro
vidi
ng a
ccur
ate
inte
rpre
tati
on o
f sy
stem
sta
ge.
0.00
002
(0.0
0000
6-0.
0009
)
HEA
RT: I
niti
al R
elia
bilit
y A
sses
smen
t
65
Perf
orm
ance
Sha
ping
Fac
tors
M
ax
am
ount
by
whic
h
reliabilit
y
impa
ired
1. U
nfam
illia
rity
wit
h a
situ
atio
n w
hich
is p
oten
tial
ly im
port
ant
but
whi
ch o
ccur
s in
freq
uent
ly o
r is
no
vel
X17
2. A
sho
rtag
e of
tim
e av
aila
ble
for
err
or d
etec
tion
and
cor
rect
ion.
X
11
3. A
low
sig
nal-
to-n
oise
rat
io.
X10
4
. A m
eans
of
supp
ress
ing
or o
verr
idin
g in
form
atio
n or
fea
ture
s w
hich
is t
oo a
cces
sib
le.
X9
5
. No
mea
ns o
f co
nvey
ing
spat
ial a
nd f
unct
ion
info
rmat
ion
to o
pera
tors
in
a fo
rm w
hich
the
y ca
n re
adily
ass
imil
ate.
X
8
6. A
mis
mat
ch b
etw
een
an o
pera
tor’
s m
odel
of
the
wor
ld a
nd t
hat
imag
ed b
y th
e d
esig
ner.
X
8
7. N
o ob
viou
s m
eans
of
reve
rsin
g an
uni
nten
ded
act
ion.
X
8
8. A
cha
nnel
cap
acit
y ov
erlo
ad, p
arti
cula
rly
one
caus
ed b
y si
mul
tane
ous
pres
enta
tion
of
non-
red
und
ant
info
rmat
ion.
X
6
9. A
nee
d t
o le
arn
a te
chni
que
and
app
ly o
ne w
hich
req
uire
s th
e ap
plic
atio
n of
an
oppo
site
phi
loso
phy.
X
6
10. T
he
need
to
tran
sfer
spe
cifi
c kn
owle
dge
fro
m t
ask
to t
ask
wit
hout
loss
. X
5.5
11
. Am
big
uity
in t
he r
equi
red
per
form
ance
sta
ndar
ds.
X
5
12. A
mis
mat
ch b
etw
een
perc
eive
d a
nd r
eal
risk
. X
4
13. P
oor,
am
big
uous
or
ill-m
atch
ed s
yste
m f
eed
bac
k.
X4
14
. No
clea
r, d
irec
t an
d t
imel
y co
nfir
mat
ion
of a
n in
tend
ed a
ctio
n fr
om t
he p
orti
on o
f th
e sy
stem
ov
er w
hich
con
trol
is t
o b
e ex
her
ted
. X
4
15. O
pera
tor
inex
peri
ence
. X
3
16. A
n im
pove
rish
ed q
ualit
y of
info
rmat
ion
conv
eyed
by
proc
edur
es a
nd p
erso
n-pe
rson
inte
ract
ion.
X
3
17. L
ittl
e o
r no
ind
epen
den
t ch
ecki
ng o
r te
stin
g of
out
put.
X
3
18. A
con
flic
t b
etw
een
imm
edia
te a
nd l
ong
term
ob
ject
ives
. X
2.5
19
. No
div
ersi
ty o
f in
form
atio
n in
put
for
vera
city
ch
ecks
. X
2.5
2
0. A
mis
mat
ch b
etw
een
th
e ed
ucat
ion
achi
evem
ent
of a
n in
div
idua
l and
th
e re
quir
emen
ts o
f th
e t
ask.
X2
2
1. A
n in
cent
ive
to u
se o
ther
mor
e d
ange
rous
pro
ced
ures
. X
2
22
. Lit
tle
oppo
rtun
ity
to e
xer
cise
min
d a
nd b
ody
outs
ide
the
conf
ines
of
the
job
. X
1.8
2
3. U
nrel
iab
le in
stru
men
tati
on.
X1.
6
24
. A n
eed
for
ab
solu
te j
udge
men
ts, w
hich
are
bey
ond
the
cap
abili
ties
or
expe
rien
ce o
f an
ope
rato
r.
X1.
6
25
. Unc
lear
allo
cati
on o
f fu
ncti
on a
nd r
espo
nsib
ilit
y.
X1.
6
26
. No
obvi
ous
way
to
keep
tra
ck o
r pr
ogre
ss d
urin
g an
act
ivit
y.
X1.
4
HEA
RT: P
erfo
rman
ce S
hapi
ng F
acto
rs
66
HEA
RT: E
xam
ple
•En
sure
fit
for
leak
s.
•M
ean
nom
inal
hum
an r
elia
bilit
y:–
Fair
ly s
impl
e ta
sk p
erfo
rmed
rap
idly
… (0
.09)
•Pe
rfor
man
ce S
hapi
ng F
acto
rs:
–Po
or, a
mbi
guou
s or
ill-m
atch
ed f
eedb
ack
(x4)
;–
Litt
le o
r no
inde
pend
ent
chec
king
(x3)
–Et
c
1. Cl
ean-
up p
roce
ss
1.2
Vacu
um
purg
e pi
pelin
es
1.1 C
lose
pi
pelin
es1.3
Sea
l un
used
fille
r he
ads
1.3.1
Dra
w co
rrec
t se
als
from
sto
res
1.3.2
Fi
t se
als
1.3.3
En
sure
fi
t fo
r le
aks
Plan
: in
orde
r
Plan
: in
orde
r,
iter
ate
1.3.2
& 1
.3.3
Task
: Ens
ure
fit
for
leak
s N
omin
al H
uman
Rel
iabi
lity
= 0.
09
Erro
r Pr
oduc
ing
Cond
itions
To
tal HEA
RT
effe
ct
Engine
er’s a
sses
sed
port
ion
of e
ffec
t (0
to
1)
Ass
esse
d ef
fect
Poor
, am
bigu
ous
or il
l-m
atch
ed f
eedb
ack
x4
0.
4 ((
4-1)
x0.4
)+1=
2.2
Litt
le o
r no
inde
pend
ent
chec
king
x3
1.0
((
3-1)
x1.0
)+1=
3.0
… …
… …
Net
nom
inal
like
lihoo
d of
fai
lure
= 0
.09
x 2.
2 x
3.0
= 0.
594
67
4. T
ask
Rede
sign
•‘F
it f
or le
aks’
net
prob
abili
ty 0
.594
:–
Clea
r ne
ed f
or in
terv
enti
on b
ut w
hat?
•Co
nseq
uenc
e re
duct
ion:
–Fo
cus
on f
ilter
ing/
brea
thin
g sy
stem
s.
•Er
ror
path
way
bloc
king
:–
Prev
ent
proc
ess
set-
up u
ntil
fit
conf
irm
ed.
•Er
ror
reco
very
enh
ance
men
t:–
Ensu
re c
lear
eva
cuat
ion
proc
edur
es…
68
4. T
ask
Rede
sign
•A
ddre
ss p
erfo
rman
ce s
hapi
ng f
acto
rs:
–Re
duce
dis
trac
tion
s du
ring
fit
che
cks.
•In
crea
se p
redi
ctab
ility
:–
Ensu
re c
aps
are
of g
ood
qual
ity,
sta
ndar
dise
d...
•En
hanc
e de
tect
ion:
–D
eplo
y pr
essu
re a
larm
s on
del
iver
y pi
pes?
•In
crea
se c
ontr
olla
bilit
y:–
Cons
ider
exc
ess
flow
val
ves
to c
ut-o
ff le
aks…
•In
crea
se c
ompe
tenc
e:–
Emph
asiz
e co
nseq
uenc
es o
f fa
ilure
in t
rain
ing.
69
12.3
0-13
.00:
Brea
k an
d gr
oup
sess
ion
3 (H
RA e
xerc
ise)
.
70
1. Ta
sk A
naly
sis
Ethy
lene
Oxi
de
Filli
ng O
pera
tion
1. Cl
ean-
up p
roce
ss
1.2
Vacu
um
purg
e pi
pelin
es
1.1 C
lose
pi
pelin
es1.3
Sea
l un
used
fille
r he
ads
2.1
Plac
e 2x
400l
bet
hyle
ne
oxid
e ta
nks
on
scal
es
2.2
Conn
ect
ethy
lene
ox
ide
supp
ly
pipi
ng
2.3
Conn
ect
Nit
roge
n,pr
essu
rize
pr
oces
s lin
e
2. P
roce
ss s
et-u
p
2.3.
4 En
sure
no
n-re
turn
va
lve
prot
ects
ta
nks.
3. O
pera
te p
roce
ss4.
Hal
t pr
oces
s
1.3.1
Dra
w co
rrec
t se
als
from
sto
res
1.3.2
Fi
t se
als
1.3.3
En
sure
fi
t fo
r le
aks
2.3.
1 Co
nnec
t ho
ses.
2.3.
2 O
pen
test
va
lves
.
2.3.
3 En
sure
ni
trog
en p
ushe
s et
hyle
ne o
xide
th
roug
h pi
ping
Plan
: in
orde
r
Plan
: in
orde
rPl
an: 2
.1 in
ord
er,
2.2
& 2.
3 in
eit
her
orde
r
Plan
: in
orde
r,
iter
ate
1.3.2
& 1
.3.3
Plan
: in
orde
r
Hie
rarc
hica
l Tas
k A
naly
sis
(HTA
)
71
Your
Tas
k
•Tr
y H
EART
you
rsel
f.
•Q
uant
ify
erro
r lik
elih
ood.
•Id
enti
fy r
emed
ial a
ctio
ns?
•BU
T:–
You
will
need
to
mak
e as
sum
ptio
ns.
–W
hat
valid
atio
n wo
uld
you
do?
72
Task
Red
esig
n (C
ont.
)
73
74
75
76
Part
4
1. W
hat
is h
uman
err
or?
2. H
uman
err
or in
ris
k as
sess
men
t.3.
Hum
an R
elia
bilit
y A
naly
sis
tech
niqu
es.
> 4. H
uman
err
or in
saf
ety
man
agem
ent.
77
Situ
atio
n ‘no
rmal
’
Incu
bati
on p
erio
d
Trig
ger
even
t
Inci
dent
Mit
igat
ion
Resc
ue a
nd S
alva
ge
Man
ager
ial R
eadj
ustm
ent
Succ
essf
ul m
itig
atio
n m
ay
rest
ore
`nor
mal
’ sit
uati
onO
nset
of
inci
dent
may
tr
igge
r fu
rthe
r fa
ilure
s
Prob
abili
stic
ri
sk a
nd
hum
an
relia
bilit
y as
sess
men
t
Des
ign
and
impl
emen
tati
on
78
So w
hat
happ
ens
in p
ract
ice?
Wor
ld W
ar I
I(1
942-
1945
) Ko
rea
(195
0-19
53)
Viet
nam
(1
965-
1972
)D
eser
t St
orm
an
d D
eser
t Sh
ield
(1
990-
1991
) A
ccid
ents
56
%
44%
54
%
75%
Fr
iend
ly
Fire
1%
1%
1%
5%
Enem
y A
ctio
ns
43%
55
%
45%
20
%
Perc
enta
ge o
f al
l acc
ount
ed c
asua
ltie
s, f
atal
and
non
-fat
al (U
S A
rmy,
Ris
k M
anag
emen
t Fi
eld
Man
ual 1
00-1
4)
79
80
•8+
rev
isio
ns o
f U
S M
9 A
rmor
ed C
omba
t Ea
rthm
over
man
uals
in a
sin
gle
mon
th in
200
0:
–TM
5-23
50-2
62-1
0, T
M5-
2350
-262
-10H
R, L
O5-
2350
-262
-12,
TM
5-23
50-2
62-2
0-1
& 2,
–
TM5-
2350
-262
-20-
3, T
M5-
2350
-262
-34,
TM
5-23
50-2
62-2
4P, T
M5-
2815
-240
-34
& P.
•Pr
oble
ms
of s
cale
and
com
plex
ity
requ
ire
care
fully
des
igne
d re
port
ing
proc
esse
s.
•Th
e U
S A
rmy'
s (2
000)
Acc
iden
t In
vest
igat
ion
and
Repo
rtin
g Pr
oced
ures
Han
dboo
k –
Dep
artm
ent
of A
rmy
60 d
ays
to in
form
Arm
y Sa
fety
Cen
ter
of c
orre
ctiv
e ac
tion
s.
–In
teri
m a
nd f
ollo
w-up
rep
orts
req
uire
d ev
ery
90 d
ays
unti
l the
act
ions
are
clo
sed.
Dec
isio
n M
akin
g an
d Sc
ale
81
Lim
itat
ion
1: T
echn
olog
ical
’ Cha
nge
•M
939A
2 ‘fi
sh-t
aile
d’' o
n a
stee
p hi
ll:–
Wea
ther
, roa
d co
ndit
ions
goo
d;–
Trai
lor
tire
s bl
ew a
nd t
ruck
rol
ls o
ff r
oad;
–
Tire
s we
ll-m
aint
aine
d, n
o de
fect
s;–
Wit
ness
es s
tate
veh
icle
und
er s
peed
lim
it.
•A
ny S
afet
y-of
-Use
-Mes
sage
s or
Gro
und
Prec
auti
onar
y M
essa
ges?
–U
nit
pers
onne
l sai
d no
, M93
9A2s
onl
y re
cent
ly r
epla
ce o
lder
mod
els;
–In
vest
igat
ion
boar
d ch
ecks
Arm
y El
ectr
onic
Pro
duct
Sup
port
Bul
leti
n Bo
ard;
–2
safe
ty m
essa
ges
limit
M93
9A2
to 4
5mph
unt
il an
tilo
ck b
rake
s &
radi
als
fitt
ed;
–
Whe
n m
aint
enan
ce r
ecei
ved
mes
sage
s th
ey d
idn’t
hav
e an
y M
939A
2 tr
ucks
…
82
•Th
e U
S A
rmy’s
Mod
ific
atio
n W
ork
Ord
er (M
WO
) pro
gram
:–
ensu
re ‘i
dent
ifie
d op
erat
iona
l and
saf
ety
prob
lem
s’co
nsis
tent
ly im
plem
ente
d ac
ross
US
Arm
y –
cent
raliz
ed d
atab
ase
reco
rds
prog
ress
of
mai
nten
ance
rec
omm
enda
tion
s.
–A
rmy
Hea
dqua
rter
s &
Mat
erie
l Com
man
d qu
ery
if u
nits
mee
t ti
mes
cale
s in
saf
ety
noti
ces.
•D
atab
ase
disc
onti
nued
fol
lowi
ng a
str
uctu
ral r
eorg
aniz
atio
n in
199
0:–
Cont
rol o
ver
mod
ific
atio
n fu
ndin
g tr
ansf
erre
d fr
om H
Q;
–Co
ntro
l giv
en t
o pr
ogra
m s
pons
ors
–W
eapo
n sy
stem
s, e
gM
1A1
tank
, or
prod
uct
supp
ort
cent
res,
eg
Squa
d A
utom
atic
Wea
pon.
•‘A
rmy
head
quar
ters
and
Mat
erie
l Co
mm
and
offi
cial
s do
n’t h
ave
adeq
uate
ov
ervi
ew o
f eq
uipm
ent
mod
ific
atio
ns a
cros
s th
e fo
rce,
fun
ding
req
uire
men
ts,
logi
stic
al s
uppo
rt r
equi
rem
ents
and
info
rmat
ion
for
depl
oym
ent
deci
sion
s'
(US
Arm
y Sa
fety
Cen
ter,
200
1).
Lim
itat
ion
2: O
rgan
isat
iona
l Cha
nge
83
Lim
itat
ion
3: O
rgan
izat
iona
l Com
plex
ity
•So
ldie
r fa
lls d
urin
g ‘in
vert
ed’r
ope
desc
ent.
•Pr
evio
us in
cide
nts
led
to U
S A
rmy
FM21
-20:
–
incl
ude
plat
form
at
top
and
safe
ty n
et.
–
use
Corp
s of
Eng
inee
rs d
rawi
ng 2
8-13
-95.
–
diag
ram
did
ntin
clud
e sa
fety
net
or
plat
form
!!
‘Con
fusi
on e
xist
s co
ncer
ning
the
pr
oper
des
ign
and
cons
truc
tion
of
this
obs
tacl
e'
84
Lim
itat
ion
4: S
afet
y Cu
ltur
e
Gene
ral A
ccou
ntin
g O
ffic
e re
port
:–
“no
chan
ge f
rom
saf
ety
over
sigh
t”at
ti
me
of in
cide
nts;
–
focu
s on
“che
cklis
ts o
f pr
oced
ures
”; –
“whe
ther
file
s of
saf
ety
regu
lati
ons
and
risk
ass
essm
ents
are
mai
ntai
ned”
–D
o no
t m
onit
or e
ffec
tive
ness
of
inci
dent
rec
omm
enda
tion
s.
Nat
iona
l Def
ence
Aut
hori
zati
on A
ct:
•dev
elop
Ran
ger
‘safe
ty c
ells
’;•m
ust
know
geo
grap
hic
trai
ning
are
a (w
eath
er e
tc.);
•But
Act
doe
sn’t
give
det
aile
d gu
idan
ce.
85
Lim
itat
ion
5: R
isk
Ana
lysi
s
•Ca
nadi
an E
ngin
eeri
ng O
ffic
er h
urt
when
fra
gmen
t sh
atte
rs b
unke
r vi
ewpo
rt:
–4-
ply
lam
inat
e gl
ass
desi
gn 1
00 k
g of
TN
T at
130
M w
ith
less
tha
n 2%
gla
ss lo
ss;
–Gl
azin
g pe
rfor
med
as
desi
gned
, 2%
gla
ss lo
st in
the
eye
of
a st
uden
t.
•Re
com
men
dati
ons:
–sa
crif
icia
l pol
ycar
bona
te c
an b
e re
plac
ed if
dam
aged
, fin
al p
rote
ctio
n fo
r vi
ewer
s;–
Or
plen
tifu
l sup
ply
of “o
ffse
t vi
ewbl
ock”
NSN
665
0-12
-171
-974
1 ta
nk p
eris
cope
.
•Bu
t sa
crif
icia
l lay
ers
incr
ease
gla
ss t
hick
ness
and
so
use
vide
o?
86
•N
ever
und
er-e
stim
ate
orga
niza
tion
al c
ompl
exit
y of
hum
an ‘e
rror
’…
•“M
any
unit
s st
ated
fir
st a
id t
rain
ing
pack
ages
lack
rea
lism
. I
Van
d m
orph
ine
trai
ning
wer
e es
sent
ial..
. D
urin
g 6
mon
ths
in t
heat
re, n
o so
ldie
r ga
ve a
rtif
icia
l res
pira
tion
, tre
ated
a f
ract
ure
or
did
Hei
mlic
h m
anoe
uvre
. Tr
eate
d 17
bul
let-
woun
ds, 3
shr
apne
l-wou
nds
and
7 m
inef
ield
cas
es.
As
thre
at le
vel d
ropp
ed f
or la
tter
rot
atio
ns, c
omm
ents
on
need
for
IV
and
mor
phin
e tr
aini
ng w
aned
. All
unit
med
ical
sta
ff s
tron
gly
reco
mm
end
that
it n
ot b
e co
mpl
eted
bec
ause
of
inhe
rent
dan
gers
in
adm
inis
teri
ng I
Vs o
r m
orph
ine…
”(C
anad
ian
Arm
y's
Less
ons
Lear
ned
Cent
re, N
ATO
Im
plem
enta
tion
& S
tabi
lizat
ion
Forc
e in
Bos
nia-
Her
zego
vina
. 199
9)
•Ba
lanc
ing
oper
atio
nal n
eed
and
med
ical
cau
tion
?
Lim
itat
ion
6: I
nher
ent
Risk
87
Conc
lusi
ons
•Ke
y to
pics
:
–W
hat
is h
uman
err
or?
–H
uman
err
or in
ris
k as
sess
men
t.–
Hum
an R
elia
bilit
y A
naly
sis
tech
niqu
es.
–H
uman
err
or in
saf
ety
man
agem
ent.
88
Que
stio
ns?
Than
ks a
re d
ue in
par
ticu
lar
to:
Davi
d W
righ
t,In
tens
ive
Care
Uni
t,Ed
inbu
rgh
Wes
tern
Gen
eral
Hos
pita
l.
Barb
ara
Hol
land
,Pa
edia
tric
Int
ensi
ve C
are
Uni
t,Yo
rkhi
ll H
ospi
tal,
Glas
gow.
Clin
ical
Neg
ligen
ce a
nd O
ther
Ris
ks S
chem
e,Sc
otti
sh E
xecu
tive
.
http
://w
ww.d
cs.g
la.a
c.uk
/~jo
hnso
n
89
HA
ZOPS
•Pr
imar
y ke
ywor
ds d
escr
ibe
proc
ess:
•Fl
ow,T
empe
ratu
re, P
ress
ure,
Lev
el•
Sepa
rate
(set
tle,
filt
er, c
entr
ifug
e)•
Com
posi
tion
, Rea
ct, M
ix•
Redu
ce (g
rind
, cru
sh, e
tc.),
Abs
orb
•Co
rrod
e, E
rode
, Iso
late
, Dra
in•
Vent
, Pur
ge, I
nspe
ct, M
aint
ain
•St
art-
up, S
hutd
own
90
HA
ZOPS
•Se
cond
ary
keyw
ords
des
crib
e pr
oble
ms:
–N
o -
desi
gn in
tent
doe
snt
occu
r (e
.g. F
low/
No)
.–
Less
-de
crea
se in
des
ign
inte
nt (e
.g. P
ress
ure/
Less
)–
Mor
e -
incr
ease
in d
esig
n in
tent
(e.g
. Tem
pera
ture
/Mor
e)–
Reve
rse
-op
posi
te o
f de
sign
inte
nt (e
.g. F
low/
Reve
rse)
–A
lso
-de
sign
ful
fille
d bu
t an
othe
r ac
tivi
ty a
lso
occu
rs (e
.g. F
low/
Als
o co
ntam
inat
ion)
–O
ther
-ac
tivi
ty o
ccur
s bu
t no
t in
way
inte
nded
(e.g
. Flo
w/O
ther
indi
cate
s le
ak)
–Fl
uctu
atio
n -
desi
gn a
chie
ved
part
of
tim
e (e
.g. a
irlo
ck in
pip
elin
e Fl
ow/F
luct
uati
on)
–Ea
rly
-st
ep is
sta
rted
at
the
wron
g ti
me
or d
one
out
of s
eque
nce
–La
te -
As
for
Earl
y
pre
ssu
re r
elie
f va
lve
(des
ign
1)
pre
ssu
re r
elie
f va
lve
(des
ign
2)
91
HA
ZOPS
Guid
e wo
rd
Dev
iati
on
Poss
ible
cau
seCo
nseq
uenc
es
Safe
guar
dsA
ctio
n Re
quir
ed
Mor
e of
H
igh
flow
(i)
Fai
lure
to
clos
e of
f X
MV
and
SV
(ii) C
olla
pse
of
ASV
m
embr
ane
Ove
rpre
ssur
e of
ve
ntin
g sy
stem
do
wnst
ream
.
Less
of
Lo
w fl
ow
Bloc
kage
of
inle
ts t
hrou
gh
cont
amin
atio
n.
Del
ayed
de
pres
suri
sati
on
upst
ream
may
ov
erpr
essu
rise
th
is s
ecti
on.
No/
Non
e N
o fl
ow
N
o ha
zard
–
oper
ator
s wi
ll de
tect
and
re
spon
d to
thi
s pr
oble
m.
Aut
omat
ed
pres
sure
de
tect
ion
syst
em
with
in
spec
ifie
d ra
nge
Proc
edur
es
to a
llow
insp
ecti
on
of p
late
s an
d m
embr
anes
in
ven
ting
sy
stem
.
HA
Z1 –
ve
ntin
g sy
stem
ne
eds
mor
e th
orou
gh
revi
ew t
o id
enti
fy
disp
ersi
on
site
s.
