Human Factors Analysis and Classification System (HFACS)

A "modernized" version of "Swiss Cheese" model describes the levels at which active failures and latent failures/conditions may occur within complex operations as shown in figure below. Working backward from the mishap, the first level of Reason's model depicts those Unsafe Acts of Operators (operator, maintainers, facility personnel, etc.) that lead to a mishap.

Traditionally, this is where most mishap investigations have focused their examination of human error, and consequently where most causal factors are uncovered. After all, it is typically the actions or inactions of individuals that can be directly linked to the mishap. Still, to stop the investigation here only uncovers part of the story.

What makes Reason's model particularly useful in mishap investigation is that it forces investigators to address latent failures and conditions within the causal sequence of events. For instance, latent failures or conditions such as fatigue, complacency, illness, and the physical/technological environment all affect performance, but can be overlooked by investigators with even the best of intentions. These particular latent failures and conditions are described within the context of Reason's model as Preconditions for Unsafe Acts.

Likewise, Supervision can promote unsafe conditions of operators and ultimately unsafe acts will occur. For example, if an Operations Officer were to pair a below average team leader with a very junior/inexperienced crew, the result is increased risk of mission failure. Regardless, whenever a mishap does occur, the crew naturally bears a part of the responsibility and accountability.

However, latent failures or conditions at the supervisory level are often equally responsible for poor hazard analysis and subsequent increased mission risk, and may ultimately cause the mishap. In this particular example, the crew was set up for the opportunity for failure.

Reason's model does not stop at supervision; it also considers organizational Influences that can impact performance at all levels. For instance, in times of fiscal constraints, funding may be short and may lead to limited training opportunities. Supervisors are sometimes pressed to task "non-proficient" crews with complex missions. Not surprisingly, unintended and unrecognized errors may appear, and mission performance will consequently suffer. As such, hazards and risks at all levels must be addressed if any mishap investigation process is going to be effective.

The investigation process then endeavours to detect and identify the "holes (hazards) in the cheese" (see Figure above). So how do we identify these hazards? Aren't they really too numerous to define? After all, every mishap is unique, so the hazards will always be different for each mishap ... right? Well, it turns out that each mishap is not unique from its predecessors. In fact, most mishaps have very similar causes. They are due to the same holes in the cheese, so to speak. The hazards identified in each new mishap are not unique to that mishap. Therefore, if you know what these system failures/ hazards or "holes" are, you can better identify their roles in mishaps -or better yet, detect their presence and develop a risk mitigation strategy correcting them before a mishap occurs.

HFACS describes four main tiers of failures/conditions:
(A) Acts,
(B) Preconditions,
(C) Supervision, and
(D) Organizational Influences.
A brief description of the major tiers with associated categories and sub-categories follows, beginning with the tier most closely tied to the mishap.

A. Acts
Acts are those factors that are most closely tied to the mishap, and can be described as active failures or actions committed by the operator that result in human error or unsafe situation. We have identified these active failures or actions as Errors and Violations (Figure below).
(i) Errors: Errors are factors in a mishap when mental or physical activities of the operator fail to achieve their intended outcome as a result of skill-based, perceptual, or judgment and decision making errors, leading to an unsafe situation. Errors are unintended. We classified Errors into three types:

(a) Skill-based Errors: When people are performing familiar work under normal conditions, they know by heart what to do. They react almost automatically to the situation and do not really have to think about what to do next. For instance, when a skilled automobile driver is proceeding along a road, little conscious effort is required to stay in the lane and control the car. The driver is able perform other tasks such as adjusting the radio or engaging in conversation without sacrificing control. Errors committed at this level of performance are called slips or lapses.

-Slips are failures in carrying out the actions of a task. They are described as 'actions┬Čnot-as-planned'. Examples would be: picking up the wrong component from a mixed box, operating the wrong switch, transposing digits when copying out numbers and misordering steps in a procedure.
Typical slips might include:

  • Performing an action too soon in a procedure or leaving it too late;
  • Omitting a step or series of steps from a task;
  • Carrying out an action with too much or too little strength (eg over-torquing a nut bolt);
  • Performing the action in the wrong direction (e.g. turning a control knob to the right rather than the left, or moving a switch up rather than down);
  • Doing the right thing but on the wrong object (eg switching the wrong switch); and
  • Carrying out the wrong check on the right item (e.g. checking a dial but for the wrong valve).

An example of slip: Two similarly named chemicals were manufactured at a chemical works in batch reactions. Each required the presence of an inorganic base to maintain alkalinity to prevent exothermic side reactions. Development work was in progress which involved altering the various ratios of chemicals in each reaction. A chemist, in calculating the quantities of inorganic base required, inadvertently transposed the figures (a typical slip). As a result one reaction was carried out with only 70% of the required base present and an exothermic side reaction resulted. The subsequent explosion destroyed the plant. The system was not designed to cope with a runaway exothermic reaction. There was no system for checking the calculations.

-Lapses cause us to forget to carry out an action, to lose our place in a task or even to forget what we had intended to do. They can be reduced by minimising distractions and interruptions to tasks and by providing effective reminders especially for tasks which take some time to complete or involve periods of waiting. A useful reminder could be as simple as a partially completed checklist placed in a clearly visible location for the person doing the task. We may be able to eliminate some of these lapses through better design of equipment or tasks.

An example of lapse: An experienced road tanker driver had virtually completed the filling of his vehicle from a bulk tank of inflammable liquid when a nearby telephone rang. After ignoring it for some five minutes he closed the various valves on the installation and went to answer it. On returning to the vehicle he drove away having forgotten that he had not disconnected the tanker hose from the installation. Fixed pipework from the installation fractured and approximately one tonne of material was lost. The installation was not fitted with a drive-away protection device.

(b) Mistakes are a more complex type of human error where we do the wrong thing believing it to be right. The failure involves our mental processes which control how we plan, assess information, make intentions and judge consequences. Two types of mistakes exist, rule-based and knowledge-based

-Rule-based mistakes occur when our behaviour is based on remembered rules or familiar procedures. We have a strong tendency to use familiar rules or solutions even when these are not the most convenient or efficient.

An example of rule based mistake: An operator was very familiar with the task of filling a tank. He expected the filling procedure to take about 30 minutes. However, on this occasion the diameter of the pipe entering the tank had been enlarged and the tank was filling much more rapidly than he anticipated. He ignored the high level alarms on the grounds that the tank could not be filled so quickly. The tank overflowed. Improved communications would have alerted the operator to the changes that had been made to the pipe.

In unfamiliar circumstances we have to revert to consciously making goals, developing plans and procedures. Misdiagnoses and miscalculations can result when we use this knowledge-based reasoning.

An example of knowledge-based reasoning: The investigation following a major collapse of a tunnel found that the organisation had relied on the experience of one person as a control measure. However, the nature of the method of working meant that this person had no reliable instrumentation for detecting when the tunnel was becoming unstable. Relying on 'experience' was actually relying on knowledge-based reasoning of the 'expert' and was not an effective control method to prevent a serious collapse given the unpredictable nature of the event. The expert needed more reliable instruments to carry out this work.

It can be concluded that mistakes are Judgement and Decision Making Errors. Misperception errors are factors in a mishap when misperception of an object, threat or situation (such as visual, auditory, proprioceptive, or vestibular illusions, cognitive or attention failures) results in human error, which comes under mistakes.

(ii)Violations: Violations are any deliberate deviations from rules, procedures, instructions and regulations. The breaching or violating of health and safety rules or procedures is a significant cause of many accidents and injuries at work. Removing the guard on dangerous machinery or driving too fast will clearly increase the risk of an accident. Health risks are also increased by breaking rule.

For example a worker in a noisy workplace who breaks the site rules about wearing ear defenders increases their risk of occupational deafness. Our knowledge of why people break rules can help us to assess the potential risks from violations and to develop control strategies to manage these risks effectively. In the workplace rules are broken for many different reasons. Most violations are motivated by a desire to carry out the job despite the prevailing constraints, goals and expectations. Very rarely are they willful acts of sabotage or vandalism. Violations are divided into three categories: routine, situational and exceptional.

a) With a routine violation, breaking the rule or procedure has become a normal way of working within the work group. This can be due to:

- the desire to cut corners to save time and energy;
- the perception that the rules are too restrictive;
- the belief that the rules no longer apply;
- lack of enforcement of the rule; and
- new workers starting a job where routine violations are the norm and not realising that this is not the correct way of working.

(b) In the case of situational violations breaking the rule is due to pressures from the job such as being under time pressure, insufficient staff for the workload, the right equipment not being available, or even extreme weather conditions. It may be very difficult to comply with the rule in a particular situation or staff may think that the rule is unsafe under the circumstances. Risk assessments may help to identify the potential for such violations. Encouraging reporting of job pressures through open communication will also be helpful.

(c) Exceptional violations rarely happen and only then when something has gone wrong. To solve a new problem you feel you need to break a rule even though you are aware that you will be 'taking a risk'. You believe, falsely, that the benefits outweigh the risks.

Preconditions are factors in a mishap if active and/or latent preconditions such as conditions of the operators, environmental or personnel factors affect practices, conditions or actions of individuals and result in human error or an unsafe situation as show in figure below. In this error analysis model preconditions include Environmental Factors, Condition of the Individuals and Personnel Factors.

(i)Environmental Factors: Environmental factors are factors in a mishap if physical or technological factors affect practices, conditions and actions of individual and result in human error or an unsafe situation. Environmental factors include:

Physical Environment: Physical environment are factors in a mishap if environmental phenomena such as weather, climate, white-out or dust-out conditions affect the actions of individuals and result in human error or an unsafe situation.

Technological Environment: Technological environment are factors in a mishap when cockpit/vehicle/workspace design factors or automation affect the actions of individuals and result in human error or an unsafe situation.

(ii)Condition of the Individual: Condition of the individual are factors in a mishap if cognitive, psycho-behavioral, adverse physical state, or physical/mental limitations affect practices, conditions or actions of individuals and result in human error or an unsafe situation. Condition of the Individuals include:

Cognitive Factors: Cognitive factors are factors in a mishap if cognitive or attention management conditions affect the perception or performance of individuals and result in human error or an unsafe situation.

Psycho-Behavioral Factors: Psycho-Behavioral factors are factors when an individual's personality traits, psychosocial problems, psychological disorders or inappropriate motivation creates an unsafe situation.

Adverse Physiological States: Adverse physiological states are factors when an individual experiences a physiologic event that compromises human performance and this decreases performance resulting in an unsafe situation.

Physical/Mental Limitations: Physical/mental limitations are factors in a mishap when an individual lacks the physical or mental capabilities to cope with a situation, and this insufficiency causes an unsafe situation. This often, but not always, indicates an individual who does not possess the physical or mental capabilities expected in order to perform the required duties safely.

Perceptual Factors: Perceptual factors are factors in a mishap when misperception of an object, threat or situation (visual, auditory, proprioceptive, or vestibular conditions) creates an unsafe situation. If investigators identify spatial disorientation (SD) in a mishap, the preceding causal illusion should also be identified. Vice versa, if an illusion is identified as a factor in a mishap then the investigator should identify the resultant type of SD.

(iii)Personnel Factors: Personnel factors are factors in a mishap if self-imposed stressors or resource management affects practices, conditions or actions of individuals, and result in human error or an unsafe situation. Personnel factors include:

Coordination/Communication/Planning: Coordination/communication/planning are factors in a mishap where interactions among individuals and teams are involved with the preparation and execution of a mission that resulted in human error or an unsafe situation.

Self-Imposed Stress: Self-imposed stress are factors in a mishap if the operator demonstrates disregard for rules and instructions that govern the individuals readiness to perform, or exhibits poor judgment when it comes to readiness and results in human error or an unsafe situation. These are often violations of established rules that are in place to protect people from themselves and a subsequent unsafe condition. One example of self-imposed stress is drinking alcohol prior to operating a motor vehicle.


Locations of visitors to this page