Reducing human error involves far more than taking disciplinary action against an individual. There are a range of measures which are more effective controls including the design of the equipment, job, procedures and training.
The design guidance developed consists of two forms: design principles and a three step process for systematically addressing human errors in design. The relationships between the guidance developed, human error occurrence and consequence in system operation, and conventional engineering design and design change processes are shown in Figure below.
The three-step process helps in the following:-
- Make goals and system state visible, interfaces should make accessible, information in a form so that system state can be easily related to system operational goals.
- Provide a good conceptual model It is important that operators must be able to develop a good conceptual model of the plant systems from training, from the design of the interface between the operator and the plant, and from observations of system operation. The information from these three sources should be consistent and complementary to reduce the possibility of operating errors.
- Make the acceptable regions of operation visible directly indicating the acceptable, unacceptable, and desired regions of system operation in process and state displays can act as a visual aid. This reduces dependence on user memory recall and the need for dynamic context dependent determinations. The adequacy of plant process state can thus be judged more readily against performance targets.
- Make process and automation behaviour predictable. Errors have a better chance of being detected if the normal behavior of plant processes and automation is predictable.
- Employ affordances. Apply design features that visibly convey the possibilities for action.
- Make the options for functional control visible. Errors in planning and action execution can be minimized if controls are visible so that the possibilities and limits for action are known.
- Provide appropriate feedback. Always provide feedback for an operator’s actions. Feedback can take many forms. As a minimum, feedback should convey the impact of the operator’s action on the overall state of the system.
- Ensure a close relationship between a control and its function to reduce the demand on an operator’s memory, there should be a clear relationship between the location and mode of operation of a control and its function.
- Build-in constraints. The user’s actions should be limited to acceptable ranges of control possibilities to guard against errors.
- Make error recovery easy. Given that errors will occur, the system should be forgiving and allow the operator to readily detect and recover from these errors.
- Make interfaces consistent. Consistency (and standardization) allows users to apply existing knowledge to new tasks, This reduces the burden of interface characteristics that must be learned and remembered. Minimizing the secondary tasks associated with task performance can reduce the incidence of operating error.
5.1 Addressing human error in the design process.
To address human errors, one first needs to characterize their potential for occurrence and consequence for the operating situations encompassing system operation. Characterizing the human error environment involves:
- Identifying operational and design requirements,
- Determining operational and functional context for system operation and possible human error occurrence,
- Understanding the operator’s needs in support of task performance and
- Evaluating the human error potential for the system operation and environment examined.
- Information for the evaluation may be based primarily on either:
- Observation or operational experience (e.g., examination of past incidents and errors, observation of system operation, simulated system operation, walk-throughs, of errors and talk throughs), or
- Analytical prediction of anticipated events. Adaptation of several analytical techniques from the human reliability field can assist in assessment of human error potential.
Most techniques are based on
1. Eliminate Error Occurrence
This is the first preference, where design features known to be a source of human error are eliminated (e.g., lack of feedback, lack of differentiation, inconsistent or unnatural mappings). Design choices available for error elimination include:
- Replacement of error inducing design features (e.g., physical device separation, physical guards, application of validity and range).
- Restructuring of task so the error prevalent behaviour is no longer performed (e.g., by information filtering, only the information needed for the task is provided).
- Automate to change the role of human involvement in support of task performance.
2. Reduce Error Occurrence
Consider this approach if complete error elimination is not possible or feasible through design choices. Design features which can reduce error occurrence include:
- Identification (e.g., device labeling).
- Constraints (i.e., build in constraints to limit operation to acceptable ranges).
- Coding (i.e., aid in choice differentiation and selection).
- Consistency Feedback (i.e., convey device and system state directly in the interface).
- Predictability (i.e., design system responses so that operators can associate specific control actions with system response).
3. Eliminate Error Consequence
The third approach is to eliminate error consequences. There are three categories of design features that reflect the components of the consequence prevention strategy:
A. Error detection design features (to promote detection prior to consequence \ occurrence):
- Feedback (i.e., status information in relation to operational goals and potential side-effects of an action).
- Alert of Unacceptable Device States (e.g., visual/auditory feedback of off-normal or unacceptable device states).
- Confirmation (i.e., support of self checking and independent verification practices).
- Prediction (i.e., providing information on the outcome of an action prior to its implementation, or with sufficient time for correction).
B. Error recovery design features (to enable recovery prior to consequence occurrence):
- Undo (e.g., facilities for reversing recent control actions to allow promote error recovery).
- Guidance (i.e., alternative forms of guidance for cases where reversing a recent control action is not the preferred action).
C. Consequence Prevention Design Features
- Margins and Delays (i.e., these features can provide more time to unacceptable consequence realization thus increasing the chances of error detection and recovery prior to consequence occurrence)
- Fail Safe Features
4. Reduce Error Consequence.
If errors and consequences can not be completely eliminated, consider measures that enable consequence reduction. This may be achieved through application of additional design features that allow operators or automation to recognize the occurrence of an error consequence, and to take action to mitigate the consequences.
- Margins (i.e., apply larger design margins to allow some consequences to be accommodated by normal system function and capacities). Engineered Mitigating Systems (e.g,, automatic special safety systems actions, such as CANDU Automatic Stepback and Setback). Human Intervention (i.e., operations team can readily adapt to both predefined and undefined operating situations).
- Response Teams (i.e., organizational structure is prepared and coordinated to deal with the predefined consequences).
- Consequence Prediction (e.g., aids can assist operations staff in predicting the extent of consequences of operating actions and assist in selection and execution of mitigating actions).
- Backup Replacement Function (i.e., provision of equipment and/or human intervention to mitigate consequences).
5.2 Assess the impact of the design and track operational performance.
The third stage of the process is the assessment of the impact of the selected human error defensive measures.
The scope of the plant and control center design to be assessed should be defined. Error-related issues should then be identified in the likelihood of particular error-occurring modalities, and the related design features. Error related issues are any changes or designs that could lead to a change in the likelihood of human error. The analytical techniques discussed in Section 5.2.1 may be applied at this stage again, now that the design exists.
Assessing the impact of designs (changes) on error can assist in reducing errors and consequences. This can be proactive or reactive. Both positive (error reducing) and negative (error-increasing) characteristics should be noted.
The long term use of the system, as well as the immediate impact, should be tracked. This will help to determine new error modes that may develop, through system use, that warrant further design modification.
Jatin Dubey is a 26-year-old MBA student whose passion for storytelling and a deep love for literature have fueled his journey as an aspiring author. Born and raised in a small town, Jatin discovered the magic of words at a young age when he stumbled upon an old, dusty library tucked away in a forgotten corner of his neighborhood. As he delved into the world of books, he found solace and inspiration in the pages of classic novels and contemporary fiction.