Human Factors & Virtual Reality: Simone Colombo

Human Factors & Virtual Reality
Simone Colombo
Politecnico di Milano
POPRAD (SK)
24-28 May 2004 SSCHE – PRISM seminar

End-User representation
Research Level Basic research
DATA Collection
Applied research
Consultants
Support Level
Consultants
(knowledge
(services/
sales)
resources)
Equipment
Suppliers
(sales/lease)
Operational Level DATA Collection
Exploration/
Design Construction Decommissioning
Drilling Operators
Contractors Contractors Contractors
Contractors
Equipment
manufacturers
Tool modellers
and software
services

Aim
Aim of this presentation is to provide a
feasible way out to:
• Include HF into HAZOP-like methods in
a systematic and consistent manner
• Include HF into logic trees in a
systematic and consistent manner;
• Provide a way out to measure the
possible occurrence of erroneous
actions (PRISM’s specific)
Produce safety ?
Safety is produced when the three safety
actions, namely:
1. Safety management  Decision Making
& Audit;
2. Safety analyses  Risk Assessment and
Accident Investigation;
3. Training (individual and group) 
selection and transfer of knowledge;
are synergistically, systematically and
recurrently performed.
Safety Management
Safety Analyses
Risk Assessment CHANGE

Operational Working
Accident Investigation Conditions & Individual and
Group Behaviour
Core System Safety
Training
System Safety
Safety Production Layer
Safety
SafetyEfficiency
Efficiency(Internal
(Internalefficiency
24-28 May 2004 SSCHE – PRISMefficiency
seminar
measure
measureandandexternal
external(CSR))
(CSR))
Edited by Simone Colombo
Safety
SafetyActions
Actions
1 Design
1 Design
2 Exploration & Drilling
2 Exploration & Drilling
3 Construction
3 Construction
4 Commissioning
4 Commissioning Operational
Safety Management 5 Operation
5 Operation
66Modifications,
Modifications,Maintenance
Maintenance&&Repair
Repair
77Decommissioning
Decommissioning
Training
Areas of
Safety Analyses Areas of
Application
Application
Supply Chain
Internal
Technological
Technological
Organisational
Organisational
Human
Human Top Manager
Top Manager
Roles
Roles
Sources of Sharp-end Operators

Sources of
Hazard Sharp-end Operators
Hazard
Natural Hazards
Looking for realistic Safety
Analyses outcomes ?
In order to have a realistic and not
misleading snapshot of the level of risk
it is necessary to perform all the three
complementary analyses:
1. Operability Analysis (HAZOP &
HAZOP-like);
2. Fault Tree Analysis;
3. Event Tree Analysis;
Looking for realistic Safety
Analyses outcomes ?
… and, furthermore, it is necessary to

integrate HF into them in a systematic
and consistent way.

Usefulness of HF
Broadly speaking the outcomes of Human
Factors analyses serve to:
1. Offer an adequate (context’s sensitive)
training;
2. Perform integrated risk analyses and
accident investigations;
3. Support the decision making process.
Why HF are not systematically
included into SA ?
There have been identified 3 main issues:
1. There are no paradigms on how to
integrate HF into HAZOP-like methods
that enable to directly extract TEs
2. There are no paradigms on how to
include HF into logic trees (Fault Tree,
Event Tree, Incidental Sequence
Diagram, …)

HF not explicitly included?
Top Event
Protective System Failure

Dangerous Transient
HF?
X
Manual Devices Failure Automatic Devices Failure

Why HF are not systematically
included into SA ?
3. It is quite hard to measure human
reliability, or rather, to measure the
occurrence of the identified critical
erroneous actions

1. Inclusion of HF into
HAZOP-like methods

Recursive HAZOP

Classical VS Recursive
HAZOP
Pros & Cons:
• Recursive Operability Analysis (ROA)
does not use the heavy, tedious and
sometime misleading guide words
approach;
• The correct execution of a ROA may be
heavily dependent on the correct
subdivision of a plant

HAZOP
• ROA requires the identification of
boundary nodes, as well as internal
ones, i.e., points were deviations of a
process variable (T, P, Flow) may
develop or propagate (operation that
must go hand in hand with the
identification of the process variables
regarded as significant for the analysis)
HAZOP
• ROA is certainly more accurate, reliable
than the classical HAZOP (OA)
• BUT, maybe, more demanding in terms
of time

HAZOP
… in all instances however, it has not to

substitute the classical HAZOP which is
extremely useful to rough out the
identification of main hazards (of any
kind).

E.G. The Chief’s Assistant
1. Fryer, 2.
Oil, 3.
Thermostat,
4. High T cut
off switch, 5.
Smoke
detector,
6. Sprinkler)


2
10
6 7
PRE - 5 8 9
1 3 4 POST - 11
INITIATING POST -INITIATING AUTOMATIC
HUMAN BY -PASS HUMAN INITIATING
DEVIATION HUMAN - CONSEQUENCES TE HUMAN -TECHNOLOGY PROTECTION CONSEQUENCES
INTERVENTION OF (EFS) INTERVENTION HUMAN
TECH CAUSES MEANS
CAUSES
CAUSES
2. High Temp 4A. High Temp LED Fault 7. Misdiagnosis

1. Too much 7. MI of Operator 4B. MI High 4B. High 7. MI of Operator
2. Very high Temp 2. Very High Temp
heat provided on LED Temp Switch Temp Switch on LED 7. Misdetection of
7. Misdetection of LED
LED
2. Very high 7. MI of Operator 7. Misdetection

2. High Temp 2. Boiling Oil
Temp on smell 7. Misdiagnosis
2. Very high Localised Fire 7. MI of Operator 5. Smoke Detector Fault

2. Boling Oil 1
Temp (low damage) on smoke
7. Misdetection
Localised Fire 7. EI/MI of 6. MI of EI of Operator on

Widespread F ire 2 7. Misdiagnosis 6. Sprinkler 7. Misdiagnosis Widespread Fire
Operator on fire Sprinklers fire
(low damage)
2. Boiling Oil 6. Correct
Flooding 3 Intervention of
Sprinkler
3. MI of
1. Too much
Thermostat
heat provided
(stuck cl osed)
7. EI during
3. MI of maintenance 3. Latencies in the
Thermostat
7. EI during component
(stuck closed)
inspection
7. EI during 3. Thermostat stuck

7. Misdiagnosis
maintenance closed
7. EI During 7. Misdetection 3. Thermostat stuck

Inspecti on of Flaws closed
7. EI during
4B. MI High maintenance 4B. Latencies in the
Temp Switch component
7. EI during
inspection
7. EI during
7. Misdiagnosis
maintenance
7. EI dur ing 7. Misdetection

inspection of Flaws
7. EI during
6. MI of maintenance 6. Latencies in the
Where: MI = Missing Intervention; EI = Erroneous Intervention
Sprinklers component
7. EI during
inspection

2. Inclusion of HF into Logic
Trees

From implicitness towards
explicitness
Top Event

Dangerous Transient
HF?
X

Top Event

Dangerous Transient
+ +
Alarms Autom Devices
AND

explicitness
Top Event
INH
Protective Systems Failure
Dangerous Transient
X AND
Technology Failure Human Failure
+ OR
Human Missing Intervention Human Erroneous Intervention
Human Detection
24-28 May 2004 Alarms Failure
SSCHE – PRISM seminar
(Where possible)
explicitness
Top Event
INH
Ineffective Intervention of Protective Systems
Process out of control
+ OR
Human Erroneous Intervention Human-Technology System Failure
X X AND
Human Missing Intervention MI Automatic Protective Means

Recovery Failure By-Pass of ESFs
Alarms Failure Human Detection

MI of Erroneous
(Where possible)
Intervention
Protective Means
ESFs: Engineered Safety Features
Erroneous Actions

Top Event
INH
Process out of control
Human Missing Intervention
Equipment Failure
Ineffective Intervention of Protective Systems
PRE-INITIATOR Human Failure
+ OR
Human-Technology System Failure Human Failure
X AND AND X
Human Missing Intervention MI Automatic Protective Means Recovery Failure By-Pass of ESFs
+ OR
Human MI MI of Erroneous
Alarms Failure Human Detection Failure Intervention
Protective Means
Equipment Failure
Erroneous Actions
ESFs: Engineered Safety Features

24-28 May 2004 SSCHE
POST-INITIATOR – PRISM
Human Failureseminar
MI: Missing Intervention
3. Possible way forward to
measure Human Failure
Probabilities (HFP)

1st generation HRA methods
The innocence of the Performance
Shaping Factors (PSFs)
n
log f   PSF
k 1
k  Wk  C
• f = error frequence
• C = costant
• Wk = weight of the kth PSF
Objective 'A'
a A
b/a B/a b/A B/A

Objective 'B'
Series S F F F
Parallel S S S F

Inherent limitations:
• Human Error Rate can be expressed
without making any assumptions with
regard to cognition;
• PSFs are simply additive: not realistic;
• Concepts behind the estimation are not
clear.
E.g.
If the probability of making a failure, such
as missing a step in a procedure, is
estimated to be p=0,01, the influence of
a PSF, such as moderate stress, is
simply assumed to double the value.
Thus, moderate stress in defined
(measured) independently or as that
condition which doubles the failure rate?
From 1 to 2 generation HRA
st nd
methods
Despite keeping the Human Reliability
Analysis – Event Tree approach for
calculating probabilities of occurrence,
the transition from 1st to 2nd generation
Human Reliability Assessment methods
has much complicated the estimation of
Human Failure Events (HFEs)

Available Methodologies
There are many HRA methods. Amongst those:
• First generation ones:
– THERP
– HEART
– JHEDI
• Second generation:
– ATHEANA;
– CREAM;
– HERMES
From 1 to 2 generation HRA
st nd
methods
n
log f   PSF
k 1
k  Wk  C
P HFE   i P EFCi   PUA | EFCi 

1° VS 2° generazione HRA
a = .9 9 4 A = .0 0 6
b = .9 9 8 B = .0 0 2
F 1 = .0 0 6
c = .9 9 8 C = .0 0 2
F 2 = .0 0 1 9 9
d = .9 9 4 D = .0 0 6
F 3 = .0 0 1 9 8
e ' = .4 9 7
e = .9 9 4 E = .0 0 6 E ' = .5 0 3
S e ' = .0 0 2 9 5
g ' = .4 9 7 g '' = .2 4 8
g = .9 9 4 G = .0 0 6 G ' = .5 0 3 G '' = .7 5 2
S g ' = .0 0 2 9 3 S g '' = .0 0 0 7 4
h = .9 9 9 H = .0 0 1 h = .9 9 9 H = .0 0 1 h = .9 9 9 H = .0 0 1 h = .9 9 9 H = .0 0 1
S h = .0 0 5 8 7 S h = .0 0 2 9 7 S h = .0 0 2 2 5
i = .9 9 I = .0 1 i' = .4 9 5 I ' = .5 0 5
F 9 = .0 0 9 8 9
j = .9 9 9 J = .0 0 1 j ' = .8 5 6 J ' = .1 4 4  S i = 0 .9 7 8 4
24-28 May 2004 SSCHE – PRISM seminar  F i = 0 .0 2 1 6

S 1 = .9 7 8 F 1 0 = .0 0 0 9 7 9 S 2 = .0 0 0 4 1 5 F 8 = .0 0 0 0 7
n
log f   PSF
k 1
k  Wk  C

Quantificazione proposta da ATHEANA

n
log f   PSF
k 1
k  Wk  C

Quantificazione proposta da ATHEANA

How to measure HFP
At present the unique way is to turn to the
expert judgement applying
methodologies like:
• Scenario’s Analysis (Herman Kahn);

• Delphi Method;
• Cross impact analysis.
Limits of Expert Judgement
1. It is extremely demanding in terms of
competencies needed by the analyst
for performing the analysis;
2. It could hold inherently strong

uncertainties associated with the
subjectivity of the analysis (expectable
by any subjective method)
3. It needs several experts, working
together and supported at least by a
human factors expert, to gain credible
HFP estimates;
4. It needs a strong facilitator to ensure
that each expert shows his/her
evidence and substantiate its
foundations.
5. It takes much time to reach the
consensus final probability distribution;
… and that is probably why is not much

applied in practice by industry

What was the aim of WP7
within PRISM?
Having this all in mind, the idea was to
merge Human Factors (HF) knowledge
with Virtual Reality (VR) technologies
with the aim of:
Enabling the assessment of human
reliability, in each of the 7 areas of
application, by using the most advanced
HF techniques (i.e. second-generation);
Safety Management
Safety Analyses
Risk Assessment CHANGE

Operational Working
Accident Investigation Conditions & Individual and
Group Behaviour
Core System Safety
Training
System Safety
Safety Production Layer
Safety
SafetyEfficiency
Efficiency(Internal
(Internalefficiency
24-28 May 2004 SSCHE – PRISMefficiency
seminar
measure
measureandandexternal
external(CSR))
(CSR))
Areas of application
1. Exploration &
• Design stage
Drilling;
2. Construction;
3. Commissioning;
• Operational stages: 4. Operation;
5. Maintenance,
Repairs &
Modifications;
• (Emergency stage)
6. Decommissioning.

New Tech
The combination of HF & VR enable to produce
a new tech formed by:
– Prevention tools;
– Detection tools;
– Demonstration tools;
to apply at the:
– Design stage;
– Operational stages;
– Emergency stage.
Overall benefits
The new tech will allow to move from a

“paper simulation” (strongly relying on
analyst’s creativity and imagination) to a
virtual simulation where safety analyses
are carried out in a concerted way.

Overall benefits

Overall benefits
1. To support decision makers in making
safety-critical decisions and best
resources allocation,
2. To support safety analysts in
anticipating inadequacies associated
with HF, conceiving new design
strategies, and deciding the adequate
level of competences,
Overall benefits
3. To support trainers in making more
incisive and effective training courses;
4. To produce adequate competencies
for running safely new and more
complex technologies both at:
• Operational stage;
• Emergency stage.

Overall benefits
5. To improve the learning and self-
learning process efficiency of
trainees;
6. To identify and measure the effects
on operators’ reliability and
performance of modifications brought
to:

Overall benefits
I. The Process (both hardware &
software),
II. The Organizational set-up,
III. The Training contents,
IV. The Roles and Rules definition,
V. The Task allocation.

At the design stage
• Exploiting VR allow :
– To prefigure potential human failures
before they are actually made in reality;
– To immediately search for suitable
solutions, following a human-centred
approach, so to avoid their occurrence in
reality.

At the design stage
– To retrieve data and information,
specifically associated with the working
environment at hand, essential to run
present Human Factors methodologies
a = .99 A = .01
F1 = .01
b = .999 B = .001
F2 = .00099
c = .997 C = .003
S1 = .986 F3 = .003
At the operational stage
• At the operational level it allow:
– To keep the appropriate awareness,
promptness and preparedness of the
workforce in place;
– To improve skills and understanding;
– To design better training programs;
– To measure the efficiency of learning
processes;
– To bring out human capabilities;
– To visualise accident dynamics and stress
critical aspects (spatio-temporal
emphases), such as:
• Inappropriate actions (short-cuts, barriers
elimination, etc.);
• Technological limitations;
• Awkward operational conditions;
• Inter- and Intra-Team coordination.
– To demonstrate the reasons why
procedures, tasks, working rules, crews
composition, barriers, etc., have been
devised in that specific way.

At the emergency stage
The main advantage relate to the

opportunity of simulating the entire
emergency situation, including the
consequences.

Position statements
• The New Tech can substantially
contribute to support safety production
by supporting:
– The application of advanced HF
methodologies;
– The decision making process;
– The Emergency preparedness.

Position statements
• Merging VR technology & HF
methodologies can sensibly:
– Reduce the costs of safety production (at
least for what concern the HF analyses
part);
– Reduce the time to perform safety
analyses;
– Increase the efficiency in safety production
and emergency management.
What’s Human Factors?
• Ergonomics: scientific discipline dealing with
issues associated with human work and that,
by summing up, elaborating and integrating
researches and solutions coming from
various disciplines (such as medicine,
physiology, psychology, sociology and
cognitive sciences), tends to realise an
optimal adaptation of the socio-technical
working environment to the psycho-physical
limitations of the human being.

Human Factors & Virtual Reality: Simone Colombo

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Human Factors & Virtual Reality: Simone Colombo

Uploaded by

Copyright:

Available Formats

Human Factors & Virtual Reality

24-28 May 2004 SSCHE – PRISM seminar

Operational Level DATA Collection

24-28 May 2004 SSCHE – PRISM seminar

Risk Assessment CHANGE

Core System Safety

Safety Production Layer

Sources of Sharp-end Operators

… and, furthermore, it is necessary to

24-28 May 2004 SSCHE – PRISM seminar

24-28 May 2004 SSCHE – PRISM seminar

Protective System Failure

Manual Devices Failure Automatic Devices Failure

24-28 May 2004 SSCHE – PRISM seminar

24-28 May 2004 SSCHE – PRISM seminar

24-28 May 2004 SSCHE – PRISM seminar

24-28 May 2004 SSCHE – PRISM seminar

24-28 May 2004 SSCHE – PRISM seminar

24-28 May 2004 SSCHE – PRISM seminar

… in all instances however, it has not to

24-28 May 2004 SSCHE – PRISM seminar

24-28 May 2004 SSCHE – PRISM seminar

24-28 May 2004 SSCHE – PRISM seminar

2. High Temp 4A. High Temp LED Fault 7. Misdiagnosis

2. Very high 7. MI of Operator 7. Misdetection

2. Very high Localised Fire 7. MI of Operator 5. Smoke Detector Fault

Localised Fire 7. EI/MI of 6. MI of EI of Operator on

7. EI during 3. Thermostat stuck

7. EI During 7. Misdetection 3. Thermostat stuck

7. EI dur ing 7. Misdetection

24-28 May 2004 SSCHE – PRISM seminar

24-28 May 2004 SSCHE – PRISM seminar

Protective System Failure

Manual Devices Failure Automatic Devices Failure

24-28 May 2004 SSCHE – PRISM seminar

Protective System Failure

Manual Devices Failure Automatic Devices Failure

Alarms Autom Devices

24-28 May 2004 SSCHE – PRISM seminar

Protective Systems Failure

Technology Failure Human Failure

Human Missing Intervention Human Erroneous Intervention

Human Erroneous Intervention Human-Technology System Failure

Human Missing Intervention MI Automatic Protective Means

Alarms Failure Human Detection

24-28 May 2004 SSCHE – PRISM seminar

Process out of control

Human Missing Intervention

Human-Technology System Failure Human Failure

ESFs: Engineered Safety Features

24-28 May 2004 SSCHE – PRISM seminar

b/a B/a b/A B/A

24-28 May 2004 SSCHE – PRISM seminar

24-28 May 2004 SSCHE – PRISM seminar

P HFE   i P EFCi   PUA | EFCi 

24-28 May 2004 SSCHE – PRISM seminar

24-28 May 2004 SSCHE – PRISM seminar  F i = 0 .0 2 1 6

P HFE   i P EFCi   PUA | EFCi 

24-28 May 2004 SSCHE – PRISM seminar

P HFE   i P EFCi   PUA | EFCi 

24-28 May 2004 SSCHE – PRISM seminar

• Scenario’s Analysis (Herman Kahn);