Fault tree analysis human errors

Several qualitative approaches can be used to identify hazardous reaction scenarios, including process hazard analysis, checklists, chemical interaction matrices, and an experience-based review. CCPS (1995a p. 176) describes nine hazard evaluation procedures that can be used to identify hazardous reaction scenarios-checklists, Dow fire and explosion indices, preliminary hazard analysis, what-if analysis, failure modes and effects analysis (FMEA), HAZOP study, fault tree analysis, human error analysis, and quantitative risk analysis. 

Process Hazards Analysis. Analysis of processes for unrecogni2ed or inadequately controUed ha2ards (see Hazard analysis and risk assessment) is required by OSHA (36). The principal methods of analysis, in an approximate ascending order of intensity, are what-if checklist failure modes and effects ha2ard and operabiHty (HAZOP) and fault-tree analysis. Other complementary methods include human error prediction and cost/benefit analysis. The HAZOP method is the most popular as of 1995 because it can be used to identify ha2ards, pinpoint their causes and consequences, and disclose the need for protective systems. Fault-tree analysis is the method to be used if a quantitative evaluation of operational safety is needed to justify the implementation of process improvements. 

Fault tree analysis is based on a graphical, logical description of the failure mechanisms of a system. Before construction of a fault tree can begin, a specific definition of the top event is required for example the release of propylene from a refrigeration system. A detailed understanding of the operation of the system, its component parts, and the role of operators and possible human errors is required. Refer to Guidelines for Hazard Evaluation (CCPS, 1992) and Guidelines for Chemical Process Quantitative Risk Assessment (CCPS, 2000). 

Fault Tree Analysis (ETA) provides a structured method for determining the causes of an incident.< 25,26,27) fault tree itself is a graphic model that displays the various comhinations of equipment failures and human errors that can result in an incident. 

This approach is illustrated by the development of event trees and fault tree analysis. In fault tree analysis, the probability of an accident is estimated by considering the probabihty of human errors, component failures, and other events. This approach has been extensively applied in the field of risk analysis (Gertman and Blackman 1994). THERP (Swain and Guttman 1983) extends the conditioning approach to the evaluation of human reliability in complex systems. 

A more careful comparison has also been made. JAXA (the Japanese Space Agency) and MIT engineers compared the use of STPA on a JAXA unmanned spacecraft (HTV) to transfer cargo to the International Space Station (ISS). Because human life is potentially involved (one hazard is collision with the International Space Station), rigorous NASA hazard analysis standards using fault trees and other analyses had been employed and reviewed by NASA. In an STPA analysis of the HTV used in an evaluation of the new technique for potential use at JAXA, all of the hazard causal factors identified by the fault tree analysis were identified also by STPA [88]. As with the BMDS comparison, additional causal factors were identified by STPA alone. These additional causal factors again involved those related to more sophisticated types of errors beyond simple component failures and those related to software and human errors. 

Fault tree analysis is a technique by which the system safety engineer can rigorously evaluate specific hazardous events. It is a type of logic tree that is developed by deductive logic from a top undesired event to all subevents that must occur to cause it. It is primarily used as a qualitative technique for studying hazardous events in systems, subsystems, components, or operations involving command paths. It can also be used for quantitatively evaluating the probability of the top event and all subevent occurrences when sufficient and accurate data are available. Quantitative analyses shall be performed only when it is reasonably certain that the data for part/component failures and human errors for the operational environment exist. 

The hazard identification and evaluation of a complex process by means of a diagram or model that provides a comprehensive, overall view of the process, including its principal elements and the ways in which they are interrelated. There are four principal methods of analysis failure mode and effect, fault tree, THERP, and cost-benefit analysis. Each has a number of variations, and more than one may be combined in a single analysis. See also Cost-Benefit Analysis Failure Mode and Effects Analysis (FMEA/FMECA) Fault Tree Analysis (FTA) THERP (Technique for Human Error Rate Probability). 

Software System Hazard Analysis This type of analysis is conducted similar to a hardware system hazard analysis (SHA), analyzing software functional processing steps to determine whether they may have any particular hazardous effect on the system. The analysis utilizes a hazard-risk index to illustrate the severity of each potential failure. The main advantage to this method is in its ability to positively identify safety-critical hardware and software functions as well as consider the effect of the human element in system software operations. The results of the software SHA, which identifies single-point failures or errors within a system, can often be used to assist in the development of a software fault tree analysis or, to some degree, a system FMEA. However, as with the other various SWHA techniques briefly described above, this method is also time-consuming and costly to perform. 

Fault Tree Analysis (FTA) is a well known and widely used safety tool, implementing a deductive, top down approach. It starts with a top level hazard, which has to be known in advance and "works the way down" through all causal factors of this hazard, combined with Boolean Logic (mainly AND and OR gates). It can consider hardware, software and human errors and identifies both single and multiple points of failure. Both a quantitative and qualitative analysis is possible. 

A Fault Tree Analysis (FTA) is a top-down, deductive logic model that traces the failure pathways for a predetermined, undesirable condition or event, called the TOP Event. An FTA can be carried out either quantitatively or subjectively. The FTA generates a fault tree (a symbolic logic model) entering failure probabilities for the combinations of equipment failures and human errors that can result in the accident. Each immediate causal factor is examined to determine its subordinate causal factors until the root causal factors are identified. 

Event tree analysis follows a process from inputs to outputs. Each situation or condition is the result of previous events. They may have to happen together to produce the condition (i.e. both 1 and 2) or either one may produce the condition (i.e. either 1 or 2). As all possible situations are ejqrlored, an event tree begins to unfold. Mathematical probabihties can often be assigned to each condition and a quantitative analysis performed. Symbols, boxes and lines join the events and conditions to produce a visual representation of the event tree. Unwanted outcomes can be traced back in a reversal of the analysis above to determine which factors contributed to the unwanted outcomes. This is called fault tree analysis . Faults differ from events in that faults are viewed as being a result of controllable human error. Events can include such faults. 

This method is approximately the reverse of fault tree analysis. It begins with an "initiating event" and tracks its consequences. The initiating event may be a human error or a system failure. 

Fault Tree Analysis (FTA)— A deductive technique that focuses on one particular incident, often called a top event, and then constructs a logic diagram of all conceivable event sequences (both mechanical and human) that could lead to that incident. It is usually a logic model that mathematically and graphically portrays various combinations of equipment faults, failures, and human errors that could result in an incident of interest, expressed in an annual estimation. 

Fault tree analysis has not to consider all possible failures, only these which lead to the top event (Modarres, 2006). The output is finally depicted in a directed tree diagram. The factors in the tree diagram can be hardware failures, software failures, human errors or pertinent events (lEC/ISO 31010,2009). 

Many methods of reducing human error are also based on the determination of whether human error actually occurred. Therefore, among these methods are included fault tree analysis and MORT event analysis. 

Huang. H. RebabUity Evaluation of a Hydraulic Truck Crane Using Field Data with Fuzziness. Microelectronics and Reliability 36, no. 10 (1996) 1531-1536. Huang, H., X. Yuan, and X Yao. Fuzzy Fault Tree Analysis of Railway Traffic Safety. Proceedings of the Conference on Tnyfic and Transportation Studies, 2000,107-112. Hudoklin, A., and V. Rozman. Human Errors Versus Stress. Reliability Engineering System Safety 37 (1992) 231-236. 

Fault Tree Analysis (FTA) is a formal deductive procedure for determining combinations of component failures and human errors that could result in the occurrence of specified undesired events at the system level (Ang and Tang (1984)). It is a diagrannnatic method used to evaluate the probability of an accident resulting from sequences and combinations of faults and failure events. This method can be used to analyse the vast majority of industrial system reliability problems. FTA is based on the idea that ... 

Representation Having defined what the operator should do (via task analysis) and what can go wrong, the next step is to represent this information in a form which allows the quantitative evaluation of the human-error impact on the system to take place. It is usual for the human error impact to be seen in the context of other potential contributions to system risk. Human errors and recoveries are usually embedded within logical frameworks such as fault tree analysis and event tree analysis. 

From a human reliability perspective, a number of interesting points arise from this example. A simple calculation shows that the frequency of a major release (3.2 x lO"" per year) is dominated by human errors. The major contribution to this frequency is the frequency of a spill during truck unloading (3 X10" per year). An examination of the fault tree for this event shows that this frequency is dominated by event B15 Insufficient volume in tank to imload truck, and B16 Failure of, or ignoring LIA-1. Of these events, B15 could be due to a prior human error, and B16 would be a combination of instrument failure and human error. (Note however, that we are not necessarily assigning the causes of the errors solely to the operator. The role of management influences on error will be discussed later.) Apart from the dominant sequence discussed above, human-caused failures are likely to occur throughout the fault tree. It is usually the case that human error dominates a risk assessment, if it is properly considered in the analysis. This is illustrated in Bellamy et al. (1986) with an example from the analysis of an offshore lifeboat system. 

If the results of the qualitative analysis are to be used as a starting-point for quantification, they need to be represented in an appropriate form. The form of representation can be a fault tree, as shown in Figure 5.2, or an event tree (see Bellamy et al., 1986). The event tree has traditionally been used to model simple tasks at the level of individual task steps, for example in the THERP (Technique for Human Error Rate Prediction) method for human reliability... 

---