Fault Tree Analysis human factors

Both the integrative model by Smillie Ayoub (1975) and the deviation concept by Kjellen (1984a) connect the general systems theory to the sequencing and energy models of accident causation. They encompass technical, organizational and human components of the system. Various methods of system safety analysis (e.g. fault tree analysis, incidental factor analysis) support the identification of technical and human deviations as well as the analysis of the conditions and consequences of these deviations. From the discussion of near misses and conflicts it became clear that frameworks of accident causation should cover all kinds of incidents, thus becoming frameworks of incidents. 

Failure sequence modeling techniques such as fault tree analysis or event tree analysis are used to estimate tlie likelihood of incidents in facilities where historical data is unai ailable, or is inadequate to accurately estimate tlie likelihood of the liazardous incidents of concern. Otlier modeling tecluiiques may be required to consider tlie impact of external events (eartliquakes, floods, etc.), common cause failures, and human factors and hmnan reliability. 

Topics Include methods lor calculating damage resulting from the physical effects of accidental releases, using risk assessment Information to specify safety control systems, fault tree analysis, hazards of trace substances, warehouse fires, human exposure to process systems, and solutions to human factor problems. 

A more careful comparison has also been made. JAXA (the Japanese Space Agency) and MIT engineers compared the use of STPA on a JAXA unmanned spacecraft (HTV) to transfer cargo to the International Space Station (ISS). Because human life is potentially involved (one hazard is collision with the International Space Station), rigorous NASA hazard analysis standards using fault trees and other analyses had been employed and reviewed by NASA. In an STPA analysis of the HTV used in an evaluation of the new technique for potential use at JAXA, all of the hazard causal factors identified by the fault tree analysis were identified also by STPA [88]. As with the BMDS comparison, additional causal factors were identified by STPA alone. These additional causal factors again involved those related to more sophisticated types of errors beyond simple component failures and those related to software and human errors. 

Chapter 3 presents introductory aspects of safety and human factors. Chapter 4 is devoted to methods considered useful to perform patient safety analysis. These methods include failure modes and effect analysis (FMEA), fault tree analysis (FTA), root cause analysis (RCA), hazard and operability analysis (HAZOP), six sigma methodology, preliminary hazard analysis (PFfA), interface safety analysis (ISA), and job safety analysis (JSA). Patient safety basics are presented in Chapter 5. This chapter covers such topics as patient safety goals, causes of patient injuries, patient safety culture, factors contributing to pahent safety culture, safe practices for better health care, and patient safety indicators and their selection. 

An analysis of data on criticality safety violations, in terms of criticality safety philosophy and the human and mechanical factors involved, will permit judgments that may help reduce the number of occurrences of future violations. These data may further be utilized in a fault tree analysis where cause factors can be assigned frequency values. When the higher frequency causes of violations are known, corrective action can be taken to alleviate them in the most efficient way. 

The engineering methods and techniques used for demonstrating the satisfaction of equipment safety requirements (e.g Fault Tree Analysis, Event Tree Analysis, Zonal Hazard Analysis etc.) are relatively well understood by the wider safety engineering community compared with those for people and procedures and will therefore not be discussed further here. The remainder of this paper will discuss how the above approach to safety requirements specification and realisation can be developed in the case of human-based subsystems, using Human Factors methods and techniques. 

Fault Tree Analysis (FTA) is a well known and widely used safety tool, implementing a deductive, top down approach. It starts with a top level hazard, which has to be known in advance and "works the way down" through all causal factors of this hazard, combined with Boolean Logic (mainly AND and OR gates). It can consider hardware, software and human errors and identifies both single and multiple points of failure. Both a quantitative and qualitative analysis is possible. 

A Fault Tree Analysis (FTA) is a top-down, deductive logic model that traces the failure pathways for a predetermined, undesirable condition or event, called the TOP Event. An FTA can be carried out either quantitatively or subjectively. The FTA generates a fault tree (a symbolic logic model) entering failure probabilities for the combinations of equipment failures and human errors that can result in the accident. Each immediate causal factor is examined to determine its subordinate causal factors until the root causal factors are identified. 

Event tree analysis follows a process from inputs to outputs. Each situation or condition is the result of previous events. They may have to happen together to produce the condition (i.e. both 1 and 2) or either one may produce the condition (i.e. either 1 or 2). As all possible situations are ejqrlored, an event tree begins to unfold. Mathematical probabihties can often be assigned to each condition and a quantitative analysis performed. Symbols, boxes and lines join the events and conditions to produce a visual representation of the event tree. Unwanted outcomes can be traced back in a reversal of the analysis above to determine which factors contributed to the unwanted outcomes. This is called fault tree analysis . Faults differ from events in that faults are viewed as being a result of controllable human error. Events can include such faults. 

Because so much of aviation is controlled by people, human factor analysis tools are at the heart of the aviation industry. Different types of human factors analyses are used in air navigation, such as air traffic control, crew resource management in the cockpit, and even appropriate design and maintenance of aircraft systems. Fault tree analysis, fault hazard analysis, FMEA, and different probabilistic risk tools are also used in the detailed design of safety critical subsystems. 

The primary system safety tools being used are hazard analysis and fault tree analysis. However, the transit industry could very much benefit from more human factors safety analysis. Though the industry has used it before, it has never been applied to the same level of detail as it has in the commercial nuclear power industry or civil aviation. Even though quantitative human factors safety analysis is still controversial, it could prove useful in the transit industry. Some countries, such as Erance, have already started to look more deeply into this. 

Chapters 5 through 9 describe the different safety analysis tools available. Hazard Analysis, H AZOF, What-If, Fault Tree Analysis, Failure Modes, and Effects Analysis, Human Factors, Software Safety, and other safety tools are described with realistic worked examples. The chapters detail how to use them, give examples, describe common mistakes in using them, and also provide best practices and tips of how to apply them judiciously. 

HAZOP and wAat-iJ/safety checklists, two of the most common safety methods in the chemical industry, are explained. Sample process problems, which engineers face every day at work, are shown. Other safety tools, such as fault tree analysis, failure modes and effects analysis, human factors safety analysis, and software safety, are explained. Examples of the use of these tools are also presented. 

Fault tree analysis has not to consider all possible failures, only these which lead to the top event (Modarres, 2006). The output is finally depicted in a directed tree diagram. The factors in the tree diagram can be hardware failures, software failures, human errors or pertinent events (lEC/ISO 31010,2009). 

Singer applied fuzzy logic to fault tree analysis determining the safety of basic events on basis of possibilistic distributions. Deficiencies of the classical approach are that in general the relative frequencies of the basic events are not properly known, and further they are not stationary. Hence, the tolerances of the frequency values of hazards are hardly feasible within a classical approach and the tolerances of the head effects cannot reliably be calculated. It was investigated how the possibility measure of the calculated fault event frequency depends on the assumed possibility measures of the frequencies of the basic events - mainly on those due to human factors. 

Such a task description invites task analysis, which would lead naturally to human reliability analysis (HRA). Indeed, perhaps the earliest work in this field applied HRA techniques to construct fault trees for aircraft structural inspection (Lock and Strutt 1985). The HRA tradition lists task steps, such as expanded versions of the generic functions above, lists possible errors for each step, then compiles performance shaping factors for each error. Such an approach was tried early in the FAA s human factors initiative (Drury et al. 1990) but was ultimately seen as difficult to use because of the sheer number of possible errors and PSFs. It is occasionally revised, such as in the current FRANCIE project (Haney 1999), using a much expanded framework that incorporates inspection as one of a number of possible maintenance tasks. Other attempts have been made to apply some of the richer human error models (e.g.. Reason 1990 Hollnagel 1997 Rouse 1985) to inspection activities (La-toreUa and Drury 1992 Prabhu and Drury 1992 Latorella and Prabhu 2000) to inspection tasks. These have given a broader understanding of the possible errors but have not helped better define the PoD curve needed to ensure continuing airworthiness of the civil air fleet. 

---