Consideration of Human Error in Risk Assessment 10

[Wolfram]

German authorities require for the approval of risk assessments about offshore windparks the consideration of human error. The authorities require the consideration of "normal" operator error (e.g. ship officer fails to read the radar information correctly) as well as negligence or gross negligence (operator sleeps during watch or is drunken). Who can inform me how this topic is handled in risk assessments for chemical or petrochemical plants.

 

[owg]

We handle this issue as part of a Process Hazard Analysis. The most common method is Hazard and Operability Analysis (HAZOP). We used a similar method (What If/Checklist Analysis) recently to identify the risk of ships in a canal system bumping into a lift bridge. Naturally human error on board and on shore, in control of the lift bridge, was a major part of the analysis.

A typical Cause would be "Bridge operator fails to initiate bridge opening on demand". Consequence would be "collision". Safeguards would include: 1) Ship sounds warning. 2) Ship can initiate sound alarm in bridge control room. 3) etc. Recommendations would be made if the safeguards were judged to be inadequate. The study is carried out by a team. Specialized software is available for such studies. See

http://www.dyadem.com

HAZOP at

http://www.curryhydrocarbons.ca

 

[Wolfram]

owg
Thank you very much for your repley. But what about negligence or gross negligence?

 

[owg]

We don't think it is helpful to distiguish among error, negligence, or gross negligence. It just matters that we consider the case where the task is not completed.

HAZOP at

http://www.curryhydrocarbons.ca

 

[Wolfram]

owg

Do you quantify the frequency (e.g. with probabilistic figures) of human error independent of error, negligence or gross negligence?

 

[owg]

Yes, we apply frequency and severity numbers to consequences. The frequency is more a function of the task rather than of the individual. The frequency is also strongly based on the experience of the team. We would never ask, is this negligence or gross negligence. That would be a sure way to put the team on the defensive. There is a body of literature on the subject which tabulates failure frequencies against various classes of tasks. I could probably find a reference if you need it. I think the nuclear industry developed the methodology.

HAZOP at

http://www.curryhydrocarbons.ca

 

[Wolfram]

owg

all frequency figures about human error given in data base or literature consider only operator error and do not mention or address negligence or gross negligence.
Therefor we consider in our risk assessment only the frequency figures given for operator error. But up to now there are no data about negligence or gross negligence.
With the consideration of negligence or gross negligence in a risk assessment we have a completely different set of hazards for the offshore windpark (e.g. drunken shipper sails through the windpark) which cannot be quantified.

 

[mrtangent]

I'm not sure how you can apply this to your figures. But on some risk matrix I've seen - credit is NOT TAKEN FOR humans "doing the right thing". Ie in procedures etc.

On the risk matrix I've used the horzontal grid is probability in bands ie once per year, once per 10 years ..
the vertical grid is severity. minor injury upto multiple deaths. On the grid itself is INTollerable, broadly acceptable, alarp measures. The requirement is to get to broadly acceptable.

So in general to reduce risk we put in protection measures such as automatic trips, independent systems, which move us down the probability etc. But again for humands doing the right thing I'm not sure you can take any credit !

There are lots of books on risk assessment which should provide you with references.

Cheers

James

 

[owg]

Wolfram - We look upon the frequency data for operator error as covering the complete set of humanity with all its variations. Therefore we consider that the operator failure rates include all the ways and motivations for making the error in question. I suppose in your drunken sailor case, the idea is that the sailor ignores all warning, alarms, etc. because he or she is negligent. It sounds like you need to use a method like Layer of Protection Analysis (LOPA) or a Fault Tree Analysis for the specific scenarios which concern you. LOPA is fairly new. Check out the American Institute of Chemical Engineers, Centre for Chemical Process Safety for a new book on the subject. There are lots of references around for Fault Tree Analysis. I hope this is helpful.

HAZOP at

http://www.curryhydrocarbons.ca

 

[Wolfram]

LOPA, FTA and all the other tools and techniques are essential elements of our QRA's for offshore installations(see Publications in

http://www.glo-offshore.com).

But again if the authority requests to quantify the basic event "drunken sailor" in a fault tree I need credible figures from literature or data base for such a negligence. Do you know a data base or reference with frequency data about negligence or gross negligence? What is the position of Canadian authorities concerning neglegence or gross negligence in QRA?
I tend to share the opinion of james1030bruce to take no credit for undesired events like that.

 

[owg]

I think I am correct in saying that neither Canadian nor US authorities require QRA. The reason is that they believe that the quantitative data base is too unrelable for realistic regulation in the chemical industries. In the oil industry we are allowed to assume that an operator will do the right thing in an emergency, given good information on what is to be done, and given 10 to 20 minutes in which to do it.

HAZOP at

http://www.curryhydrocarbons.ca

 

[HamishMcTavish]

Hi Wolfram,

I would be interested in the detail of the requirements that you say the Germans are placing on the risk assessments. The legal test for negligence is in two parts: firstly does a duty of care exist and secondly has the duty been breached (approximately!)

To link this to human error in a risk assessment is a big step and to my mind the wrong place. Negligence is a decision for the courts. The closest that you will get (I think) is to look at or search for publications on rule violations since, using your example, there would not doubt be a rule that the operators should not drink alcohol while on duty. The UK Health and Safety Executive has published a few publications on human error and human factors e.g.

http://www.hse.gov.uk/research/otopdf/2000/oto00096.pdf

(quite a large file by the way)

N.B. Human error is about more than the man on the ground mis-reading a display there are organisational issues too e.g. training, shift patterns, management support. A good overall view is in "Reducing error and influencing behaviour" by HSE books (HSG48) if you can get hold of a copy.

Regards, HM.


No more things should be presumed to exist than are absolutely necessary - William of Occam

 

[Wolfram]

Hamish

excellent help the publication from HSE. By the way I agree in total with your remarks about human error in risk assessment.
Regards
Wolfram

 

[OlumideAdeoye]

To the best of my knowledge, Human Error / negligence is never quantified as a risk factor because of the underlying assumption that this is an intolerable situation. However intentional sabotage can be quantified and mitigated.

 

[25362]

CEP has published an article on SAFETY, in May 1994, titled Include Human Errors in Process Hazard Analyses by Wm. Bridges et al., page 74+, that may be applicable to this discussion.

 

[Wolfram]

OlumideAdeoye,
how is possible to quantify (frequency of event or probability figure) intentional sabotage?

25362
is the given reference accessible in the internet? Or do you know how to get it in Germany. Please do not recommend to subscribe the magazin.

 

[25362]

to Wolfram, regretfully I was unable to raise the article through the Internet. However, you may, just may, get it free-of-charge from the company that sponsored the article, JBF Associates Inc, nowadays ABS Group Inc. by

http://www.jbfa.com/index.html

And may be they can supply you with more of their works on the subject.

Good luck.

 

[JOM]

wolfram,

If youy do manage to get that article, could you ask them if they'd mind putting a copy on the net somehow? Sounds useful.

Cheers,
John.

 

[MarkkraM]

We use the following estimate for failure to implement procedure or activity correctly. Ultimately we assume that no risk reduction can be claimed for operator intervention for a complex task required in an emergency situation.

Note Pf = Probability of failure

1. NO STRESS (EG NORMAL OPERATIONS)
- SINGLE ACTIVITY (Pf = 0.0001)
- ROUTINE ACTIVITY (Pf = 0.001)
- WRITTEN PROCEDURE (Pf = 0.01)
- COMPLEX, NON ROUTINE, CONFILCTING DUTIES(Pf = 0.1)

2.MODERATE STRESS (EG STARTUP)
- SINGLE ACTIVITY (Pf = 0.001)
- ROUTINE ACTIVTY (Pf = 0.01)
- WRITTEN PROCEDURE (Pf = 0.05)
- COMPLEX, NON ROUTINE, CONFILCTING DUTIES(Pf = 0.3)

3. HIGH STRESS (EG EMERGENCY RESPONSE)
- SINGLE ACTIVITY (Pf = 0.05)
- ROUTINE ACTIVTY (Pf = 0.3)
- WRITTEN PROCEDURE (Pf = 0.5)
- COMPLEX, NON ROUTINE, CONFILCTING DUTIES(Pf = 1.0)

 

[OlumideAdeoye]

Wolfram,

OK I won't refer you to a magazine.
Risk Analyses depend a lot on historical data over a defined time window, and this is your best source of information. In rare cases you may project risks based on a scenario that doesn't yet exist. This will require frequent re-evaluation of the risk once historical data becomes available.
Hope this helps.