Consideration of Human Error in Risk Assessment 10

[Wolfram]

German authorities require for the approval of risk assessments about offshore windparks the consideration of human error. The authorities require the consideration of "normal" operator error (e.g. ship officer fails to read the radar information correctly) as well as negligence or gross negligence (operator sleeps during watch or is drunken). Who can inform me how this topic is handled in risk assessments for chemical or petrochemical plants.

 

[Wolfram]

MarkkraM
your probability figures are very similar to the ones we already use in our QRA for offshore windparks. But they are only applicable for "normal" operator error. My problem still remains because German authorities require the quantification of human errors caused by negligence or gross negligence (e.g the drunken shipper). Nevertheless thanks for your figures. It is helpful to know that at least our probability figures for "normal" human error are correct.

 

[Wolfram]

25362
I asked JBF Associates about the article from Wm. Bridges. They will send me the article but they also informed me that the contents of this article will not be helpful for my problem.

 

[IRstuff]

Since you appear to be stuck;I would suggest that you cmoe up with a notional statistic based on soemthing that's fairly well documented with lots of statistics of its own:

http://ai.volpe.dot.gov/CrashProfile/CrashProfileMainNew.asp

Truck operations are one of the most stressing and full-time operator dependent functions. Given the available statistics, you should be able to synthesize a hypothetical number for operator related incidents, particularly since a substantial number of truck accidents are operator error or failure related.

TTFN

 

[Wolfram]

IRstuff
could be difficult to apply human error data of truckers to the management of ships or operators of vessel traffic control centres. But the figures given in the US crash profile are better than nothing and a first approach to get a feeling about the share of negligence and gross negligence in human error statistics. Thank you I will present it at the expert panel and may be later at court.


25362, JOM
I received the article about "Human Error in PHA" from Mr. Farquharson of ABS Consulting. If you are interested to get this article please contact me (wbr@gl-group.com).

 

[JOM]

wolfram,

I wonder if the IMO (International Maritime Authority) has anything to offer on this? They have been investigating maritime disasters for decades. How about the US National Transport Safety Board?

The Australina Transport Safety Bureau has a large collection of shipping accident reports. I can think of two off the top of my head that might be in the category you are after.

A ship ran aground while the captain was talking to his spouse - he failed to make a turn.

Another ship ran aground while the captain was asleep in his cabin with a blood alcohol level of 0.29 g/100ml.

How do you turn that into a statistic?

Cheers,
John.

 

[Wolfram]

John
ATSB has an excellent website about the investigation of shipping accidents and some of them reveal negligent or gross negligent actions of the ship management(as mentioned in your response). But I could not find statistics on their website in which they indicate the share of negligent or gross negligent actions causal for the accident. IMO has no statistics about this and I guess as long as black boxes are not mandatory for all ships we will never get reliable data about this issue.

 

[owg]

I just remembered the CCPS book, "Guidelines for Chemical Transportation Risk Analysis". They have some failure data on Barges and Ocean Going Vessels. An example is a Table on Primary Cause of Marine Incidents. They have an Incident Type "Fault of Personnel/other vessel" and show 69% of the incidents attributed to this cause. Poor weather shows only 3%. Let me know if this type of data is helpful.

HAZOP at

http://www.curryhydrocarbons.ca

 

[Wolfram]

owg
it is well known in marine industry that the primary cause for marine accidents is human error. International literature and data base allocate 60 - 80 % to this type of failure.
Still the question remains, how is human error handled in QRA within chemical and petrochemical industry and is negligence or gross negligence part of the qualitative or quantitative risk analysis?

 

[HamishMcTavish]

Techniques like HEART (Human Error Assessment and Reduction Techique) and THERP (Technique for Human Error Rate Prediction) will give you values for human error that you can feed into a fault tree analysis but I think that you still need to think about violations rather than negligence.

A violation may be defined as "a deliberate deviation from the rules, procedures, instructions and regulations drawn up for the safe operation and maintenance of plant or equipment" (from HFRG1995 'Improving Compliance with safety procedures - reducing industrial violations' by Human Factors Reliability Group, HSE Books)

This excludes acts of sabotage, mischief and vandalism. The current approach in UK safety cases (which include QRA/PSA sections) is to present a deterministic arguement that the prevailing safety culture is adequate to prevent such deliberate actions. The arguements would be based on demonstrations that arrangements for selection, training, supervision and discipline of personnel are adequate and that the work environment and operating procedures are such that violations are not encouraged.

Recent work for the UK Health and Safety Executive, on conventional hazardous industries, doesn't really add much on violations e.g.

http://www.hse.gov.uk/research/rrpdf/rr081.pdf

Williams has modified HEART to include nominal violation probabilities which are then modified by application of violation producing conditions (VPC). I think that this work was done in a PhD thesis but whether you can get hold of a copy I do not know. Williams, J.C. (1996) Assessing the Likelihood of Violation Behaviour. University of Manchester. Department of Psychology.

Hope that this helps. Do you have a copy of the text of the requirements that the German authorities are placing on the risk assessments. I would be interested to read more.

Regards, HM.



No more things should be presumed to exist than are absolutely necessary - William of Occam

 

[JOM]

MarkkraM,

The figures you quoted - can you tell us their basis, please? Where do they come from? How widely are they accepted?

I'm not questioning them, just curious to know how they came about.

You say that the probability of error when following a written procedure under moderate stress if 0.05. Now, obviously you don't actually KNOW that, so is it a case of "until someone comes up with a better number, I'll use this one"?

I'm not being critical, just want to learn. That number says that when following a written procedure during an episode of moderate stress, personnel will make an error one times out of twenty episodes. That's pretty significant, don't you think?

Cheers,
John.

 

[HamishMcTavish]

Hi Wolfram,

Would the Institute of Petroleum briefing papers be of any use to you?

http://www.energyinst.org.uk/content/files/attachment1.pdf

Regards, HM.

No more things should be presumed to exist than are absolutely necessary - William of Occam

 

[Wolfram]

Hamish

O.K. let's talk about violations instead of negligence. Your statements how this issue is handled in a UK safety case are very helpful for me. Also I will try to get the briefing notes of IP and the thesis of Williams for further evaluation.
The requirements of the German authorities are stated in the minutes of meeting for a running offshore windpark project. There are no legal requirements about that in Germany.

 

[HamishMcTavish]

Sorry Wolfram, easy to get fixated on one aspect of a problem. I'll try to think top down for a bit!

Human factors according to HS(G)48 is a combination of

Job factors: what are people being asked to do and where (the task and its characteristics)
Individual Factors: who is doing it (the individual and their competency)
Organisational Factors: where are they working (the organisation and its attributes

In addition to these points human error could be classified as errors of

1)Omission: either omitting a step in a task or omitting the entire task

2)Commission: including selection errors, sequencing errors, timing errors or performing actions but to the wrong degree (too quickly or too slowly)

3)Violations: action (or lack of action) which is deliberate but non-malevolant


The type of task is significant too, is it purely skill based where there is little or no mental processing by the operator, rule based where the operator perceives something and acts according to external prompts or is it knowledge based where the operator must perceive, interpret and act according to his experience and training.


The dictionary says negligence is "a failure to exercise the degree of care considered reasonable under the circumstances resulting in unintended injury to another party". I suppose that this could happen via a variety of paths so we should consider looking at how the different human errors could be included in charges of negligence.

a) Skill based errors can happen because of environmental factors like noise, poor lighting or poor interfaces affecting operator perception or poor labelling, interfaces, supervision or PPE affecting the operator response to the perception.

b) Rule based errors can occur where there is poor training, expectations, cultural factors or poor procedures.

c) Knowledge based errors can occure because of knowledge, personality, culture or time.

Violations are subject to similar structure:
d) routine violations tend to be at the skill based level and tend to be time saving, energy saving and there is usually a lack of enforcement typically endorsed by comments like 'we all do it this way', 'nobody said we shouldnt' etc

e)situational violations occur at rule based level and tend to occur because there are features that prevent or inhibit correct performance. e.g. 'the gauge cannot be read at the same time as turning the switch' 'we cannot hear radio messages with our ear defenders on'

f)exceptional violations occur when there is time or psychological pressure or a potential crisis and the only solution that can be thought of requires rules to be broken e.g. 'i cant stop the pressure rising so will have to manually vent' or 'we must reach targets so lets keep pumping while we can'

As you can see negligence could occur at a variety of levels (organisational or individual) and situations and the only way that it will truly be decided is hindsight after something bad has happened.

A fair approach to integrating human factors into a risk assessment is as follows:
1) Identify safety critical tasks e.g. tasks associated with critical equipment, system functions or hazardous materials. Ideally criteria for identifying these should be established to safety assessements to ensure consistency and that management is aware of risk levels. This is an important step because human factors and task analysis can be expensive.

2) Assess the quality of task support, is the task dependent on lots of human input or have numeric risk targets been set.

3) Identify and assess the consequences of specific human errors including failure to complete tasks on time.

4) Model human errors alongside equipment failures. This would need methods like HEART or THERP etc

5)Risk Assessment including screening quantifying and comparison with risk targets

6)Risk Reduction could be achieved by improving the task or by improving the supporting infrastructure


To avoid a charge of negligence the Company would have to demonstrate that the operators were trained, adequately supported by the design of the task and the equipment. To avoid a charge of negligence the operator would have to show that they did as they were trained, followed procedure or that they understood the plant sufficiently well to make knowledge based decisions about its operation and that the decisions they made were consistent with that understanding. Usually in an accident there are multiple causes some operator based and some organisational based.

Regards, HM.

No more things should be presumed to exist than are absolutely necessary - William of Occam

 

[Wolfram]

Hamish
your remarks are superb and I will follow your recommendations as much as possible. But how to apply HEART or THERP for all the ships (ships with individual bridge design, equipment standard, crew standard etc) passing the offshore windpark and how to get reliable data (probability or frequency figures) about routine, situational and exceptional violations?

 

[HamishMcTavish]

Hi Wolfram,

Oops again, nothing wrong with what I said but just finally realised what it is that you are after. Just to be clear could you confirm?

You are involved in the design of the offshore installation and are trying to assess the risk of impact from another vessel over which you have no control.

No more things should be presumed to exist than are absolutely necessary - William of Occam

 

[Wolfram]

Hamish
I assess the risk of an offshore windfarm (German Bight, area approx. 200 square kilometer, 214 wind turbines, each wind turbine is approx. 120 m high and the diameter of the pylon is approx. 10-15 m) which is more or less close to a lot of shipping lanes (approx 35000 passing ships per year). There is also a vessel traffic control or monitoring centre inside the windfarm. Now the question arises what happens if a skipper or operator of the control station makes a mistake (human error).
No problem for me to do this in a qualitative manner (FMECA and qualitative fault tree). Little bit tricky but manageable to do it quantitatively for "normal" operator error by using similar huma error rates mentioned in the statement of MarkkraM (see above). But how to do it (qualitatively and quantitatively as requested by German authorities) for the drunken skipper or sleepy operator and all the other acts of negligence or gross negligence?

 

[JOM]

Wolfram,

Just out of curiosity - are these turbined manned?

Does Germany apply the COMAH rules to its hazardous industries? Do COMAH rules refer to gross negligence (what shall we do with a drunken sailor?)?

What I'm getting at is you may find the answer in your own backyard. Does Germany have any offshore drilling rigs? If so, how do they deal with it? What about Netherlands, Denmark or the UK?

Your industry is windfarms. Is it fair for the authority to ask you to assess the occurrence of human error in an industry you are not part of - shipping?

With the very large volume of ship movements in your area, surely someone has figures for ships going where they are not supposed to - reefs, beaches, sand banks, oil rigs. Does the cause really matter? I think the others have said the same thing ("it's all violations&quot and you say the authority requires the "drunken skipper" figures.

I think we're all interested in how you solve this one!

All the best.




Cheers,
John.

 

[HamishMcTavish]

I agree with JOM the events that you are trying to prevent are from external initiators, there is not much you can do in your design which will actually stop people colliding with your windfarm although the fact that it's 200km across would be a wake-up call. Surely it would be marked on shipping charts like oil-rigs or lighthouses etc.

The key thing to think about is what do the authorities want to achieve by carrying out the risk assessment: is it an estimate of the frequency of collision to use to assess whether they need to include a ship impact barrier to prevent power outages affecting downstream users? Are they concerned about loss of life? The design of the windfarm will no doubt have a certain impact resistance which may be higher than most of the traffic without radar (or it may not, you would need a graph of frequency of collision against vessel size to work that one out).

I started thinking of how the solution might be 'engineered out' with something similar to the Traffic Collision Avoidance Systems (TCAS) that are now fitted to aircraft and came across the following for assessment of ATC interfaces

http://citeseer.nj.nec.com/leadbetter00formal.html

and

http://www.nilim.go.jp/english/report/annual/012.pdf

for similar work going on in maritime industry.

Of course the problem with giving operators an engineered system is that they may tend to rely on it leading to disasters like the 1995 grounding of the Royal Majesty passenger vessel!

See also

http://www.hse.gov.uk/research/otohtm/2001/oto01053.htm

for issues surrounding human error dependency on engineered systems.

Still mulling this one over!

Regards, HM.



No more things should be presumed to exist than are absolutely necessary - William of Occam

 

[Wolfram]

JOM

it is planned that for each offshore windpark the owner has to provide a permanently manned vessel traffic control and monitoring centre which is equipped with radar, AIS and VHF/UHF radio. The control centre will also be able to control and monitor remotely each turbine of the windpark.

In Germany we have rules and guidelines which are the same as COMAH because in Europe we have the Seveso II directive for hazardous plants and installations and each EC member has to adhere.

My investigations in Norway, UK and the Netherlands revealed that negligence or gross negligence was never tackled in a safety case or risk assessment about offshore installations.
In Germany the same situation for onshore plants and offshore installations but now German authorities require the consideration of negligence + gross negligence. They do not ask how other nations handle this problem in a risk assessment and it is strongly recommendable not to mention the term "fairness". They argue it was forgotten or omitted in the past and now they want to do it better.

Hamish

It is common standard in marine risk assessments (offshore drilling platforms or offshore windparks) to assess the whole system including environment. That means if there is an offshore installation or windfarm you have to evaluate among others the risk of collision. Please have a look at

http://www.glo-offshore.com.

Under "News/Publicat." you may find an article about "Risk Assessments for Offshore Installations" which describes our approach.

The authorities and environmental pressure groups fear the risk of environmental pollution. If a tanker or any other ship collides with such a turbine there will be a leakage in the cargo oil or bunker oil tank. Because of the high number of turbines and passing ships they argue a catastrophic oil pollution is unavoidable within short time.

Well now after delivery of our risk assessment the authorities and environmental pressure groups accuse us to be too optimistic with our calculated collision frequency and collision risk. They argue -and it is correct- we have not considered sufficiently negligence or gross negligence of the people involved (e.g. the drunken skipper or sleeping operator of the control centre).
In our probabilistic model (fault tree and Monte Carlo Simulation) we have considered all technical failures (e.g. engine failure, radar failure) and of course human error. But the human error data we used are not applicable for negligence or gross negligence. They are only applicable for "normal" human error (e.g. misinterpretation of radar signals, wrong course, wrong radio channel). We could not find any reliable data about negligence or gross negligence.

So I am still looking for reliable data about negligence or gross negligence to satisfy our authorities and if necessary to correct our risk assessment. I am also very keen to find official statements (nevermind which nation)in which the exclusion of negligence or gross negligence in a risk assessment is clearly stated.

 

[owg]

One aspect of this discussion bothers me. A distinction has been made between "normal operator error" and negligence. Failure data has been presented for various tasks. I have used this data before and I do not remember any footnotes to the effect that negligent behaviour is excluded from the data. I therefore have assumed that the data applied to the full range of operators including the tired, the drunk, and the drugged. Why are we assuming that they are excluded from our data base?

HAZOP at

http://www.curryhydrocarbons.ca