Conference PaperPDF Available

Petro-HRA, A New Method for Human Reliability Analysis in the Petroleum Industry

Authors:

Figures

Content may be subject to copyright.
13th International Conference on Probabilistic Safety Assessment and Management (PSAM 13)
2~7 October, 2016 • Sheraton Grande Walkerhill • Seoul, Korea • www.psam13.org
1
PETRO-HRA, A NEW METHOD FOR HUMAN RELIABILITY ANALYSIS IN THE PETROLEUM INDUSTRY
Andreas Bye1, Karin Laumann1, Claire Taylor1, Martin Rasmussen2, Sondre Øie3, Koen van de Merwe3,
Knut Øien4, Ronald Boring5, Nicola Paltrinieri4, Irene Wærø4, Salvatore Massaiu1, Kristian Gould6
1OECD Halden Reactor Project / Institute For Energy Technology (IFE), Halden, Norway, <firstname.lastname>@ife.no
2 Norwegian University Of Science And Technology (NTNU), Trondheim, Norway, <firstname.lastname>@svt.ntnu.no
3 DNV-GL, Oslo, Norway, <firstname.lastname>@dnvgl.com
4 SINTEF, Trondheim, Norway, <firstname.lastname>@sintef.no
5 Idaho National Lab, United States, <firstname.lastname>@inl.gov
6 Statoil, Oslo, Norway, <firstname.lastname>@statoil.com
The human contribution to the safety of petroleum installations has long been a concern for the industry. The
quantitative risk analysis (QRA) used in the industry has traditionally focused on technical barriers, while the human aspect
of risk has not been integrated in the QRA, or analyzed systematically. Human reliability analysis (HRA) methods have been
applied in the nuclear industry for a long time, and the aim of this project was to test, evaluate, adjust and standardize HRA
to accident scenarios in the petroleum industry. Many HRA methods focus on the quantification of the human error
probability. Since a large part of the work to be done by analysts is the qualitative parts leading into the quantification,
Petro-HRA also offer guidance for how HRA practitioners should perform the qualitative part of the analysis. This is
especially useful in order to support new analysts with practical advice. Another major aim with the new method was to
increase the efficiency of HRA analysis, and encourage re-use by establishing libraries of analyses and models. For the
quantification part of the method, Petro-HRA took SPAR-H as a starting point, adjusting and adapting the performance
shaping factors to the petroleum context. This paper presents an overview of the method.
I. INTRODUCTION
Petro-HRA is a method for qualitative and quantitative assessment of human reliability in the oil and gas industry. The
method allows systematic identification, modelling and assessment of tasks that affect major accident risk. The method is
mainly intended for use within a quantitative risk analysis (QRA) framework, but may also be used as a stand-alone analysis.
The method is documented in a guideline report.1 The aim of the Petro-HRA project was to test, evaluate and adjust HRA to
post-initiating events in the petroleum industry. This project chose Standardized Plant Analysis Risk-Human Reliability
Analysis, or SPAR-H,2 as the primary method to adjust to the petroleum industry. The choice was based on an evaluation of
different methods by Gould, Ringstad and Van de Merwe in 2012,3 which concluded that SPAR-H was the most promising
method for analyzing human reliability in post-initiating events in petroleum applications.
The method includes context-specific guidance on qualitative data collection and analysis, quantitative analysis, as well
as integration in QRA. The Petro-HRA method should be used to qualitatively and quantitatively assess the likelihood of
human failure. Although a thorough qualitative analysis is essential, the quantitative analysis has considerable value. The
main purpose of quantitative analysis is to identify which tasks are most sensitive to human error, and which performance
shaping factors (PSFs) have the greatest influence on error probability. This allows better prioritization of risk and risk-
reducing measures. The quantification is also essential for direct integration into the QRA. The relation between HRA and
QRA is illustrated in Fig. 1.
Human error is treated through the analysis of a human failure event (HFE), a basic event that represents the failure of a
component, system, or function in which human actions are involved. The HFE is often defined in the QRA, but can also be
modified by the HRA. One of the main purposes of HRA is to provide quantitative input to the QRA in the form of the
human error probability (HEP) of the HFEs. As shown in Fig. 1, Petro-HRA covers all the steps of the HRA, not only the
quantification part. Many HRA methods, including SPAR-H, only cover the quantification part of HRA. The level of detail in
the HRA depends on the size and complexity of the accident scenarios being analyzed. Practical constraints related to e.g.,
time or plant access may also vary.
13th International Conference on Probabilistic Safety Assessment and Management (PSAM 13)
2~7 October, 2016 • Sheraton Grande Walkerhill • Seoul, Korea • www.psam13.org
2
Fig. 1. QRA and Petro-HRA
A human error can be a cause or part of a cause in an accident scenario (pre-initiating events) or they can occur during a
response after a major accident has started (post-initiating events). Petro-HRA is developed for and should be used to analyze
human errors in post-initiating events, especially control room tasks as performed in e.g., process control, drilling or maritime
(bridge) operations. The method is not specifically developed for analyzing pre-initiating events, such as causes for gas leaks
or dropped crane loads. However, the method may also be used to analyze a broad set of tasks, as long as the Petro-HRA
PSFs are the most important influencing factors.
II. THE PETRO-HRA METHOD
Petro-HRA consists of eight steps: 1) Scenario definition; 2) qualitative data collection; 3) task analysis; 4) human error
identification; 5) human error modelling; 6) human error quantification; 7) human error reduction; 8) documentation. The
steps are numbered and described in a sequence, but HRA is not a linear process and there is often iteration between the steps
throughout the whole process.
II.A. Step 1, Scenario Definition
The main aim of this step is to define the scenario that is to be analyzed. Scenario definition is one of the most important
steps in the HRA, as it defines the scope and boundaries of the analysis and shapes the subsequent qualitative and
quantitative analyses. Scenario definition can be difficult, depending on how well the Human Failure Events (HFEs) have
been defined in the QRA. It is important that the scenario description is concise and contains specific information, which
reflects the logic of the QRA model. The scenario description acts as a communication platform, it documents the
assumptions made, and helps to create and maintain a common understanding of the scenario between the different people
involved in the HRA and QRA processes.
The analyst should attend or arrange a number of initial meetings, such as: General QRA kick-off meeting; General
Hazard Identification (HAZID) meeting; HRA kick-off meeting; Scenario meeting. The Petro-HRA guideline1 contains a
number of questions that can help the analyst in the meetings. Some of the key questions that the analyst should try to answer
in these meetings are: What are the relevant Defined Situations of Hazard and Accident (DSHA) for this scenario? What
HFEs are currently modelled in the QRA? What constitutes success or failure for these HFEs? Once the analyst has
established the key parameters of the scenario and HFEs from the initial meetings, a document review should be performed to
gather additional information to define the analysis scenario. It would be beneficial for the analyst to review documentation
before the kick-off meeting as well. The objective of the document review is to collect and understand information about:
The role of the operator in the scenario, and the tasks that operators are required to perform; The function of plant systems in
the scenario, and where human-system interaction is likely to occur; The location and layout of relevant plant systems and
human-machine interfaces (HMIs); The systems, tools and other resources that the operators are likely to use in the scenario,
QRA
Human error quantification
Human error identification,
Human error modeling
Scenario definition,
Data collection,
Task analysis
Human error reduction
Petro-HRA
HEP
13th International Conference on Probabilistic Safety Assessment and Management (PSAM 13)
2~7 October, 2016 • Sheraton Grande Walkerhill • Seoul, Korea • www.psam13.org
3
and; The results of previous analyses performed that are relevant to the scenario. Documents that would typically be reviewed
are: HAZID report, Safety/barrier strategies, QRA report, any earlier HRA and Human Factors analyses reports, function and
task analyses, emergency preparedness analyses, Hazard and operability (HAZOP) study reports, technical audits /
verification of performance standards, incident or accident investigation reports, operating manuals / procedures /
instructions, maintenance logs or other sources of operational experience.
There are several ways to describe the scenario, but as a minimum it should include the following: Location of event;
External environmental conditions; Operational mode of the plant at the time of the event; Safety system/barriers; Personnel
roles and responsibilities; Initiating event of the scenario; Intermediate events; End of event sequence; Duration of scenario.
The analyst can now perform an initial task identification using the information from the scenario description. The
analyst can use this to organize the information collected to date about the operator tasks and to check whether there are any
knowledge gaps in their understanding of how tasks relevant to the scenario are performed, which can be addressed in the
qualitative data collection step. A simple Hierarchical Task Analysis (HTA) format is useful for performing the initial task
identification, and it provides a good visual aid for talking through the scenario and discussing the task steps with operators
and other Subject Matter Experts (SMEs) during the data collection step.
II.B. Step 2, Qualitative Data Collection
This step of the HRA involves a specific and focused data collection to enable a detailed task description, which includes
information about factors that may (positively or negatively) affect human performance and the outcome of the scenario. This
formal qualitative data collection step is usually performed via a scenario walk- and talk-through, observation of operators
working in situ, interviews and discussions with operators and other SMEs. These activities generally take place either during
a site visit to the plant, or a workshop with operators, or both.
One of the first activities that the analyst should perform is to talk and/or walk through the scenario with the operator(s).
The purpose of the talk-/walk-through is for the analyst to gain a more detailed understanding of: The task steps that would
be performed by the operator(s), and the order of sequence of steps; The time it will take to perform the task steps; The
working environment within which the task steps will be performed; The systems and interfaces that the operator(s) will use;
The use of operating manuals, procedures, instructions or other supporting documentation; and Communication and
teamwork throughout the scenario. The walk-through is typically performed in the place where the operator(s) would be
located when responding to the scenario being analyzed. A talk-through can be performed anywhere, although it is normally
held in a different “offline” location, such as a meeting room, perhaps due to restrictions on access to the scenario location
and/or to avoid disturbing or distracting workers in the location. Of course, the ideal situation would be to perform the talk-
/walk-through at the site to enable the analyst to physically see the workspace, plant items and controls and displays that the
operator would use. However, a task walk-through can still be performed in a workshop setting if the analyst has access to
relevant photographs, layout drawings, etc. that the operators can point to as they talk through the scenario.
Task and training observations can provide valuable qualitative data about how operators work, interact with each other
and the plant systems around them and how they react in abnormal situations. There are two main types of observations the
analyst could perform: a) Observation of normal working conditions in a normal working environment, watching the
operators as they perform their usual duties either in the control room or in the field. The analyst can observe how the
operators work together, use the tools, equipment, displays and controls that are available to them, make decisions and carry
out normal tasks; b) Observation of training exercises, ideally observing the actual operator response to the exact scenario
being analyzed, including any difficulties that are encountered and also whether the human intervention succeeds or not. If it
is not possible to observe the actual analysis scenario, it can still be useful to observe the operators in other training scenarios
because the analyst can still collect information about the general response to an event, how the operating crew works
together, how they communicate, how they use procedures or other documentation, how they use controls and interfaces,
how they solve problems and how they make decisions.
Interviews are one of the most commonly used techniques for collecting qualitative data, to collect either a wide range of
information about a scenario, or to investigate in more detail specific aspects of the scenario and task steps. The analyst
should strive to interview a range of different people to get a more balanced view, e.g., operators; shift supervisor or
manager; training supervisor; site QRA analyst/end user. It is possible to combine the interview or discussion with the
scenario talk-/walk-through; this is usually the case for HRA, because it is natural to ask questions and discuss aspects of the
13th International Conference on Probabilistic Safety Assessment and Management (PSAM 13)
2~7 October, 2016 • Sheraton Grande Walkerhill • Seoul, Korea • www.psam13.org
4
scenario and tasks during the talk-/walk-through. This is usually followed up with a more structured interview or discussion
afterwards, where the analyst can focus in on specific areas of interest or concern.
In addition to collecting information about the scenario and task steps, the analyst should also try to collect qualitative
data about potential human errors that could occur and about the PSFs that could affect human performance. This information
will inform the subsequent Human Error Identification (Step 4) and PSF evaluation as part of the Human Error Quantification
(Step 6) respectively. The Petro-HRA guideline1 contains detailed questions, prompts and advice to assist the analyst in
collecting information about the tasks, potential human errors and PSFs during interviews and discussions.
Time is often an important, if not critical, factor in petroleum incidents, with operators having to respond within minutes
or even seconds of the initiating event to control and mitigate the effects of the scenario. Therefore, a timeline analysis is
often required to understand the relationship between operator actions, the time required to perform the necessary actions and
the time that is available to the operator to perform these actions. The site visit/workshop offers a good opportunity to
develop an initial timeline of the events and operator tasks in the scenario, as this can be checked and confirmed with
operators during the interviews/discussions to ensure that the timeline is credible and reflects their experience or thoughts on
how the scenario might unfold. The analysis maps out how long each major task takes (usually measured in seconds or
minutes), and identifies where there may be tasks carried out in parallel, or where there may be dependencies between tasks
(e.g. one task cannot be started until a previous task has been completed).
II.C. Step 3, Task Analysis
A task analysis is a description of the steps that are carried out as part of an activity, and it provides a systematic means
of organizing information collected around the tasks. The level of detail of a task analysis can vary considerably, although the
general guidance is to tailor the level of the analysis to the requirements at hand. The aim of the task analysis is to understand
the activities that are being analyzed and to translate these details into the level of detail suitable for the HRA and QRA. A
task analysis to support HRA will tend to be heavily grounded in identifying sources of human error, and it also helps to
define the human failure event. The task analysis is also the basis for understanding the impact of the PSFs on the human
tasks and thereby the basis for the quantification.
The information collected by the HRA analyst should be organized into a Hierarchical Task Analysis (HTA) and a
Tabular Task Analysis (TTA), see Kirwan.4 The HTA decomposes tasks hierarchically according to goals at the top level and
the tasks at the lower levels that are required to accomplish the goals. For HRA, the HTA needs to decompose to the level
where the analyst can look concretely at opportunities for error.
The HTA should then be extended into a tabular form to allow for the inclusion of more information than can be
contained within the diagrammatic HTA. Although the TTA is more complex to develop than the HTA, it is more useful as a
working document to allow the analyst to arrange more information in a logical and structured manner. The analyst must
decide what data is needed for inclusion in the TTA, informed by the scenario definition and qualitative data collection steps.
As a simple example, if there is a particular concern regarding a control room operator’s ability to diagnose the event from
the Human-Machine Interface (HMI) in the control room, then the TTA should be focused towards collecting information
relevant to the HMI. In this case, tasks carried out in the field (i.e. outside the control room) may not be considered so
important to the analysis and do not need to be represented in any great detail in the TTA. Proposed categories for the initial
TTA are listed in the guideline,1 typically including task number, description, cue, feedback, HMI, procedure and any
assumptions and comments. The TTA will be expanded in the Human Error Identification (HEI) step, linking each task to
potential errors and PSFs. It should be updated throughout the analysis and serve as an overview.
II.D. Step 4, Human Error Identification
The objective of the human error identification (HEI) is to 1) identify potential errors related to the tasks in the scenario,
2) identify and describe likely consequences of each error, 3) identify recovery opportunities; and 4) identify and describe
performance shaping factors (PSFs) that may have an impact on error probability. HEI should be carried out in conjunction
with (or following) the task analysis. A complete task analysis is required for HEI to be possible.
The HEI in Petro-HRA is carried out using the following steps, considering each task and task step in turn in terms of
opportunity for error:
13th International Conference on Probabilistic Safety Assessment and Management (PSAM 13)
2~7 October, 2016 • Sheraton Grande Walkerhill • Seoul, Korea • www.psam13.org
5
1. Identify “obvious” errors. Go through each task step and document the easily identifiable errors. For example, for a
task “Detect visual alarms”, the obvious error is that the operator does not detect the visual alarm.
2. Identify errors by using the SHERPA (Systematic Human Error Reduction and Prediction Approach)5 guidewords.
Revisit the task steps/sub-steps and, using the SHERPA guidewords as prompts, consider other less obvious types of
errors that could occur. These error modes should be used as prompts to think about what potential errors could exist
for the task and within the scenario. However, it is not important to categorize the errors to one or several of the
error modes. Time and effort should be spent on identifying credible errors, rather than debating categories.
3. Identify and describe likely error consequences. The consequence of an error has implications for its criticality, and
must therefore be described.
4. Evaluate recovery opportunities. If possible, determine the recovery potential of the identified error.
5. Identify PSFs. For each task and error, identify the PSFs that may influence performance.
Note any assumptions or uncertainties, and flag these for confirmation with a subject matter expert, for example, an
operator or QRA analyst. Use an expansion of the TTA to document the analysis. A joint table in a spreadsheet for the whole
TTA ensures that all the information for one task or task step is kept in one line in the table. Revisit the error identification
several times throughout the remainder of the analysis as new information (e.g. from confirmation of assumptions) is
received to check whether the errors remain credible and the associated information remain correct.
II.E. Step 5, Human Error Modelling (HEM)
One aim of the human error modelling is to model the tasks or events in such a way that when chosen individual tasks or
events are quantified, the model logic can be used to calculate the HEP for the HFE that enters the QRA. Another aim is to
clarify the links between the errors identified in step 4 (HEI), the PSFs that contribute to those errors, and the task or event
that is chosen for quantification in step 6. These relations are then used qualitatively when each individual task is evaluated
and quantified as described in step 6. Choosing which task/event to quantify in step 6 is done here in the modelling phase.
There are two approaches that are relatively standard in modelling: Event Tree Analysis (ETA) and Fault Tree Analysis
(FTA).4 Petro-HRA recommends using event trees in post-initiating HRAs because they match the sequential nature of a
scenario, from one common initiating event which, depending on how the operator responds, can have several outcomes/ end
states. Fault trees are preferred for pre-initiating HRAs where it has to be demonstrated how different human errors, often
occurring independently, can cause an undesired top event. However, analysts may use fault trees if she/he feels more
comfortable with this methodology.
A clear definition of what constitutes operator failure ensures that only relevant events are included in the model. What
constitutes success and failure in the scenario under analysis is crucial as, first, it determines which events are represented in
the HRA model. A clear failure or success criteria determines how far into the event sequence the HRA team should pursue
the analysis. Second, it determines the time-frame to consider in the HRA. The time it takes an operator to complete the tasks
required to perform the barrier function determines the scope of the analysis. As such, understanding success and failure
criteria for the scenario under analysis is important as it directly influences the events represented in the failure model and
thereby the HEP. The timing aspect needs to be incorporated in each event definition. This will also influence the evaluation
of the time for succeeding events. The following is advice on how to perform the modelling:
1. Build an event tree based on the task analysis, e.g., by building an operator action event tree.
2. Evaluate the errors that contribute to failure of the chosen task. This may be done by evaluating all the sub-tasks of
the chosen task in the TTA. Identify the dominating error if any.
3. Find which PSFs that contribute to this error and thereby to the failure of the chosen task. These PSFs will be
evaluated in detail for the chosen task in step 6.
4. After quantification of each chosen task in step 6, the event tree shall be used to quantify the HFE that enters the
QRA.
II.F. Step 6, Human Error Quantification
The HFE is quantified based on a nominal value and a set of performing shaping factors (PSFs). The TTA and
knowledge from the human error identification and the human error modelling phases should now contain the most needed
information in order to be able to do the quantification. After the quantification, in addition to getting the Human Error
Probability (HEP) as a number from 0 to 1 of the task/event under analysis, one should also gain a detailed understanding of
the performance shaping factors (PSFs) that are relevant for the event under analysis.
13th International Conference on Probabilistic Safety Assessment and Management (PSAM 13)
2~7 October, 2016 • Sheraton Grande Walkerhill • Seoul, Korea • www.psam13.org
6
II.F.1. Nominal value
The main components of the quantification of one task or event (HFE) in the Petro-HRA method are a nominal value and
nine performance shaping factors. From a nominal value and the PSF multipliers a human error probability (HEP) is
calculated. A nominal value is a value that is supposed to contain all small influences that can contribute to errors on a task
that are not covered by the performance shaping factors. The nominal value in Petro-HRA for all tasks is 0.01, which means
that a task fails 1 out of 100 times. This value is the same value as for diagnosis in SPAR-H2,6 and this value was chosen
because most tasks in an accident scenario involve a large cognitive component, especially so since Petro-HRA is made for
control room tasks. The separation between diagnosis (cognition) and action tasks in SPAR-H is not included in the Petro-
HRA method because there are no tasks that are only diagnosis or action tasks. All tasks are considered a combination of
diagnosis and action. If a task should be an action task in SPAR-H the task has to include automatic information processing
where a lower degree of cognitive activity is needed. Tasks become automatic if they are highly trained for. If this is the case,
the moderate level positive effect on performance in the Training/Experience PSF should be used. If this level is used the
HEP becomes 0.001 which is the same as for an action nominal task in SPAR-H.
II.F.2. Performance shaping factors (PSFs)
A PSF is an aspect of the human’s individual characteristics, environment, organization, or task that specifically
decrements or improves human performance, thus respectively increasing or decreasing the likelihood of human error”.7 In
Petro-HRA PSFs that have been shown in general psychological literature and in other HRA methods to have a substantial
effect on human performance when performing control room tasks (or tasks similar to control room tasks) are included.
There are nine PSFs in Petro-HRA: Time, Threat Stress, Task Complexity, Experience/Training, Procedures, Human-
Machine Interface, Adequacy of Organization, Teamwork, and Physical working environment. Arguments for changes and
adaptions in the PSFs from SPAR-H are described in several articles by Laumann, Rasmussen and Standal.8, 9 and 10
Each PSF has several levels and a corresponding multiplier. From the nominal values, the chosen levels, and
corresponding multipliers, a human error probability is calculated. In the description of the PSFs and its multipliers, the
method contains as clear definitions as possible, giving concrete advice to the analyst for choosing the correct PSF multiplier
for the task under analysis. The purpose of this is to reduce the variability between analysts. However, it is important that the
analysis is not a purely “mechanistic” exercise. It is the responsibility of the analyst to evaluate whether the PSF has an effect
on the performance of the operator(s) for the given task. This must be documented and substantiated for each PSF. The
purpose of this is to improve the transparency and reproducibility of the results.
When evaluating the appropriate multiplier level for a PSF, the analyst must evaluate all the levels and choose the one
that fits best. One must especially consider the level above and the level below, and the border conditions between these
multiplier levels, including considering the uncertainties in the evaluations. The choice must then be substantiated and
documented. If one (or more) PSFs has the value HEP=1, then the HEP for the whole task shall be set to 1 regardless any
other multipliers for other PSFs. In this case, this PSF is regarded such a strong performance driver so the task is certain to
fail. If a failure probability (HEP) higher than 1 is found, the failure probability shall be set to 1. The lowest HEP that should
be given on a single event or task is 0.00001 or 10-5 since there are small influences that could affect task performance,
which makes it unrealistic that a HEP should be lower than this.
In Table 1 the levels for the PSFs are given. This paper only gives an overview of the method, and thus for a detailed
instruction on how to choose the levels of each multiplier, consult the method guideline.1
TABLE I. Petro-HRA PSF Summary worksheet
Petro-HRA PSF summary worksheet
Plant Date
Event
PSFs PSF levels Multiplier Substantiation. Specific reasons for selection of PSF level
Available time
Extremely high negative
HEP=1
Very high negative
50
Moderate negative
10
Nominal
1
Moderate positive
0.1
13th International Conference on Probabilistic Safety Assessment and Management (PSAM 13)
2~7 October, 2016 • Sheraton Grande Walkerhill • Seoul, Korea • www.psam13.org
7
Not applicable
1
Threat stress
High negative
25
Low negative
5
Very low negative
2
Nominal
1
Not applicable
1
Task complexity
Very high negative
50
Moderate negative
10
Very low negative
2
Nominal
1
Moderate positive
0.1
Not applicable
1
Experience/training
Extremely high negative
HEP=1
Very high negative
50
Moderate negative
15
Low negative
5
Nominal
1
Moderate positive
0.1
Not applicable
1
Procedures
Very high negative
50
High negative
20
Low negative
5
Nominal
1
Low positive
0.5
Not applicable
1
Human-machine interface
Extremely high negative
HEP=1
Very high negative
50
Moderate negative
10
Nominal
1
Low positive
0.5
Not applicable
1
Adequacy of organization
Very high negative
50
Moderate negative
10
Nominal
1
Low positive
0.5
Not applicable
1
Teamwork
Very high negative
50
Moderate negative
10
Very low negative
2
Nominal
1
Low positive
0.5
Not applicable
1
Physical working
environment
Extremely high negative
HEP=1
Moderate negative
10
Nominal
1
Not applicable
1
When having calculated a HEP for an event, it is good practice to do a sanity check, or reasonableness check. This check
could be seen as a separate step, but in Petro-HRA it is considered a sub-step of the quantification. In addition one should
include a normal quality assurance of the documentation, see step 8.
II.G. Step 7, Error Reduction
One of the main drivers behind an HRA is the opportunity it provides for improving a system’s safety and reliability by
implementing risk-informed solutions. Such improvements aim at minimizing risk either through reduction of human error
probability or mitigating their consequences in case they occur. This risk (error) reduction process is made up of two closely
linked and iterative activities, namely impact assessment and error reduction analysis.
The purpose of an impact assessment is to demonstrate the relative contribution of human error to the QRAs (or other
risk model’s) overall risk picture. Conclusions from the impact assessment help the analyst to determine the scope and depth
of the error reduction analysis. Such an analysis aims to develop error reduction measures targeting specific human errors,
13th International Conference on Probabilistic Safety Assessment and Management (PSAM 13)
2~7 October, 2016 • Sheraton Grande Walkerhill • Seoul, Korea • www.psam13.org
8
and/or error reduction strategies targeting human performance on a more general level, for example across several tasks and
accident scenarios. The objective of human error reduction is to develop measures and strategies in a systematic manner by
utilizing knowledge and insight gained from analysis techniques commonly performed as part of an HRA. A detailed method
for error reduction is explained in the method guideline1.
II.H. Step 8, Documentation of the Petro-HRA
In a Petro-HRA, a final report must be written detailing the results of the Petro-HRA, and is issued as an appendix to the
QRA. The quantitative results of the Petro-HRA (i.e. the calculated HEPs) will normally be input directly to the QRA fault
tree or event tree models. However, the qualitative results are also important and so must be documented in a way that makes
them sufficiently transparent for others who wish to read, understand and use those results. The QRA analysts, and other
interested parties, must be able to understand, clearly and unambiguously, the process and methodology that was followed
throughout the Petro-HRA, and how the final results were attained.
III. CONCLUSIONS
The Petro-HRA method is a newly developed method that comprises the whole process of performing an HRA,
including the qualitative and quantitative parts of the analysis as well as the integration in the overall risk analysis. The
method has adapted the SPAR-H method to use in the petroleum industry.
ACKNOWLEDGMENTS
The Petro-HRA project was a knowledge-building project for the business sector funded by the Research Council of
Norway’s PETROMAKS program (project number 220824/E30), in addition to funds from Statoil and participation from
DNV-GL.
REFERENCES
1. A. BYE, K. LAUMANN, C. TAYLOR, M. RASMUSSEN, S. ØIE, K. VAN DE MERWE, K. ØIEN, R. BORING, N.
PALTRINIERI, I. WÆRØ, S. MASSAIU, K. GOULD, Petro-HRA Guideline, IFE/HR/F-2015/1640 (In Press).
2. D. GERTMAN, H. BLACKMAN, J. MARBLE, J. BYERS, & C. SMITH, The SPAR-H Human Reliability Analysis
Method. NUREG/CR-6883. Washington, DC, U.S. Nuclear Regulatory Commission (2005).
3. K.S. GOULD, A.J. RINGSTAD, & K. VAN DE MERWE, Human reliability analysis in major accident risk analyses in
the Norwegian petroleum industry,” Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Vol.
56, No. 1, pp. 2016-2020, Sage Publications (2012).
4. B. KIRWAN, A Guide to Practical Human Reliability Assessment, London: Taylor & Francis, (1994).
5. D.E. EMBREY, SHERPA: A systematic human error reduction and prediction approach,” International Meeting on
Advances in Nuclear Power Systems (1986).
6. A.M. WHALEY, D.L. KELLY, R.L. BORING, & W.J. GALYEAN, SPAR-H step-by-step guidance, INL/EXT-10-
18533, Idaho Falls, ID: Idaho National Laboratory (2011).
7. R.L. BORING & H.S. BLACKMAN, The origins of the SPAR-H method’s performance shaping factor multipliers,”
Human Factors and Power Plants and HPRCT 13th Annual Meeting, pp. 177-184, IEEE (2007).
8. K. LAUMANN and M. RASMUSSEN, Suggested improvements to the definitions of Standardized Plant Analysis of
Risk-Human Reliability Analysis (SPAR-H) performance shaping factors, their levels and multipliers and the nominal
tasks,Reliability Engineering & System Safety, 145, pp. 287-300 (2016).
9. M. RASMUSSEN and K. LAUMANN, “The Suitability of the SPAR-H "Ergonomics/HMI" PSF in a Computerized
Control Room in the Petroleum Industry,Proceedings of the 12th Probabilistic Safety Assessment and Management
(PSAM) conference, Hawaii, USA, June 22-27 (2014).
10. M. RASMUSSEN, M.I. STANDAL & K. LAUMANN, Task complexity as a performance shaping factor: A review
and recommendations in Standardized Plant Analysis Risk-Human Reliability Analysis (SPAR-H) adaption,” Safety
Science, 76, pp. 228-238 (2015).
... A project was established to develop the Petro-HRA method and the supporting method guideline 1 [1,2]. The project was funded by the Research Council of Norway's PETROMAKS program, and the Institute for Energy Technology (IFE) was the project owner. ...
... In this situation, the operator(s) has high time pressure, or they have to speed up much to do the task in time. 1 Nominal effect on performance There is enough time to do the task. The operator(s) only has a low degree of time pressure, or they do not need to speed up much to do the task. ...
... In this situation, the operator(s) has considerable extra time to perform the task and there is no time pressure or need to speed up to do the task in time. 1 Not applicable This PSF is not relevant for this task or scenario. 2 improves to approximately 0.9. ...
Full-text available
Article
Petro-HRA is a new human reliability analysis method developed for the petroleum industry. The human error quantification step in the Petro-HRA method was adapted from the Standardized Plant Analysis Risk-Human Reliability Analysis (SPAR-H) method, which was originally developed for nuclear applications. During the Petro-HRA project, emphasis was placed on evaluating and adapting the SPAR-H quantification process to make it more suitable to a petroleum context. In addition, since HRA is relatively new to the petroleum industry, emphasis was also placed on the development of guidance for how to perform qualitative analysis to inform and provide the necessary substantiation for human error quantification and human error reduction. Petro-HRA is thus considered to be a “complete” method. This paper describes the key differences between the petroleum and nuclear industries, which created the need for a new HRA method. An overview of the Petro-HRA method is provided, and we document our observations and experiences from application of this new method in case studies and in commercial practice.
... The importance of qualitative analysis for human reliability analysis (HRA) is becoming more apparent, as evidenced by recent HRA research [1,2,3,4,5,6], HRA guidance [7] and recently developed HRA methods such as IDHEAS [8] and Petro-HRA [9]. It is acknowledged that there is a need for more detailed qualitative understanding of human operator tasks and constraints in order to lend greater credibility to the quantitative results of the HRA. ...
... Indeed, many HRA methods do not describe any form of qualitative analysis, and simply assume that the analyst will have performed some without specifying what that should be. The good news is that this trend appears to be changing with recent publications as the US Nuclear Regulatory Commission's (US NRC) Fire PRA guidance [7], the IDHEAS method [8] and the Petro-HRA method [9] incorporating more detailed description of qualitative analysis requirements for HRA. ...
... The concept of a task library to support HRA analysts is not new to the Halden Research Project. The idea is inspired by a similar initiative developed for the Petro-HRA project [9], and described in detail in [14]. However, the primary goal of the Petro-HRA task analysis library is to capture task analysis details for subsequent reuse in similar HRAs, where "each reviewer of the analysis benefits from the previous analysts' insights while having the opportunity to add details that may have been overlooked in earlier analyses" [14]. ...
Full-text available
Conference Paper
Qualitative analysis is essential for obtaining credible and useful HRA results, yet most HRA method descriptions fail to adequately describe how to perform qualitative analysis. Research by the Halden Reactor Project identified task analysis as one of the key qualitative techniques for HRA, and also one of the most challenging for less experienced analysts. This paper makes an argument for why task analysis should be considered a cornerstone technique for qualitative HRA, and also describes current Halden research activities to investigate the role of task analysis in HRA, and to develop support tools for analysts to address these challenges.
... In recent years, reasonable efforts have also been made to propose new methods to deal with new concerns or to improve the conventional methods in both CPIs and NPPs which can be observed in Table 4. Generally, the number of these methods in NPPs are around double those in CPIs. HEPI [54] was proposed for human error estimation in offshore operation, and Petro-HRA [109] as a general method for human reliability analysis in the petroleum industry, while Phoenix-PRO [14] was adjusted for oil and gas operation from original Phoenix which is a qualitative general HRA method. In contrast, more specific techniques were presented to be addressed especially human error concerns. ...
... Nuclear power plants Chemical process industry Review study HRA in man-machine interface design [112] The present study Effects of digitalization in CR [104] Cognitive basis for HRA [113] HRA techniques applied for PRA [114] Issues in benchmarking HRA methods [115] HRA techniques for risk assessment [116,117] EOC identification [118], quantification [ HENT [125] Emergency tasks [64] Advanced main control rooms [101,122] HRA and system design [123] A hierarchical standard set of PIFs [124] Special HRA technique OTHEA [100], NARA [126] HEPI [54] AGAPE-ET [63], CESA [110], IDHEAS [127], Phoenix [128], IDAC [111] Petro-HRA [109] (apart from 1st and 2nd generation methods) ...
Article
Chemical process industries (CPIs) work with a variety of hazardous materials in quantities which have the potential to have large health, environmental and financial impacts and as such are exposed to the risk of major accidents. The experience with accidents in this domain shows many cases which involve complex human-machine interactions. Human Reliability Analysis (HRA) has been utilized as a proactive approach to identify, model, and quantify human error highlighted as the leading cause of accidents. Consequently, researchers have actively worked on enhancing process safety and risk engineering since the '70s. However, despite its importance and practical implications for improving human reliability, there has not been a review of human reliability related to processing systems. The present study is aimed at presenting a systematic attempt to identify the needs, gaps, and challenges of HRA in CPI. An in-depth analysis of the literature in Web of Science core collection and Scopus databases from 1975 to August 2020 is conducted. This analysis focuses on human factors in three critical elements of CPIs: maintenance operations, emergency operations, and control room operations. The analysis synthesizes the theoretical and empirical findings, shedding light on the strengths and shortcomings of current literature and identifying research opportunities. A comparison of HRA in CPIs is undertaken with nuclear power plants (NPPs) to better understand the current stage of research and research challenges and opportunities.
... To evaluate the impact of PSFs on human reliability, multipliers of the error probability were associated with each of them, based on evaluation levels. These have been identified through the review of the SPAR-H methodology carried out by Laumann et al. [36], and they have been modified according to the contextual needs of the energy industry [37]. Table 3 describes the multipliers proposed for each PSF. ...
Full-text available
Article
Human reliability analysis (HRA) is a major concern for organizations. While various tools, methods, and instruments have been developed by the scientific community to assess human error probability, few of them actually consider human factors impact in their analysis. The active role that workers have in shaping their own performance should be taken into account in order to understand the causal factors that may lead to errors while performing a task and identifying which human factors may prevent errors from occurring. In line with this purpose, the aim of this study is to present a new methodology for the assessment of human reliability. The proposed model relies on well-known HRA methodologies (such as SPAR-H and HEART) and integrates them in a unified framework in which human factors assume the role of safety barriers against human error. A test case of the new method was carried out in a logistics hub of an energy company. Our results indicate that human factors play a significant role in preventing workers from making errors while performing tasks by reducing human error probability. The limits and implications of the study are discussed.
... Some other methodologies are, a railway specific method: Railway Action Reliability Assessment (RARA) [Gibson et al., 2013], based on HEART, discussed later. They have been readily adapted to various domains (aviation -CARA [Kirwan and Gibson, 2007], Petroleum [Bye et al., 2016]. NARA proposed in [Kirwan et al., 2004] as a refinement of HEART. ...
Full-text available
Thesis
Humans are and remain one of the critical constituents of modern transport operations. Human Reliability Analysis (HRA) methods provide a multi-disciplinary approach: systems engineering and cognitive science methods to evaluate the interaction between humans and the system. This thesis proposes a novel HRA methodology acronymed PRELUDE (Performance shaping factor based human REliability assessment using vaLUation-baseD systEms). Performance shaping factors (PSFs) are used to characterize a dangerous operational context. The proposed framework of Valuation-based System (VBS) and belief functions theory (BFT) uses mathematical rules to formalize the use of expert data and construction of a human reliability model capable of representing all kinds of uncertainty. PRELUDE is able to predict the human error probability given a context, and also provide a formal feedback to reduce the said probability. The second part of this work demonstrates the feasibility of PRELUDE with empirical data from simulators. A protocol to obtain data, a transformation and data analysis method is presented. An experimental simulator campaign is carried out to illustrate the proposition. Thus, PRELUDE is able to integrate data from multiple sources (empirical and expert) and types (objective and subjective). This thesis, hence address the problem of human error analysis, taking into account the evolution of the HRA domain over the years by proposing a novel HRA methodology. It also keeps the rail industry’s usability in mind, providing a quantitative results which can easily be integrated with traditional risk analyses. In an increasingly complex and demanding world, PRELUDE will provide rail operators and regulatory authorities a method to ensure human interaction-related risk is understood and managed appropriately in its context.
... One lesson learned from the International HRA Empirical Study [27] is that it is necessary to modify the PSF multiplier design in SPAR-H. One corresponding work is conducted in Petro-HRA [5,6,12,13,[40][41][42][43] for the petroleum industry in which its developers suggested new multipliers from the literature review, collection of objective data, or expert judgment [40]. For certain PSFs (e.g., Experience/Training [42]) without much empirical data to be referred to, the authors relied on their judgment to suggest the multipliers. ...
Article
Human reliability analysis (HRA) still heavily relies on expert judgments to generate reliability data. There exists a widely recognized need to validate and justify the reliability data obtained from expert judgments. For demonstrating such effort, we provide a template of how we base expert elicitations and empirical studies to derive the multipliers of performance shaping factors (PSFs). We applied two expert judgment techniques—absolute probability judgment (APJ) and ratio magnitude estimation (RME)—to update the PSF multiplier design in Standardized Plant Analysis of Risk-Human Reliability Analysis (SPAR-H). Licensed operators (N = 17) from a nuclear power plant were recruited. It is found that APJ and RME have acceptable inter-rater reliability and convergent validity between them. The multipliers estimated by APJ and RME were compared with those from empirical studies in the human performance literature. Certain consistencies between these heterogeneous data sources were found. Combining these heterogeneous data, we suggested the multiplier design of PSFs for SPAR-H. We also bridged the relationship between every PSF and its psychological mechanism to trigger human errors. Our work might suggest the appropriateness of expert elicitations in generating useful data for HRA, and strengthen the empirical and psychological foundations of PSF-based HRA methods.
... Human Reliability Analysis (HRA) is often considered as a quantitative method only, with an end goal of generating Human Error Probabilities (HEPs) for inclusion in a Probabilistic Risk/Safety Assessment (PRA/PSA). Recent research has confirmed that not only is there a significant amount of qualitative analysis that underpins quantification [1], but also that there are benefits to the application of HRA beyond this traditional scope; specifically that the results from an HRA can contribute to error reduction activities (for example, as described in the Petro-HRA method guidance [2]), and can be used as a means of driving improvements at plants to reduce the likelihood of human error [3]. In this paper, we argue that the HRA scope can be further extended to supplement a Human Factors Engineering (HFE) methodology, thereby enabling a more risk-informed design and improvement approach. ...
Full-text available
Conference Paper
Despite the apparent clear link between HFE and HRA, anecdotal evidence suggests that HRA is not regularly applied as part of an HFE approach because it is too difficult, because there is so much uncertainty in HFE projects, and because there is no clear guidance on how to integrate the two. This paper argues that HRA naturally fits within an overall HFE approach due to the overlap in qualitative techniques used for both. This argument is reinforced by the recent research on HRA, which highlights the importance of qualitative analysis techniques for HRA for in-depth understanding of the role of the human operator in the overall system. The paper also makes a case for the benefits of integrating HRA into early design evaluation (both for new build and plant modification), and proposes a model for how this can be achieved based on the well-known NUREG-0711 HFE approach. The model is illustrated by means of a case study from the nuclear industry, which also highlights the benefits and challenges of this approach.
Article
In-depth investigations of major offshore accidents show that technical, human, operational and organisational risk influencing factors (RIFs) all have crucial effects on the accident sequences. Nonetheless, the current generation of quantitative risk analysis (QRA) in the offshore petroleum industry has focused on technical safety systems while applications and findings in the non-technical fields are to a large extent missing. There have also been parallel efforts to develop methods for the formal inclusion of human and organisational factors (HOFs) into QRA. Examples from the offshore petroleum industry include ORIM, BORA, Risk_OMT, etc. This paper presents a review of QRA models that have been developed for the offshore petroleum industry, allowing HOFs integrated in a systematical way. The main intention of this study is to summarise and evaluate how these QRA models effectively seek answers to the key questions in this line of research: (i) What are the RIFs that affect the risk? (ii) How do these factors influence the risk? (iii) How much do these factors contribute to the risk? Further, the weakness and challenges of the reviewed models are pinpointed based on a substantial data set of actual leaks that have occurred in the Norwegian sector. Following the close scrutiny of these models, their progress, limitations, validity and suitability are addressed and discussed in detail. Based on these insights, future work is suggested to enhance and improve the QRA framework for including the installation specific conditions of technical and non-technical RIFs in a more comprehensive and defensible way.
Full-text available
Article
This paper describes a Systematic Human Error Reduction and Prediction Approach (SHERPA) which is intended to provide guidelines for human error reduction and quantification in a wide range of human-machine systems. The approach utilises as its basis current cognitive models of human performance.
Full-text available
Conference Paper
This paper suggests changes in the " Ergonomics/HMI " PSF based on a review of current research on the HEP influence of ergonomic and HMI issues, an evaluation of the suitability of the SPAR-H " Ergonomics/HMI " PSF guidelines for the petroleum industry context, and interviews with HRA analysts. We recommend that the SPAR-H PSF " Ergonomics/HMI " should not be included in the Petro-HRA method as it is today. We suggest that the PSF description should be changed to suit the computerized control rooms in the petroleum industry. We suggest that that the PSF should include a level that corresponds to situations where the HMI is so bad that it is not reasonable to expect the operator to be successful at the task. We also suggest that at least one more PSF level is added to add nuance.
Full-text available
Article
This review is part of the PetroHRA project that aims at adapting human reliability analysis to the petroleum industry. The different elements that make up complexity are reviewed through a thematic analysis which identified 83 complexity elements that were categorized into 13 complexity categories. Six of these were found to be relevant and were included in the “Task Complexity” performance shaping factor which is presented in this paper. The description of “Task Complexity” includes levels and multipliers.
Full-text available
Article
This guide provides step-by-step guidance on the use of the SPAR-H method for quantifying Human Failure Events (HFEs). This guide is intended to be used with the worksheets provided in: 'The SPAR-H Human Reliability Analysis Method,' NUREG/CR-6883, dated August 2005. Each step in the process of producing a Human Error Probability (HEP) is discussed. These steps are: Step-1, Categorizing the HFE as Diagnosis and/or Action; Step-2, Rate the Performance Shaping Factors; Step-3, Calculate PSF-Modified HEP; Step-4, Accounting for Dependence, and; Step-5, Minimum Value Cutoff. The discussions on dependence are extensive and include an appendix that describes insights obtained from the psychology literature.
Full-text available
Chapter
This chapter discusses the nature, role, and maturity of human reliability assessment (HRA). The origins of the approach are described, and the generic process of HRA is defined, focusing on its core components, namely, task analysis, error identification, and quantification of human error probabilities. Validation of methods is also summarized. Contemporary issues such as errors of commission, second generation HRA methods, and the relation between HRA and safety culture are also outlined. The conclusion is that HRA is sufficiently mature to help in many industries, though its evolution is far from over. Keywords: human error; human reliability assessment; human error probabilities; data; risk assessment; quantification; errors of commission; safety culture
Full-text available
Conference Paper
The Standardized Plant Analysis Risk-Human Reliability Analysis (SPAR-H) method has proved to be a reliable, easy-to-use method for human reliability analysis. Calculation of human error probability (HEP) rates is especially straightforward, starting with pre-defined nominal error rates for cognitive vs. action oriented tasks, and incorporating performance shaping factor (PSF) multipliers upon those nominal error rates. SPAR-H uses eight PSFs with multipliers typically corresponding to nominal, degraded, and severely degraded human performance for individual PSFs. Additionally, some PSFs feature multipliers to reflect enhanced performance. Although SPAR-H enjoys widespread use among industry and regulators, current source documents on SPAR-H such as NUREG/CR-6883 do not provide a clear account of the origin of these multipliers. The present paper redresses this shortcoming and documents the historic development of the SPAR-H PSF multipliers, from the initial use of nominal error rates, to the selection of the eight PSFs, to the mapping of multipliers to available data sources such as a Technique for Human Error Rate Prediction (THERP). Where error rates were not readily derived from THERP and other sources, expert judgment was used to extrapolate appropriate values. In documenting key background information on the multipliers, this paper provides a much needed cross-reference for human reliability practitioners and researchers of SPAR-H to validate analyses and research findings.
Article
This paper discusses the definitions and content of eight performance shaping factors (PSFs) used in Standardized Plant Analysis of Risk-Human Reliability Analysis (SPAR-H) and their levels and multipliers. Definitions of nominal tasks are also discussed. The discussion is based on a review of literature on PSFs, interviews with consultants who have carried out SPAR-H analysis in the petroleum industry and an evaluation of human reliability analysis reports based on SPAR-H analysis. We concluded that SPAR-H definitions and descriptions of the PSFs are unclear and overlap too much, making it difficult for the analyst to choose between them and select the appropriate level. This reduces inter-rater reliability and thus the consistency of SPAR-H analyses. New definitions of the PSFs, levels and multipliers are suggested with the aim to develop more specific definitions of the PSFs in order to increase the inter-rater reliability of SPAR-H. Another aim was to construct more varied and more nuanced levels and multipliers to improve the capacity of SPAR-H analysis to capture the degree of difficulty faced by operators in different scenarios. We also suggest that only one of two nominal SPAR-H tasks should be retained owing to the difficulty in distinguishing between them.
SHERPA: A systematic human error reduction and prediction approach
  • D E Embrey
D.E. EMBREY, "SHERPA: A systematic human error reduction and prediction approach," International Meeting on Advances in Nuclear Power Systems (1986).