Jump to content

英文维基 | 中文维基 | 日文维基 | 草榴社区

Technique for human error-rate prediction

From Wikipedia, the free encyclopedia

The Technique for human error-rate prediction (THERP) is a technique that is used in the field of Human Reliability Assessment (HRA) to evaluate the probability of human error occurring throughout the completion of a task. From such an analysis (after calculating a probability of human error in a given task), some corrective measures could be taken to reduce the likelihood of errors occurring within a system. The overall goal of THERP is to apply and document probabilistic methodological analyses to increase safety during a given process. THERP is used in fields such as error identification, error quantification and error reduction.[1]

Techniques

[edit]

THERP may refer to a number of techniques, which are split into one of two classifications: first-generation techniques and second-generation techniques. First-generation techniques are based on a simple dichotomy, or a dichotomous structure, of whether the technique fits an error situation in the related error identification and quantification of consideration. Second-generation techniques are more theoretical in their assessment and quantification of errors, addressing, rather, the schematic’s situational or interactive elements. HRA techniques are utilized for various applications in a range of disciplines and industries including healthcare, engineering, nuclear power, transportation, and business.

THERP models human error probabilities (HEPs) using a fault-tree approach (similar to an engineering risk assessment), which integrate & account for performance-shaping factors that may influence these probabilities. The probabilities for the human reliability analysis event tree (HRAET), for example, are a calculative assessment tool drawn from a database developed by authors Alan D. Swain and H. E. Guttmann. Local data from simulations or accident reports may be used instead if supplemental data may deepen the examination of human-related error. The resultant tree portrays a step-by-step account of the stages involved in a task, in a logical order. The technique is known as a total methodology[2] because it simultaneously manages many different activities, including task analysis, error identification, and representation in the form of HRAET and HEP quantification.

Background

[edit]

THERP is a first-generation methodology, which means that its procedures follow the way conventional reliability analysis models a machine.[3] The technique was developed in the Sandia Laboratories for the US Nuclear Regulatory Commission.[4] Its primary author is Swain, who developed the THERP methodology gradually over a lengthy period.[2] THERP relies on a large human reliability database that contains HEPs and is based upon both plant data and expert judgments. The technique was the first approach in HRA to come into broad use and is still widely used in a range of applications even beyond its original nuclear setting.

THERP methodology

[edit]

The methodology for the THERP technique is broken down into 5 main stages:

1. Define the system failures of interest

These failures include functions of the system where human error has a greater likelihood of influencing the probability of a fault, and those of interest to the risk assessor; operations in which there may be no interest include those not operationally critical or those for which there already exist safety countermeasures.

2. List and analyse the related human operations, and identify human errors that can occur and relevant human error recovery modes

This stage of the process necessitates a comprehensive task and human error analysis. The task analysis lists and sequences the discrete elements and information required by task operators. For each step of the task, possible errors are considered by the analyst and precisely defined. The possible errors are then considered by the analyst, for each task step. Such errors can be broken down into the following categories:

  • Errors of omission – leaving out a step of the task or the whole task itself
  • Error of commission – this involves several different types of error:
    • Errors of selection – error in use of controls or in issuing of commands
    • Errors of sequence – required action is carried out in the wrong order
    • Errors of timing – task is executed before or after when required
    • Errors of quantity – inadequate amount or in excess

The opportunity for error recovery must also be considered as this, if achieved, has the potential to drastically reduce error probability for a task.

The tasks and associated outcomes are input to an HRAET in order to provide a graphical representation of a task’s procedure. The trees’ compatibility with conventional event-tree methodology i.e. including binary decision points at the end of each node, allows it to be evaluated mathematically.

An event tree visually displays all events that occur within a system. It starts off with an initiating event, then branches develop as various consequences of the starting event. These are represented in a number of different paths, each associated with a probability of occurrence. As mentioned previously, the tree works on a binary logic, so each event either succeeds or fails.

Below is an example of an event tree that represents a system fire:

Under the condition that all of a task’s sub-tasks are fully represented within an HRAET and the failure probability for each sub-task is known it is possible to calculate the final reliability for the task.

3. Estimate the relevant error probabilities

HEPs for each sub-task are entered into the tree; all failure branches must have a known probability, otherwise the system will fail to provide a final answer. HRAETs provide the function of breaking down the primary operator tasks into finer steps, which are represented in the form of successes and failures. This tree indicates the order in which the events occur and also considers likely failures that may occur at each of the represented branches. The degree to which each high-level task is broken down into lower-level tasks is dependent on the availability of HEPs for the successive individual branches. The HEPs may be derived from a range of sources such as the THERP database; simulation data; historical accident data, and expert judgment. PSFs should be incorporated into these HEP calculations; the primary source of guidance for this is the THERP handbook. However, the analyst must use their own discretion when deciding the extent to which each of the factors applies to the task.

4. Estimate the effects of human error on the system failure events

With the completion of the HRA, the human contribution to failure can then be assessed in comparison with the results of the overall reliability analysis. This can be completed by inserting the HEPs into the full system’s fault event tree, which allows human factors to be considered within the context of the full system.

5. Recommend changes to the system and recalculate the system failure probabilities

Once the human factor contribution is known, sensitivity analysis can be used to identify how HEPs can be reduced. Error recovery paths may be incorporated into the event tree as this will aid the assessor when considering the possible approaches by which the identified errors can be reduced.

Worked example

[edit]

Context

[edit]

The following example illustrates how the THERP methodology can be used in practice in the calculation of human error probabilities (HEPs). It is used to determine the HEP for establishing air-based ventilation using emergency purge ventilation equipment on in-tank precipitation (ITP) processing tanks 48 and 49 after failure of the nitrogen purge system following a seismic event.

Assumptions

[edit]

In order for the final HEP calculation to be valid, the following assumptions are required to be fulfilled:

  1. There exists a seismic event initiator that leads to the establishment of air-based ventilation on the ITP processing tanks 48 and 49, possibly 50 in some cases.
  2. It is assumed that both on and offsite power is unavailable within the context and therefore control actions performed by the operator are done so locally, on the tank top
  3. The time available for operations personnel to establish air-based ventilation by use of the emergency purge ventilation, following the occurrence of the seismic event, is a duration of 3 days
  4. There is a necessity for an ITP equipment status monitoring procedure to be developed to allow for a consistent method to be adopted for the purposes of evaluating the ITP equipment and component status and selected process parameters for the period of an accident condition
  5. Assumed response times exist for the initial diagnosis of the event and for the placement of emergency purge ventilation equipment on the tank top. The former is 10 hours while the latter is 4 hours.
  6. The in-tank precipitation process has associated operational safety requirements (OSR) that identify the precise conditions under which the emergency purge ventilation equipment should be hooked up to the riser
  7. The “tank 48 system” standard operating procedure has certain conditions and actions that must be included for correct completion to be performed (see file for more details)
  8. A vital component of the emergency purge ventilation equipment unit is a flow indicator; this is required in the event of the emergency purge ventilation equipment being hooked up incorrectly as it would allow for a recovery action
  9. The personnel available to perform the necessary tasks all possess the required skills
  10. Throughout the installation of the emergency purge ventilation equipment, carried out by maintenance personnel, a tank operator must be present to monitor this process.

Method

[edit]

The method considers various factors that may contribute to human errors and provides a systematic approach for evaluating and quantifying these probabilities.

Here are the key steps involved in the THERP method:

Task Analysis: The first step is to break down the overall task into discrete steps or stages. Each stage represents a specific activity or action performed by the human operator.

Error Identification: For each task stage, potential human errors are identified. These errors can result from a variety of factors, such as misinterpretation, distraction, or memory lapses.

Error Quantification: The next step is to assign probabilities to each identified error. These probabilities are based on historical data, expert judgment, or other relevant sources. THERP often uses a database of generic human error probabilities for different types of tasks.

Calculation of Overall Error Probability: The overall error probability for a task is calculated by combining the probabilities of individual errors at each stage. The method considers both independent and dependent errors, recognizing that the occurrence of one error may influence the likelihood of others.

Sensitivity Analysis: THERP allows for sensitivity analysis, which involves assessing the impact of variations in error probabilities on the overall result. This helps identify which factors have the most significant influence on the predicted human error rate.

Documentation and Reporting: The final step involves documenting the analysis, including the task breakdown, identified errors, assigned probabilities, and the overall predicted human error rate. This information is crucial for decision-makers and system designers.

THERP is widely used in industries where human performance is critical, such as nuclear power, aviation, and chemical processing. While THERP provides a systematic framework for human error prediction, it's important to note that the method relies on expert judgment and historical data, and its accuracy can be influenced by the quality of the input data and the expertise of the analysts.

Keep in mind that other HRA methods, such the as Human Error Assessment and Reduction Technique (HEART) and Bayesian Network-based approaches, also exist, and the choice of method depends on the specific requirements and characteristics of the system being analyzed.

An initial task analysis was carried out on the normal procedure and standard operating procedure. This allowed the operator to align and then initiate the emergency purge ventilation equipment given the loss of the ventilation system. Thereafter, each individual task was analyzed from which it was then possible to assign error probabilities and error factors to events that represented operator responses.

  • A number of the HEPs were adjusted to take account of various identified performance-shaping factors (PSFs)
  • Upon assessment of characteristics of the task and behavior of the crew, recovery probabilities were deciphered. Such probabilities are influenced by such factors as task familiarity, alarms, and independent checking
  • Once error probabilities were decided upon for the individual tasks, event trees were then constructed from which calculation formulations were derived. The probability of failure was obtained through the multiplication of each of the failure probabilities along the path under consideration.

HRA event tree for aligning and starting emergency purge ventilation equipment on in-tank precipitation tanks 48 or 49 after a seismic event.

The summation of each of the failure path probabilities provided the total failure path probability (FT)

Results

[edit]
  • Task A: Diagnosis, HEP 6.0E-4 EF=30
  • Task B: Visual inspection performed swiftly, recovery factor HEP=0.001 EF=3
  • Task C: Initiate standard operating procedure HEP= .003 EF=3
  • Task D: Maintainer hook-up emergency purge ventilation equipment HEP=.003 EF=3
  • Task E: Maintainer 2 hook-up emergency purge, recovery factor CHEP=0.5 EF=2
  • Task G: Tank operator instructing /verifying hook-up, recovery factor CHEP=0.5 Lower bound = .015 Upper bound = 0.15
  • Task H: Read flow indicator, recovery factor CHEP= .15 Lower bound= .04 Upper bound = .5
  • Task I: Diagnosis HEP= 1.0E-5 EF=30
  • Task J: Analyze LFL using portable LFL analyzer, recovery factor CHEP= 0.5 Lower bound = .015 Upper bound =.15

From the various figures and workings, it can be determined that the HEP for establishing air-based ventilation using the emergency purge ventilation equipment on In-tank Precipitation processing tanks 48 and 49 after a failure of the nitrogen purge system following a seismic event is 4.2 E-6. This numerical value is judged to be a median value on the lognormal scale. However, this result is only valid given that all the previously stated assumptions are implemented.

Advantages of THERP

[edit]
  • It is possible to use THERP at all stages of design. Furthermore, THERP is not restricted to the assessment of designs already in place and due to the level of detail in the analysis it can be specifically tailored to the requirements of a particular assessment.[5]
  • THERP is compatible with Probabilistic Risk Assessments (PRA); the methodology of the technique means that it can be readily integrated with fault tree reliability methodologies.[5]
  • The THERP process is transparent and structured, providing a logical review of the human factors considered in a risk assessment; this allows the results to be examined in a straightforward manner and assumptions to be challenged.[5]
  • The technique can be utilized within a wide range of differing human reliability domains and has a high degree of face validity.[5]
  • It is a unique methodology in the way that it highlights error recovery, and it also quantitatively models a dependency relation between the various actions or errors.

Disadvantages of THERP

[edit]
  • THERP analysis is very resource-intensive and may require a large amount of effort to produce reliable HEP values. This can be controlled by ensuring an accurate assessment of the level of work required in the analysis of each stage.[5]
  • The technique does not lend itself to system improvement. Compared to some other Human Reliability Assessment tools such as HEART, THERP is a relatively unsophisticated tool as the range of PSFs considered is generally low and the underlying psychological causes of errors are not identified.
  • With regard to the consistency of the technique, large discrepancies have been found in practice with regard to different analysts' assessment of the risk associated with the same tasks. Such discrepancies may have arisen from either the process mapping of the tasks in question or in the estimation of the HEPs associated with each of the tasks through the use of THERP tables compared to, for example, expert judgment or the application of PSFs.[6][7]
  • The methodology fails to provide guidance to the assessor on how to model the impact of PSFs and the influence of the situation on the errors being assessed.
  • The THERP HRAETs implicitly assume that each sub-task’s HEP is independent from all others i.e. the HRAET does not update itself in the event that an operator takes a suboptimal route through the task path. This is reinforced by the HEP being merely reduced by the chance of recovery from a mistake, rather than by introducing alternative (i.e. suboptimal) “success” routes into the event tree, which could allow for Bayesian updating of subsequent HEPs.
  • THERP is a “first generation” HRA tool, and in common with other such tools has been criticized for not taking adequate account of context.[3]

Other human reliability assessments

[edit]

Other Human Reliability Assessments (HRA) have been created by multiple different researchers. They include cognitive reliability and error analysis method (CREAM), technique for human error assessment (THEA), cause-based decision tree (CBDT), human error repository and analysis (HERA), standardized plant analysis risk (SPAR), a technique for human error analysis (ATHEANA), hazard and operability study (HAZOP), system for predictive error analysis and reduction (SPEAR), and human error assessment and reduction technique (HEART).[8]

References

[edit]
  1. ^ Calixto, Eduardo (2016-01-01), Calixto, Eduardo (ed.), "Chapter 5 - Human Reliability Analysis", Gas and Oil Reliability Engineering (Second Edition), Boston: Gulf Professional Publishing, pp. 471–552, doi:10.1016/b978-0-12-805427-7.00005-1, ISBN 978-0-12-805427-7, retrieved 2023-12-20
  2. ^ a b Kirwan, B. (1994) A Guide to Practical Human Reliability Assessment. CRC Press. ISBN 978-0748400522.
  3. ^ a b Hollnagel, E. (2005) Human reliability assessment in context. Nuclear Engineering and Technology. 37(2). pp. 159-166.
  4. ^ Swain, A.D. & Guttmann, H.E., Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications. 1983, NUREG/CR-1278, USNRC.
  5. ^ a b c d e Humphreys, P. (1995). Human Reliability Assessor’s Guide. Human Factors in Reliability Group. ISBN 0853564205
  6. ^ Kirwan, B. (1996) The validation of three human reliability quantification techniques - THERP, HEART, JHEDI: Part I -- technique descriptions and validation issues. Applied Ergonomics. 27(6) 359-373. doi.org/10.1016/S0003-6870(96)00044-0
  7. ^ Kirwan, B. (1997) The validation of three human reliability quantification techniques - THERP, HEART, JHEDI: Part II - Results of validation exercise. Applied Ergonomics. 28(1) 17-25.
  8. ^ DeMott, D.L. (2014?) "Human Reliability and the Cost of Doing Business". Annual Maintenance and Reliability Symposium