1

A proposed model to account human factors in safety-critical systems

V Rumawas & BE AsbjørnslettDept of Marine Technology

Courtesy of Alert! - The International Maritime Human Element Bulletin

2

The outline• Background• Current research• Proposed Markov model• Proposed model based on safety instrumented

system• Challenges• Summary

3

The background:

• 8 Jul 2005 KM Digoel sank in Arafura SeaApprox. 184 fatalities.

• 30 Dec 2006 KMP Senopati Nusantara lost in South Kalimantan sea. Approx. 446 fatalities

• 11 Jul 2007 KM Wahai Star sank in Ambon sea. Approx 100 fatalities

• 11 Jul 2007 KM Sinar Madinah sank in Dompu, Nusa Tenggara Barat. Fatalities unknown.

• 18 Oct 2007 KM Asita III sank in Kadatua Strait, Sulawesi Tenggara. Approx. 66 fatalities.

• 11 Jan 2009 KM Teratai Prima 0 sank in Tanjung Baturojo, Sendana, Majene, West SulawesiAprrox. 264 fatalities.

Ferry accidents in developing countries

4 Lawson & Weisbrod (2005)

5

Introduction: The picture• Ferry operations in developing countries: a need!

– Low operation standards, cheap fares– Substandard vessels, second hand fleet, insufficient engine

power, limited redundancy, poor maintenance– Overloaded cargo & overcrowded passengers– Minimum information regarding the upcoming weather– Crew with limited knowledge and training– Inadequate regulations & the supporting system– Low safety awareness

• In normal condition, the sea is calm, the vessel can operate just safely

• During extreme period, when situation escalates, the risk raised significantly; fatal accident every year

6

the Research

• The goal: – to develop a model to

account HF that can represent ~ and predict ~

• The ideas:– adopt the existing system

(hardware) reliability framework• Markov models• SIS framework:

IEC 61508– ship = safety-critical system– environmental condition:

demand system (H/L)– Modeling HF in safety critical

system

7

System Reliability Approach:Markov models

adopted from Dhillon (2003)

λ : human error rateμ : repair rateα : transition rate

8

Reliability Model:Safety Instrumented System

• SIS: an independent protection layer that is installed to mitigate the risk associated with the operation of a specified hazardous system, which is referred to as the equipment under control (EUC). Rausand & Høyland (2004)

9

Human element modelTypes of basic functions performed by humanor machine components of human-machine systems

Information input

Sensing(information receiving)

Information processing and

decision

Action functions (physical control or

communication)Output

Information storage

(Saunders & McCormick, 1992 p. 17).

10

11

12

13

Proposed Model: HE as SIS Bridge Operations

14

Markov diagram for bridge operations

• i = 4 all crew manage to perform tasks correctly

• i = 3 the crew fail to monitor the environment correctly

• i = 2 the master fails to make a correct decision in controlling the vessel

• i = 1 the crew fail to control the vessel correctly

• i = 0 the vessel fails to maintain its integrity.

15

Probability of failure on demand (PFD)

R

1

tτ 2τProbability of failureon demand (PFD)

Average PFD = λτ/2

PFDSYS = PFDS + PFDL + PFDFE

PFHSYS = PFHS + PFHL + PFHFE

F = 1 - R

λ

In hardware reliability perspective

16

Proposed PFD concept for human ~

R1

tτ 2τ

PFD

θ

δγ(t)

PFDh = (1 – (θ + ∑ (γi(t) + δi))

Initial condition;Existing competencePrevious knowledge, experience &training

Self-learningAdaptation

Training effect

Courtesy of Alert! - The International Maritime Human Element Bulletin

17

Discussions• HF x SIS

– Redmill & Rajan (1997), Cacciabue (2004), Carey (2001), Schönbeck, Rausand & Rouvroye (2010)

• The connecting lines in SIS• Failure modes, scenarios:

– High seas, storm, typhoon, strong wind, strong current, overloaded, excessive trim/rolling, fire & explosion, blackout, etc.

• The challenge:– Human reliability analysis & failure rates– How to find a simple & valid numbers: by experiment in

simulators, simulation-based method

18

Summary• A model has been developed to account HF in SCF • Human is considered as the barrier or protection layer,

instead of being the hazard or threat• Scenarios should be identified• Further validation of the model should be done, e.g. by

experiments in the simulators

end of presentation

Courtesy of Alert! - The International Maritime Human Element Bulletin