Author’s Accepted Manuscript

Development of a risk analysis model to evaluate

human error in industrial plants and in critical
infrastructures

Antonella Petrillo, Domenico Falcone, Fabio De

Felice, Federico De Zomparelli
www.elsevier.com/locate/ijdr

PII: S2212-4209(17)30018-3
DOI: http://dx.doi.org/10.1016/j.ijdrr.2017.03.012
Reference: IJDRR529
To appear in: International Journal of Disaster Risk Reduction
Cite this article as: Antonella Petrillo, Domenico Falcone, Fabio De Felice and
Federico De Zomparelli, Development of a risk analysis model to evaluate
human error in industrial plants and in critical infrastructures, International
Journal of Disaster Risk Reduction, http://dx.doi.org/10.1016/j.ijdrr.2017.03.012
This is a PDF file of an unedited manuscript that has been accepted for
publication. As a service to our customers we are providing this early version of
the manuscript. The manuscript will undergo copyediting, typesetting, and
review of the resulting galley proof before it is published in its final citable form.
Please note that during the production process errors may be discovered which
could affect the content, and all legal disclaimers that apply to the journal pertain.
 Development of a risk analysis model to evaluate human error in industrial
plants and in critical infrastructures

Antonella Petrilloa*, Domenico Falconeb, Fabio De Feliceb, Federico De Zomparellib

a
University of Napoli “Parthenope”, Centro Direzionale, Isola C4, 80143 Napoli (NA), Italy
b
University of Cassino and Southern Lazio, Via G. Di Biasio 43, 03043 Cassino (FR), Italy

antonella.petrillo@uniparthenope.it
falcone@unicas.it
defelice@unicas.it
f.zomparelli@unicas.it
*
Corresponding author. Antonella Petrillo, University of Napoli “Parthenope”, Centro
Direzionale, Isola C4, 80143 Napoli (NA), Italy. Phone 00 39 081 5476747

Abstract
The complexity of production systems negatively affects operator’s ability to make decisions during
emergency conditions. The aim of the present research is to propose a hybrid model for human error
probability analysis, called Emergency Human Error Analysis (EHEA), which considers all
contingency factors that influence decisions and actions of the operator. The model aims to evaluate
the human error probability in emergency conditions in industrial plants and critical infrastructures.
The proposed model is based on SHERPA model (simulator for human error probability analysis)
and on the performance shaping factors relationship, which represents the environmental system.
This model can be used in preventive phase to analyze the possible accident scenarios. A real case
study concerning the emergency conditions in a petrochemical plant is analyzed.

Acronyms
APJ, Absolute Probability Judgment; ATHEANA, A Technique for Human Event Analysis;
CREAM, Cognitive Reliability and Error Analysis Method; EHEA , Emergency Human Error
Analysis; GTT, Generic Task; HCR, Human Cognitive Reliability Correlation; HEART, Human
error assessment and reduction technique; HEP, Human error probability; HEPnom, Nominal Human
error probability; HEPcont, Contextualized Human error probability; HRA, Human reliability
analysis; OAT, Operator Action Tree; PSF, Performance Shaping Factor; PSFcomp, Complete
Performance Shaping Factor; PROCOS, Probabilistic Cognitive Simulator; SHARP, Systematic
Human Action Reliability; SHERPA, Systematic Human Error Reduction & Prediction Approach;
SHERPA, Simulator for Human Error Probability Analysis; SLIM, Success Likelihood Index
Method; SPAR-H, Standardized Plant Analysis Risk – Human reliability analysis; TESEO, The
empirical technique to estimate operator’s error; THERP, Technique for Human Error Rate
Prediction

Keywords: Human Reliability Analysis, Human Error Probability, Accident Model, Disaster
Management, Human Factor.
1. Introduction
In recent years, after many disastrous accidents, the emergency management in industrial plants has
assumed a key role to ensure the safety of operators (De Felice et al., 2016). The emergency
management analyzes two fundamental aspects: the system reliability and the human reliability. In
the past, the reliability analysis was only referring to the reliability of machines. According
Sheridan e Williams (1974), the company system is defined by two forces: man and machines.
Thus, in recent years, research about human reliability (HRA) is growing. Recently, Zhou et al.,
(2017) in a first work define a new model (D-DEMATEL) to identify the critical success factors in
emergency management. In a second work propose a dependence assessment in human reliability
analysis based on D Numbers and AHP.
It is important to note that the first HRA studies, have been developed in the nuclear field, where an
error could have a disastrous consequences (De Felice et al., 2016). It is essential to develop a risk
assessment model, to identify and to manage critical issues relating to operations or activities
(Janius et al., 2017). The HRA methods avoid, or stop, the chain of events that, given an initial
event, can lead to a probable disaster (Di Bona et al., 2014). The risk management analyzes and
verifies all the necessary measures to control the uncertainty and to limit the effects of accidents
(Scott and Few, 2016). Such reasoning can and should be extended to all activities where there is
the human factor, which is the cause of the majority of incidental events. The malfunction of a
critical system generates consequences of an entire population. In this context HRA is an essential
tool to apply in order to reduce the adverse consequences of human errors. In fact, the human factor
is a predominant element in the study of accidents, both in probability level, but also in terms of
severity of the expected effects (De Felice, and Petrillo, 2011). In detail, HRA is as the set of a
technique which describes operators’ conditions during the work, evaluating errors and unsafe
actions. The limit of HRA techniques is related to the uncertainty which does not allow full use of
it. Generalizing, the human reliability analysis studies external and internal factors, which could
affect workers’ performance (Lu et al., 2015). The “external” factors depend on work environment,
they modify the working conditions and thus leading to errors. The “internal” factors are related to
the individual’s characteristics, and individual psycho-physical conditions of the operator
(Shanmugan, and Paul Robert, 2015). The purpose of this study is to propose a hybrid model, called
the Emergency Human Error Analysis (EHEA), for evaluating human error probability in the
industrial plants during an emergency condition. The model takes into account environmental
factors that can influence decisions and actions of a operators. The paper analyzes the most known
and used HRA methodologies to identify the most promising models before to develop our model.
EHEA method arises from the Sherpa simulator proposed by Di Pasquale et al., 2015 and the
performance shaping factors (PSFs) dependence proposed by Boring, 2010. The fusion between this
two methodologies allows us to develop a reliable simulator for human error probability analysis
during the emergency conditions. Our model takes advantage of both methodologies. Through the
SHERPA model it defines a function to compute the value of Human Error Probability (HEP),
considering human factors, and environmental factors. But this model does not consider the
dependencies between the various environmental factors. Thus, through the use of Performance
Shape Factors (PSFs), it is possible to consider the influence of different environmental factors.
Boring (2010) gets the values of PSFs dependence through an analysis of 82 real case studies. The
resulting model is more reliable because it can simulate conditions that best approximates reality.
EHEA model is performed through six different steps, whose results were combined to calculate the
human error probability: 1) preliminary analysis; 2) evaluation of generic task; 3) definition of the
Weibull distribution function and the human error probability; 4) choice of performance shaping
factors; 5) determination of the complete PSF; and 6) determination of the contextualized human
error probability with dependence of PSFs. The model evaluates the human error probability and it
gives information on criticality of work and risk reduction. The model is implemented in a real case
study of a petrochemical plant. The result is a very flexible and standardized tool, because it uses 8
generic tasks or in other words types of emergency tasks that characterized by some sense of
urgency that can approximate many activities carried out in different situations. Moreover the
different PSFs allow to represent different environmental conditions that well approximates the
reality. The existing simulator can not represent faithfully the reality. For example SHERPA (Di
Pasquale et al., 2015) consider only independent PSFs while HEART (Kirwan, 1996) does not
consider the PSFs. Of course, the EHEA model can be applied in different kinds of activities and in
a different scenario.
The paper is organized as follows. Section 2 analyzes the state of art on human reliability methods.
Section 3 describes the framework of the model. Section 4 presents a case study in a petrochemical
industry. In section 5 a discussion of the main results is presented. Finally, section 6 summarizes the
conclusion of the research and the future developments.

2. Literature Review: State of the art of HRA methodologies

Human error is the main cause of work-related accidents (Lundqvist et al., 1992). The work is based
on two major forces: man and machines. Human reliability analysis (HRA) studies the human
reliability behavior, in a similar way to the study of mechanical parts reliability (Kim, 2001). HRA
is a complex system of technique that describes physical and environmental conditions in which the
operator shall carry out their tasks, considering errors, skills, experience and ability (Duraccio et al.,
2015). The need to improve the human reliability analysis methodologies has motivated a number
of major activities in research and development worldwide (Swain and Guttman, 1983). For a
comprehensive survey of the phenomenon an investigation on Scopus data base, the largest abstract
and citation database of peer-reviewed literature, was carried out. Search string used in the literature
survey was “human reliability analysis”. String was defined according to the standards of Scopus
database. Only articles in whiche the string was found in key words were analyzed. The analysis on
Scopus pointed out that from 1964 (year in which the first aticle was published) until March, 2017
(the period of research) there is constant interest on this topic, as shown in Figure 1.

Figure 1: HRA number of publications (Scopus source)

A deeper analysis highlights that the major number of publications related to HRA is relative to
CREAM and HEART methodologies.

Figure 2: Percentage HRA publications (Scopus source)

There are three different generations of HRA methodologies. First generation (1970 - 1990) studies
the human error probability and it is not very sensitive to the causes of behaviors (Hollnagel, 1996).
Some methodologies below to the first generation are:
 Systematic Human Action Reliability (SHARP): considers the integrated man-machine
systems and it develops the analysis process in seven steps (Chepin, 2008). Hannaman and
Spurgin, (1984) use the SHARP methodology to study the influence of human actions on
events modeled.
 The empirical technique to estimate the operator’s error (TESEO): calculates error
probability of operator, considering five influential factors on behavior. The method is
simple, but it has a more limited approach related to the uncertainty (Elmaraghy, et al.,
2008). Bello and Colombari (1980) use this methodology to analyze human factor in the risk
analyses of process plant, checking the control room operator.
 Operator Action Tree (OAT): considers the errors of operator in the emergency conditions.
The methodology is standardized, but it neglects the differences between the various
activities (De Felice, et al., 2012).
  Absolute Probability Judgment (APJ): uses statistical and mathematical rules for combining
the opinions of experts on human factors. (Williams, 1985). The method is rapid, however,
it depends on the subjective assessments (Park, et al. 2008).
 Human Cognitive Reliability Correlation (HCR): calculates the error probability in relation
to the available time, through the application of mathematical algorithms (Hannaman, et al.,
1985). The model is simple, but neglects several types of errors, and it considers a limited
number of indices (Wang & Gao, 2006). Yang et al., (2014) use HCR method to study the
basic parameters for multi factor meta operation.
 Technique for Human Error Rate Prediction (THERP): builds a tree of events and it
quantifies the associating scenarios to each outcome a nominal error probability (Swain,
1964). The method can be developed in the form of procedures and may be applied in
several areas. It models the behavior of man as a mechanical component and thus it loses
some important elements, also ignores the cognitive errors (Kirwan, 1996). Xu et al., (2014)
use THERP method to study the HRA on the high speed train dispatcher.
 Success Likelihood Index Method (SLIM): assesses the likelihood of error, based on
indicators defined by the experts, with a computerized procedure (Rosa et al., 1985). It can
be applied in various fields. Again the subjective judgments of experts influencing the
system (Kariuki & Lowe, 2007).
 Human error assessment and reduction technique (HEART): considers all of the factors that
adversely affect the performance and the execution of an activity, each independently, to
obtain a total error probability (Kirwan, 1996). He and Van Nes (2012) use this method for
the quantitative results comparison and for the insights of the potential improvements about
an HRA in the oil and gas industry.
 Probabilistic Cognitive Simulator (PROCOS): is a simulator that can estimate the human
error probability, by integrating the first generation HRA methods advantages. The model
develops a simulator that allows the error analysis, prevention and the recovery. It is focused
on the return of quantitative results. It provides quantitative results, comparable with those
of traditional HRA methods. It also involves a cognitive evaluation of the operator. The
model requires the development of a taxonomy of errors, the construction of a cognitive
model and a very detailed architecture (Trucco, & Leva, 2007). De Ambroggi and Trucco
(2011) study the modification of the influence of PSFs over the operational performance in
the aircraft control, underlining the importance of considering not only the possible
correlation between the states of PSFs but also their mutual dependency in affecting human
performance in complex systems. The case study provides the integrated development of the
Analytic Network Process methodology with the PROCOS simulator.

Second generation methodologies (1990 - 2005), integrate internal and external factors affecting
human performance and cognitive processes. Advanced cognitive models have been developed,
they represent the logical processes of the operators. In second-generation models, the factors that
determine performance (PSFs) are derived by focusing on the environmental impact on the
cognitive level (Kirwan, 1996). Some methodologies below to the second generation are:
 Cognitive Reliability and Error Analysis Method (CREAM): evaluates the effect of the
context of risk of error (Hollnagel, 1998). It pays great attention to the control of the
scenario in which the operator works. The method integrates individual factors,
technological and organizational. The model determines directly the probability of human
error, but it is very expensive (Colangelo, 2012). Konstandinidou et al., (2006) use CREAM
method to realize a fuzzy modeling application of CREAM methodology for human
reliability analysis.
 A Technique for Human Event Analysis (ATHEANA): identifies faults and their causes. It
does not decompose actions under activities. It describes the basic process of the operators.
It is an expensive method, but it is very solid. (Cooper et al., 1996). Pinto et al., (2014)
 study a human failure analysis of a digital control system for a pressurizer of current
pressurized water reactor plants using the ATHEANA methods.
 Standardized Plant Analysis Risk - Human RA (SPAR-H): divides causes of error in
diagnosis and action. The model considers the context through the use of performance
shaping factors PSFs. The model is simple, quick and easy to use. It can be extended to
other sectors. On the other hand the PSFs are described generically and may be
inappropriate for the most realistic and detailed analysis (Gertman, Blackman, Marble,
Byers, & Smith, 2005). Rasmussen et al., (2015) try to adapt the HRA to the petroleum
industry using the SPAR-H method.

In recent years, limitations and shortcomings of the second generation HRA methods have led to
further developments related to the improvement of pre-existing methods. One of third generation
methods is nuclear action reliability assessment (NARA) and is, in fact, an advanced version of
HEART for the nuclear field. The shortcomings in the second generation, highlighted above, have
been the starting point of HRA experts for new research and improvement of existing methods (Di
Pasquale et al., 2013). Third generation began in 2005, it considers the dependence of various
factors of human performance. The greater third generation analysis is related to the nuclear
industry (Jung, et al., 2007). Third generation methods contain more dynamic simulation, and have
to be implemented on a computer (French et al., 2009). The third generation of HRA uses the
modeling and simulation system with a virtual representation of humans to determine situations that
may challenge human performance in space missions (Boring, 2005). Boring (2010) proposes a
dependence model between the PSFs. The ‘new’ tools that are emerging, and referred to as third
generation tools, are the developments of first and second generation methods with the addition of
specific industry data. Third generation methods focus on human performance factors relations and
dependencies.
The third generation methods utilize existing tools in the reliability study of systems for analyzing
human reliability. An example is the Bayesian Network analysis. The bayesian network assesses
failure in a task or action sequence and it is applied in maintenance operation, or in incident analysis
and it regards the human factors performance based on the specialist opinion (Calixto et al, 2013).
Our research is based on the consideration that scientific literature has highlighted that HRA models
present several limitations. The innovative nature of our model overcomes the limitations of
traditional HRA methodologies and leverages their strengths. Table 1 shows the similarities and the
differences of our model EHEA respect the five models on which is inspired.

Table 1: Comparison EHEA with literature HRA models

Comparison with EHEA model

Model Authors Similarities Differences
Use of generic tasks with a
Williams, defined reliability to
HEART Absence of environmental factors
1986 calculate the human error
probability
German, Use of Environmental Absence of correlation between
SPAR-H
2010 factors environmental factors
Fusion between HEART
Di Pasquale and SPAR-H to calculate Absence of correlation between
SHERPA
et al., 2015 the human error environmental factors
probability
PSFs
Boring, Use of correlation between Absence of human error probability
dependenc
2010 environmental factors calculation
e
 The environmental factors are
Hybrid De Felice, described with the CREAM model.
Use of SHERPA
model et al., 2016 Absence of correlation between
environmental factors

Furthmore, our analysis identified two problems related to the SHERPA model. The first one is
related to the assessment of human error probability that is limited to the first 8 hours of work. The
second one is related that there is no dependency between the performance shaping factors.
It is necessary to overcome these problems to provide a system for the reliability assessment in
emergency conditions. Our model try to cover this gap.
In particular the EHEA model is the improved model of our previous work proposed in 2016 (De
Felice et al., 2016) that integrates SHERPA and CREAM methodology. However, the model have
showed some weaknesses related to the rappresentation of the dependence of human factors. For
this reason it has been necessary to review the model integrating SHERPA with SPAR-H and
considering the dependence between the PSFs values to create a model that can correctly simulate
reality.

3. Methodology: Framework of the model

The aim of this work is the development of a simulator to analyze the human error probability in the
emergency condition scenario. The new simulator integrates two different HRA methodologies,
Sherpa and PSFs dependency, because any methodology proposed in literature could represent a
real emergency system. The new model allows evaluating simultaneously the internal and the
external factors which affect the operator. The starting model (SHERPA) is a fusion between the
Heart and Spar-H methods. The HEART method considers the human internal factors, while the
Spar-H method considers the environmental external factors. The paper has improved the Sherpa
method for the application in emergency conditions, by developing a new methodology (EHEA)
that considers working time more than 8 hours and performance shaping factors dependency. These
changes are necessary to simulate a system that represents the real emergency situation. Because
during the emergency conditions, often the relief operations last much longer than 8 hours
(McLoughlin, 1985), (Mendonca et al., 2001), then it is necessary to evaluate the human reliability,
after 8 hours of work "standard." Furthermore, in the reality, environmental factors are not
independent of each other, but they influence each other.
The methodological approach followed is shown in figure 3. The yellow steps are incorporated
from Sherpa methodology, while the green steps are the hybrid system between the Sherpa model
and the PSFs dependency model. The analysis procedure is divided into six different steps:

 Step#1: Preliminary analysis;

 Step#2: Evaluation of generic task (GTTs);
 Step#3: Definition of the Weibull distribution function and the human error probability
(HEPnom);
 Step#4: Choice of performance shaping factors (PSFs) with their dependence;
 Step#5: Determination of the complete performance shaping factor index (PSFcomp);
 Step#6: Determination of the contextualized human error probability with dependence on
PSFs (HEPcont w/d).

Figure 3: Methodological approach and steps

Step#1: Preliminary Analysis
The analysis starts with a detailed and accurate description of actions carried out by the operator.
For each of these operations, it will be later associated a human error probability (HEPnom) that
represents the unreliability of the operator. The human error probability is a growing function of the
time, because the reliability evaluation is based on the Weibull function. It was chosen the Weibull
function, because it allows to create a dependency between human reliability and working time. In
emergency management analysis, work time is a critical variable that must be carefully considered.
For example Di Pasquale et al., (2015) and Gertman, and Blackman, (1994) simulate the human
reliability analysis with the Weibull function while Chiodo et al., (2004) use the function to propose
an analytical model to consider the random variability of human performances. According to above
consideration we agree to consider the Wibull function as the best function to describe the error
distribution. It provides a constant failure rate, that generates an increasing unreliability time
dependent.
It is important to define different possible scenarios on which to carry out the study. A
comprehensive study includes an analysis of different scenarios. The data about the real
environment scenarios can be introduced in the algorithm with the performance shaping factors.
Step#2: Evaluation of generic task (GTTs)
The generic tasks are the operations performed by the operator. Tasks are defined by scientific
literature (Kirwan, 1996). Scientific literature proposes for each task a reliability coefficient (k) for
the first hour of work and for the eighth hour of work. The k coefficient is the human reliability
value. Table 2 shows a lognormal distribution (as the lower (5%) and upper (95%) dispersion values
indicate) for the generic tasks (Williams, 1986).

Table 2: Generic Tasks

Limitations of k k
N° Generic Task α β
unreability (%) (t=1) (t=8)

1 Totally unfamiliar 0.35 – 0.97 0.65 0.03 0.1661 1.5

2 System recovery 0.14 – 0.42 0.86 0.58 0.0213 1.5

Complex task requiring high level of

3 0.12 – 0.28 0.88 0.72 0.0108 1.5
comprehension and skill

Fairly simple task performed rapidly or given scant

4 0.06 – 0.13 0.94 0.87 0.0042 1.5
attention

5 Routin, highly practised 0.007 - 0,045 0.993 0.955 0.0021 1.5

Restoring a system by following the procedures of

6 0.008 – 0.007 0.992 0.993 -5.44E-05 1.5
controls

Completely familiar, well designed, highly

7 0.00008 – 0.009 0.9999 0.991 0.00005 1.5
practised, routine task

Respond correctly to system command even when

8 there is an augmented or automated supervisory 0.00006 – 0.0009 1 0.9991 4.86E-05 1.5
system
Step#3: Definition of the Weibull distribution function and the human error probability
It is necessary to identify the error probability associated with each generic task. The Weibull
function is chosen to represent the human reliability, because it describes systems with variable
failure rates over time (in our case the failure rate is related to the reliability of the operator). The
Weibull function is used because it connects human error probability with working time. Time is a
key variable during an emergency condition, because the emergency should be resolved in the
shortest possible time, so it uses the Weibull function. The normal log values (Table 1) are used as
input values for the Weibull function.

Weibull probability distribution describes the error probability of operator for each task. The
nominal HEP value can be calculated as:

(1)

The above formula can be changed in relation to the working hours. Since the operator’s reliability
is highest in the first hour of work and descending gradually it gets closer to the eighth hour. We
use the k1 factor, for t=[0; 8[ and the k2 factor for t=[8;∞[.

( )
( ) [ ]
{ ( ) ( )
] [ (2)
( )
( ) [ [

Where α is the scale parameter,which is calculated by the following formula and β is the shape
parameter. The β parameter is defined as 1.5 by the scientific literature of the HEART model
(Kirwan, 1996). The α parameter is calculated by the following formula.

( )
[ ]
( )
(3)
( )

The β value represents the curve form. Figure 4 shows the various forms of the Weibull curve and
beta values.

Figure 4: Weibull function forms

Di Pasquale et al., (2015), represent the human reliability curve growing until the first hour and
then it decreases asymptotically. In figure 4 this behavior corresponds to a β value = 1.5.
This step differs from the Sherpa methodology, because it considers an infinite time interval, while
the Sherpa simulator consider 8 working hours. It is necessary to modify time intervals, because
operator may work more than 8 consecutive hours during the emergency conditions.

Step#4: Choice of performance shaping factors (PSFs)

Performance shaping factors (PSFs) describe the environmental and behavioral factors that
influence decision and actions of the operator. In particular the use of PSFs tries to simulate the
different simulating scenarios. Analytically the PSFs modify the human error probability value
because they introduce the external factors that strain and distract the decision maker. The PSFs and
their values are obtained from the Spar-H method (Gertman et al., 2005).
The PSFs considered are:
 Available time;
 Stress/Stressor;
 Complexity;
 Experience and training;
 Procedures;
 Ergonomics;
 Human machine interface (HMI);
 Fitness for duty, and work processes.
In general, other PSFs could be introduced related to particular conditions or considerations (e.g.
number of data and information available). The PSFs, presented in the Sherpa model, does not
consider PSFs dependencies. Boring (2010) proposes a table of PSFs dependencies obtained from
the analysis of 82 incidents at the USA nuclear plants, as shown in Table 3. (number in Table 2,
represents the level of correlation between different PSFs.

Table 3: PSFs dependence (with * are indicated significant correlations with p value <0.05)
Available Stress Experience Ergonomics Fitness for Work
Complexity Procedures
Time Stressors Training HMI Duty Process
Available
1
Time
Stress
0.50* 1
Stressors
Complexity 0.38* 0.35* 1
Experience/
0.31* 0.21* 0.32* 1
Training
Procedures 0.05 -0.01 0.12* 0.08* 1
Ergonomics
0.10* 0.04 0.08* 0.08* 0.29* 1
HMI
Fitness for
0.20* 0.29* 0.22* 0.17* 0.12* 0.27* 1
Duty
Work
0 0.13* 0.16* 0.20* 0.35* 0.12* 0.15* 1
Process

Step#5: Determination of the complete PSF (PSFcomp)

It is important to assess the overall PSF index (PSFcomp), which is obtained from the product of all
PSFs and their value of independence. The PSFcomp is a value which represents the work
environment conditions.

∏ [ ( )] (4)

The PSFi value represents the individual values of PSFs (proposed by Gertman et al., 2005). While
“i” is a value between 1 and n. Where n is the total number of PSFS that are considered in the
model. The sum of dependence index is the sum of the correlation value of PSFs represented in
table 2. The Sherpa model doesn’t consider dependence index to calculate the PSFcomp index.

Step#6: Determination of the contextualized human error probability with dependence on

PSFs (HEPcont w/d)
The sixth phase is the determining of the contextualized probability error, through the PSFs indexes.
Mathematically, the contextualized HEP is calculated as follows:

(5)
( )

The HEPcont value provides the level of human error probability of the decision maker, depending of
influencing factors.

4. Experimental results for emergency human error analysis in a petrochemical plant

This section presents a case study within a petrochemical company which regenerates waste oil.
The analyzed scenario is an emergency conditions developed by a great fire in the plant (Figure 5).
The model evaluated the human error probability related to the operator who works in a control
room.

Figure 5: Great fire at the petrochemical plant

Step#1: Preliminary Analysis

The emergency activities of the operator in the control room, during a fire in the plant, are
summarized in three steps:
1. Emergency alarm activation and system lock, which provides:
 Total blockade of the ovens;
 Closure of all turbines;
 Closing the propane valve;
 Sequence block of propane handling;
 Closure of the flow control valves;
 Close the control room and join the rest of the fire team.
2. Internal emergency team activation;
3. Request for external aid:
 Ambulance;
 Firemen;
 Policemen.
The model simulated three independent emergency condition scenarios:
 Low hazard: the decision maker held under control the emergency;
 Medium hazard: the decision maker can take wrong decisions on the occurrence of the
emergency;
 Highly hazard: the decision maker can make mistakes with good chances.
Table 4 shows the assumptions for three emergency scenarios.

Table 4: Scenario assumptions

Low hazard Medium hazard High hazard
release flammable
Fire source release liquid gas release flammable gas
gas
Accident jet fire pool fire flash fire
Health consequences no injuries few injuries many injuries
whole plant and nearby
Risk area only a department whole plant
buildings
PSFs value good average bad

Step#2: Evaluation of generic task (GTTs)

The operator in the control room carried out simple and complex actions, even with automation
systems. The choice of three GTTs (Williams, 1986) was carried out through interviews with staff.
The three GTTs (see Table 5) are related to the three activities carried out by the operator
(described in step#1).

Table 5: Generic Tasks of the case study

Generic Task k1 k8 α β
4. Fairly simple task performed rapidly or given scant 0.94 0.87 0.00418 1.5
attention

7. Completely familiar, well-designed, highly practised, 0.99992 0.991 0.00048 1.5

routine task

8. Respond correctly to system command even when there 0.999994 0.99991 4.54E-06 1.5
is an augmented or automated supervisory system

Step#3: Definition of the Weibull distribution function and the human error probability
The simulator calculated the nominal human error probability for three GTTs using Equation (2).
Table 6 describes the HEPnom values for three different tasks during the working hours.
 Table 6: HEPnom

HEP nom
GTT4 GTT7 GTT8
t=1 0.0600 0.00008 0.000006
t=2 0.0639 0.0006 0.000011
t=3 0.0710 0.0014 0.000019
t=4 0.0802 0.0026 0.000030
t=5 0.0909 0.0039 0.000042
t=6 0.1029 0.0055 0.000057
t=7 0.1160 0.0072 0.000073
t=8 0.1948 0.0178 0.000174
t=9 0.2085 0.0198 0.000193
t=10 0.2228 0.0219 0.000212
t=11 0.2377 0.0240 0.000233
t=12 0.2530 0.0263 0.000255
t=13 0.2687 0.0287 0.000279
t=14 0.2847 0.0312 0.000303
t=15 0.3010 0.0338 0.000328
t=16 0.3175 0.0365 0.000353

Step#4: Choice of performance shaping factors (PSFs)

The operators were interviewed, to choose the PSFs values that affect their reliability. The interview
was conducted on 10 professionals who work in the control room. For each operator three
interviews were conducted (once a month). Each operator has been interviewed in three different
shifts (morning, afternoon, night) to realize the heterogeneous analysis. The interview is developed
using a questionnaire with Likert scale (Allen and Seaman, 2007).
The interviews emphasized three fundamental factors:
 Available time: the time needed to receive, check and process the information and make the
decision;
 Stress: the level of the unwanted conditions that prevent the operator to successively carry
out an activity;
 Complexity: the complexity of task performing.
A live interview to operators highlighted these three critical PSFs. Table 7 shows the possible
values of PSFs (Gertman, et al., 2005).
 Table 7: PSFs values

PSF Levels Values

Time available = time required
10
barely adequate time
Nominal time 1
Time available Time available > 5 time required
0.1
(extra time)
Time available > 50 time required
0.01
(expansive time)
Extreme 5
Stress High 2
Nominal 1
Highly complex 5
Moderately complex 2
Complexity
Nominal 1
Obvious diagnosis 0.1

Each accident scenario defines PSFs values. The choice PSFs values are described in Table 8 and
the PSFs correlation values are reported in Table 9 (Boring, 2010).

Table 8: PSFs values

PSF Low hazard Medium hazard Highly hazard

Time available 0.1 1 10
Stress 1 2 5
Complexity 1 2 5

Table 9: Correlation PSFs values

Available Time Stress Stressors Complexity

Available Time 1
Stress Stressors 0.50* 1
Complexity 0.38* 0.35* 1

Step#5: Determination of the complete PSF (PSFcomp)

PSFcomp index was calculated with the equation 4. The equation 6 shows the PSFcomp calculation
for the high hazard scenario simulation.

( ) ( ) [ ( )] (6)
Step#6: Determination of the contextualized human error probability with dependence on
PSFs (HEPcont w/d)
Internal operating conditions (HEPnom) and external environment conditions (PSFcomp) with their
dependence, were combined to calculate the contextualized human error probability (eq. 5). Table
10 shows the HEPcont simulation for three generic tasks in the highly hazardous scenario.

Table 10: HEPcont w/d (Higly hazard)

HEP cont w/d - Higly hazard
GTT4 GTT7 GTT8
t=1 6.83E-01 2.69E-03 2.02E-04
t=2 6.97E-01 1.99E-02 3.71E-04
t=3 7.21E-01 4.52E-02 6.41E-04
t=4 7.46E-01 8.09E-02 1.01E-03
t=5 7.71E-01 1.17E-01 1.42E-03
t=6 7.95E-01 1.57E-01 1.92E-03
t=7 8.16E-01 1.97E-01 2.46E-03
t=8 8.91E-01 3.80E-01 5.84E-03
t=9 8.99E-01 4.05E-01 6.47E-03
t=10 9.06E-01 4.30E-01 7.11E-03
t=11 9.13E-01 4.54E-01 7.80E-03
t=12 9.20E-01 4.77E-01 8.53E-03
t=13 9.25E-01 4.99E-01 9.33E-03
t=14 9.31E-01 5.21E-01 1.01E-02
t=15 9.36E-01 5.41E-01 1.10E-02
t=16 9.40E-01 5.61E-01 1.18E-02

Figure 6 describes the HEPcont w/d trend for three generic tasks in the highly hazardous scenario.

Figure 6: HEPcontw/d (Highly hazardous)

6. Discussion
The aim of the model is the human error probability evaluation, considering internal and external
factors which affect the operator during the emergency. Nominal human error probability grows
with time, due to internal factors, because the operator is tired with the passage of time. In fact, the
nominal human error probability (GTT1) in the first hour it is 6%, while at the sixteenth hour it is
31%. Furthermore, the human reliability depends also on the generic task. For the sixteenth hours of
work and the GTT1, the error probability is 31%, while the human error probability for the GTT8
and the same time it is 0,035%.
The HEPcont w/d value is influenced by the external factors and the environmental factors (PSFs). The
figure 5 shows the GTT1 more reliable compared to the GTT7 and the GTT8 for the highly
hazardous scenario. But the GTT7 and the GTT8 have a rate of growth higher than the GTT1. The
study defines a guideline for strategic development to minimize human errors. The results analysis
shows that, the error probability depends on three elements: action, time and environment. The
organizational system must analyze three factors to limit the consequences that increase the human
error probability. It is important to act on the dangers by strengthening the instrumentation of the
control room, and especially, improving man-machine interaction. A proper distribution of breaks
could reduce the individual probability of error, especially during the last hours of the session. The
obtained results make it possible to highlight the following improvement areas:
 1. adoption of correction and improvement measures of activities and work processes (work
breaks, improved ergonomics, strengthening the instruments for controlling, logistics
improvements, reduced danger associated with the error in the initial diagnosis);
2. investments to process improvement;
3. introduction of organizational measures to improve safety in the plant;
4. upgrades of the analytical method and the scenario simulator;
5. refinement of the method of analysis, introducing additional site-specific parameters.

7. Conclusions
Many industrial accidents in the last decades are caused by the human error. The aim of this work is
has been to develop development of a simulator for the human error probability analysis during an
emergency condition. The simulator is very flexible since it can be used in different scenario. One
of the main feature of the proposed model is the possibility to evaluate evaluates internal and
external factors that can affect operators’ decision in emergency conditions. Internal factors are
represented by the generic task with their reliability. External factors are represented by the
performance shaping factors. The output of the system is the calculation of the human error
probability. The model is based on SHERPA simulator and on performance shaping factors
dependences. The simulator shows a growing trend of error probability in relation to the time. The
numerical results can be used as a preventive emergency analysis to formulate the strategies about
the continuous improvement of the processes and the reduction of occupational risk. The model
allows to simulate the emergency management activities and it allows to increase the control of the
operator’s skill during an emergency conditions. Future research aims to investigate how PSFs can
change after the normal working hour taking into account the response of a generic operator after
the 8th hour of work.

Acknowledgments
This research represents a result of research activity carried out with the financial support of MiuR,
namely PRIN 2012 “DIEM-SSP, Disasters and Emergencies Management for Safety and Security
in industrial Plants”.

References

Allen, I. E., & Seaman, C. A. (2007). Likert scales and data analyses. Quality progress, 40(7), 64.

Bello, G. C., Colombari, V., 1980. The human factors in risk analyses of process plants: The control
room operator model ‘TESEO’. Reliability engineering, 1, 3-14.

Boring, R., 2005. Human Reliability Analysis Methods for Space Safety. Idaho National
Laboratory-Dec, 7.

Boring, R. L., 2010. How Many Performance Shaping Factors are Necessary for Human Reliability
Analysis?. In Proceedings of the 10th International Probabilistic Safety Assessment & Management
Conference (PSAM10), Seattle, WA.

Calixto, E., Alves Lima, G.B., Renato, P., Firmino, A., 2013. Comparing SLIM, SPAR-H and
Bayesian Network Methodologies. Journal of Science and Technology, 3, 31-41.
Chepin, M., 2008. Importance of human contribution within the human reliability analysis. Journal
of Loss prevention in the process industries, 21, 268-276.

Chiodo, E., Gagliardi, F., & Pagano, M. (2004). Human reliability analyses by random hazard rate
approach. COMPEL-The international journal for computation and mathematics in electrical and
electronic engineering, 23(1), 65-78.

Colangelo, F., 2012. The human factor in risk assessment methods in the workplace. Archive of
issues, 3.

Cooper, S. E., Wreathall, J., Thompson, C., Drouin, M., Bley, D., 1996. Knowledge-base for the
New Human Reliability Analysis Method: A Technique for Human Error Analysis (ATHEANA).
In International topical meeting on probabilistic safety assessment moving toward risk based
regulation, Park City, UT (US).

De Ambroggi, M., Trucco, P., 2011. Modelling and assessment of dependent performance shaping
factors through Analytic Network Process. Reliability Engineering and System Safety, 96, 849-860.

De Felice, F., & Petrillo, A., 2011. Methodological Approach for Performing Human Reliability
and Error Analysis in Railway Transportation System. International Journal of Engineering and
Technology, 3, 341-353.

De Felice, F., Petrillo, A., Carlomusto, A., 2012. A review of human reliability analysis:
Management practices and techniques. Global Journal of Management Science and Technology, 1,
1-17.

De Felice, F., Petrillo, A., Di Salvo, B., Zomparelli, F., 2016. Prioritising the safety management
elements through ahp model and key performance indicators. Internarional conference on modeling
and applied simulation (MAS) 2016.

De Felice, F., Petrillo, A., Zomparelli, F., 2016. A Hybrid Model for Human Error Probability
Analysis. IFAC Papers on Line, 49(12), 1673-1678.

Di Bona, G., Duraccio, V., Silvestri, A., Forcina, A., 2014. Validation and application of a safety
allocation technique (integrated hazard method) to an aerospace prototype. Proceedings of the
IASTED International Conference on Modelling, Identification and Control, 2014, pp. 284-290

Di Pasquale, V., Miranda, S., Iannone, R., Riemma, S., 2015. A Simulator for Human Error
Probability Analysis (SHERPA). Reliability Engineering & System Safety, 139, 17-32.

Di Pasquale, V., Iannone, R., Miranda, S., Riemma, S., 2013. An overview of human reliability
analysis techniques in manufacturing operations. INTECH Open Access Publisher.

Duraccio, V., Di Falcone, D., Bona, G., Silvestri, A., Forcina, A., 2015. Chemical risk evaluation:
Application of the Movarish methodology in an industry of the textile sector. Proceedings of the
27th European Modeling and Simulation Symposium, EMSS 2015, pp. 451-456.

Elmaraghy, W. H., Nada, O. A., ElMaraghy, H. A., 2008. Quality prediction for reconfigurable
manufacturing systems via human error modelling. International Journal of Computer Integrated
Manufacturing, 21, 584-598.
Simon, F., Adhikari, S., Bayley, C., Bedford, T., Busby, J., Cliffe, A., Soane, E., 2009. Human
Reliability Analysis: A Review and Critique.

Gertman, D. I., & Blackman, H. S. (1994). Human reliability and safety analysis data handbook.
John Wiley & Sons.

Gertman, D. I., Blackman, H. S., Marble, J. L., Byers, J., Smith, C., 2005. The SPAR-H Human
Reliability Analysis Method. U.S. Nuclear Regulatory Commission, NUREG/CR-6883, INL/EXT-
05-00509, Washington DC, USA.

Hannaman, G. W., Spurgin, A. J., 1984. Systematic human action reliability procedure (SHARP)
(No. EPRI-NP-3583). NUS Corp., San Diego, CA (USA).

Hannaman, G. W., Spurgin, A. J., Lukic, Y., 1985. A model for assessing human cognitive
reliability in PRA studies. In Conference record for 1985 IEEE third conference on human factors
and nuclear safety.

He, X., Van Nes, F., 2012. Experience from adapting structured HRA methods to the oil and gas
industry. The annual European safety and reliability conference 2012, 2, pp. 1019-1025.

Hollnagel, E., 1996. Reliability analysis and operator modeling. Reliability Engineering & System
Safety, 52, 327-337.

Hollnagel, E., 1998. Cognitive reliability and error analysis method (CREAM). Elsevier.

Huges, C.M.L., Baber, C., Bienkiewicz, M., Worthington, A., Hazell, A., Hermosdorfer, J., 2015.
The application of SHERPA (Systematic Human Error Reduction and Prediction Approach) in the
development of compensatory cognitive rehabilitation strategies for stroke patients with left and
right brain damage. Ergonomics, 58, 75-95.

Janius, R., Abdan, K., Zulkaflli, Z.A., 2017. Development of a disaster action plan for hospitals in
Malaysia pertaining to critical engineering infrastructure risk analysis. International Journal of
Disaster Risk Reduction, 21, pp. 168-175

Jung, W, Park, J., Ha, J., 2007. Analysis of an operators’ performance time and its application to a
human reliability analysis in nuclear power plants. Nuclear Science, IEEE Transactions on, 54,
1801-1811.

Kim, I.S., 2001. Human reliability analysis in the man machine interface design review. Annals of
nuclear energy, 28, 1069-1081.
Kirwan, B., 1996. The validation of three human reliability quantification techniques – THERP,
HEART and JHEDI. Part 1: technique descriptions and validation issues. Applied Ergonomics, 27,
359–373.
Kariuki, S.G., Löwe, K., 2007. Integrating human factors into process hazard analysis. Reliability
Engineering & System Safety, 92, 1764-1773.

Konstandinidou, M., Nivolianitou, Z., Kiranoudis, C., Markatos, N., 2006. A fuzzy modeling
application of CREAM methodology for human reliability analysis. Reliability Engineering &
System Safety, 91, 706-716.
Lu, H., Zhen, H., Mi, W., Huang, Y., 2015. A physically based approach with human-machine
cooperation concept to generate assembly sequences. Computers & Industrial Engineering, 89, 213-
225.

Lundqvist, P., Bengt, G., 1992. Accidents and accident prevention in agriculture review of selected
studies. International Journal of Industrial Ergonomics, 10, 311-319.

McLoughlin, D. (1985). A framework for integrated emergency management. Public

Administration Review, 45, 165-172.

Mendonca, D., Beroggi, G. E., & Wallace, W. A. (2001). Decision support for improvisation during
emergency response operations. International journal of emergency management, 1(1), 30-38.

Park, K.S., Lee, J., 2008. A new method for estimating human error probabilities: AHP-SLIM.
Reliability Engineering & System Safety, 93, 578-587.

Pinto, J.M.O., Frutuoso, E Melo, P.F., Saldanha, P.L.C., 2014. A DFM/fuzzy/atheana human failure
analysis of a digital control system for a pressurizer. Nuclear Technology, 188, 20-33.

Rasmussen, M., Standal, M.I., Laumann, K., 2015. Task compleity as a performance shaping factor:
A review and recommendations in standardized plant analysis risk human reliability nalysis (SPAR-
H) adoption. Safety Science, 76, 228-238.

Rosa, E. A., Humphreys, P. C., Spettell, C. M., Embrey, D. E., 1985. Application of SLIM-MAUD:
a test of an interactive computer-based method for organizing expert assessment of human
performance and reliability. Volume 1. Main report (No. NUREG/CR-4016-Vol. 1; BNL-NUREG-
51828-Vol. 1). London School of Economics and Political Science (UK). Dept. of Social
Psychology; Human Reliability Associates Ltd., Parbold, Lancashire (UK); Brookhaven National
Lab., Upton, NY (USA).

Scott, Z., Few, R., 2016. Strengthening capacities for disaster risk management I: Insights from
existing research and practice. International Journal of Disaster Risk Reduction, 20, pp. 145-153.

Shanmugan, A., Paul Robert, T., 2015. Ranking of aircraft maintenance organization based on
human factor performance. Computers & Industrial Engineering, 88, 410-416.

Sheridan, T.B., William, R.F., 1974. Man-machine systems. Information control and decision
models of human performance. The MIT press.

Stanton, N. A., Salmon, P., Harris, D., Marshall, A., Demagalski, J., Young, M. S., Dekker, S.,
2009. Predicting pilot error: Testing a new methodology and a multi-methods and analysts
approach. Applied ergonomics, 40, 464-471.

Swain, A. D., 1964. THERP (No. SC-R-64-1338). Sandia Corp., Albuquerque, N. Mex.

Swain, A. D., Guttmann, H. E., 1983. Handbook of human-reliability analysis with emphasis on
nuclear power plant applications. Final report (No. NUREG/CR-1278; SAND-80-0200). Sandia
National Labs., Albuquerque, NM (USA).

Trucco, P., Leva, M. C., 2007. A probabilistic cognitive simulator for HRA studies (PROCOS).
Reliability Engineering and System Safety, 92, 1117–1130.
Wang, H. D., Gao, W., 2006. Study on erroneous operation due to human factor based on human
cognitive reliability (HCR) model. China Safety Science Journal (CSSJ), 7, 009.

Williams, J. C., 1985. Validation of human reliability assessment techniques. Reliability

Engineering, 11(3), 149-162.

Williams, J. C. (1986, April). HEART–a proposed method for assessing and reducing human error.
In 9th Advances in Reliability Technology Symposium, University of Bradford.

Yang, Y., Chen, X., Zhang, J., Kang, R., 2014. Human reliability test and identification of HCR
model basic parameters for multi-factor “Meta-Operation”. Safety and reliability conference,
ESREL 2014, pp. 989-996.

Xu, P.-J., Peng, Q.-Y., Wen, C., Guo, J.-W., Zhan, S.G., 2014. Human reliability analysis on high-
speed train dispatcher based on THERP and markov theories. Journal of transportation Systems
Engineering and Information Technology, 14, 133-140.
Zhou, X., Deng, X., Deng, Y., & Mahadevan, S. (2017). Dependence assessment in human
reliability analysis based on D numbers and AHP. Nuclear Engineering and Design, 313, 243-252.

Zhou, X., Shi, Y., Deng, X., & Deng, Y. (2017). D-DEMATEL: a new method to identify critical
success factors in emergency management. Safety science, 91, 93-104.

Figure 1: HRA number of publications (Scopus source)

 % HRA Publications

1% HEART
15%
29% CREAM
12%
SHERPA
11% SPAR-H
5% 27% THERP
TESEO
ATHEANA

Figure 2: Percentage HRA publications (Scopus source)

Figure 3: Methodological approach and steps
Figure 4: Weibull function forms
Figure 5: Great fire at the petrochemical plant
Figure 6: HEPcontw/d (Highly hazardous)