CHAPTER 3

HUMAN- MACHINE
SYSTEMS
 Objectives of this chapter

• To understand what a systems and human machine systems

are , its characteristics , the functions of system components.
• To understand what is system reliability.
• To appreciate that human error cannot be totally eliminated;
it must be controlled.
• To understand the different types of errors, their
implications, avoiding and managing error.
• To recognize where the individual it most prone to error.
• To guard against error.
• To achieve a reasonable practical knowledge of the main
error models and theories.
• To understand the main error types (eg. Slips, lapses,
mistakes) and how these differ from violations.
 Objectives Cont
• To understand the different types and causes of violations.
• To avoid violating procedures and rules.
• To strive towards eliminating situations which may provoke
violations.
• To achieve a good understanding of well-known incidents in
terms of errors leading to the incidents.
• To appreciate that it is not errors themselves which are the
problem, but their consequences if undetected or
uncorrected.
• To understand the different ways of reducing errors and
mitigating their consequences.
• To basic understanding of the main human reliability
concepts, and how these relate to risk assessment.
 HUMAN- MACHINE SYSTEMS

INTRODUCTION
• A central and fundamental concept in human
factors is the system.
• A system is an entity that exists to carry out
some purpose.
• Is composed of humans, machines and other
things that work together (interact) to
accomplish some goals which these same
components could not produce
independently.
 HUMAN- MACHINE SYSTEMS

• Is a combination of one or more human beings

and one or more physical components interacting
to bring about from the given inputs some desired
output.
• A machine consists of virtually any type of
physical object, device, equipment, facility, thing
or what have you that people use in carrying out
some activity that is directed towards achieving
some desired purpose or in performing some
function.
 HUMAN- MACHINE SYSTEMS

• Human-machine system (simply referred as a system)

can be a person with a hoe, a hammer or a hair curler.
• - Up the scale of complexity, a family automobile,
an office machine, a lawn mower etc. each equipped
with its operator is a system.
• - More complex systems include aircraft, bottling
machines, telephone systems and automated oil
refineries along with their personnel.
• - The essential nature of people’s involvement in
a system is an active one, to fulfil the function for
which the system is designed for.
This shows how the displays of a machine serve as stimuli for an operator,
trigger some type of information processing on the part of the operator
(including decision making) which in turn results in some action (as in the
operation of a control mechanism) that controls the operation of the
machine.
 Classes of Human-machine Systems

• Are characterised by the degree of manual versus machine

control.
• Systems generally considered in three broad classes: manual,
mechanical and automatic.
• Manual Systems. A manual system consists of hand tools and
other aids which are coupled by a human operator who controls
the operation. Operators of such systems use their own physical
energy as the power source.
• Mechanical Systems. These systems (also referred to as semi-
automatic systems) consists of well-integrated physical parts,
such as various types of powered machine tools. They are
generally designed to perform their functions with little
variation. The power typically is provided by the machine and
the operator’s function is essentially one of control usually by
the use of control devices.
• Automatic Systems. When a system is fully
automated it performs all operations with little or
no human intervention. Robots are a good
example of an automated system. Some people
have the mistaken belief that since automated
systems require no human intervention they are
not human machine system and involve no human
factors considerations. Nothing could be further
from the truth. All automated systems require
humans to install program, reprogram and
maintain them. Automated systems must be
designed with the same attention paid to human
factors that would be given to any other type of
human-machine system.
 Characteristics of Systems

• System are purposive. Every system must have a purpose or else it is

nothing more than a collection of odds and ends. The purpose of
system is the system goal, objective and systems can have more
than one.
• System can be Hierarchical. Some systems can be considered to
be parts of larger systems. A given system may be composed of
more molecular systems (also called subsystems). At the lowest
level a system is made up of various components
• Systems operate in an environment. The environment of a system
is everything outside its boundaries. Depending on how the
system’s boundaries are drawn the environment can range from
the immediate environment (such as a workstation, a lounge chair,
or a typing desk) through the intermediate (such as a home, an
office, a factory, a school or a football stadium) to the general (such
as a neighbourhood, a community, a city or a highway system
 Components Functions

• Components serve four basic functions:

• Sensing (information receiving),
• Information storage
• Information processing
• Decision and action function

• 1. Sensing (information receiving) – Some of the information

entering a system is from outside the system for example
airplanes entering the area of control of a control-tower operator,
an order for the production of a product or the heat that sets off
an automatic fire alarm. Some information may originate inside
the system itself, such as feedback (such as the reading on the
speedometer from an action on the accelerator) or it can be
information that is stored in the system.
• 2. Information storage: For human beings, information storage is
synonymous with memory of learned material. Information can be
stored in physical components in many ways as on magnetic tapes and
disks, templates, records and tables of data most of the information that
is stored for later use is coded or symbolic form.
• 3. Information processing and decision: Embraces various types of
operations performed with information that is received (sensed) and
information that is stored. When human beings are involved this process,
simple or complex, typically results in a decision to act (or in some
instances, a decision not to act). When mechanised or automated
machine components are used, their information processing must be
programmed in some way.
• 4. Action functions. Are those operations which occur as a
consequence of the decisions that are made. These functions fall roughly
into two classes. The first is some type of physical control action or
process such as the activation of certain control mechanisms or the
handling, movement, modification or alteration of materials or objects.
The other is essentially a communication action be it by voice (in human
beings), signals, records or other methods.
 SYSTEM RELIABILITY

• Unfortunately, nothing lasts forever things break or

just fail.
• The reliability of a system or component is to
characterise a system’s dependability of
performance (including people) in carrying out an
intended function.
• Reliability is usually expressed as the probability of
successful performance
• Another measure of reliability is Mean Time to
Failure (MTF). There are several possible variations,
but all relate to the amount of time a system or
individual performs successful,
 SYSTEM RELIABILITY
• If a system includes two or more components
(machine or human or both) the reliability of
the composite system will depend on the
reliability of individual components and how
they are combined within the system.
Components can be combined within a system
in series, in parallel or in a combination of
both.
 SYSTEM RELIABILITY
• Components in Series (or sequence). The successful
performance of the total system depends on successful
performance of each and every component, person or machine.
By taking some semantic liberties, we could assume components
to be in series that may, in fact be functioning concurrently and
interdependently, such as a human operator using some type of
equipment. In analysing reliability data in such cases, two
conditions must be fulfilled: (1) failure of any given component
results in system failure (2) the component failures are
independent of each other. When these assumptions are
fulfilled, the reliability of the system for error-free operation is
the product of the reliabilities of the several components. As
more components are added in series the reliability of the system
decreases.
 SYSTEM RELIABILITY
• Components in Parallel: With parallel
components two or more in some way are
performing the same function.
• This is sometimes referred to as a backup, or
redundancy, arrangement-one component backs
up another so that if one fails, the other can
successful perform the function.
• In order for the entire system to fail, all the
components in parallel must fail. Adding
components in parallel increases the reliability of
the system.
 Comment
• System reliability is viewed as static and unchanging.
However from our own experience and reality
reliability changes as a function of time (usually it gets
worse).
• The probability that a 10 year old car will start is
probably lower than it was when the car was 1 year
old.
• The same sort of time dependency applies to the
reliability of human only over shorter periods. The
probability of successful human performance often
deteriorates over just a few hours of activity.
 Human Error

• Human error is an inappropriate or undesirable

human decision or behaviour that reduces or has the
potential for reducing, effectiveness, safety or system
performance.
Definition brings two things
• (1) Undesirable effect or potential effect on system
criteria or on people. E.g. forgetting to pack cookies in
a lunch box for an aircraft tech to work is not human
error but forgetting to take safety shoes, overall,
goggles, ear plugs into the flight line would be.
(2) An action does not have to result in degraded system
performance or an undesirable effect on people to be
considered an error. An error that is corrected before
it can cause damage is an error nonetheless. The
important point is that an action must have the
potential for adversely affecting system or human
criteria.
• Tendency among some to view errors as those of
“operators’, other people involved in the design and
operation of systems also can make errors, such as
equipment designers, managers, supervisors and
maintenance personnel.
Therefore, in talking about human error, we should
consider the entire system and not focus only on the
operator.
 AVIATION
HUMAN ERROR
INTRODUCTION
• Long been acknowledged that human
performance is at times imperfect.
• Roman philosopher Cicero cautioned “It is the
nature of man to err”.
• It is clear that aircraft maintenance
engineering depends on the competence of
engineers.
 ERROR.
“ERROR is a generic term which encompasses all
those occasions in which a planned sequence
of mental or physical activities fails to achieve
its intended outcome and when these failures
cannot be attributed to the intervention of
some chance agency.”
• In the past, aircraft components and systems
were relatively unreliable. Modern aircraft by
comparison are designed and manufactured
to be highly reliable. As a consequence, it is
more common nowadays to hear that an
aviation incident has been caused by “human
error”.
 Key role how aircraft maintenance
engineers play in keeping modern aircraft
reliable.
• “Because civil aircraft are designed to fly safely for an
unlimited time provided defects are detected and
repaired, safety becomes a matter of detection and
repair rather than one of aircraft structural failure. In
an ideal system, all defects which could affect flight
safety will have been predicted in advance, located
positively before they become dangerous, and
eliminated by effective repair. In one sense, then, we
have changed the safety system from one of physical
defects in aircraft to one of errors in complex human-
centered systems”.
 Human Error Classification Schemes

• Various error classification schemes have been

developed over the years. An effective classification
scheme can be of value in organizing data on human
errors and for giving useful insights into the ways in
which errors are caused and how they might be
prevented.
• We will briefly discuss a few such schemes to illustrate
the thinking in the area.
• Discrete - Action Classification: One of the simplest
classification schemes for individual, discrete actions is
that used by Swain and Guttman (1983). Covers the
following:
• Errors of omission: This is failure to do something e.g. an
electrician was electrocuted because he forgot to completely
disconnect power to a substation he was working on.
• Errors of Commission. This involve performing an act
incorrectly. E.g. A mechanic sitting on a conveyer belt called to
his partner to lightly hit the start button to jog the belt forward
a few inches but the partner lost his balance momentarily and
hit the button hard enough to actually start the belt moving at
high speed resulting in the mechanic being pulled between the
belt and steel support.
• A sequence error (really a subclass of error of commission)
occurs when a person performs some task or step in a task out
of sequence).
• A timing error (also a subclass of commission) occurs when a
person fails to perform an action within the allotted time, either
performing too fast or too slowly e.g. taking too long to remove
one’s hand from a work piece in a drill can result in a nasty
 ERROR MODELS and THEORIES.
Error models and theories mostly suited to
the aviation industry are:
1. DESIGN –vs-OPERATOR INDUCED ERRORS.
2. VARIABLE-vs-CONSTANT ERRORS.
3. REVERSIBLE-vs-IRREVERSIBLE ERRORS.
4. SLIPS,LAPSES & MISTAKES.
5. SKILL,RULE and KNOWLEDGE BASED
BEHAVIOURS and ASSOCIATED ERRORS
6. THE ‘SWISS-CHEESE MODEL’
 Design vs Operator-induced errors.

• Errors by aircraft designers. It may be maintained

well but safety is still compromised
• Flawed procedures (airline, maintenance
organization, ATC management) may also lead to
operational problems
• An incident or accident can be the result of more
than one error made by maybe more than one
person.
• Breaching of error defenses and a combination of
errors will result in compromising of safety.
 Variable vs Constant errors.
Two types of HUMAN ERROR;
1. VARIABLE—random in nature
2. CONSTANT –consistent and systematic
pattern (erroneous)
• Constant errors are predictable and therefore
controlled
• Variable errors cannot be predicted and are
much harder to deal with.
 Reversible vs Irreversible errors.
• Reversible can be recovered from

• Irreversible no recovery
E.g. If a pilot miscalculates the fuel he should carry, he
may have to divert to a closer airfield, but if he dumps his
fuel, he may not have many options open to him.
 A well designed system or procedure will ensure that
errors made by a/c maintenance engineers are
reversible.

Thus, if an engineer installs a part incorrectly, it should be spotted and

corrected before the aircraft is released back to service by supervisory
procedures in place.
 Slips, lapses and mistakes

• Slips can be thought of as actions not carried

out as intended or planned, e.g. ‘transposing
digits when copying out numbers, or
misordering steps in a procedure.
• Lapses are missed actions or omissions e.g.
forgetting to replace an engine cowling.
• Mistakes are errors brought about by a faulty
plan/intention, i.e. doing something believing
it to be correct when it was, In fact wrong.
 Violations
• Violations sometimes appear to be human errors,
but they differ from slips, lapses and mistakes
because they are deliberate ‘illegal’ actions, i.e.
somebody did something knowing it to be against
the rules (e.g. deliberately failing to follow proper
procedures).
• Aircraft maintenance engineers may consider that a
violation is well-intentioned, i.e. ‘cutting corners’ to
get a job done on time. However, procedures must
be followed appropriately to help safeguard safety.
 Behaviours of Aircraft
Maintenance Engineers
Is broken down into three distinct
categories:

• Skill based--behaviors

• Rule based--behaviors

• Knowledge based-
 Skill Based Behaviours and Associated
Errors
• Skill based behaviors relys on stored routines
or motor programmes that have been learned
with practice and may be executed without
conscious thought.

• Associated Errors -action slips, environmental

capture & reversion
• an engineer realizing he needs a certain
wrench to complete a job but, because he is
distracted by a colleague, picks up another set
to the wrong torque and fails to notice that he
has tightened the bolts incorrectly.
 Environmental capture
• Occurs when an engineer carries out a certain
task very frequently in a certain location.
Thus, an engineer used to carrying out a
certain maintenance adjustment on air airbus
A300, may inadvertently carry out this
adjustment on the next A300 he work on,
even if it is not required (and he has not made
a conscious decision to operate the skill).
 Reversion
• Occurs once a certain pattern of behaviour has been
established, primarily because it can be very difficult
to abandon or unlearn it when it is no longer
appropriate. Thus, an engineer may accidentally
carry out a procedure that he has used for years, even
though it has been recently revised. This is more
likely to happen when people are not concentrating
or when they are in a stressful situation.(Reverting to
old procedure instead of the new revised version)
 Rule- Based Behaviours and Associated
Errors
• Rule based--behaviors are those for which a routine or
procedure has been learned and may comprise a set of
discrete skills. Rule-based behaviour is generally fairly
robust and this is why the use of procedures and rules
is emphasized in aircraft maintenance.
• Errors here are related to the use of the wrong rule or
procedure. E.g. an engineer may misdiagnose a fault
and thus apply the wrong procedure, thus not cleaning
the fault. Errors here are also sometimes due to faulty
recall of procedures. For instance, not remembering
the correct sequence when performing procedure.
 Knowledge- Based Behaviours and
Associated Errors
• Knowledge-based behaviors are those for which no procedure
has been established. These require the [aircraft maintenance
engineer] to evaluate information, and then use his knowledge
and experience to formulate a plan for dealing with the
situation”.
• Errors at the knowledge-based performance level are related to
incomplete or incorrect knowledge or interpreting the situation
incorrectly. An example of this might be when an engineer
attempts an unfair repair task and assumes he can ‘work it out’.
Once he has set out in this way, he is likely to take more notice
of things that suggest he is succeeding in his repair, while
ignoring evidence to the contrary (confirmation bias).
 The ‘Swiss Cheese Model’

Swiss-cheese model
The Accident causation model was proposed by
Reason in 19902 as a systems approach to
understanding organizational accidents. The
model has also being incorporated by ICAO
within its human factors documentation and
training policy (in aviation, the model is often
represented, and referred to, as the "Swiss-
cheese model").
 The ‘Swiss Cheese Model’
• There are defences set up against human
error.
• Examples are;
1. Duplicate inspection
2. Pilot pre-flight functional checks etc., which help
to ‘trap’ human errors, reducing likelihood of
negative consequences.
3. These defences have been portrayed as slices of
cheese.
The ‘Swiss Cheese Model’
 Reason’s Swiss Cheese Model
• Some failures are latent, meaning that they have been made
at some point in the past and lay dormant. This may be
introduced at the time an aircraft was designed or may be
associated with a management decision. Errors made by
front line personnel, such as aircraft maintenance engineers,
are ‘active’ failures. The more holes in a system’s Defenses,
the more likely it is that errors result in incidents or accidents,
but it is only in certain circumstances, when all holes ‘line up’,
that these occur. Usually, if an error has breached the
engineering Defenses, it reaches the flight operations
Defenses (e.g. in flight warning) and is detected and handled
at this stage. However, occasionally in aviation, an error can
breach all the defenses (e.g pilot ignores an in flight warning,
believing it to be a false alarm) and a catastrophic situation
ensues.
 Errors in Maintenance tasks
Errors are inevitable as aircraft maintenance engineers are human.

Any maintenance task performed on an aircraft is an opportunity for human error to

be introduced.

Errors in aircraft maintenance engineering take two specific forms;

1. An error that results in a specific aircraft problem that was not there before
the maintenance task was initiated; Examples are incorrect installation of line
replaceable units, failure to remove a protective cap from a hydraulic line before
reassembly or damaging an air duct used as a foothold while gaining access to
perform a task.
2. An error that results in an unwanted or unsafe condition remaining
undetected while performing a maintenance task designed to detect aircraft
problems--- something is missed. Examples are a structural crack unnoticed
during a visual inspection task or a faulty avionics box that remains on the
aircraft because incorrect diagnosis of the problem led to removal or the wrong
box
 ERRORS during REGULAR and LESS FREQUENT
MAINTENANCE TASKS.

ROUTINE TASKS ARE PRONE TO;

 COMPLACENCY
 ENVIRONMENTAL CAPTURE
 RULE BASED ERRORS
 SLIPS & LAPSES
 DISPENSING WITH WRITTEN GUIDANCE
 ERRORS OF JUDGMENT -An engineer may mistakenly
select the wrong procedure or parts
 VIOLATIONS
ANY DELIBERATE DEVIATIONS FROM THE
RULES, PROCEDURES, INSTRUCTIONS AND
REGULATIONS
 TYPES OF VIOLATIONS.
• ROUTINE
• SITUATIONAL
• OPTIMIZING
• EXCEPTIONAL

TIME PRESSURE AND HIGH WORKLOAD INCREASE THE

LIKELIHOOD OF VIOLATIONS OCCURING.
 Routine Violations.
• Are things which have become the normal way of doing
something individually or within the person’s working
group.
• Involve cutting corners------ to save time and energy and
procedures maybe over prescriptive and skilled people
tend to think that they know best.
• Usually occur at the SKILL-based level of performance.

• Examples are not performing an engine run after a

borescope inspection (“it never leaks”). Or not changing
the ‘O’ seals on the engine gearbox drive pad after a
borescope inspection (“they are never damaged”).
 Situational Violations
Non-compliance in order to get the job done.
 These occur due to factors existing at a particular time; e.g
time pressure due to unrealistic deadlines, high workload,
unworkable procedures, inadequate tooling and poor
working conditions.
 Occur when a procedure cannot be followed to get the job
done.
 An example is an incident which occurred where the door of
a B747 came open in-flight. An engineer with a tight deadline
discovered that he needed a special jig to drill off a new door
torque tube. The jig was not available, so the engineer
decided to drill the holes by hand on a pillar drill. If he had
complied with the maintenance manual he could not have
done the job and the aircraft would have missed the service.
 Optimizing Violations
• Breaking rules for “kicks”

• Opportunity to satisfy a personal need and

might not be associated to the actual task.
• An example would be an engineer who
has to go across the airfield and drives
there faster than permitted.
 Exceptional Violations
• Are typified by particular tasks or
operating circumstances that make
violations inevitable, no matter how well
intentioned the engineer might be.
• Isolated departures from authority and do
not necessarily indicate a behavior pattern
and not normally condoned by authority.
• Very difficult to predict.
 DIFFERENCES BETWEEN ERRORS AND VIOLATIONS
ERROR
Unintended
Due to improper information
and knowledge
Reduced by improving
information and knowledge
Independent of age or
gender
VIOLATION
Usually deliberate
Due to motivational factors---
shaped by beliefs, attitudes,
social norms and culture.
Reduced by changing
beliefs, attitudes, social
norms and culture
Related to age and gender
 VIOLATION BALANCE SHEET
PERCEIVED BENEFITS UNPERCEIVED BENEFITS
Easier way of working Accident to aircraft
Saves time Injury to self/others
More exciting Damage to assets
Gets the job done Costly to repair
Shows skill Punishment
Meets deadlines Loss of job/promotion
Looks macho Disapproval of peers
 Errors due to individual practices
and habits
• Where procedures allow some leeway, aircraft maintenance
engineers often develop their own strategies or preferred way
of carrying out a task.
• Often a good rule or principle is one that has been
successfully used in the past. They then become rules of
thumb for everyday use.

• Problems occur when the rule or principle is wrongly applied.

E.g. aircraft pipe couplings are normally right hand threads
but applying this ‘normally good rule’ to an oxygen pipe
(having a left hand thread) could result in damage to the pipe.

• Engineers may pick up some ‘bad rules’, leading to bad habits

during their working life, as a driver does after passing his
driving test.
Errors Associated With Visual Inspection

• TYPE 1 ERRORS – occur when a good item is

incorrectly identified as faulty --are not a safety
concern per se, except that it means that resources are
not being used most effectively, time being wasted on
further investigation of items which are not genuine
faults.

• TYPE 2 ERRORS – when a faulty item is missed, these

are the dangerous ones.---if the fault (such as a crack)
remains undetected, it can have serious consequences
(as was the case in the Aloha accident, where cracks
remained undetected.
 CAUSES of MAINTENANCE INCIDENTS

Reason analyzed the reports of 122

maintenance incidents occurring within a major
airline over a 3 year period. He identified the
main causes as being:
• OMISSIONS 56%
• INCORRECT INSTALLATIONS 30%
• WRONG PARTS 8%
• OTHER 6%
 Reason’s findings
Is a representative for the aircraft maintenance
industry as a whole.
Omissions can occur for a variety of reasons,
such as forgetting deviation from a procedure
(accidental or deliberate), or due to distraction.
The B737 double engine oil loss incident, in
which the HP rotor drive covers were not
refitted is an example of omission.
• Incorrect installation is unsurprising, as there
is usually only one way in which something
can be taken apart but many possible ways in
which it can be reassembled. E.g. a bolt and
several nuts asking the questions (a) how
many ways can this be disassembled? (the
answer being 1) and (b) how many ways can it
be reassembled? (the answer being about
40,000, excluding errors of omissions!).
• Wrong parts--In the BAC1-111 accident in
June 1990, the error was fitting the wrong
bolts to the windscreen
THERE IS ONLY ONE WAY TO DISMANTLE BUT
MORE THAN 40000 WAYS TO ASSEMBLE
 Implications of Errors (i.e Accidents

The Iceberg Model

• Accidents are the observable manifestations
of error.
• Like an iceberg which has most of its mass
beneath the waterline, the majority of errors
do not result in actual accidents.
 Incidents
• Errors that do not cause accidents but still
cause a problem are called incidents.
• They do not become serious because of
defences built into the maintenance system.
• They are important as they may warn of a
potential future accident should the error
occur in different circumstances.
• All maintenance incidents are to be reported.
 Errors and Incidents.
• Defenses built in the maintenance system prevent
incidents becoming serious.
• Mandatory Occurrence Reporting System (MORS).
• Confidential Human Factors Incident Reporting
Programme (CHIRP) --provides an alternative reporting
mechanism for individuals who want to report safety
concerns and incidents confidentially
• The positive aspects of human error require that a/c
maintenance engineers learn from their own errors and
errors made by others in the industry.
• Errors may result from a failure or weakness inherent in
the system.
• An environment must be provided in which errors are
openly investigated so that the root causes and
contributing factors of maintenance errors can be
addressed.
 Error detection
• Errors made by maintenance engineers are spotted
almost immediately they are made and corrected.
• The engineer may detect his error, or colleagues,
supervisors or quality control.
It is vital that aircraft maintenance engineers learn
from their own errors and from the errors made by
others in the industry. These powerful and
persuasive lessons are the positive aspects of
human error.
 Blame
• The engineer who last worked on the aircraft
is usually considered to be at fault.
• Blame does not necessarily act as a positive
force in maintenance – it discourages
engineers from ‘coming clean’ about their
errors.
 Error management measures
• Minimize error liability of individual or team.
• Reduce error vulnerability of particular tasks
or task element.
• Discover, assess and eliminate error producing
factors.
• Diagnose org factors that create error
producing factors within the individual, team
the task or workplace
 Purpose of Error Management.

• Prevent errors from occurring;-----predict

where errors are likely to occur and put
preventive measures; put in place a Safety
Management System (SMS).
• Eliminate or Mitigate the bad effects of errors.
 Components of Error Management.

I. Error Containment
II. Error Reduction
 Error prevention
• To prevent errors, it is necessary to predict
when they are most likely to occur and put
measures against them.
• Incident reporting schemes such as MORS do
this for the industry as a whole.
• Within an organization, data on incidents,
errors and accidents should be captured on a
safety management system.
• Enhance error detection
• Increase the error tolerance.
• Make latent conditions more visible to those
who operate and manage the system.
• Improve the Org intrinsic resistance to human
fallibility.
 Minimizing errors
• Since errors cannot be totally eliminated they
should be kept at a minimum.
• Engineers must make sure to follow
procedures.
• Procedures should be correct and usable,
presented in a user friendly manner,
appropriate to the task and context that
engineers are encouraged to follow
procedures and not cut corners.
 Compromise
• Maintenance Org have to compromise between
implementing measures to prevent, reduce or
detect errors and making a profit.
• Some measures cost little, others cost a lot.
• Incidents tend to result in short term error
mitigation measures but if an organization has no
incidents for a long time, there is danger of
complacency setting in and cost reduction
strategies eroding defences against error.
• ‘The unrocked boat’
‘The unrocked boat’
 Recent techniques (MEDA, MESH)
• Maintenance Error Decision Aid (MEDA) is
used to investigate errors that have already
been committed.
• It thoroughly evaluates all the factors that
contributed to the error and recommends
changes to mitigate those factors.
• It can identify systemic elements that
contribute to a broad range of errors.
 Error defences
• Its important orgs balance profit and costs and
try to ensure that defences put in place are
the most cost effective in terms of trapping
errors and preventing catastrophic outcomes.
 Maintenance Eng responsibilities
• It is the responsibility of maintenance Engs to
take every possible care in his work and be
vigilant for error.
• Maintenance Engs are very conscious of the
importance of their work typically expend
considerable effort to prevent injuries,
prevent damage, and to keep the aircraft they
work on safe.
 MESH
• Managing Engineering Safety Health (MESH)is a
proactive technique aimed at identifying
conditions that favour committing errors.
• It solicits anonymous ratings from maintenance
workers regarding the shortcomings of various
local factors known to contribute to errors.
• It is meant to monitor those factors that
contribute to errors and correct them before
they stray outside of acceptable ranges
 Human reliability
• A Performance Shaping Factor (PSF) was
introduced to help conceptually frame the idea of
Human Reliability.
• PSF is anything that can affect human performance
either positive or negative.
• PSFs are either internal or external.
• External PSFs are outside the individual worker or
user , usually some characteristic of the workplace ,
the task, or the Org. e.g.. Poor workspace layout,
poorly designed tools, inadequate training, etc.
 Internal PSFs
• These come from within the person and are
typically related to skills, stress, or other
physiological, psychological or social element,
eg. High stress, a disruptive social
environment, and low skill
 Managing identified hazards (actual &
potential)
• A risk assessment should made of the causes and
contributory factors and a decision made as to
whether action is required.
• Action may be in the form of a change (eg. To a
procedure, issue of a notice, personnel action, etc.)
or merely monitoring the situation to determine the
risk that is controlled.
• Changes should address both the root causes of
hazards and the detection and trapping of problems
before they can jeopardize flight safety.
 Conclusion
• In conclusion the central and fundamental
concept in human factors is the system, which
is an entity that exists to carry out some
purpose. However this system will not last for
ever as it will break or fail which is its
reliability. The continued use of the system
will be based on the absence of human error
which was covered in detail in this chapter.