510 likes | 719 Views
Mandated Human Error Controls in the USA and the Impact on Control Room Design and Operations By Ian Nimmo President. U. ser Centered. S. C D. Design Service. ASM. Presenters Name. Australasian Industrial Automation and Control Users Group Conference. Title of Presentation.
E N D
Mandated Human Error Controls in the USA and the Impact on Control Room Design and Operations By Ian Nimmo President U ser Centered S CD Design Service ASM Presenters Name Australasian Industrial Automation and Control Users Group Conference Title of Presentation A member of the ASM® Consortium
Please ensure you have all your equipment with you before leaving the ring
New strategy to improve profitability & reduce fixed costs • Having a “Shared Vision” • Engage the entire production organization in improving reliability, performance and quality whilst improving the efficiency of people, equipment & materials. • 3 C’s • “Why are you so willing to share state of the art Best Practices with your competition”?
Changes in laws & regulations • Accidents drive legislation • 1998 refinery incidents & human error • 1999 UK H&SE MOC people
Human factors & Organizational Accidents • Loss of Corporate knowledge • 80% of accidents caused by humans • Majority incidents in “Normal” operation • 3-12% lost opportunity
Recurring Root Causes of Accidents • Inadequate Process Hazard Analysis • Use of wrong or poorly designed equipment • Inadequate indication of process conditions • Inadequate management of change process • Lack of a strong mechanical integrity program • Lack of enforcement of Lockout/Tagout procedures • Warnings from near misses, other accidents went unheeded
A new approach to Safety • Emphasis on human error • Investigate the worker, blame them • Investigate the error, what made it possible? • Change the workplace • Eliminate weaknesses in systems • More insight to our vision CCC Employers Safety Plan
The written human factors program and therefore, the guidance document, must address the following: • The inclusion of human factors in the Process Hazards Analysis process; • The consideration of human systems as causal factors in the incident investigation process for Major Chemical Accidents or Releases or for an incident that could reasonably have resulted in a Major Chemical Accident or Release; • The training of employees in the human factors program; • Operating procedures; CCC Employers Safety Plan
The written human factors program and therefore, the guidance document, must address the following: • The requirement to conduct a Management of Change prior to staffing changes for changes in permanent staffing levels/reorganization in operations or emergency response. Employees and their Representatives shall be consulted in such Management of Changes; • The participation of employees and their representatives in the development of the written human factors program; • The development of a program that includes, but is not limited to, issues such as staffing, shiftwork and overtime; and CCC Employers Safety Plan
The written human factors program and therefore, the guidance document, must address the following: • The inclusion of a human factors program description in the Safety Plan. Together these elements form the foundation of the human factors program. CCC Employers Safety Plan
The initial scope of the human factors program guidance was limited to the preceding, explicit requirements for the following three reasons: • Section 450-8.016(B)(1) requires that stationary sources develop a human factors program one year following the issuance of this guidance. Therefore, CCHS representatives felt that it was vital that the guidance document be issued as soon as possible CCC Employers Safety Plan
The initial scope of the human factors program guidance was limited to the preceding, explicit requirements for the following three reasons: • Section 450-8.016(B)(1) requires that stationary sources develop a human factors program one year following the issuance of this guidance. Therefore, CCHS representatives wanted to identify the basic components of the program that could reasonably be implemented within one year. CCC Employers Safety Plan
The initial scope of the human factors program guidance was limited to the preceding, explicit requirements for the following three reasons: • Section 450-8.030 allows for an annual performance review and evaluation. Therefore, CCHS representatives felt that there would be a natural avenue for reviewing and improving the human factors program requirements and guidance. CCC Employers Safety Plan
DEFINITIONS • For the purpose of this guidance document: Human Factors is defined as “A discipline concerned with designing machines, operations, and work environments so that they match human capabilities, limitations, and needs”.2 • Human Factors can be further referred to as “…environmental, organizational, and job factors, and human and individual characteristics which influence behavior at work in a way which can affect health and safety.”9 • Human Error is defined as “Departure from acceptable or desirable practice on the part of an individual that can result in unacceptable or undesirable results”.5
CCC Employers Safety Plan to consider human factors in :- • Process Hazard Analysis • Root cause incident investigation • Operating procedures • Management of Change – staffing cuts • Employee training
Staffing reductions In the United Kingdom, the Hazardous Installations Directorate of the Health and Safety Executive observed that a number of chemical sites are taking steps to reduce the staffing levels in their operating teams. The author recognizes & acknowledges the work of Entec & H&SE (UK)
Concerned that such reductions could impact the ability of a site to control abnormal and emergency conditions, and also have a negative effect on staff performance through an impact on workload, fatigue, etc., the HID sponsored the development of a practical method that organizations could use to assess their required staffing levels and the impact on safety of any reduction in operations staff.
In developing the methodology HID had the specific goals of :- • helping companies in the chemical and allied industries justify appropriate levels of operations staff by a suitable and sufficient assessment, and • enabling HID inspectors to apply consistent standards on staffing levels during audits, inspections, and incident investigations. The author recognizes & acknowledges the work of Entec & H&SE (UK)
Physical assessment • Aims to identify potential areas of unacceptable risk due to the way identified scenarios are physically detected, diagnosed and recovered from • Tests the arrangements for each scenario against six principles of safe control room operation. It does not attempt to calculate the number of people required to cope with a particular scenario • Instead it aims to hunt out potential problems associated with the staffing arrangements by questioning the reliability of detection, diagnosis and recovery from hazardous scenarios in time • Justification of controls in place is required where a principle of safe operation is found to be infringed The author recognizes & acknowledges the work of Entec & H&SE (UK)
Change triggers l Change in control room staff l Change in control room technical shift support staff l Change in control room admin shift support staff, technical day support staff or admin day support staff l Change in shift system l Change in process control hardware l Change in training and development program l Change in operating procedures l Senior management change The author recognizes & acknowledges the work of Entec & H&SE (UK)
Assessing changes l Produce an up-to-date baseline assessment of the existing arrangements l Define the proposed change, and evaluate it using the assessment method, modifying the plans until an equal or better rating is achieved l Re-assess the arrangements at a suitable time after implementation (within six months) The author recognizes & acknowledges the work of Entec & H&SE (UK)
Staffing assessment method l Key operator performance requirements – Be able to follow the process, anticipate its behavior hence select an appropriate control strategy – Be in a fit state to monitor the process (be awake and attentive) – Be willing to take action as and when necessary – Be able to take action, reliably and within the necessary time frame The author recognizes & acknowledges the work of Entec & H&SE (UK)
Staffing assessment method l Team performance requirements – Be able to collect and share critical information about the process and control actions – Be able to co-ordinate actions The author recognizes & acknowledges the work of Entec & H&SE (UK)
Two stage approach l Physical check l Management appraisal The author recognizes & acknowledges the work of Entec & H&SE (UK)
The author recognizes & acknowledges the work of Entec & H&SE (UK)
Physical check l Focus on demanding situations – incident detection – diagnosis – recoveries •Orienting—Sensing, Perception, and/or Discrimination; •Evaluating—Information Processing (thinking and/or interpretation); •Acting—Physical and/or Verbal Response; and •Assessing—Information Processing (thinking and/or interpretation).
Physical check : six principles l There should be continuous supervision of the process by skilled operators l Distractions should be minimized – such as answering phones, talking to people in the control room, nuisance alarms l Information required for diagnosis and recovery should be accessible, correct and intelligible l Communication links between the control room and field should be reliable l Staff required to assist in diagnosis and recovery should be available with sufficient time to attend when required l Operating staff should be allowed to concentrate on recovering the plant to a safe state 1 2 3 4 5 6 The author recognizes & acknowledges the work of Entec & H&SE (UK)
Physical check : appraisal l Could a principle be infringed? l Define how it will be infringed l What measures are in place to compensate for the infringement? l Are the measures adequate? The author recognizes & acknowledges the work of Entec & H&SE (UK)
P1 Fail Fail Fail Fail There should be continuous supervision of the process by skilled operators Fail The author recognizes & acknowledges the work of Entec & H&SE (UK)
Physical check : example evidence l Calculations of the time available to respond to process incidents l Data from previous incidents and/or observations from ‘real time’ exercises – e.g. to gauge the time for operators to perform tasks l Reliability assessments for critical equipment l Alarm records The author recognizes & acknowledges the work of Entec & H&SE (UK)
Operator diagnostic time High Emergency Trip from SIS Impact of Protection System UN-SAFE Emergency Alarm Incident Trip SAFE Impact of Initiating Event Loss Quality Profit High Alarm Time FTT Process Safety Time FTT= Fault Tolerance Time
120 Explosion Lower Explosive Limit (LEL) 100 Actual Gas Concentration 80 Actual trip point Normal operating Level Error Measured Gas Concentration 60 Set trip point Gas Concentration (Percentage of LEL) Gas concentration prior to fault 40 20 Fault Occurs Sampling Delay Sensor Delay Error Delay Shut Down System Delay 0 0 10 20 30 40 50 60 70 80 Time after onset of fault (Seconds)
Physical check : scenarios l Worst case scenarios – requiring implementation of the off-site emergency plan l Incidents which could escalate without intervention to contain the problem on site l Lesser incidents requiring control room reaction to prevent the process becoming unsafe The author recognizes & acknowledges the work of Entec & H&SE (UK)
Physical check : defining scenarios l Who is controlling the process and their starting locations l Who is available to support the incident, and their starting locations l The parameters that determine the time available to the operations team for detection, diagnosis and recovery – process conditions, leak point, wind direction, release rate, time of day, need to be defined. The author recognizes & acknowledges the work of Entec & H&SE (UK)
Case study example of physical assessment output The author recognizes & acknowledges the work of Entec & H&SE (UK)
Management Appraisal Ladder assessment elements l Human and Management Factors that influence operator performance l They are assessed using ladders l Each ladder is an anchored rating scale ranging from poor practice at the bottom to best practice at the top l Team members work through guidance questions for each ladder and use support material as evidence The author recognizes & acknowledges the work of Entec & H&SE (UK)
Ladders l Situational awareness l Team working l Alertness and fatigue (Working pattern, Health) l Training & development l Roles and responsibilities l Willingness to act l Management of procedures l Management of change l Continuous improvement l Management of safety The author recognizes & acknowledges the work of Entec & H&SE (UK)
Ladders : rules l Start from the bottom rung and work upwards l If the arrangements fulfill the requirements defined in the rung, go on to the next rung l If the arrangements do not fully fulfill the requirements of the next rung, the plant/unit is rated as matching the rung below l The plant/unit cannot be rated above a rung that is partially fulfilled – even if the arrangements fulfill higher rungs, the rating sits below the lowest incomplete rung The author recognizes & acknowledges the work of Entec & H&SE (UK)
Situation Awareness The author recognizes & acknowledges the work of Entec & H&SE (UK)
Ladders : guidance questions for “Situation Awareness” l Operators? – Any critical situations when you were uncertain about the process state? – Have you delayed actions to get more information about the process? – Have you misdiagnosed a situation? – What do you do to make shift handover easier for the shift coming on to understand the plant condition? – How would you like to improve the screens (e.g. presentation, more trends, refresh rate, ability to adapt displays)? – How frequently are you disturbed in the middle of tracking the process? – Can you schedule activities so as to concentrate on particular tasks? – Can you block non critical radio/telephone communication if required? – Have there been critical situations when you have been uncertain of the location or activity of field operators? The author recognizes & acknowledges the work of Entec & H&SE (UK)
Ladders : guidance questions for “Situation Awareness” l Management? – How are process conditions monitored? – Are there any guidelines as to what to monitor and how often? – How is a shift handover managed to maintain situational awareness? l Documents? – Logbooks – Incident reports which demonstrate action was taken later than could have been – Operating procedures – Training and development program The author recognizes & acknowledges the work of Entec & H&SE (UK)
The author recognizes & acknowledges the work of Entec & H&SE (UK)
The author recognizes & acknowledges the work of Entec & H&SE (UK)
Ladders : examples of evidence • l Situational awareness • Logbooks, incident reports which demonstrate action was taken later than it could have been, operating procedures, training and development program • l Teamworking • Operating procedures, definitions of roles and responsibilities, job descriptions for control room staff and support staff, training and development program • l Alertness and fatigue • Shift cycle and pattern (planned and actual which includes overtime and shift swaps), annualized hours sheets, examples of delayed reactions from historical incidents, absence records, evidence of health monitoring • l Training and development • Training and development plans for control room staff and support staff, evidence of needs assessment, evidence of a structured skill step progression program The author recognizes & acknowledges the work of Entec & H&SE (UK)
Ladders : examples of evidence l Roles and responsibilities – Job descriptions for control room staff and support staff, structured assessment of core competencies required, skill step progression program which shows evidence of core competencies l Willingness/Attitude – Cost data associated with recovery actions, training records, operating procedures l Management of operating procedures – Operating procedures showing date issued, author, approver, version number, quality manual detailing how procedures are managed, procedure audit results l Management of change – Procedures for managing change, equipment, procedures and organizational, organizational change policy document, evidence of review after implementing change, evidence of change (equipment and organizational) being risk assessed The author recognizes & acknowledges the work of Entec & H&SE (UK)
Case study example of ladder assessment output The author recognizes & acknowledges the work of Entec & H&SE (UK)
Workplace designed to optimize people & technology • Control building location • Selecting an architect • Control building design • Using standards & regulations • What goes with all this? • Situation awareness • Alertness/Efficiency
U ser Centered S C D Design Service