Lloyds Register Rail (Asia) Human Factors in the Development of Safety-Critical Railway Systems...

Lloyd’s Register Rail (Asia)

Human Factors in the Development of Safety-Critical Railway Systems

Simon Zhang, Technical Director, Lloyd’s Register Rail (Asia) Ltd


2. Capable and competent people and

culture to deliver safety objectives

3. Design of safe and high

performing equipment

1. Management systems and processes to

safely guide and control business

activities The System

The People

The Equipment

Factors affecting Safety Critical System Development

IRSC 2012 Conference


Human Errors in the Railway WorldHuman errors can be costly and/or fatal



System Lifecycle


Concept

System Definition &Application Conditions

Risk Analysis

System Requirements

Apportionment ofSystem Requirements

Design &Implementation

Manufacture

System Validation(including Safety Acceptance

And Commissioning)

System AcceptanceOperation &Maintenance

De-commissioningand Disposal

Installation

Concept

System Definition &Application Conditions

Risk Analysis

System Requirements

Apportionment ofSystem Requirements

Design &Implementation

Manufacture

System Validation(including Safety Acceptance

And Commissioning)

System AcceptanceOperation &Maintenance

De-commissioningand Disposal

Installation

Where do human errors occur in the development lifecycle?

What type of errors occur & why?

How can they be addressed?


Strategies for addressing Human Error in System Development • EN50126 Guidelines

• Human competency• Human independence during design• Human involvement in verification and validation

(V&V)• Interface between human and automated tools• Systematic failure prevention processes

• Application of EN50126• Competency is a prerequisite• Education and training are assumptions



EN50126 Process Framework



EN50129 View (1)Safety Organisation



EN50129 View (2)Systematic failure prevention processes



EN50129 View (3)Human Involvement in V&V



Limitations of Process-Based Standards• Incompleteness of processes

• Inadequate guidance on human factors in system development

• Questionable rationale for SIL and Processes• The processes for higher SIL may not produce safer

products or systems

• Applicability of standards• Well understood problem domain• Risk totally covered• ‘Mature’ project and safety organisation



Yellow Book’s View

• Compliance based approach

• Using existing standards as the driver to develop and evaluate a system

• Risk based approach• Using risk assessment

as the driver to develop and evaluate a system



Assessor’s View (from LR Rail experience)



Emerging Themes from Assessments• Mainly from the Chinese railway signalling industry in recent

3 years• 20+ Chinese companies• 30+ RPC projects• 10+ ISA projects

• Aim to explicitly identify and evaluate the underlying risk associated with known human factors in system development

• Using EN50126/9 standards as a starting point

• Several themes emerged from the studies relating to human errors & human factors



Chinese Railway Signalling Industry • China has experienced a large number of railway

construction projects in both high speed mainline and metro systems

• Lessons from last year’s 7.23 railway accident• Due to serious design flaws in control equipment and

improper handling of the lightning strike• Personnel competency is questionable

• Re-examine existing safety management systems and development processes



Initial Findings – Theme 1• Human competency

• Undefined competence requirements on many roles such as verifier, validator and safety engineer

• Training and qualification records may not be trusted• Certified or qualified training and education

institutes are required• Domain knowledge and experience are more

important and can be easily verified via interviewing• Organisational culture and HR policy can also

influence• Difficult to keep capable safety engineers



Initial Findings – Theme 2• Human Independence during Design

• Organisational structures• E.g. rigidly hierarchical structures

• Leadership patterns• Two extremes

• Responsibilities and roles• Incorrect understanding of allocated

responsibilities and authority control



Initial Findings – Theme 3• Human Involvement in V&V

• Undefined competence requirements on many roles such as verifier, validator and safety engineer

• Lacking domain knowledge from the verifier or auditor

• Misunderstanding the role of V&V• Lack sufficient project resources for V&V activities• Tight project schedule



Initial Findings – Theme 4

• Interface between Human and Automated Tools• Undefined competence requirements on the tool

users• Lacking of guidance on safety analysis over the tools• Difficult to have a systems approach

• Viewing the tool and tool user as a complete system in a context of a project



Initial Findings – Theme 5• Systematic failure prevention processes

• Inadequate guidance on techniques/measures recommended from standards

• linking techniques/measures with a level of recommendations does not help

• Tactic knowledge is required• Undefined competence requirements on many roles

such as verifier, validator• Safety management system may also help

• But there is lack of guidance from the standards



Enhancing assessments to evaluate human factors


Is the machine/tool easy to use?Is the behavior of the tool understood by user?What happens if the tool fails (e.g. during V&V)?Is it available where it is needed?Does the interface meet expectations?

Can people reach everything?Is there enough space to work?Are there obstructions?Can a good working posture be achieved?

Is the lighting OK?Is noise a distraction or does it prevent good communication?Does the temperature make people tired?

What attributes does a person need:•good vision/hearing,•strength, •particular skills,•personality traits•motivation?Qualifications & experienceDomain knowledge

Can procedures be followed?Is there time pressure?What working hours or breaks?What training is given?What level of supervision is there?What competence is required – are these well defined?Processes for using tools well developed?Is there understanding of safety standards?

Is there good: •working culture?,•leadership?•motivation?Are roles, responsibilities & authorities defined?

How can we bring these into the assessments?


Evolution of the Standards• Introduction of EN50128:2011 Standard

• Definition of 10 roles including verifier and validator• Guidance on support tool for software development

• Focus on tool validation and tool specification

• New development on EN50126/9 standards in the near future• Merging the EN50126/8/9 standards together• The role and competence requirements of safety engineer

need to be defined• More guidance on using the HR/R techniques/measures• Develop guidelines on the SMS (safety management system)• Interface between human and tools needs to be elaborated



Future Work• Get feedback on the viability and effectiveness of the approach

• Conduct more empirical studies from other geographical areas such as Hong Kong, Taiwan, Korea and India

• Define robust human factors evaluation framework

• Consider ranking or quantitative assessment

• Provide input to the development of new EN5016/8/9 standards

• Industry research into root causes of Human Errors during system design



Conclusions

• Do not take human competency for granted;

• Company/project management styles can always influence human independence;

• Human judgement determines the V&V success criteria;

• Interface between human and automated tools can be unexpectedly complex;

• Understanding the rationale behind techniques/measures is more important than choosing which in the systematic failure prevention processes.



Finally

• “Human error plays a part in most, if not all, accidents. If you have not considered human error when specifying your work, it will be difficult to show that you have controlled risk to an acceptable level”.

• “Human error has causes. We understand some of these and know how to prevent them. When designing railway systems you should look for opportunities to prevent human error leading to an accident”.


Services are provided by members of the Lloyd's Register Group. For further information visit www.lr.org/entities

For more information, please contact:

Simon Zhang, Weihang WuLloyd’s Register Rail (Asia) Ltd

Room 709, CCS Mansion9 Dongzhimen South StreetBeijing 100007

T +86 (10) 64030868E [email protected] www.lr.org

Lloyds Register Rail (Asia) Human Factors in the Development of Safety-Critical Railway Systems...

Documents

Transcript of Lloyds Register Rail (Asia) Human Factors in the Development of Safety-Critical Railway Systems...