This is Mil-Std-882E Health Hazard Analysis (HHA). Back to: Task 206.
The 200-series tasks fall into several natural groups. Task 207 addresses Health Hazard Analysis.
HEALTH HAZARD ANALYSIS
207.1 Purpose. Task 207 is to perform and document a Health Hazard Analysis (HHA) to identify human health hazards, to evaluate proposed hazardous materials and processes using such materials, and to propose measures to eliminate the hazards or reduce the associated risks when the hazards cannot be eliminated.
207.2 Task description. The contractor shall perform and document a HHA that includes evaluations of the potential effects resulting from exposure to hazards. HHAs incorporate the identification, assessment, characterization, control, and communication of hazards in the workplace or environment. Following this systems approach, evaluations should consider the total health impact of all stressors contacting the human operator or maintainer. Whenever possible, HHAs should consider the synergistic effects of all agents present. An HHA shall also evaluate the hazards and costs due to system component materials, evaluate alternative materials for those components, and recommend materials that reduce the associated risk. Materials will be evaluated if (because of their physical, chemical, or biological characteristics; quantity; or concentrations) they cause or contribute to adverse effects in organisms or offspring or pose substantial present or future danger to the environment. The analysis shall include consideration of the generation of wastes and by-products.
207.2.1 A health hazard is a condition, inherent to the operation, maintenance, storage, transport, use of materiel, or disposal, that can cause death, injury, acute or chronic illness, disability, or reduced job performance of personnel by exposure to physiological stresses. Specific health hazards and impacts that shall be considered include:
a. Chemical hazards (e.g., materials that irritate or are hazardous because of physical properties such as flammability, toxicity, carcinogenicity, or propensity to deprive an organism of oxygen).
b. Physical hazards (e.g., acoustical energy, vibration, acceleration/deceleration, barostress, heat or cold stress, finished materials, and shrapnel).
c. Biological hazards (e.g., bacteria, viruses, fungi, and mold)
d. Ergonomic hazards (e.g., hazards that occur as a consequence of engaging in activities that impose excessive physical or cognitive demands, such as assuming non-neutral postures, sustaining harsh body contacts or load-bearing stress, performing taxing muscular exertions, sustaining long duration activity, etc.).
e. Other hazardous or potentially hazardous materials that may be formed by the test, maintenance, operation, or final disposal/recycling of the system.
f. Non-ionizing radiation hazards. Provide a listing of all non-ionizing (radio frequency (RF) and laser) transmitters contained in the system. List all parameters required to determine the non-ionizing radiation hazards of the system, including RF shock and burn hazards, RF hazard distances, laser eye and skin hazard distances, etc.
g. Ionizing radiation hazards. Provide a listing of all system ionizing radiation sources (including isotopes), quantities, activities, and hazards.
207.2.2 The HHA shall provide the following categories of information:
a. Hazard identification. Identify the hazardous agents by name(s), Chemical Abstract Service (CAS) number if available, and the affected system components and processes. Hazard identification also includes:
(1) Exposure pathway description. Describe the conditions and mode by which a hazardous agent can come in contact with a living organism. Include a description of the mode by which the agent is transmitted to the organism (e.g., ingestion, inhalation, absorption, or other mode of contact), as well as evidence of environmental fate and transport. Consider components of the system which may come into contact with users.
(2) Exposure characterization. Characterize exposures by providing measurements or estimates of energy intensities or substance quantities and concentrations. Provide either a description of the assessment process or the name of the assessment tool or model used. For material hazards, estimate the expected use rate of each hazardous material for each process or component for the subsystem, total system, and program-wide impact. Consider bio-availability and biological uptake if applicable.
b. Severity and probability. Estimate severity, probability, and Risk Assessment Code (RAC) using the process described in Section 4 of this Standard. The definitions in Tables I and II, and the RACs in Table III shall be used, unless tailored alternative definitions and/or a tailored matrix are formally approved in accordance with Department of Defense (DoD) Component policy. As appropriate for each hazard, describe the potential acute and chronic health risks (e.g., carcinogenicity, flammability, and reactivity).
c. Mitigation Strategy. Recommend a mitigation strategy for each hazard. Assign a target risk assessment code for each hazard based on the degree of risk reduction achievable by the mitigation.
207.2.3 In addition to the information required in 207.2.2 above, the following sections describe the HHA or part of the HHA that provides Hazardous Material (HAZMAT) evaluation, ergonomics evaluation, or describes the operational environment.
22.214.171.124 The HHA or part of the HHA providing HAZMAT evaluation, in addition to the information required in 207.2.2 above, shall:
a. Identify the HAZMAT by quantity, characteristics, and concentrations of the materials in the system. Identify source documents, such as Material Safety Data Sheets (MSDSs), and information from vendors and subvendors for components of systems and subsystems. At a minimum, if available, material identification includes material identity, common or trade names, chemical name, CAS number, national stock number (NSN), local stock number, physical state, and manufacturer and supplier names and contact information (including information from the Department of Defense HAZMAT information resource system).
b. Characterize material hazards, including hazardous waste, and determine associated risks. Examine acute health, chronic health, carcinogenic, contact, flammability, reactivity, and environmental hazards.
c. Describe how the HAZMAT is used for each process or component for the subsystem and total system.
d. Estimate the usage rate of each HAZMAT for each process or component for the subsystem, total system, and program-wide impact.
e. Recommend the disposition for each HAZMAT (to include hazardous waste) identified. Material substitution or altered processes shall be considered to reduce risks associated with the material hazards while evaluating the impact on program costs.
126.96.36.199 In addition to the information required in 207.2.2 above, the HHA or part of the HHA providing ergonomics evaluation shall:
a. Describe the purpose of the system and the mission scenarios in which the system will be used. This description should include all performance criteria established by the customer. If known, include manpower estimates that the customer anticipates will be allocated toward operating and maintaining the system. Also describe:
(1) Physical properties of all system components that personnel will manually handle or wear, and that will support personnel body weight (such as seating and bedding).
(2) A task analysis that lists the physical and cognitive actions that operators will perform during typical operations and routine maintenance.
(3) Exposures to mechanical stress encountered while performing work tasks.
b. Identify characteristics in the design of the system or work processes that could degrade performance or increase the likelihood of erroneous actions that may result in mishaps.
c. Determine manpower requirements to operate and maintain the system from the sum of the physical and cognitive demands imposed on personnel. Recommend a strategy to reduce these demands through equipment or job redesign if the determined requirements exceed the projected manpower allocation. Such recommendations may also be considered where they provide significant manpower or cost savings. Recommend methodologies to further optimize system design and control exposures to mechanical stress from load bearing, manual handling, and other physical activities through appropriate engineering and administrative controls that may include reducing load and force requirements, adding material handling aids or tools, reducing non-neutral postures, reducing frequency of repeated motion, increasing the manpower allocation, or redistributing tasks among personnel manning the system.
188.8.131.52 The HHA or part of the HHA providing the information required in 207.2.1 shall describe the operational environment, including how the equipment or system(s) will be used and maintained and the location in which it will be operated and maintained. Identify acoustic noise, vibration, acceleration, shock, blast, and impact force levels and related human exposures associated with comparable legacy systems, including personnel operating and maintaining these systems and exposures/levels in the surrounding (external) environment, particularly where exposures exceeding regulatory or recommended exposure standards have been documented or can reasonably be anticipated.
a. Assess and describe anticipated whole body movement, including whole body vibration, vehicle shock, and motions that are likely to result in musculoskeletal disorders, disorientation, or motion sickness. This information may be provided through a description of operating parameters, such as speed and vehicle loading; environment of operation and external influences, such as waves for marine vehicles; terrain conditions for land vehicles; and the position and seating characteristics of occupants.
b. Describe and quantify the potential for blast overpressure and other sudden barotrauma and the estimated pressure changes, time and rate of onset, and frequency of occurrence.
c. Identify and categorize main noise and vibration sources in the new or modified system(s). Include:
(1) The type of equipment and exposures associated with its operation in related systems. Where available or readily computed, the sound power level of relevant equipment shall be determined
(2) Octave band analysis and identification of predominant frequencies of operation.
(3) Impulse, impact, and steady-state noise sources, including anticipated intensity (dB) scale, periodicity/frequency of occurrence, and design and operational factors that may influence personnel and weapon system exposures.
d. Calculate estimated noise, blast, and vibration levels prior to final design and measurement of noise, blast, and vibration levels after construction of prototypes or initial demonstration models. If the calculated levels exceed exposure limits per Military Standard (MIL-STD)-1474 or Department of Defense (DoD) Component-specific standards, perform evaluations to include frequency analysis and estimated noise exposures to steady state and impulse noise. Describe, via calculation, the estimated resonant frequencies for occupants in seating and the effect of whole body vibration. These frequencies should be compared to known guidelines (e.g., MIL-STD-1472, International Organization for Standardization (ISO) 2631-1, ISO 2631-2, and ISO 2631-5) for whole body vibration with reference to degree of movement, frequency, and anticipated duration of exposures. Where feasible, anticipated target organ systems (e.g., back, kidneys, hands, arms, and head) should be identified and the likelihood of discordant motions should be described. Identify potential alternative processes and equipment that could reduce the adverse impacts.
e. Describe the anticipated effect of protective equipment and engineering changes, if required, for mitigating personnel exposures to noise and vibration, as well as the projected total number of individuals per platform and the total population exposed during the anticipated life of the system. Describe advanced hearing protective devices using active noise cancellation with regard to frequency and scale of noise attenuation and any frequency “trade-offs” in attenuation achieved. Use of protective equipment shall describe the optimal (design) and anticipated effective noise reduction and vibration reduction of the protective equipment. Document the methodology and assumptions made in calculations.
f. Describe the limitations of protective equipment and the burden imposed with regard to weight, comfort, visibility, and ranges of population accommodated, and quantify these parameters where feasible. Describe conformance to relevant design and performance standards for protective equipment.
184.108.40.206. The HHA or part of the HHA providing non-ionizing radiation evaluation, in addition to the information required in 207.2 above, shall refer to [N.B. may not be applicable in your jurisdiction] MIL-STD-464, MIL-STD1425, and Military Handbook (MIL-HDBK)-454 [N.B. may not be applicable in your jurisdiction] for further guidance and clarification on associated tasks. Ionizing and non-ionizing radiation should be evaluated in accordance with [N.B. may not be applicable in your jurisdiction] DoD Military Standards consistent with Department of Defense Instruction (DoDI) 6055.11, Protection of DoD Personnel from Electromagnetic Fields and DoDI 6055.15, DoD Laser Protection Program [N.B. may not be applicable in your jurisdiction].
207.2.4 Include a list of source materials used in conducting the analysis. It may include Government and contractor reports, standards, criteria, technical manuals, and specifications.
207.3 Details to be specified. The Request for Proposal (RFP) and Statement of Work (SOW) shall include the following, as applicable:
a. Imposition of Task 207 and identification of related tasks in the SOW or other contract requirements. (R)
b. Selected hazards, hazardous areas, hazardous materials, or other specific items to be examined or excluded.
c. Desired analysis methodologies and technique(s) and any special data elements, format, or data reporting requirements (consider Task 106, Hazard Tracking System).
d. Sources of information that will be made available and should be utilized. For example, DoD Service-specific HAZMAT policies may apply for in-Service maintenance, testing, and disposal.
e. Standards and criteria for acceptable exposures and controls.
f. A list of mandatory references, including specific issue dates. The following list of references represents a starting point for information to support this task, but is not intended to be comprehensive.
[N.B. may not be applicable in your jurisdiction]
(1) 29 Code of Federal Regulations (CFR) 1910, U.S. Department of Labor, Occupational Safety and Health Administration (OSHA), General Industry Regulations.
(2) 29 CFR 1910.1200, OSHA Hazard Communication.
(3) DODI 6055.12, DoD Hearing Conservation Program.
(4) DoD Handbook 743, Anthropometry of U.S. Military Personnel (Metric).
(5) MIL-STD-464, Electromagnetic Environmental Effects Requirements for Systems.
(6) MIL-STD-1425, Safety Design Requirements for Military Lasers and Associated Support Equipment.
(7) MIL-STD-1472, DoD Design Criteria Standard for Human Engineering.
(8) MIL-STD-1474, DoD Design Criteria Limit Noise Limits.
(9) MIL-HDBK-454, General Guidelines for Electronic Equipment.
(10) MIL-HDBK-1908, Definitions of Human Factors Terms.
(11) MIL-STD-46855, Human Engineering Requirements for Military Systems, Equipment, and Facilities.
(12) U.S. Army Health Hazard Assessors Guide, U.S. Army Center for Health Promotion and Preventive Medicine.
(13) U.S. Army Manpower and Personnel Integration (MANPRINT) Program.
(14) U.S. Army Regulation 40-10, Health Hazard Assessment Program in Support of the Army Acquisition Process.
(15) Department of the Army Pamphlet 40-501, Hearing Conservation Program.
(16) Navy and Marine Corps (NAVMC) Directive 5100.8, Marine Corps Occupational Safety and Health (OSH) Program Manual
(17) NAVMC Public Health Center Technical Manual 6260.51.99-2.
(18) Navy Bureau of Medicine and Surgery Instruction 6270.8A, Obtaining Health Hazard Assessments.
(19) Marine Corps Order 6260.1E, Marine Corps Hearing Conservation Program.
(20) U.S. Air Force Manual 48-153, Health Risk Assessment.
(21) Air Force Occupational Safety and Health (AFOSH) STD 48-9, Radio Frequency Radiation (RFR) Safety Program.
(22) AFOSH STD 91-501, Air Force Consolidated Occupational Safety Standard.
(23) General Services Administration Federal Standard 313, Material Safety Data, Transportation Data, and Disposal Data for Hazardous Materials Furnished to Government Activities.
(24) ISO 2631-1:1997, Mechanical Vibration and Shock – Evaluation of Human Exposure to Whole Body Vibration and Shock. Part 1: General Requirements.
(25) ISO 2631-2, Mechanical Vibration and Shock – Evaluation of Human Exposure to Whole Body Vibration. Part 2: Vibration in Buildings (1 Hz to 80 Hz).
(26) ISO 2631-5, Mechanical Vibration and Shock – Evaluation of Human Exposure to Whole Body Vibration and Shock. Part 5: Method for Evaluation of Vibration Containing Multiple Shocks.
(27) ISO 5349, Guide for the Measurement and the Assessment of Human Exposure to Hand Transmitted Vibration.
(28) American National Standards Institute (ANSI) S2.70, Guide for Measurement and Evaluation of Human Exposure to Vibration Transmitted to the Hand.
(29) Institute of Electrical and Electronics Engineers (IEEE) Standard for Safety Levels with Respect to Human Exposure to Radio Frequency Electromagnetic Fields, 3 KHz to 300 GHz, IEEE Standards Coordinating Committee on Non-Ionizing Radiation Hazards.
(30) Threshold Limit Values for Chemical Substances and Physical Agents and Biological Exposure Indices, American Conference of Governmental Industrial Hygienists.
(31) American Society for Testing and Materials (ASTM) E2552 – Standard Guide for Assessing the Environmental and Human Health Impacts of New Energetic Compounds.
[N.B. may not be applicable in your jurisdiction]
g. Concept of operations.
h. Projected manpower allocation in support of 220.127.116.11.
i. Other specific hazard management requirements, e.g., specific risk definitions and matrix to be used on this program.
In the full-length video (55 minutes long), The Safety Artisan looks at Health Hazard Analysis, or HHA, which is Task 207 in Mil-Std-882E. We explore the aim, description, and contracting requirements of this complex Task, which covers: physical, chemical & biological hazards; Hazardous Materials (HAZMAT); ergonomics, aka Human Factors; the Operational Environment; and non/ionizing radiation. We outline how to implement Task 207 in compliance with Australian WHS. (We refer to other lessons for specific tools and techniques, such as Human Factors analysis methods.)
Task 207: Health Hazard Analysis Transcript
Hello, everyone, and welcome to the Safety Artisan. I’m Simon, your host, and today we are going to be talking about health hazard analysis.
Task 207: Health Hazard Analysis
This is task 207 in the Mil. standard, 882E approach, which is targeted for defence systems, but you will see it used elsewhere. The principles that we’re going to talk about today are widely applicable. So, you could use this standard for other things if you wish.
Topics for this Session
We’ve got a big session today so I’m going to plough straight on. We’re going to cover the purpose of the task; the description; the task helpfully defines what a health hazard is; says what health hazard analysis, or HHA, shall provide in terms of information. We talk about three specialist subjects: Hazardous materials or hazmat, ergonomics, and operating environment. Also, radiation is covered, another specialist area. Then we’ll have some commentary from myself.
Now the requirements of the standard of this task are so extensive that for the first time I won’t be quoting all of them, word for word. I’ve actually had to chop out some material, but I’ll explain that when we come to it. We can work with that but it is quite a demanding task, as we’ll see.
Let’s look at the task purpose. We are to perform and document a health hazard analysis and to identify human health hazards and evaluate what it says, materials and processes using materials, etc, that might cause harm to people, and to propose measures to eliminate the hazards or reduce the associated risks. In many respects, it’s a standard 882 type approach. We’re going to do all the usual things. However, as we shall see it, we’re going to do quite a lot more on this one.
Task Description #1
So, task description. We need to evaluate the potential effects resulting from exposure to hazards, and this is something I will come back to again and again. It’s very easy dealing in this area, particularly with hazardous materials, to get hung up on every little tiny amount of potentially hazardous material that is in the system or in a particular environment and I’ve seen this done to death so many times. I’ve seen it overdone in the UK when COSH, a control of substance hazardous to health, came in in the military. We went bonkers about this. We did risk assessments up the ying-yang for stuff that we just did not need to worry about. Stuff that was in every office up and down the land. So, we need to be sensible about doing this, and I’ll keep coming back to that.
So, we need to do as it says; identification assessment, characterisation, control, and communicate assets in the workplace environment. And we need to follow a systems approach, considering “What’s the total impact of all these potential stressors on the human operator or maintainer?” Again, I come from a maintenance background. The operator often gets lots of attention because a) because if the operator stuffs up, you very often end up with a very nasty accident where lots of people get hurt. So, that’s a legitimate focus for a human operator of a system. But also, a lot of organizations, the executive management tend to be operators because that’s how the organization evolves. So, sometimes you can have an emphasis on operations and maintenance and support, and other things get ignored because they’re not sexy enough to the senior management. That’s a bad reason for not looking at stuff. We need to think about the big picture, not just the people who are in control.
Task Description #2
Moving on with task description. We need to do all of this good stuff and we’re thinking about materials and components and so forth, and if they cause or contribute to adverse effects in organisms or offspring. We’re talking about genetic effects as well. Or pose a substantial present or future danger to the environment. So in 882, we are talking about environmental impact as well as human health impact. There is a there is an environmental task as well that is explicitly so. Personally, I would tend to keep the human impact and the environmental impact separate because there are very often different laws that apply to the two. If you try and mix them together or do a sort of one size fits all analysis, you’ll frequently make life more difficult for yourself than you need to. So, I would tend to keep them separate. However, that’s not quite how the standard is written.
A Health Hazard is …
So what is a health hazard? As it says, a health hazard is a condition and it’s got to be inherent to the operation, etc, through to disposal of the system. So, it’s cradle to grave – That’s important. That’s consistent with a lot of Western law. It’s got to be capable of causing death, injury, illness, disability, or even in this standard, they’ve just reduced job performance of personnel by exposure to physiological stresses. Now I’m getting ahead of myself because, in Australia, health hazards can include psychological impacts as well, not just impacts to physical health. Now reduced job performance? – Are we really interested in minor stuff? Maybe not. Maybe we need to define what we mean by that. Particularly when it comes to operators or maintainers making mistakes, perhaps through fatigue that can have very serious consequences. So, this analysis task is going to address lots of causes or factors that we typically find in big accidents and relate them to effects on human performance. Then it goes on to specify that certain specific hazards must be included chemical, physical, biological, ergonomic – For ergonomic, I would say human factors, because when you look at the standard, what we call ergonomics is much wider than the narrow definition of ergonomics that I’m used to. Now, this is the first area that chops some material because where in a-d it says e.g. in those examples there is in effect a checklist of chemical, physical, biological and ergonomic hazards that you need to look at. This task has its own checklist. You might recall when we talked about preliminary hazard identification, a hazard checklist is a very good method for getting broad coverage in general. Now, in this task, we have further checklists that are specific to human health. That’s something to note.
We’ve also got to think about hazardous materials that may be formed by test, operation, maintenance, disposal, or recycling. That’s very important, we’ll come back to that later. Thinking about crashworthiness and survivability issues. We’ve got to also think about it says non-ionizing radiation hazards, but in reality, we’ve got to consider ionizing as well. If we have any radioactive elements in our system and it does say that in G. So, we’ve got to do both non-ionizing and ionizing.
HHA Shall Provide Info #1
What categories of information should this health hazard analysis generate? Well, first of all, it’s got to identify hazards and as I’ve said or hinted at before, we’ve got to think about how could human beings be exposed? What is the pathway, or the conditions, or mode of operations by which a hazardous agent could come into contact with a person? I will focus on people. So, just because there is a potentially hazardous chemical present doesn’t mean that someone’s going to get hurt. I suspect if I looked around in the computer in front of me that I’m recording this on or at the objects on my desk, there are lots of materials that if I was to eat them or swallow them or ingest them in some other way would probably not do me a lot of good. But it’s highly unlikely that I’m going to start eating them so maybe we don’t need to worry about that.
HHA Shall Provide Info #2
We also need to think about the characterisation of the exposure. Describing the assessment process: names of the tools or any models used; how did we estimate intensities of energy or substances at the concentrations and so on and so forth? This is one of those analyses that is particularly sensitive to the way we go about doing stuff. Indeed, in lots of jurisdictions, you will be directed as to how you should do some of these analyses and we’ll talk about that in the commentary later. So, we’ve got to include that. We’ve got to “show our working” as our teachers used to tell us when preparing us for exams.
HHA Shall Provide Info #3
We’ve got to think about severity and probability. Here the task directs us to use the standard definition tables that are found in 882. I talked about those under task 202 so I’m not going to talk about further here. Now, of course, we can, and maybe should tailor these matrices. Again, I’ve talked about that elsewhere, but if we’re not using the standard matrices and tables, then we should set out what we’ve done and why that’s appropriate as well.
HHA Shall Provide Info #4
Then finally, the mitigation strategy. We shouldn’t be doing analysis for the sake of analysis. We should be doing to say, “How can we make things better?” And in particular for health, “How can we make things acceptable?” Because health hazards very often attract absolute limits on exposure. So, questions of SFARP or ALARP or cost-benefit analysis simply may not enter into the equation. We simply may be direct to say “This is the upper limit of what you can expose a human being to. This is not negotiable.” So, that’s another important difference with this task.
Three More Topics
Now, at this point, I am just foreshadowing. We’re about to move on to talk about some different topics. First of all, in this section, we’re going to talk about three particular topics. Hazardous material or HAZMAT for short; ergonomics; and the operational environment. When we say the operational environment, it’s mainly about the people, aspects of the system and the environment that they experience. Then after these three, we would go on to talk about radiation. There are special requirements in these three areas for HAZMAT, ergonomics and operational environment.
HAZMAT (T207) #1
First of all, we have to deal with HAZMAT. If it’s going to appear in our system, or in the support system, we’ve got to identify the HAZMAT and characterize it. There are lots of international and national standards about how this is to be done. There’s a UN convention on hazardous materials, which most countries follow. And then there will usually be national standards as well that direct what we shall do. More on that later. So, we’ve got to think about the HAZMAT.
A word of caution on that. Certainly in Australian defence, we do HAZMAT to death because of a recent historical example of a big national scandal about people being exposed to hazardous materials while doing defence work. So, the Australian Defence Department is ultrasensitive about HAZMAT and will almost certainly mandate very onerous requirements on performing this. And whilst we might look at that go “This is nuts! This is totally over the top!” Unfortunately, we just have to get on with it because no one is going to make, I’m afraid, a sensible decision about the level of risk that we don’t have to worry about because it’s just too sensitive a topic. So, this is one of those areas were learning from experience has actually gone a bit wrong and we now find ourselves doing far too much work looking at tiny risks. Possibly at the expense of looking at the big picture. That’s just something to bear in mind.
HAZMAT (T207) #2
So, lots of requirements for HAZMAT. In particular, we need to think about what are we going to do with it when it comes to disposal? Either disposal of consumables, worn components or final disposal of the system. And very often, the hazardous material may have become more hazardous. In that, let’s say engine or lubricating oil will probably have metal fragments in it once it’s been used and other chemical contamination, which may render it carcinogenic. So, very often we start with a material that is relatively harmless, but use – particularly over a long period of time – can alter those chemicals or introduce contaminants and make them more dangerous. So, we need to think about the full life of the system.
Ergonomics (T207) #1
Moving on to ergonomics, and this is another big topic. Now, Mil.standard 882 doesn’t address human factors, in my view, particularly well. The human factors stuff gets buried in various tasks and we don’t identify a separate human factors program with all of the interconnections that you need in order to make it fully effective. But this is one task where human factors do come in, very much so, but they are called ergonomics rather than human factors. Under this task description, we need to think about mission scenarios. We need to think about the staff who will be exposed as operators or maintainers, whatever they might be doing. We’ve got to start to characterize the population at risk.
Ergonomics (T207) #2
We’ve got to think about the physical properties of things that personnel will handle or wear and the implications that has on body weight. So, for example, there is a saying that the Air Force and the Navy man their equipment and the army equip their men. Apologies for the gendered language but that’s the saying. So, we’re putting human beings – very often – inside ships and planes and tanks and trucks. And we’re also asking soldiers to carry – very often – lots of heavy equipment. Their rations, their weapons, their ammunition, water, various tools and stuff that they need to survive and fight on the battlefield. And all that stuff weighs and all of that stuff, if you’re running about carrying it, bangs into the body and can hurt people. So, we need to address that stuff.
Secondly, we need to look at physical and cognitive actions that operators will take. So, this is really very broad once we get into the cognitive arena thinking about what are the operators going to be doing. And exposures to mechanical stress while performing work. So, maybe more of a focus on the maintainer in part three. Now, for all of this stuff, we need to identify characteristics of the design of the system or the design of the work that could degrade performance or increase the likelihood of erroneous action that could result in mishaps or accidents. This is classic human factor’s stuff. How might the designed work or the designed equipment induce human error? So, that’s a huge area of study for a lot of systems and very important. And this will be typically a very large contributor to serious accidents and, in fact, accidents of all kinds. So, it should be an area of great focus. Often it is not. We just tend to focus on the so-called technical risks and overdo that while ignoring the human in the system. Or just assuming that the human will cope, which is worse.
Ergonomics (T207) #3
Continuing with ergonomics. How many staff do we need to operate and maintain the system and what demands are we placing on them? Also, if we overdo these demands, what are we going to do about that? Now, this can be a big problem in certain systems. I come from an aviation background and fatigue and crew duty time tend to be very heavily policed in aviation. But I was actually quite shocked when I sort of began looking at naval surface ships, submarines, where it seemed that fatigue and crew duty time was not well policed. In fact, there even seemed to be, in some places, quite a macho attitude to forcing the crew into working long hours. I say macho attitude because the feeling seemed to be “Well if you can’t take it, you shouldn’t have joined.” So, It seems to be to me, quite a negative culture in those areas potentially, and it’s something that we need to think about. In particular, I’ve noticed on certain projects that you have a large crew who seem to be doing an extraordinary amount of work and becoming very fatigued. That’s concerning because, of course, you could end up with a level of fatigue where the crew might as well – they’re making mistakes to the same level as a drunk driver. So, this is something that needs to be considered carefully and given the attention it deserves.
Operating Environment #1
Moving on to the operating environment. How will these systems be used and maintained? And what does that imply for human exposure? This is another opportunity where we need to learn from legacy systems and go back and look at historical material and say ”What are people being exposed to in the past? And what could happen again?” Now, that’s important. It’s often not very systematically done. We might go and talk to a few old bold operators and maintainers and ask their advice on the things that can go wrong but we don’t always do it very systematically. We don’t always survey past hazard and accident data in order to learn from it. Or if we do there is sometimes a tendency to say, “That happened in the past, but we will never make those mistakes. We’re far too clever to stuff up like that – like our predecessors did.” Forgetting that our predecessors were just as clever as we are and just as well –meaning as we are but they were human and so are we. I think pride can get in the way of a lot of these analyses as well. And there may be occasions where we’re getting close to exposure limits, where regulations say we simply cannot expose people to a certain level of noise, or whatever, and then ”How are we going to deal with that? How are we going to prevent people from being overexposed?” Again, this can be a problem area.
Operating Environment #2
This next bit of operating environment is really – I said about putting people in the equipment. Well, this is this bit. This is part A and B. So, we’re thinking about “If we stick people in a vehicle – whether it be a land vehicle, marine vehicle, an air vehicle, whatever it might be – what is that vehicle going to do to their bodies?” In terms of noise, of vibration and stresses like G forces, for example, and shock, shock loading? Could we expose them to blast overpressure or some other sudden changes of pressure or noise that’s going to damage their ears, temporarily or permanently? Again, remarkably easy to do. So, that’s that aspect.
Operating Environment #3
Moving on, we continue to talk about noise and vibration in general. In this particular standard, we’ve got some quite stringent guidance on what needs to be looked at. Now, these requirements, of course, are assuming a particular way of doing things, which we will come to later. There are a lot of standards reference by task 207. This task is assuming that we’re going to do things the American government or the American military way, which may not be appropriate for what we’re doing or the jurisdiction we’re in. So, we’ll just move on.
Operating Environment #4
Then again, talking about noise, blast, vibration, how are we going to do it? Some quite specific requirements in here. And again, you’ll notice, two-thirds of the way down in the paragraph, I’ve had to chop out some examples. There is some more in effect, hazard checklists in here saying we must consider X, Y, Z. Now, again, this seems to be requiring a particular way of doing things that may not be appropriate in a non-American defence environment. However, the principle I think, to take away from this is that this is a very demanding task. If we consider human health effects properly, it’s going to require a lot of work by some very specialist and skilled people. In fact, we may even get in some specialist medical people. If you work in aviation or medicine, you may be aware that there is a specialist branch of medicine for called aviation medicine where these things are specifically considered. And similarly, there are medical specialists are a diving operations and other things where we expose human beings to strange effects. So, this can be a very, very demanding task to follow.
Operating Environment #5
So, when we’re going to equip people with protective equipment or we’re going to make engineering changes to the system to protect them, how effective are these things going to be? And given that most of these things have a finite effectiveness – they’re rarely perfect unless you can take the human out of the system entirely, then we’re going to be exposing people to some level of hazard and there will be some risk that that might cause that injury. So, how many individuals are we going to expose per platform or over the total population exposed over the life of the system? Now, bearing in mind we’re talking sometimes about very large military systems that are in service for decades. This can be thousands and thousands of people. So, we may need to think about that and certainly in Australia, if we expose people to certain potential contaminants and noise, we may have to run a monitoring program to monitor the health and exposure of some of this exposed population or all of them. So, that can be a major task and we would need to identify the requirements to do that quite early on, hopefully. And then, of course, again, we’re not doing this for the sake of it. How can we optimize the design and effectively reduce noise exposure and vibration exposure to humans? And how did we calculate it? How did we come to those conclusions? Because we’re going to have to keep those records for a long, long time. So, again, very demanding recording requirements for this task.
Operating Environment #6
And then I think this is the final one on operating environment. What are the limitations of this protective equipment and what burden do they impose? Because, of course, if we load people up with protective equipment that may introduce further hazards. Maybe we’re making the individual more likely to suffer a muscular musculoskeletal disorder. Or maybe we are making them less agile or reducing their sensitivity to noise? Maybe if we give people hearing protection, if somebody else has assumed that they will hear a hazard coming, well, they’re not going to anymore, are they? If they’re wearing lots of protective equipment, they may not be as aware of the environment around them as they once were. So, we can introduce secondary hazards with some of this stuff. And then we need to look at the trade-offs. When and where? Is it better to equip people or not to equip people and limit their exposure or just keep them away altogether?
So moving on briefly, we’re just going to talk about radiation. Now in this task – again, I’ve had to chop a lot of stuff out – you’ll see that in square brackets this task refers to certain US standards for radiation. Both ionizing and non-ionizing lasers and so forth. That’s appropriate for the original domain, which this standard was targeted at. It may be wholly inappropriate for what you and I are doing. So, we need to look at the principles of this task, but we may need to tailor the task substantially in order to make it appropriate for the jurisdiction we’re working in. Again, we’re going to have to keep these records for a long time. Radiation is always going to be dreaded by humans so it’s a controversial topic. We’re going to have to monitor people’s exposure and protect them and show that we have done so, potentially decades into the future. So, we should be looking for the very highest standards of documentation and recording in these areas because they will come under scrutiny.
Moving onto contracting, this is more of a standard part of this task or part of the standard, I should say. These words or very similar words exist in every task. So, I’m not going to go through all of these things in any great detail. It’s worth noting, and I’ll come back to this in part B, we may need to direct whoever is doing the analyses to consider or exclude certain areas because it’s quite possible to fritter away a lot of resources doing either a wide but shallow analysis that fails to get to the things that can really hurt people. So, we might be doing a superficial analysis or we might go overboard on a particular area and I’ve mentioned HAZMAT but there are many things that people can get overexcited about. So, we might see people spending a lot of time and effort and money in a particular area and ignoring others that can still hurt people. Even though they might be mundane, not as sexy. Maybe the analysts don’t understand them or don’t want to know. So, the customer who is paying for this may need to direct the analysis. I will come on to how you do that later. Then also the customer or client may need to specify certain sources of information, certain standards, certain exposure standards, certain assumptions, certain historical sets of data and statistics to be used. Or some statistics about the population, because, of course, for example, the military systems, the people who operate military systems tend to be quite a narrow subset of the population. So, there are very often age limits. Frontline infantry soldiers tend to be young and fit. In certain professions, you may not be allowed to work if you are colour-blind or have certain disabilities. So, it may be that a broad analysis of the general population is not appropriate for certain tasks. We may have to go – it may be perfectly reasonable to assume certain things about the target population. So, we need to think about all of these things and ensure that we don’t have an unfocused analysis that as a result is ineffective or wastes a lot of money looking at things that don’t really matter, that are irrelevant.
Standards and criteria. In part F, there are 29 references which the standard lists, which are all US military standards or US legal standards. Now, probably a lot of those will be inappropriate for a lot of jurisdictions and a lot of applications. So, there’s going to be quite a lot of work there to identify what are the appropriate and mandatory references and standards to use. And as I said, in the health hazard area, there are often a lot. So, we will often be quite tightly constrained on what to do.
And Part H, if the customer knows or has some idea of the staff numbers and profile, they’re going to be exposed to this system of operating and maintaining the system. That’s a very useful information and needs to be shared. We don’t want to make the analyst, the contractor, guess. We want them to use appropriate information. So, tell them and make sure you’ve done your homework, that you tell them the right thing to do.
So, that’s all of the standard. I’ve got four slides now of commentary. And the first one, I just want to really summarize what we’ve talked about and think about the complexity of what we’re being asked to do. First bullet point, we are considering cradle to grave operation and maintenance and disposal. Everything associated with, potentially, quite a complex system. Now, this lines up very nicely with the requirements of Australian law, which require us to do all of this stuff. So, it’s got to be comprehensive.
Second bullet point, we’ve got to think about a lot of things. Death and injury, illness, disability, the effects on and could we infect somebody or contaminate somebody with something that will cause birth defects in their offspring? There’s a wide range of potential vectors of harm that we’re talking about here, and we will probably – for some systems, we will need to bring in some very specialist knowledge in order to do this effectively. And also thinking about reduced job performance – this is one aspect of human factors. This task is going to linking very strongly to whatever human factors program we might.
Thirdly, we’ve got to think about chemical, physical, and biological hazards. So, again, there’s a wide range of stuff to think about there. An example of that is hazmat and the requirements on hazmat are, in most jurisdictions, tend to be very stringent. So, that is going to be done and we need to be prepared to do a thorough job and demonstrate that we’ve done a thorough job and provide all the evidence. Then we’ve also got ergonomics. Actually, strictly speaking, we’re talking human factors here because it’s a much wider definition than what the definition of ergonomics that I’m used to, which tends to be purely physical effects on a human. Because we’re talking about cognitive and perception and job performance as well and also we’ve got vibration and acoustics. So, again, particular medical effects and stringent requirements. So, a whole heap of other specialists work there. An operating environment, thinking about the humans that will be exposed. How are we going to manage that? What do we need to specify in order to set up whatever medical monitoring program of the workforce we might have to bring in in the future through life? So, again, potentially a very big, expensive program. We need to plan that properly.
Then finally, radiation. Another controversial topic which gets lots of attention. Very stringent requirements, both in terms of exposure levels and indeed we will often be directed as to how we are to calculate and estimate stuff. It’s another specialist area and it has to be done properly and thoroughly.
Overall, every one of those seven bullet points shows how complex and how comprehensive a good health hazard analysis needs to be. So, to specify this well, to understand what is required and what is needed through life, for the program to meet our legal and regulatory obligations, this is a big task and it needs a lot of attention and potentially a lot of different specialist knowledge to make it work. I flogged that one to death, so I’ll move on.
Now, as I’ve said before, too, this is an American military standard, so it’s been written to conform to that world. Now in Australia, for example, but this is a good example of how we’re going to you might have to do it in another country, the requirements of Australian work, health and safety are quite different to the American way of doing things. Whilst we tend to buy a lot of American equipment and there’s a lot of American-style thinking in our military and in our defence industry, actually, Australian law much is much more closely linked to English law. It’s a different legal basis to what the Americans do. So Australian practitioners take note. It’s very easy to go down the path of following this standard and doing something that will not really meet Australian requirements. It’ll be, ”We’ll do some work” and it may be very good work, but when we come to the end and we have to demonstrate compliance with Australian requirements, if we haven’t thought about and explicitly upfront, we’re probably in for a nasty shock and a lot of expensive rework that will delay the program. And that means we’re going to become very, very unpopular very quickly. So, that’s one to avoid in my experience. So, we will need to tailor task 207 requirements upfront in order to achieve WHS compliance. And the client customer needs to do that and understand that not the – well the contractor needs to. The analysts need to understand that. But the customer needs to understand that first, otherwise, it won’t happen.
Let’s talk a bit more about tailoring for WHS. For example, there are several WHS codes of practice which are relevant. And just to let you know, these codes of practice cover not only requirements of what you have to achieve, but also, to a degree, how you are to achieve that. So, they mandate certain approaches. They mandate certain exposure standards. Some of them also list a lot of other standards that are not mandated but are useful and informative. So, we’ve got codes of practice on hazardous manual tasks so avoiding muscular-skeletal injuries. We’ve got several codes of practice on hazardous chemicals. So, we’ve got a COP specifically on risk management and risk assessment of hazardous chemicals, on safety data sheets, on labelling of HAZ CHEM in a workplace. We’ve got a COP on noise and hearing loss and also we have other COPs on specific risks, such as asbestos, electricity and others, depending on what you’re doing. So, potentially there is a lot of regulation and codes of practice that we need to follow. And remember that COPs are, while they contain regulations, they also are a standard that a court will look to enforce if you get prosecuted. If you wind up in court, the prosecution will be asking questions to determine whether you’ve met the requirements of COP or not. If you can’t demonstrate that you’ve met them, you might have done a whole heap of work and you might be the greatest expert in the world on a certain kind of risk, but if he can’t demonstrate that you’ve met at minimum the requirements of COP – because they are minimum requirements – then you’re going to be in trouble. So, you need to be aware of what those things are.
Then on radiation, we have separate laws outside the WHS. So, we have the Australian Radiation Protection and Nuclear Safety Agency, ARPANSA, and there is an associated act and associated regulations and some COP as well. So, for radiation side, there’s a whole other world that you’ve got to be aware of and associated with all of this stuff are exposure standards.
Finally, how do we do all of this without spending every dollar in the defence budget and taking 100 years to do it? Well, first of all, we need to set our scope and priorities. So, before we get to task 207, the client/the customer should be involving end-users and doing a preliminary hazard identification exercise. That should be broad and as thorough as possible. They should also be doing a preliminary hazardous hazard analysis exercise, task 202, to think about those hazards and risks further. Also, you should be doing task 203, which is system requirements hazard analysis. We need to be thinking about what are the applicable requirements for my system from the law all the way down to what specific standards? What codes of practice? What historical norms do we expect for this type of equipment? Maybe there is industry good practice on the way things are done. Maybe as we work through the specifications for the equipment, we will derive further requirements for hazard controls or a safety management system or whatever it might be. That’s a big job in itself. So, we need to do all three of those tasks, 201, 202, 203, in order to be prepared and ready to focus on those things that we think might hurt us. Might hurt people physically, but also might hurt us in terms of the amount of effort we’re going to have to make in order to demonstrate compliance and assurance. So, that will focus our efforts.
Secondly, when we need to do the specialist analyses and we may not always need to do so. This is where 201, 202 and 203 come in. But where we need to do specialist analyses, we may need to find specialist staff who are competent to do these this kind of unusual or specialist work and do it well. Now, typically, these people are not cheap, and they tend to be in short supply. So, if you can think about this early and engage people early, then you’re going to get better support. You’re probably going to get a better deal because in my experience if you call in the experts and ask their opinion early on, they’re more likely to come back and help you later. As opposed to, if you ignore them or disregard their advice and then ask them for help because you’re in trouble, they may just ignore you because they’ve got so much work on. They don’t need your work. They don’t need you as a client. You may find yourself high and dry without the specialists you need or you may find yourself paying through the nose to get them because you’re not a priority in their eyes. So do think about this stuff early, I would suggest and do cultivate the specialist. If you get them in early and listen to them and they feel involved, you’re much more likely to get a good service out of them.
So thirdly, try not to do huge amounts of work on stuff that doesn’t really have a credible impact on health. Now, I know that sounds like a statement of the blinking obvious, but because people get so het up about health issues, particularly things like radiation and other hazards that humans can’t see so we dread them. We get very emotional about this stuff and therefore, management tends to get very, very worried about this stuff. And I’ve seen lots of programs spend literally millions of dollars analysing stuff to death, which really doesn’t make any difference to the safety of people in the real world. Now, obviously, that’s wasted money, but also it diverts attention from those areas that really are going to cause or could cause harm to people through the life of the system. So, we need to use that risk matrix to understand what is the real level of risk exposure to human beings and therefore, how much money should we be spending? How much effort and priority should we be spending on analysing this stuff? If the risk is genuinely very low, then probably we just take some standard precautions, follow industry best practice and leave it at that and we keep our pennies for where they can really make a difference.
Now, having said that, there are some exceptions. We do need to think about accident survivability. So, what stresses are people going to be exposed to if their vehicle is an accident? How do we protect them? How do they escape afterwards? Hopefully. How do we get them to safety and treat the injured? And so on and so forth. That may be a very significant thing for your system. Also post-accident scenarios in terms of – very often a lot of hazardous materials are safely locked away inside components and systems but if the system catches fire or is smashed to pieces and then catches fire, then potentially a lot of that HAZMAT is going to become exposed. Very often materials that pose a very low level of risk, if you set them on fire and then you look at the toxic residue left behind after the fire, it becomes far more serious. So, that is something to consider. What do we do after we’ve had an accident and we need to sort of clean up the site afterwards? And so on and so forth. Again, this tends to be a very specialist job so maybe we need to get in some specialists to give us advice on that. Or we need to look to some standards if it’s a commonplace thing in our industry, as it often is. We learn we learned from bitter experience. Well, hopefully, we learn from bitter experience.
So, that’s it from me. I appreciate it’s been a long session, but this is a very complex task and I’ve really only skimmed the surface on this and pointed you at sort of further reading and maybe some principles to look at in more depth. So, all the quotations are from the Mill standard, which is copyright free. But this presentation is copyright of the Safety Artisan.
And for more information on this topic and others, and for more resources, do please visit www.safetyartisan.com or you can also go to www.patreon.com and look at the Safety Artisan page. Now the two are linked together. So, if you go to one and you want to click on a video that you need to subscribe via Patreon, it’ll sort all of that out for you. But also, there are lots of free resources on the website as well, and there’s plenty of free videos to look at.
So, that is the end of the session. Thank you very much for listening. And all that remains for me to say is thanks very much for supporting the work of the Safety Artisan and tuning into this video. And I wish you every success in your work now and in the future. Goodbye.
In this 40-minute video, ‘Introduction to Human Factors’, I am pleased to welcome Peter Benda to The Safety Artisan.
Peter is a colleague and Human Factors specialist, who has 23 years’ experience in applying Human Factors to large projects in all kinds of domains. In this session we look at some fundamentals: what does Human Factors engineering aim to achieve? Why do it? And what sort of tools and techniques are useful? As this is The Safety Artisan, we also discuss some real-world examples of how erroneous human actions can contribute to accidents, and how Human Factors discipline can help to prevent them.
This post is the Transcript: Intro to Human Factors.
In the 40-minute video, I’m joined by a friend, colleague and Human Factors specialist, Peter Benda. Peter has 23 years of experience in applying Human Factors to large projects in all kinds of domains. In this session we look at some fundamentals: what does Human Factors engineering aim to achieve? Why do it? And what sort of tools and techniques are useful? As this is The Safety Artisan, we also discuss some real-world examples of how Human Factors can contribute to accidents or help to prevent them.
Transcript: Intro to Human Factors
Simon: Hello, everyone, and welcome to the Safety Artisan: Home of Safety Engineering Training. I’m Simon and I’m your host, as always. But today we are going to be joined by a guest, a Human Factors specialist, a colleague, and a friend of mine called Peter Benda. Now, Peter started as one of us, an ordinary engineer, but unusually, perhaps for an engineer, he decided he didn’t like engineering without people in it. He liked the social aspects and the human aspects and so he began to specialize in that area. And today, after twenty-three years in the business, and first degree and a master’s degree in engineering with a Human Factors speciality. He’s going to join us and share his expertise with us.
So that’s how you got into it then, Peter. For those of us who aren’t really familiar with Human Factors, how would you describe it to a beginner?
Peter: Well, I would say it’s The Joint Optimization Of Human-Machine Systems. So it’s really focusing on designing systems, perhaps help holistically would be a term that could be used, where we’re looking at optimizing the human element as well as the machine element. And the interaction between the two. So that’s really the key to Human Factors. And, of course, there are many dimensions from there; environmental, organizational, job factors, human and individual characteristics. All of these influence behaviour at work and health and safety. Another way to think about it is the application of scientific information concerning humans to the design of systems. Systems are for human use, which I think most systems are.
Simon: Indeed. Otherwise, why would humans build them?
Peter: That’s right. Generally speaking, sure.
Simon: So, given that this is a thing that people do then. Perhaps we’re not so good at including the human unless we think about it specifically?
Peter: I think that’s fairly accurate. I would say that if you look across industries, and industries are perhaps better at integrating Human Factors, considerations or Human Factors into the design lifecycle, that they have had to do so because of the accidents that have occurred in the past. You could probably say this about safety engineering as well, right?
Simon: And this is true, yes.
Peter: In a sense, you do it because you have to because the implications of not doing it are quite significant. However, I would say the upshot, if you look at some of the evidence –and you see this also across software design and non-safety critical industries or systems –that taking into account human considerations early in the design process typically ends up in better system performance. You might have more usable systems, for example. Apple would be an example of a company that puts a lot of focus into human-computer interaction and optimizing the interface between humans and their technologies and ensuring that you can walk up and use it fairly easily. Now as time goes on, one can argue how out how well Apple is doing something like that, but they were certainly very well known for taking that approach.
Simon: And reaped the benefits accordingly and became, I think, they were the world’s number one company for a while.
Peter: That’s right. That’s right.
Simon: So, thinking about the, “So why do it?” What is one of the benefits of doing Human Factors well?
Peter: Multiple benefits, I would say. Clearly, safety and safety-critical systems, like health and safety; Performance, so system performance; Efficiency and so forth. Job satisfaction and that has repercussions that go back into, broadly speaking, that society. If you have meaningful work that has other repercussions and that’s sort of the angle I originally came into all of this from. But, you know, you could be looking at just the safety and efficiency aspects.
Simon: You mentioned meaningful work: is that what attracted you to it?
Peter: Absolutely. Absolutely. Yes. Yes, like I said I had a keen interest in the sociology of work and looking at work organization. Then, for my master’s degree, I looked at lean production, which is the Toyota approach to producing vehicles. I looked at multiskilled teams and multiskilling and job satisfaction. Then looking at stress indicators and so forth versus mass production systems. So that’s really the angle I came into this. If you look at it, mass production lines where a person is doing the same job over and over, it’s quite repetitive and very narrow, versus the more Japanese style lean production. There are certainly repercussions, both socially and individually, from a psychological health perspective.
Simon: So, you get happy workers and more contented workers-
Peter: –And better quality, yeah.
Simon: And again, you mentioned Toyota. Another giant company that’s presumably grown partly through applying these principles.
Peter: Well, they’re famous for quality, aren’t they? Famous for reliable, high-quality cars that go on forever. I mean, when I moved from Canada to Australia, Toyota has a very, very strong history here with the Land Cruiser, and the high locks, and so forth.
Simon: All very well-known brands here. Household names.
Peter: Are known to be bombproof and can outlast any other vehicle. And the lean production system certainly has, I would say, quite a bit of responsibility for the production of these high-quality cars.
Simon: So, we’ve spoken about how you got into it and “What is it?” and “Why do it?” I suppose, as we’ve said, what it is in very general terms but I suspect a lot of people listening will want to know to define what it is, what Human Factors is, based on doing it. On how you do it. It’s a long, long time since I did my Human Factors training. Just one module in my masters, so could you take me through what Human Factors involves these days in broad terms.
Peter: Sure, I actually have a few slides that might be useful –
Simon: – Oh terrific! –
Peter: –maybe I should present that. So, let me see how well I can share this. And of course, sometimes the problem is I’ll make sure that – maybe screen two is the best way to share it. Can you see that OK?
Simon: Yeah, that’s great.
Introduction to Human Factors
Peter: Intro to Human Factor. So, as Stewart Dickinson, who I work with at human risk solutions and I have prepared some material for some courses we taught to industry. I’ve some other material and I’ll just flip to some of the key slides going through “What is Human Factors”. So, let me try to get this working and I’ll just flip through quickly.
Definitions of Human Factors
Peter: So, as I’ve mentioned already, broadly speaking, environmental, organizational, and job factors, and human individual characteristics which influence behaviour at work in a way that can which can affect health and safety. That’s a focus of Human Factors. Or the application of scientific information concerning humans to the design of objects, systems and environments for human use. You see a pattern here, fitting work to the worker. The term ergonomics is used interchangeably with Human Factors. It also depends on the country you learn this in or applied in.
Simon: Yes. In the U.K., I would be used to using the term ergonomics to describe something much narrower than Human Factors but in Australia, we seem to use the two terms as though they are the same.
Peter: It does vary. You can say physical ergonomics and I think that would typically represent when people think of ergonomics, they think of the workstation design. So, sitting at their desk, heights of tables or desks, and reach, and so on. And particularly given the COVID situation, there are so many people sitting at their desks are probably getting some repetitive strain –
Simon: –As we are now in our COVID 19 [wo]man caves.
Peter: That’s right! So that’s certainly an aspect of Human Factors work because that’s looking at the interaction between the human and the desk/workstation system, so to speak, on a very physical level.
But of course, you have cognitive ergonomics as well, which looks of perceptual and cognitive aspects of that work. So Human Factors or ergonomics, broadly speaking, would be looking at these multi-dimensional facets of human interaction with systems.
Definitions of Human Factors (2)
Peter: Some other examples might be the application of knowledge of human capabilities and limitations to design, operation and maintenance of technological systems, and I’ve got a little distilled –or summarized- bit on the right here. The Human Factors apply scientific knowledge to the development and management of the interfaces between humans and rail systems. So, this is obviously in the rail context so you’re, broadly speaking, talking in terms of technological systems. That covers all of the people issues. We need to consider to assure safe and effective systems or organizations.
Again, this is very broad. Engineers often don’t like these broad topics or broad approaches. I’m an engineer, I learned this through engineering which is a bit different than how some people get into Human Factors.
Simon: Yeah, I’ve met a lot of human factor specialists who come in from a first degree in psychology.
Peter: That’s right. I’d say that’s fairly common, particularly in Australia and the UK. Although, I know that you could take it here in Australia in some of the engineering schools, but it’s fairly rare. There’s an aviation Human Factors program, I think, at Swinburne University. They used to teach it through mechanical engineering there as well. I did a bit of teaching into that and I’m not across all of the universities in Australia, but there are a few. I think the University of the Sunshine Coast has quite a significant group at the moment that’s come from, or, had some connection to Monash before that. Well, I think about, when I’m doing this work, of “What existing evidence do we have?” Or existing knowledge base with respect to the human interactions with the system. For example, working with a rail transport operator, they will already have a history of incidents or history of issues and we’d be looking to improve perhaps performance or reduce the risk associated with the use of certain systems. Really focusing on some of the evidence that exists either already in the organization or that’s out there in the public domain, through research papers and studies and accident analyses and so forth. I think much like safety engineering, there would be some or quite a few similarities in terms of the evidence base –
Simon: – Indeed.
Peter: – Or creating that evidence through analysis. So, using some analytical techniques, various Human Factors methods and that’s where Human Factors sort of comes into its own. It’s a suite of methods that are very different from what you would find in other disciplines.
Simon: Sure, sure. So, can you give us an overview of these methods, Peter?
Peter: There are trying to think of a slide for this. Hopefully, I do.
Simon: Oh, sorry. Have I taken you out of sequence?
Peter: No, no. Not out of sequence. Let me just flip through, and take a look at –
The Long Arm of Human Factors
Peter: This is probably a good sort of overview of the span of Human Factors, and then we can talk about the sorts of methods that are used for each of these – let’s call them –dimensions. So, we have what’s called the long arm of Human Factors. It’s a large range of activities from the very sort of, as we’re talking about, physical ergonomics, e.g. sitting at a desk and so on, manual handling, workplace design, and moving to interface design with respect to human-machine interfaces- HMIs, as they’re called, or user interfaces. There are techniques, manual handling techniques and analysis techniques – You might be using something like a task analysis combined with a NIOSH lifting equation and so on. Workplace design, you’d be looking at anthropocentric data. So, you would have a dataset that’s hopefully representative of the population you’re designing for, and you may have quite specific populations. So Human Factors, engineering is fairly extensively used, I would say, in military projects –in the military context-
Simon: – Yes.
Peter: – And there’s this set of standards, the Mil standard, 1472G, for example, from the United States. It’s a great example that gives not only manual handling standards or guidelines, workplace design guidelines in the workplace, in a military sense, can be a vehicle or on a ship and so on. Or on a base and so forth.
Interface design- So, if you’re looking at from a methods perspective, you might have usability evaluations, for example. You might do workload’s studies and so forth, looking at how well the interface supports particular tasks or achieving certain goals.
Human error –There are human error methods that typically leverage off of task models. So, you’d have a task model and you would look at for that particular task, what sorts of errors could occur and the structured methods for that?
Simon: Yes, I remember human task analysis –seeing colleagues use that on a project I was working on. It seemed quite powerful for capturing these things.
Peter: It is and you have to pragmatically choose the level of analysis because you could go down to a very granular level of detail. But that may not be useful, depending on the sort of system design you’re doing, the amount of money you have, and how critical the task is. So, you might have a significantly safety-critical task, and that might need quite a detailed analysis. An example there would be – there was a … I think it’s the … You can look up the accident analysis online, I believe it’s the Virgin Galactic test flight. So this is one of these test flights in the U.S. – I have somewhere in my archive of accident analyses – where the FAA had approved the test flights to go ahead and there was a task where – I hope I don’t get this completely wrong – where one of the pilots (there are two pilots, a pilot and a co-pilot) and this test aeroplane where they had to go into high-altitude in this near-space vehicle. They were moving at quite a high speed and there was a particular task where they had to do something with – I think they had to slow down and then you could … slow down their aeroplane, I guess, by reducing the throttle and then at a certain point/a certain speed, you could deploy, or control, the ailerons or some such, wing-based device, and the task order was very important. And what had happened was a pilot or the co-pilot had performed the task slightly out of order. As a matter of doing one thing first before they did another thing that led to the plane breaking up. And fortunately, one of the pilots survived, unfortunately, one didn’t.
Simon: So, very severe results from making a relatively small mistake.
Peter: So that’s a task order error, which is very easy to do. And if the system had been designed in a way to prevent that sort of capability to execute that action at that point. That would have been a safer design. At that level, you might be going down to that level of analysis and kind of you get called keystroke level analysis and so on
Simon: – Where it’s justified, yes.
Peter: Task analysis is, I think, probably one of the most common tools used. You also have workload analysis, so looking at, for example, interface design. I know some of the projects we were working on together, Simon, workload was a consideration. There are different ways to measure workload. There’s a NASA TLX, which is a subjective workload. Questionnaire essentially, that’s done post-task but it’s been shown to be quite reliable and valid as well. So, that instrument is used and there are a few others that are used. It depends on the sort of study you’re doing, the amount of time you have and so forth. Let me think, that’s workload analysis.
Safety culture- I wouldn’t say that’s my forte. I’ve done a bit of work on safety culture, but that’s more organizational and the methods there tend to be more around culpability models and implementing those into the organizational culture.
Simon: So, more governance type issues? That type of thing?
Peter: Yes. Governance and – whoops! Sorry, I didn’t mean to do that. I’m just looking at the systems and procedure design. The ‘e’ is white so it looks like it’s a misspelling there. So it’s annoying me …
Simon: – No problem!
Peter: Yes. So, there are models I’ve worked with at organization such as some rail organizations where they look at governance, but also in terms of appropriate interventions. So, if there’s an incident, what sort of intervention is appropriate? So, essentially use sort of a model of culpability and human error and then overlay that or use that as a lens upon which to analyse the incident. Then appropriately either train employees or management and so on. Or perhaps it was a form of violation, a willful violation, as it may be –
Simon: – Of procedure?
Peter: Yeah, of procedure and so on versus a human error that was encouraged by the system’s design. So, you shouldn’t be punishing, let’s say, a train driver for a SPAD if the –
Simon: – Sorry, that’s a Signal Passed At Danger, isn’t it?
Peter: That’s right. Signal Passed At Danger. So, it’s certainly possible that the way the signalling is set up leads to a higher chance of human error. You might have multiple signals at a location and it’s confusing to figure out which one to attend to and you may misread and then you end up SPADing and so on. So, there are, for example, clusters of SPADs that will be analysed and then the appropriate analysis will be done. And you wouldn’t want to be punishing drivers if it seemed to be a systems design issue.
Simon: Yes. I saw a vivid illustration of that on the news, I think, last night. There was a news article where there was an air crash that tragically killed three people a few months ago here in South Australia. And the newsies report today is saying it was human error but when they actually got in to reporting what had happened, it was pointed out that the pilot being tested was doing – It was a twin-engine aeroplane and they were doing an engine failure after take-off drill. And the accident report said that the procedure that they were using allowed them to do that engine failure drill at too low an altitude. So, if the pilot failed to take the correct action very quickly – bearing in mind this is a pilot being tested because they are undergoing training – there was no time to recover. So, therefore, the aircraft crashed. So, I thought, ”Well, it’s a little bit unfair just to say it’s a human error when they were doing something that was in intrinsically inappropriate for a person of that skill level.”
Peter: That’s an excellent example and you hear this in the news a lot. Human error, human error and human error. The cause of this, I think, with the recent Boeing problems with the flight control system for the new 737s. And of course, there will be reports. Some of the interim reports already talk about some of these Human Factors, issues inherent in that, and I would encourage people to look up the publicly available documentation on that-
Simon: – This is the Boeing 737 Max accidents in Indonesia and in Ethiopia, I think.
Peter: That’s correct. That’s correct. Yes, absolutely. And pilot error was used as the general explanation but under further analysis, you started looking at that error. That so to speak error perhaps has other causes which are systems design causes, perhaps. So these things are being investigated but have been written about quite extensively. And you can look at, of course, any number of aeroplane accidents and so on. There’s a famous Air France one flying from Brazil to Paris, from what I recall. It might have been Rio de Janeiro to Paris. Where the pitot –
Simon: – Yeah, pitot probes got iced up.
Peter: Probes, they iced up and it was dark. So, the pilots didn’t have any ability to gauge by looking outside. I believe it was dark or it might have been a storm. There’s some difficulty in engaging what was going on outside of the aeroplane and there again misreads. So, stall alarms going off and so off, I believe. There were some mis-readings on the airspeed coming from the sensors, essentially. And then the pilots acted according to that information, but that information was incorrect. So, you could say there were probably a cascade of issues that occurred there and there’s a fairly good analysis one can look up that looks at the design. I believe it was an Airbus. It was the design of the Airbus. So, we had one pilot providing an input in one direction to the control yoke and the other pilot in the other direction. There are a number of things that broke down. And typically, you’ll see this in accidents. You’ll have a cascade as they’re trying to troubleshoot and can’t figure out what’s going on they’ll start applying various approaches to try and remedy the situation and people begin to panic and so on.
And you have training techniques, a crew resource management, which certainly has a strong Human Factors element or comes out of the Human Factors world, which looks at how to have teams and cockpits. And in other situations working effectively in emergency situations And that’s sort of after analysing, of course, failures.
Simon: Yes, and I think CRM, crew resource management, has been adopted not just in the airline industry, but in many other places as well, hasn’t it?
Peter: Operating theatres, for example. There’s quite a bit of work in the 90s that started with I think it was David Gaba who I think was at Stanford – this is all from memory. That then look at operating theatres. In fact, the Monash Medical Centre in Clayton had a simulation centre for operating theatres where they were applying these techniques to training operating theatre personnel. So, surgeons, anaesthetists, nurses and so forth.
Simon: Well, thanks, Peter. I think and I’m sorry, I think I hijacked you’ll the presentation, but –
Peter: It’s not really a presentation anyway. It was more a sort of better guidance there. We’re talking about methods, weren’t we? And it’s easy to go then from methods to talking about accidents. Because then we talk about the application of some of these methods or if these methods are applied to prevent accidents from occurring.
Simon: Cool. Well, thanks very much, Peter. I think maybe I’ll let the next time we have a chat I’ll let you talk through your slides and we’ll have a more in-depth look across the whole breadth of Human Factors.
Peter: So that’s probably a good little intro at the moment anyway. Perhaps I might pull up one slide on Human Factors integration before we end.
Simon: Of course.
Peter: I’ll go back a few slides here.
What is Human Factors Integration?
Peter: And so what is Human Factors integration? I was thinking about this quite a bit recently because I’m working on some complex projects that are very, well, not only complex but quite large engineering projects with lots of people, lots of different groups involved, different contracts and so forth. And the integration issues that occur. They’re not only Human Factors integration issues there are larger-scale integration issues, engineering integration issues. Generally speaking, this is something I think that projects often struggle with. And I was really thinking about the Human Factors angle and Human Factors integration. That’s about ensuring that all of the HF issues, so HF in Human Factors, in a project are considered in control throughout the project and deliver the desired performance and safety improvements. So, three functions of Human Factors integration
confirm the intendant system performance objectives and criteria
guide and manage the Human Factors, aspects and design cycles so that negative aspects don’t arise and prevent the system reaching its optimum performance level
and identify and evaluate any additional Human Factors safety aspect now or we found in the safety case.
You’ll find, particularly in these complex projects, that the interfaces between the – you might have quite a large project and have some projects working on particular components. Let’s say one is working on more of a civil/structural elements and maybe space provisioning and so on versus another one is working more on control systems. And the integration between those becomes quite difficult because you don’t really have that Human Factors integration function working to integrate those two large components. Typically, it’s within those focused project groupings –that’s the way to call them. Does that make sense?
Simon: Yeah. Yeah, absolutely.
Peter: I think that’s one of the big challenges that I’m seeing at the moment, is where you have a certain amount of time and money and resource. This would be common for other engineering disciplines and the integration work often falls by the wayside, I think. And that’s where I think a number of the ongoing Human Factors issues are going to be cropping up some of these large-scale projects for the next 10 to 20 years. Both operationally and perhaps safety as well. Of course, we want to avoid –
Simon: –Yes. I mean, what you’re describing sounds very familiar to me as a safety engineer and I suspect to a lot of engineers of all disciplines who work on large projects. They’re going to recognize that as it is a familiar problem.
Peter: Sure. You can think about if you’ve got the civil and space provisioning sort of aspect of a project and another group is doing what goes into, let’s say, a room into a control room or into a maintenance room and so on. It may be that things are constrained in such a way that the design of the racks in the room has to be done in a way that makes the work more difficult for maintainers. And it’s hard to optimize these things because these are complex projects and complex considerations. And a lot of people are involved in them. The nature of engineering work is typically to break things down into little elements, optimize those elements and bring them all together.
Peter: Human Factors tends to –Well, you can do them Human Factors as well but I would argue that certainly what attracted me to it, is that you tend to have to take a more holistic approach to human behaviour and performance in a system.
Peter: Which is hard.
Simon: Yes, but rewarding. And on that note, thanks very much, Peter. That’s been terrific. Very helpful. And I look forward to our next chat.
Peter: For sure. Me too. Okay, thanks!
Simon: Well, that was our first chat with Peter on the Safety Artisan and I’m looking forward to many more. So, it just remains for me to say thanks very much for watching and supporting the work of what we’re doing and what we’re trying to achieve. I look forward to seeing you all next time. Okay, goodbye.
In the full-length session, The Safety Artisan looks at Operating & Support Hazard Analysis, or O&SHA, which is Task 206 in Mil-Std-882E. We explore Task 205’s aim, description, scope and contracting requirements. We also provide value-adding commentary, which explains O&SHA: how to use it with other tasks; how to apply it effectively on different products; and some of the pitfalls to avoid. We refer to other lessons for specific tools and techniques, such as Human Factors analysis methods.
Hello everyone and welcome to the Safety Artisan; home of safety engineering training. I’m Simon and today we’re going to be carrying on with our series on Mil. Standard 882E system safety engineering.
Operating & Support Hazard Analysis
Today, we’re going to be moving on to the subject of operating and support hazard analysis. This is, as it says, task 206 under the standard. Operating and support hazard analysis, I’ll just call it ONS or OSHA(also O&SHA) for short. Unfortunately, that will confuse people if I call OSHA. Let’s call it ONS.
Topics for this Session
The purpose of ONS hazard analysis is to identify and assess hazards introduced by those activities and procedures and also to evaluate the adequacy of ONS procedures, processes, equipment, facilities, etc, to mitigate risks that have been already identified. A twofold task but a very big task. And as we’ll see, we’ve got lots of slides today on task description, and reporting, contracting, and commentary. As always, I present the full text as is of the task, which is copyright free, but I’m only going to talk about the things that are important. So, we’re not going to go through every little clause of the standard that would be pointless.
O&S Hazard Analysis (T206) – Purpose
Let’s get started with the purpose. As we’ve already said, it’s to identify and assess those hazards which are introduced by operational and support activities and procedures and evaluate their adequacy. So, we’re looking at operating the system, whatever it may be- And of course, this is a military standard, so we assume a military system, but not all military systems are weapon systems by any means. Not all are physical systems. So, there may be inventory management systems, management information systems, all kinds of stuff. So, does operating those systems and just supporting them, maintaining them are resupplying them, disposing of them, etc – Does that create any hazards or introduce any hazards? And how do we mitigate? That’s the purpose of the task.
Task Description (T206)
Let’s move on to the task description. Again, we’re assuming a contractor is performing the analysis, but that’s not necessarily the case.
Task Description (T206) #1
For this task, this actually says this typically begins during engineering and manufacturing development, or EMD. So, we’re assuming an American style lifecycle for a big system and EMD comes after concept and requirements development. So, we are beginning to move into the very expensive stage of development for a system where we begin to commit serious money. It’s suggesting that O&SHA can wait until then which is fine in general unless you’ve identified any particularly novel hazards that will need to be dealt with earlier on. As it says, it should build on design hazard analyses, but we’ll also talk about the case later on when there is no design hazard analyses. And the O&SHA shall identify requirements or alternatives or eliminating hazards, mitigating risks, etc. This is one of those tasks where the human is very important – In fact, dominant to be honest. Both as a source of hazards and the potential victim of the associated risks. A lot of human-centric stuff going on here.
Task Description (T206) #2
As always, we’re going to think about the system configurations. We’re going to think about what we’re going to do with the system and the environment that we’re going to do it in. So, a familiar triad and I know I keep banging on about this, but this really is fundamental to bounding and therefore evaluating safety. We’ve got to know what the system is, what we’re doing with it, and the environment in which we’re doing it. Let’s move on.
Task Description (T206) #3
Again, Human Factors, regulatory requirements and particularly specified personnel requirements need to be thought of. Particularly for operating and support, we need to take into account the staffing and personnel concept that we have. It’s frighteningly easy to produce a system that needs so much maintenance, for example, or support activity that it is unaffordable. And lots and lots of military systems and, it must be said, government and commercial systems in the past have come in that required enormous amounts of support, which soon proved to be unaffordable or no one would sign up to the commitment required. So, lots of projects have simply died because the system was going to be too expensive to sustain. That’s a key point of what we’re doing with ONS here. It’s not just about health and safety. It’s about health and safety, which is affordable.
We also need to look at unplanned events. So, not just designed in things, but things introduced- It says human errors. Again, I’m going to re-emphasize it’s erroneous human action because human error makes it sound like a human is at fault. Whereas very often it’s the design or the concept or the requirements that are at fault and place unacceptable burdens on the human being. Again, lots of messy systems seen in the past, which didn’t quite work and we just kind of expected the operator to cope. And most of the time they cope and then every so often they have a bad day at the office or a bunch of factors come together and lots of people die. And then we blame the human. Well, it’s not the human’s fault at all. We put them in that position. And as always, we need to look at past- Past evaluations of related legacy systems and support operations. If you have good data about legacy systems or about similar systems that your organization or another organization has operated, then that’s gold dust. So, do make an effort to get hold of that information if you can. Maybe a trade association or some wider pan organization body can help you there.
Task Description (T206) #4
At a minimum, we’ve got to identify activities involving known hazards. This assumes that we’ve done some hazard analysis in the past, which is very important. We always need to do that. I’ll come back to that commentary. Secondly, changes needed in requirements, be they functional requirements – what we want the system to do. Or design requirements, if we put constraints on how the system may do it for whatever it may be, hardware, software, support equipment, whatever to make those hazard and risks more manageable. Requirements for safety features – so requirements for engineered features and devices, equipment, because always, in almost any jurisdiction, we will have a hierarchy of control that recognizes that designed and engineered in safety features are more effective than just relying on people to get it right. And then we’ve also got to communicate to people the hazards associated with the system. Warnings, cautions and whatever special emergency procedures might be required associated with the system. Again, that’s something that we see reinforced in law and regulations in many parts of the world. This is all good stuff. It’s accepted good practice all across the world.
Task Description (T206) #5
Moving on, we also need to think about how are we going to move the system around and the associated spares and supplies? How are we going to package them, handle them, stole them, transport them? Particularly if there are hazardous materials, etc, etc, involved. That’s the next part, G. Again, training requirements. We’re thinking about a human-centric approach. Whatever we expect people to do, they’ve got to be trained in how to do it. Point I, we’ve got to include everything, whether it’s developmental or non-developmental terms. We can’t just ignore stuff because it’s GFE or it’s off the shelf. It doesn’t mean it can never go wrong. Far from it. Particularly if we are putting stuff together that’s never been put together before in a novel combination or in a novel environment. Something that might be perfectly safe and stable in an air-conditioned office might start to do odd things in a much more corrosive and uncontrolled environment, let’s say.
We need to think about what modes might the system be potentially hazardous when under operative control. Particularly, we might think about degraded modes of operation. So, for whatever reason, a part of the system has gone wrong or the system has got into an operating environment within which it doesn’t operate as well as it could. It’s not in an optimal operating environment or state. The human being in control of it, we’re assuming, has still got to be able to operate the system, even if it’s only to shut it down or to get it back into a safer state or safer environment. We’ve got to think about all of those nuances.
Then because we’re talking about support as well, we need to think about a related legacy systems, facilities and processes which may provide background information. Also, of course, the system presumably will very often be operating alongside other systems or it will be supported by all systems maybe that exist or being procured separately. So, we’ve got to think about all those interactions as well and all those potential contributions. As you can see, this is quite a wide-ranging, broadly-scoped task.
Task Description (T206) #6
Finally, on this section, the customer/the end-user/or whoever may specify some specific analysis techniques. Very often they will not. So, whoever is doing the analysis, be they a contractor or third party outside agency, needs to make sure that whatever they propose to do is going to be acceptable to the program manager. In the sense that it is going to be compatible and relevant and useful. And then finally, the contractor has got to do some O&SHA at the appropriate time but maybe more detailed data will come along later. In which case that needs to be incorporated and also operational changes.
An absolute classic [situation] with military and non-military systems is; the system gets designed, it goes into test and evaluation and we discover that things- assumptions that were made during development- don’t actually hold up. The real world isn’t like that or whatever it might be and we find we’re making changes- making changes in assumptions. Those need to be factored in which, sadly, is often not done very well. So, that’s an important point to think about. What’s my change control mechanism and how will the people doing the and O&SHA find out about these changes? Because very often it’s easy to assume that everybody knows about this stuff but when you start making assumptions, the truth is that it very often goes adrift.
Reporting (T206) #1
Let’s talk about reporting- Just a couple of slides here. In the reporting, there’s some fairly standard stuff in here, the physical and functional characteristics of the system- that’s important. Again, we might assume that everybody knows what they are, but it’s important to put them in. It may be that the people doing the analysis were given a different system description to the people developing the system, to the people doing the personnel planning, etc. All the different things that have to be brought together, we need to make sure that they join up again. It’s too easy to get that wrong. Reinforcing the point I made on the previous slide, as more detailed descriptions and specifications come in that needs to be supplied when it becomes available and provided.
Hazard analysis methods and techniques. What techniques are we using? Give a description. If you’re doing it to a particular standard, so much the better. Great- that saves a lot of paper. What assumptions that we made? What data, both qualitative and quantitative have we used to support analysis? That all needs to be declared. By the way, one of the reasons is to be declared is that when things change- not if- that’s when these assumptions and the data and the techniques get exposed. So, if there are changes, if we don’t have this kind of information declared, we can’t assess the impact changes. And it gets even more difficult to keep up with what’s going on.
Reporting (T206) #2
And then hazard analysis results. Again, the leading particulars of the results should be recorded in the hazard tracking system, the HTS, or hazard log, or risk register- whatever you want to call it. But there will be more detailed information that we wouldn’t want to clutter up the risk register with and we also need to provide warnings, cautions and procedures to be included in maintenance manuals, training courses, operator manuals, etc. So, we’re going to or we’re probably going to generate an awful lot of data out of this task and that needs to be provided in a suitable format. Again, whoever the program manager on the client-side, or is the end-user representation, needs to think about this stuff quite early on.
That leads us neatly on to contracting. Now, this task, in theory, can be specified a little bit down the track, after the program started. In practice, what you find is program managers tried to specify everything upfront in a single contract for various reasons.
There are good reasons for doing that sometimes. Also, there are bad reasons but I’m not going to talk about that in this session. We’ll have a talk about planning your system safety program in another session. There’s a lot of nuances in there to be considered.
Just sticking to this task, identification of functional disciplines – who do we need to get involved in order to do this work properly? It’s likely that the safety team if you have one, may not have relevant operating experience or relevant sustainment experience for this kind of system. If they do, that’s fantastic but that doesn’t negate the read the requirement to get the end-user represented and involved. In fact, that’s a near legal requirement in Australia, for example, and in some other jurisdictions. We need to get the end-users involved. We need the discipline specialist to get involved. Typically, your integrated logistic support team, your reliability people, your maintainability, and your testability people, if you have those disciplines. Or maybe you’re calling them something else, it doesn’t really matter.
We need to know what are the reporting requirements. What, if any, analysis methods and techniques do we desire to be used? Maybe the client or end-user has got to jump through some regulatory hoops and therefore they need specific analysis work and safety results to be done and produced. If that’s the case, then that needs to be specified in the contract. And what data is to be generated in what format? And how is it to be reported on when, etc? Considering the hazard tracking system, etc? And then the client may also select or specify known hazards, known hazardous areas, or other specific items to be examined or excluded because maybe it’s being covered elsewhere or we don’t expect the contractor to be able to do this stuff. Maybe we need to use a specialist organization. Again, maybe a regulator has directed us to do so. So, all of these things need to be thought about when we’re putting together the contract requirements for task 206.
Again, I say this every time, we need to include all items within the scope of the system and the environment, not just developmental stuff. In fact, these days, maybe the majority of programs that I am seeing are mostly non-developmental. So, we’re taking lots of COTS stuff, GFE components and putting it all together. That’s all going to be included, particularly integration.
We need to think about legacy and related processes and the hazard analysis associated with them if we can get them. They should be supplied to whoever is doing the work and an analyst should be directed to review them and include lessons learned.
Then, reinforcing the previous point that has a tracking system- How will information reported in this task be correlated with tasks and analyses that are being done maybe elsewhere or by different teams? And the example here is 207 health hazard analysis. I’ll talk a little bit about the linkages between the two later. But it’s quite likely in this sort of area there will be large groups of people thinking about operations and maintenance and support. Very often those groups are very different. Sometimes they don’t even talk to each other. That’s the culture in different organizations. You don’t see airline pilots hanging around with baggage handlers very much, do you, down the pub for whatever reason? Different set of people- they don’t always mix very much. And again, you may also have different specialist disciplines, especially the Human Factors people. Again, you’ve got to tie everything in there. So, there’s going to be lots of interfaces in this kind of task that they’ve got to be managed.
Point I – concept of operations. Yes, that’s in every task. You’ve got to understand what we intend to do with this system or what the end-user intends to do with the system in order to have some context for the analysis.
And then finally, what risk definitions and what risk matrix are we using? If we’re not using the standard 882 matrix, then what are we doing?
I’ve got four slides of commentary now – a number of things to say about Task 206.
Now, I’ve picked an Australian example. So, Task 206 ties in very neatly with Australian WHS requirements. I suspect Australian WHS requirements have been strongly influenced by American OSHA and system safety practices. In Australia, we are heavily influenced by the US approach. This standard and legal requirements in Australia, and in many other states and territories let’s be honest, do tie in nicely with the standard. Although not always perfectly, you’ve got to remember that. So, we do need to focus on operations and support activities. That’s a big part of WHS, thinking about all relevant activities and cradle to grave – the whole life of the system. We need to think about the working environment, the workplace. We need to think about humans as an integral part of the system, be they operators or maintainers, suppliers, other kinds of sustainers. And we need to be providing relevant information on hazards, risks, warnings, trainings, and procedures, and requirements for PPE, and so on and so forth to workers.
So, task 206 is going to be absolutely vital to achieving WHS compliance in Australia and compliance with health and safety legislation and regulations in many parts of the world. In the US and UK and I would say in virtually all developed nations. So, this is a very important task for achieving compliance with the law and regulations. It needs to get the requisite amount of attention- It doesn’t always. People so often on a program during procurement and acquisition development, the technical system is the sexy thing. That’s the thing that gets all the attention, especially early on. The operating and particularly the support side tends to get neglected because it’s not so sexy. We don’t buy a system to support it after all do we? We buy a system to do a job. So, we get the operators in and we get their input on how to optimize the system to do the job most cost-effectively and with most mission effectiveness that we can get out of it. We don’t often think about support effectiveness. But to achieve WHS compliance or the equivalent this is a very important task so we will almost always need to do it.
The second item to think about – what is going to be key for the maintenance support side is a technique called Job Safety Analysis or Job Hazard Analysis. I’ve highlighted a couple of sources of information there, particularly I would recommend going to the American www.OSHA.gov site and the guidance that they provide on how to do a job hazard analysis. So, use that or use something else if something different is specified in the jurisdiction you’re working it, then go ahead and use that. But if you don’t have any [guidance] on what to do, this will help you.
This is all about – I’ve got a task to do, whatever it might be doing, how do I do it? Let’s analyse this step-by-step, or at least in reasonable size chunks, thinking about how we do the tasks that need to be done. Now, there’s the operator side, and then, of course, we’re always dealing with human beings working on the system or working with the system. So, we’re going to be seeing potentially a lot of Human Factors type techniques being relevant. And there are lots of tasks that we can think about, Hierarchical Task Analysis and that kind of approach is going to fit in with the Job Hazard Analysis as well. Those are going to link together quite well. There will also be things like workload analysis. Particularly for the operators, if we’re asking the operator to do a lot and to maintain a particular level of concentration or respond rapidly, we need to think about workload and too much workload and too little workload can make things worse.
There are lots of techniques out there, I’m not going to talk about Human Factors here. I’m going to be putting on a series on Human Factors techniques in cooperation with a specialist in that area. So, I’m not going to say more here.
For certain kinds of operators, let’s say pilots, people navigating a ship and so on, drivers, there will be well-established ways that those kind of operators are trained the way they have to operate. There will often be a legal framework and a regulatory framework that says how they have to operate. And then that may direct a particular kind of analysis to be done or a particular approach to be taken for how operators do their jobs. But equally, there are a vast range of operator roles in industry, in chemical plants. Various specialist operating roles where there’s an industry-specific approach to doing things. Or indeed the general approach may be left up to whoever is developing system. So, there’s a huge range of approaches here that are going to be largely dictated by the concept of operations and also an awareness of what is relevant law, regulation and good practice in a particular industry, in a particular situation. That’s where doing your Task 203, your safety requirements analysis really kicks in. It’s a very broad subject we’re covering here. You’ve got to get the specialist in to do it well.
Now, I mention that these days we’re seeing more and more legacy and COTS systems being used and repurposed. Partly to save time and money. We’re not developing mega systems as often as we used to, particularly in defence, but also in many other walks of life as well. So, we may find ourselves evaluating a system where very little technical hazard analysis has been done because there are no developmental items and it’s even difficult to do analysis on legacy or a COTS system because we cannot get the data to do so. Perhaps we can’t get the data for commercial reasons, contractual reasons.
Or maybe we’ve got a legacy system that was developed in a different jurisdiction and whatever information is available with it just doesn’t fit the jurisdictional regulatory system that we’ve got to work in where we want to operate the system. This is very common. Australia, for example, [acquires] a lot of systems from abroad, which have not been developed in line with how we normally do things.
We could in theory just do Task 206 if there was no developmental hazard analysis to do but that’s not quite true. At a minimum, we will always need to do some Preliminary Hazard Listing and hazard analysis – that’s Tasks 201 and 202 respectively. And we will very definitely need to do some System Requirements Hazard Analysis, Task 203, to understand what we need to do for a particular system in a particular application, operating environment, and regulatory jurisdiction. So, we’re always going to have to do those and we may well have to look at the integration of COTS things and do some system-level analysis. That’s 204. We’re definitely going to need to do the early analyses. In fact, the client and the end-user representatives should be doing 201, 202 and 203 and then we may be in a position to finish things off with 206 for certain systems.
Now, having said that, I’ve mentioned already that Task 206 can be very broad in scope and very wide-ranging. There’s a danger that we will turn Task 206 into a bottomless pit into which we pour money and effort and time without end. So, for most systems, we cannot afford to just do O&SHA, blanket across the board without any discernment or any prioritization.
So, we need to look at those other hazard analyses and prioritize those areas where people could get hurt. Particularly we should be using legacy and historical data here to say “What does – in reality, what does hurt people when looking after these systems or operating systems?” Again, as I’ve said before, in many industries there is a standard industry approach or good practice to how certain systems are operated, and maintained, and supported. So, if there is a standard industry approach available – particularly if we can justify that by available historical data – if that [is as good] as doing analysis, then why not just use the standard approach? It’s going to be easier to make a SFARP or a ALARP argument that way anyway. And why spend the money on analysis when we don’t have to? We could just spend the money on actually making the system safer. So, let’s not do analysis for the sake of doing analysis.
Also, there’s a strong synergy between the later tasks in the 200 series. There’s a strong linkage between this Task 206 and 207, which is Health Hazard Analysis. Also, there can be a strong linkage between Task 210, which is the Environmental Hazard Analysis. So, this trio of tasks focuses on the impact on living things, whether they be human beings or animals and plants and ecosystems and very often there’s a lot of overlap between them. For example, hazardous chemicals that are dangerous for humans are often dangerous for animals and plants and watercourses and so on and so forth. I’ll be talking about that more in the next session on Task 207.
One word of warning, however. Certainly, in Australia, we have got fixated on hazardous chemicals because we’ve had some very high-profile scandals involving HAZCHEM in the past. Now, there’s nothing wrong, of course, with learning from experience and applying rigorous standards when we know things have gone wrong in the past. But sometimes we go into a mindset of analysis for analysis sake. Dare I say, to cover people’s backsides rather than to do something useful. So, we need to focus on whether the presence of a HAZCHEM could be a problem. Whether people get exposed to it, not just that it’s there.
Certain chemicals may be quite benign in certain circumstances, and they only become dangerous after an emergency, for example. There are lots of things in the system that are perfectly safe until the system catches fire. Then when you’re trying to dispose or repair a fire damage system that can be very dangerous, for example. So, we need to be sensible about how we go about these things. Anyway, more on that in the next session.
That’s the commentary that I have on Task 206. As we said, it links very tightly with other things and we will talk about those in later sessions. I just like to point out that the “italic text in quotations” is from the Mil. standard. That is copyright free as most American government standards are. However, this presentation and my commentary, etc. are copyright of the Safety Artisan 2020.
This is Mil-Std-882E Operating & Support Hazard Analysis (O&SHA). Back to: Task 205.
The 200-series tasks fall into several natural groups. Task 206 addresses Operating & Support Analysis.
In the full-length session, The Safety Artisan looks at Operating & Support Hazard Analysis, or O&SHA, which is Task 206 in Mil-Std-882E. We explore Task 205’s aim, description, scope and contracting requirements. We also provide value-adding commentary, which explains O&SHA: how to use it with other tasks; how to apply it effectively on different products; and some of the pitfalls to avoid. We refer to other lessons for specific tools and techniques, such as Human Factors analysis methods.
The text from the standard follows:
OPERATING AND SUPPORT HAZARD ANALYSIS
206.1 Purpose. Task 206 is to perform and document an Operating and Support Hazard Analysis (O&SHA) to identify and assess hazards introduced by operational and support activities and procedures; and to evaluate the adequacy of operational and support procedures, facilities, processes, and equipment used to mitigate risks associated with identified hazards.
206.2 Task description. The contractor shall perform and document an O&SHA that typically begins during Engineering and Manufacturing Development (EMD) and builds on system design hazard analyses. The O&SHA shall identify the requirements (or alternatives) needed to eliminate hazards or mitigate the associated risks for hazards that could not be eliminated. The human shall be considered an element of the total system, receiving both inputs and initiating outputs within the analysis.
206.2.1 The O&SHA considers the following:
a. Planned system configuration(s)
b. Facility/installation interfaces to the system
c. Planned operation and support environments
d. Supporting tools or other equipment
e. Operating and support procedures
f. Task sequence, concurrent task effects, and limitations
g. Human factors, regulatory, or contractually specified personnel requirements
h. Potential for unplanned events, including hazards introduced by human errors
i. Past evaluations of related legacy systems and their support operations
206.2.2 At a minimum, the analysis shall identify:
a. Activities involving known hazards; the time periods, approximate frequency, and numbers of personnel involved; and the actions required to minimize risk during these activities.
b. Changes needed in functional or design requirements for system hardware, software, facilities, tooling, or support/test equipment to eliminate hazards or mitigate the associated risks for hazards that could not be eliminated.
c. Requirements for engineered features, devices, and equipment to eliminate hazards or reduce risk.
d. Requirements for Personal Protective Equipment (PPE), to include its limitations.
e. Warnings, cautions, and special emergency procedures.
f. Requirements for packaging, handling, storage, and transportation to eliminate hazards or reduce risk.
g. Requirements for packaging, handling, storage, transportation, and disposal of Hazardous Materials (HAZMAT) and hazardous wastes.
h. Training requirements.
i. Effects of Commercial-Off-the-Shelf (COTS), Government-Off-the-Shelf (GOTS), Government-Furnished Equipment (GFE) and Non-Developmental Item (NDI) hardware and software across interfaces with other system components or subsystems.
j. Potentially hazardous system modes under operator control.
k. Related legacy systems, facilities, and processes which may provide background information relevant to operating and supporting hazard analysis.
206.2.3 If no specific analysis techniques are directed or if the contractor recommends a different technique than the one specified by the Program Manager (PM), the contractor shall obtain PM approval of the technique(s) to be used before performing the analysis.
206.2.4 The contractor shall update the O&SHA following system design or operational changes as necessary.
206.2.5 The contractor shall document the results of the analysis to include the following information:
a. System description. This summary describes the physical and functional characteristics of the system and its subsystems. Reference to more detailed system and subsystem descriptions, including specifications and detailed review documentation, shall be supplied when such documentation is available.
b. Hazard analysis methods and techniques. Provide a description of each method and technique used in conduct of the analysis. Include a description of assumptions made for each analysis and the qualitative or quantitative data used.
c. Hazard analysis results. Contents and formats may vary according to the individual requirements of the program and methods and techniques used. As applicable, analysis results should be captured in the Hazard Tracking System (HTS). Ensure the results include a complete list of warnings, cautions, and procedures required in operating and maintenance manuals and for training courses.
206.3 Details to be specified. The Request for Proposal (RFP) and Statement of Work (SOW) shall include the following, as applicable:
a. Imposition of Task 206. (R)
b. Identification of functional discipline(s) to be addressed by this task. (R)
c. Minimum reporting requirements. (R)
d. Desired analysis methodologies and technique(s) and any special data elements, format, or data reporting requirements (consider Task 106, Hazard Tracking System).
e. Selected hazards, hazardous areas, or other specific items to be examined or excluded.
f. COTS, GOTS, NDI, and GFE technical data to enable the contractor to accomplish the defined task.
g. Legacy and related processes and equipment and associated hazard analyses to be reviewed.
h. How information reported in this task will be correlated with tasks and analyses that may provide related information, such as Task 207 (Health Hazard Analysis).
i. Concept of operations.
j. Other specific hazard management requirements, e.g., specific risk definitions and matrix to be used on this program.
This is Mil-Std-882E System Hazard Analysis (SHA). Back to: Task 204.
The 200-series tasks fall into several natural groups. Task 205 addresses System Hazard Analysis.
In the 45-minute video, The Safety Artisan looks at System Hazard Analysis, or SHA, which is Task 205 in Mil-Std-882E. We explore Task 205’s aim, description, scope and contracting requirements. We also provide value-adding commentary, which explains SHA – how to use it to complement Sub-System Hazard Analysis (SSHA, Task 204) in order to get the maximum benefits for your System Safety Program.
The text from the standard follows:
“SYSTEM HAZARD ANALYSIS
205.1 Purpose. Task 205 is to perform and document a System Hazard Analysis (SHA) to verify system compliance with requirements to eliminate hazards or reduce the associated risks; to identify previously unidentified hazards associated with the subsystem interfaces and faults; identify hazards associated with the integrated system design, including software and subsystem interfaces; and to recommend actions necessary to eliminate identified hazards or mitigate their associated risks.
205.2 Task description. The contractor shall perform and document an SHA to identify hazards and mitigation measures in the integrated system design, including software and subsystem and human interfaces. This analysis shall include interfaces associated with Commercial-Off-theShelf (COTS), Government-Off-the-Shelf (GOTS), Government-Furnished Equipment (GFE), Non-Developmental Items (NDI), and software. Areas to consider include performance, performance degradation, functional failures, timing errors, design errors or defects, and inadvertent functioning. While conducting this analysis, the human shall be considered a component within the system, receiving both inputs and initiating outputs.
205.2.1 This analysis shall include a review of subsystems interrelationships for:
a. Verification of system compliance with requirements to eliminate hazards or reduce the associated risks.
b. Identification of previously unidentified hazards associated with design of the system. Recommend actions necessary to eliminate these hazards or mitigate their associated risk.
c. Possible independent, dependent, and simultaneous events, including system failures, failures of safety devices, common cause failures, and system interactions that could create a hazard or result in an increase in risk.
d. Degradation of a subsystem or the total system.
e. Design changes that affect subsystems.
f. Effects of human errors.
(1) Of potential contribution of hardware and software events (including those that are developed by other contractors/sources, COTS, GOTS, NDIs, and GFE hardware or software), faults, and occurrences (such as improper timing) on the potential for mishaps.
(2) Of whether design requirements in the system specifications have been satisfied.
(3) Of whether the methods of implementing the system design requirements and mitigation measures have introduced any new hazards.
205.2.2 If no specific analysis techniques are directed or if the contractor recommends a different technique than the one specified by the Program Manager (PM), the contractor shall obtain PM approval of techniques to be used before performing the analysis.
205.2.3 When software to be used within the system is being developed under a separate software development effort, the contractor performing the SHA shall monitor, obtain, and use the output of each phase of the formal software development process in evaluating the software contribution to the SHA. Hazards identified that require mitigation action by the software developer shall be reported to the PM in order to request appropriate direction be provided to the software developers.
205.2.4 The contractor shall evaluate system design changes, including software design changes, and update the SHA as necessary.
205.2.5. The contractor shall prepare a report that contains the results from the task described in paragraph 205.2 and includes:
a. System description. The system description provides the physical and functional characteristics of the system and its subsystem interfaces. Reference to more detailed system and subsystem descriptions, including specifications and detailed review documentation, shall be supplied when such documentation is available.
b. Hazard analysis methods and techniques. Provide a description of each method and technique used in conduct of the analysis. Include a description of assumptions made for each analysis and the qualitative or quantitative data used.
c. Hazard analysis results. Contents and formats may vary according to the individual requirements of the program and methods and techniques used. As applicable, analysis results should be captured in the Hazard Tracking System (HTS).
205.3 Details to be specified. The Request for Proposal (RFP) and Statement of Work (SOW) shall include the following, as applicable:
a. Imposition of Task 205. (R)
b. Identification of functional discipline(s) to be addressed by this task. (R)
c. Desired analysis methodologies and technique(s) and any special data elements, format, or data reporting requirements (consider Task 106, Hazard Tracking System). d. Selected hazards, hazardous areas, or other specific items to be examined or excluded.
e. COTS, GOTS, NDI, and GFE technical data to enable the contractor to accomplish the defined task.
f. Concept of operations.
g. Other specific hazard management requirements, e.g., specific risk definitions and matrix to be used on this program.“