Progress in Human Reliability Analysis
In this section, we will discuss the human reliability analysis method to describe how the primary focus has shifted from a mechanistic view to a systemic view of human performance.
Human Reliability Analysis (HRA) is a method for qualitative or quantitative assessment of the probability (frequency) and the effects of unsafe human acts. In the nuclear sector, HRA had already been an essential step in Probabilistic Risk Assessment (PRA) before the TMI-2 accident, because the probabilities of human errors in plant operations are basic data required for calculating the core damage frequency. In the early stage of development, HRA borrowed primary concepts from reliability analysis of hardware components; human errors were thought of as phenomena similar to hardware component failures. It was assumed, therefore, that operators' tasks can be divided into elementary task units, and the status of each task unit can be described by the binary logic of success versus failure. In addition, a human was dealt with as a black box without considering the internal cognitive mechanism that determines human performance.
Such methods for HRA are often called fi HRA. Technique for Human Error Rate Prediction (THERP)  is a typical example of fi HRA, which was developed early for the fi comprehensive PRA of Light Water Reactors, WASH1400 . In THERP, a human task is modeled using a binary event tree as shown in Fig. 24.2, which shows an example task composed of three steps: (1) connecting power to the equipment, (2) turning Switch 1 on, and (3) turning Switch 2 on. Each branching
Fig. 24.2 Example of THERP event tree with probabilities in parentheses
node corresponds to an elementary task unit and the left and right branches, respectively, show success and failure paths of the task. It is assumed that the basic Human Error Probability (HEP) of an elementary task unit is primarily determined by the class of the task unit and the error mode. Concrete numbers of basic HEPs can be evaluated by looking up the database attached to the THERP handbook .
One of the drawbacks of first-generation HRA is its restricted power to describe situations of human performance. It is therefore applicable only to tasks that are well defined as standard operation procedures. Tasks that require complex cognitive processes of judgment are beyond the scope of first-generation HRA. In the TMI-2 accident, the operators misjudged the internal state of the reactor vessel based on the information obtained from the main control panel and stopped ECCS convinced that it was the correct action. Such an error by conviction or an error of commission occurs through an error mechanism very different from simple mishaps. Internal cognitive mechanisms of a human have to be looked into to deal with errors of commission in HRA.
Towards the end of the 1980s, many researchers of human factors started thinking that some breakthrough was required for HRA methods . It is imperative to take errors of commission into account, because they may defeat multiple safety barriers and put the system into critical conditions. In addition, people cannot readily detect errors of commission by themselves in comparison with errors of omission.
Human modeling is a key technique to consider the cognitive mechanism of human performance for calculating HEPs. Rasmussen's classifi of human performance into the three levels of skill, rule, and knowledge is the most popular example of such ideas of human modeling . As research on human modeling and error psychology has progressed, it has become clear that human errors are not causes but consequences of unsafe incidents. Based on the outcomes of this research, methods for second-generation HRA were developed in the 1990s [9, 10].
Figure 24.3 shows the conceptual framework for human performance and human errors that is the basis of second-generation HRA. The context, which is
Fig. 24.3 Conceptual framework of human performance and human errors
Personal factors Environmental factors Social factors a set of situational factors and conditions surrounding human performance, is a key concept in second-generation HRA. The context consists of various contextual factors that can be classified into personal, environmental, and social factors. Personal factors include those related to the characteristics of individual personnel such as experience level, skill level, physical and cognitive features, personality traits, and so on. Environmental factors are hardware and software attributes of the workplace such as tools, ambient conditions, design of human-machine interface, available information, and so on. Social factors are attributes of organizational or social institutions such as rules, training programs, workgroup composition, communication systems, and so on.
These factors affect the reliability of human performance through the cognitive mechanism of a human. Since the cognitive mechanism does not differ greatly among individuals, the reliability of human performance does not depend on the functioning of the cognitive mechanism but primarily on the appropriateness of context. A context where humans inevitably commit errors, Error Forcing Context (EFC), should be attended to in particular. EFC is a context in which everybody will commit an error almost certainly; HEP is almost equal to the probability of the appearance of EFC. Since an error of commission will occur under EFC just like a common mode failure of mechanical components, multiple barriers for error prevention can easily be breached. The context of human performance has come to be the target of analysis in second-generation HRA rather than human performance itself. Important contextual factors to be analyzed are chosen based on the consideration of cognitive processes that will produce the expected human performance. This was a great shift of conceptualization from the mechanistic image of human performance behind fi generation HRA.