This article is from the 2020 NESC Technical Update.
NASA’s Human-Rating Requirements for Space Systems (NPR 8705.2C) calls for Program Managers to conduct a human error analysis (HEA) during system development. The analysis should cover all mission phases, including ground processing, launch preparation, flight, and recovery/disposal operations. The purpose is to identify human errors that could lead to catastrophic outcomes and apply this information to identify areas for design changes. The requirement makes it clear that HEA is a qualitative analysis that complements probabilistic hazard assessments. The requirement for HEA applies to systems developed by NASA, but depending upon agreements, HEA may also be applied to other crewed space systems.
For as long as the NASA HEA requirement has been in force, there has been uncertainty about exactly what is a human error analysis, and how should one be done. In 2018, after the NESC received a request for guidance on this issue, Dr. John O’Hara (Brookhaven National Lab) and Dr. Alan Hobbs (San Jose State University) were tasked with answering these questions. The resulting position paper Guidance for Human Error Analysis was approved by the NESC Review Board in November 2019 and is available as NASA/TM-2020-5001486.
Their resulting position paper presents methods that can be used to meet the intent of NPR 8705.2C, but does not rule out the use of alternative approaches. The document covers the essential elements of human error analysis including establishing the HEA team; screening-in tasks for analysis; identifying potential catastrophic errors for each analyzed task; error management strategies; and documenting the analysis.
Error analysis is about identifying and mitigating problems at a system level, and not about finding fault with individuals. In many cases, errors occur in the context of error-producing conditions in hardware, software, or procedures. If we can influence the design to eliminate these conditions, we can reduce the likelihood of human error, while retaining the positive contribution that humans make to system operations.
The position paper distinguishes error-producing conditions (EPC) from error traps. An EPC is a general condition (such as time pressure or fatigue) that can increase the likelihood of error across a range of tasks. An error trap is a particular set of circumstances that can provoke a specific error, e.g., adjacent items of hardware with compatible connectors that enable a cross-connection error. Many EPCs can never be eliminated entirely. However, in most cases, error traps can be designed out of the system. The elimination of error traps is one of the most valuable outcomes of HEA.
For more information, contact Dr. Cynthia H. Null, cynthia.h.null@nasa.gov or Dr. Alan Hobbs, alan.hobbs@nasa.gov.