##
398047 Quantifying Human Error Probabilities through a Bayesian Network Using Expert Opinion and an Auditing Tool: An Application to the Tokai-Mura Accident

The increasing globalization of the world economy is turning organizations environment increasingly complex, where scenario changes occur in a dynamic, nonlinear, unpredictable and fast-paced way, requiring organizations to have a continuing need for changes to adapt to new success conditions. Proper management of opportunities and threats created by this scenario has come to constitute a key factor for organization competitiveness and survival. A great improvement of technological aspects in comparison with human and organizational factors has been observed in recent decades. This mismatch is evident if one looks at accident histories at facilities that handle with hazardous technologies, which shows that organizational factors have an increasing importance on accident causes (Hollnagel, 2004).

When compared with technological factors, human and organizational factors are characterized by their multidimensional nature and complexity due to nonlinear interactions that influence their behavior. A variety of quantitative and qualitative methods have been proposed to incorporate these factors into reliability calculations, but not as yet successfully, Alvarenga et al (2014).

Human reliability analysis techniques, which allow quantification of human error probabilities (HEPs) used in nuclear installations, are THERP (Swain and Guttman, 1983), MERMOS (Bieder et al, 1998), CREAM (Hollnagel, 1998) and ATHEANA (NRC, 2000), in general. These techniques are also used in quantitative risk analyses in the chemical, petrochemical, and aerospace fields.

In industries dealing with hazardous technologies one can refer to some regulations that induce them to anticipate this learning, such as the Seveso II Directive (1996), used in Europe, OSHA regulations (used in the U.S.) and the 174 Resolution of the International Labor Organization (ILO 174). These regulations seek to establish risk quantification in order to offer society a numerical risk acceptability criterion.

In this context, one can consider that proposals to quantify human errors should be adapted to the conditions of each facility, for only in the facility microcosm is it possible to treat nonlinearities that bring complexity to the problem. This path enables to point out in advance safety deterioration and the set of factors that are contributing to it.

As a way to fill the need for a model that allows to incorporate contributing socio-technical elements to human error, in this paper one can highlight a set of minimum requirements that make the model: *a*) holistic and applicable to complex dynamic systems so that relationships between existing technical, human and organizational factors be emerging; *b*) able to focus on system elements without losing the connections between them in modeling; *c*) compatible with existing ideas and principles of safety and quality management, so that it allows for a learning culture in the organization; *d*) able to allow connections between existing concepts in management, as, for instance, to distinguish between policies, procedures and instructions; *e*) resistant and capable of preventing abnormal process occurrences in a facility and adapt to circumstances, in order to improve safety and to reduce risk; *f*) cyclical and closed, providing feedback; and *g*) able to allow the stratification of the elements that contribute the most to HEPs, thus helping to direct and prioritize efforts to address organizational, human and technical structures that lead to degradation of the plant safety function as a whole. It is worth mentioning here that an analysis of one of the human errors in the Three Mile Island accident was performed by means of a hybrid THERP-ATHEANA approach in order to shed some light on the application of HRA techniques (Fonseca et al, 2013).

In a previous work (Ribeiro et al, 2014), a model for assessing human error probabilities for process plants was developed by considering, as a starting point, human failure probabilities taken from THERP and CREAM.

Those human error probabilities do not take into account elements that represent the facility conditions in determining human error probabilities (HEP) used in probabilistic safety analyses of process plants.

An approach to show the predominance of human factors as accident cause was presented, as well as existing methodologies for HEP determination and their deficiencies in incorporating socio-technical elements that influence them. Such elements are: control center design, remote operations, human-machine interface, training, communications, environmental factors, workloads and staffing levels, safety culture, procedures, maintenance, management of change, and incident investigation (CCPS, 2007).

A mathematical model, based on Bayesian networks, is now proposed to incorporate these elements in an easier way.

Given the complexity involved in Bayesian inference when it comes to systems with more than two variables, Bayesian networks are recommended (Jensen, 1996). Bayesian networks (BN) are directed acyclic graphs that, in a probabilistic way, represent dependencies between variables. Network nodes represent random variables (discrete or continuous) and directed arcs illustrate the dependency relationships among variables (Pearl, 1988). The relationship between cause and effect is expressed by conditional probabilities.

BNs are useful for aggregating expert opinions. The complexity of a Bayesian network depends on the level of information that can be obtained and the importance that the analyst gives to such information.

Each node has an associated conditional probability table (CPT) that quantifies the effects that parents exert on a node, i.e., the probability of the node being in a specific state, given its parent states. For each variable *A* that has as parents *X*_{1}, ..., *X _{i}*, there is a table of conditional probabilities

*P*(

*A*|

*X*

_{1}, ...,

*X*).

_{i}A Bayesian network was developed to allow for considering the influence of the 12 factors mentioned earlier on the human failure sequences of the Tokai-Mura event, in order to investigate what information was needed to fill up its respective conditional probability table. All human failure sequences were modeled and the new human failure probability could be estimated.

The Bayesian network model was applied to the accident that occurred in 1999 in Tokai-Mura, Japan. The modified HEP was 2 times greater than the nominal HEP and this result is in agreement with the one presented in Ribeiro et al (2014). As an improvement, the use of Bayesian networks allows for considering all analysis steps by means of a proper computer program, like the Netica^{TM} software (available from norsys.com), a trademark of Norsys Software Corporation, used in this work.

A benefit of the Bayesian network model is the fact that a sensitivity analysis can be easily performed to analyze the impact of each of the 12 factors mentioned and thus allowing for a more realistic plant behavior modeling in face of abnormal events.

It has become clear at safety conferences and congresses in the nuclear and chemical and petrochemical fields that existing laws and regulations, especially some requirements of international regulatory bodies such as the CSB (Chemical Safety Board, USA), are more and more explicit in regarding the implementation of human reliability analysis (HRA) as a way of risk reduction. However, most organizations still do not have efficient mechanisms to understand and implement policies for human factors analyses. This work offers a contribution to include in a comprehensive manner the elements that influence human error. Also, improvements on plant management that can be taken into account by the 12 factors considered can be easily evaluated by the Bayesian network, thus allowing for estimating human reliability improvements.

A contribution of the proposed model is to allow seeing how elements relate and how they influence HEP quantification, which allows directing efforts in the short and long term to reduce HEPs or even review the effectiveness of the efforts being made to reduce them.

References

Alvarenga, M. A. B., Frutuoso e Melo, P. F., Fonseca, R. A., 2014. A Critical Review of Methods and Models for Evaluating Organizational Factors in Human Reliability Analysis, Progress in Nuclear Energy **75**, 25 – 41.

Bieder, C., Le-Bot, P., Desmares, E., Bonnet, J.-L., Cara, F., 1998. MERMOS: EDF’s New Advanced HRA Method. In: Mosleh, A., Bari, R.A. (Eds.), Probabilistic Safety Assessment and Management (PSAM 4). Springer-Verlag, New York.

CCPS, 2007. Human Factors Methods for improving Performance in the Process Industries, Center for Chemical Process Safety, American Institute of Chemical Engineers, Wiley, New York, NY.

Fonseca, R. A., Alvim, A. C. M., Alvarenga, M. A. B., Frutuoso e Melo, P. F., 2013. A THERP/ATHEANA Analysis of the Latent Operator Error in Leaving EFW Valves Closed in the TMI-2 Accident, Science and Technology of Nuclear Installations, http://dx.doi.org/10.1155/2013/787196.

Hollnagel E., 1998. Cognitive Reliability and Error Analysis Method (CREAM), Elsevier, Oxford, UK.

Hollnagel, E, 2004. Barriers and Accident Prevention, Ashgate, Hampshire, UK.

Jensen, F. V., 1996. An Introduction to Bayesian Networks. UCL Press, University College London, UK.

NRC, 2000. Technical Basis and Implementation Guidelines for A Technique for Human Event Analysis (ATHEANA). NUREG 1624, US Nuclear Regulatory Commission, Washington, DC, 2000.

Pearl, J., 1988. Probabilistic Reasoning in Intelligent Systems. Morgan Kaufmann Publishers, San Francisco, CA, USA.

Ribeiro, A. C., Sousa, A. L., Duarte, J. P., Frutuoso e Melo, P. F., 2014. Human Reliability Analysis of the Tokai-Mura Accident through a THERP-CREAM and Expert Opinion Auditing Approach, submitted to the Nuclear Engineering and Design journal.

Swain, AD and Guttman, HE, 1983. Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications, NUREG/CR-1278, US Nuclear Regulatory Commission, Washington, DC.

**Extended Abstract:**File Uploaded

See more of this Group/Topical: Global Congress on Process Safety