Health and safety at work

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

2.1 Human Factors Analysis

Consideration of human factors is necessary to improve health and safety at work by optimizing the interaction of humans with their work environment. This will provide considerable benefits for industry by increasing efficiency and by preventing accidents. Human error can be caused by poor operator interface design, operator experience, lack of communication, workload or shift fatigue. One of the reasons for pipeline accidents apart from human error is lack of mechanisms to pass on accumulated knowledge to the future generations and as a result, the newer operators will not have the knowledge to handle the abnormal situation until they commit the mistake (Ian Nimmo, 2002). According to the studies conducted by ASM consortium, API and other similar organizations to understand the reasons for pipeline accidents showed that 80% of the catastrophes are linked to human error (Ian Nimmo, 2002).

In 2006, Congress enacted the Pipeline Inspection, Protection, Enforcement and Safety Act (PIPES Act), directing PHMSA to issue regulations requiring each operator of a gas or hazardous liquid pipeline to develop, implement and submit management plans designed to reduce risks associated with human factors in the control room (Russel Treat, 2009). PHMSA has recognized the importance of controllers in pipeline safety and started integrity management (IM) programs to help the operators understand the actions required to mitigate the risks involved with excavation damage and corrosion and to address human impact on pipeline system integrity, PHMSA started PTP (Prevention through people) program to recognize the importance of human interactions and to understand the opportunities to prevent risks (Department of transportation, 2008).

        The ability of the controller to adapt his characteristics to suit changes in the characteristics of a process is an important factor determining the performance and safety of the control system. The operator interface must be designed by bringing usability into the design process, so that they are easy and effective to use from operators perspective. Many system designers postulate that "removing man from the loop" is the most convenient alternative for the reduction or even the elimination of human error, and to increase system reliability they suggest to consider automation, but for the foreseeable futudre, despite increasing levels of computerization and automation, human operators will have to remain in charge of the day-to-day controlling and monitoring of these systems, since system designers cannot anticipate all possible scenarios of failure, and hence are not able to provide pre-planned safety measures for every contingency (Meshkati, 2006).

2.2 Interface Design

There are several issues while designing the user interface. We need to consider the knowledge and experience of the operators to make the interface as simple as possible. We need to analyze the limitations and abilities of the operators in understanding the interface and how the performance of operator depends on the elements we choose while designing the interface. Miller did research on the limitation of short term memory and his results indicate that humans can generally hold only five to nine symbols or "chunks" of information in short term memory and graphic information, "pre- chunked" as it is, can permit humans to process more information at a time (Miller, 1956).

There are three aspects that we need to consider when modeling human behavior in human computer interaction and they are cognitive, physical, and affective factors. A human's ability to accept inputs and produce responses is limited; when the capacity is exceeded, information overload may negatively affect response and performance (Gordon Davis). So while designing we need to consider how much information an operator often receives and how much multitasking does he/her have to perform to accomplish a task (Gordon Davis). The mental workload of operators working in the pipeline system control room was highly variable and according to Tikhomirov, high or unbalanced mental workload causes a narrowing span of attention, inadequate distribution and switching of attention, forgetting the proper sequence of actions, an incorrect evaluation of solutions, slowness in arriving at decisions. One study funded by the ASM Consortium showed implementing human factors engineering into the design of an operator's graphical user interface (GUI) resulted in a 41% faster resolution of an abnormal situation as compared to utilizing a traditional interface (Errington J. R., 2005). Navigation concerns the decisions and actions that contribute to a person's ability to find and examine data organized in the computer medium, so the operators interface must have good navigation.

2.2.1Elements of the interface

Many information processing technologies and new input-output devices, are now available in the commercial market and the invention of new types of human interface for supporting our daily work are expanding day by day. However, the cognitive ability of humans has not varied, but is almost at the same level as that of prehistoric man (Yoshikawa).

Some of the HMI issues included color; alpha- numeric and text presentation, audible annunciation which should be well thought-out when designing the graphics display (Errington J. R., 2006). According to research conducted by MPR Associates and Laboratory (2004) some ways to hedge against the shortcomings of implementing color is to use no more than a maximum of six colors, and apply color coding according to already standardized or typical user meanings.

Direct manipulationis ahuman-computer interactionstyle which involves continuous representation of objects of interest, and rapid, reversible, incremental actions and feedback (Wikipedia). The intention is to allow a user to directly manipulate objects presented to them, using actions that correspond at least loosely to the physical world so that the user can easily understand the system. Having real-world metaphors for objects and actions can make it easier for a user to learn and use an interface. When using the graphical interface, the user thinks about the role of the computer in the interaction, and with the efforts required to get it to do what he/her want. A critical distinction is whether users feel themselves to be the principle actors within the system or not. So when we design the interface, most of the work should be done by system and little effort from user.

Some key features implemented in designing interface study conducted in pipeline industry (Errington J. R., 2006) can be considered for other systems based on graphical interfaces

  1. Multi-windowing with controlled window management to minimize display overlays.
  2. Multi-level, simultaneous views of increasing plant detail.
  3. Automated display invocation through pre-configured display associations for assisted, task-relevant navigation.
  4. Tabbed navigation within a display level.
  5. Access to online information
  6. Limited color-coding, limited 3-D objects and simple/effective symbols

2.2.2 Degree of fidelity

There are several methods available for the user to interact with the user interface. The primary methods are graphical display and text console interaction. While designing the user interface three specific details must be considered.

What are the user's needs?

What are the user's goals?

What are the user's skills and experience?

Any interface we design must be user centered and it should have easy navigation and the above mentioned details separate the good design from poor design. It is important to present information in a way that can be readily perceived in the manner intended. For example, there are many ways to design icons. The key is to make them easily distinguishable from one another and to make it simple to recognize what they are intended to represent (Dr Jenny Preece, 2002). The degree of accuracy while designing the interface does have an impact on the user's satisfaction and the performance (Dr Jenny Preece, 2002). The user interface can be designed to mimic the behavior of almost any device and what is visible is conveyed through the user interface.

        One common approach designers have exploited for controlling complexity is to ground user interface actions, tasks, and goals in a familiar framework of concepts that are already understood and such a framework is called as user interface metaphor (M. Helander, 1997). Interface metaphors help establish user expectations and encourage predictions about system behavior and metaphors provide the platform for learning by making previously learned information applicable to new situations (M. Helander, 1997). Presenting functionality in familiar objects provides users with much of the knowledge for how systems work and how the objects in them behave. User interface components are purely symbolic entities and their arbitrariness is the crux of design problems (M. Helander, 1997). For example 'trash' can works well as a metaphor for throwing the objects, but as the task changes to ejecting a disk, the information provided by the metaphor breaks. Implementation of metaphors will make new technology more useful and the extensive use of metaphors has a dramatic impact on user interface design practices and as software and hardware capabilities advance, and as computers are increasingly used for work, communication , and leisure (M. Helander, 1997).

2.2.3 Emotional affects

Emotional skills, especially the ability to express and recognize emotions, are central to human communication. Most of us are highly skilled at detecting when someone is angry, happy, sad, or bored by recognizing their facial expressions, way of speaking, and other body signals. It has been suggested that computers be designed to recognize and express emotions in the same way humans do and the term coined for this approach is "affective computing" (Dr Jenny Preece, 2002). A well known approach to design affective interfaces is to use expressive icons and other graphical elements to convey emotional states. For example, a hallmark of the Apple computer is the icon of a smiling Mac that appears on the screen when the machine is first started (Dr Jenny Preece, 2002). The smiling icon conveys the feeling of friendliness, inviting the user to feel at ease and even smile back. One of the benefits of these kinds of expressive elaborations is that they provide reassuring feedback to the user that can be both informative and fun. The style of an interface, in terms of the shapes, fonts, colors, and graphical elements that are used and the way they are combined, influences how pleasurable it is to interact with (Dr Jenny Preece, 2002). The more effective the use of imaginary at the interface, the more engaging and enjoyable it can be.

        Recent research suggests that the aesthetics of an interface can have a positive effect on people's perception of the system's usability (Dr Jenny Preece, 2002). Moreover when the "look and feel" of an interface is pleasing, users are likely to be more tolerant of its usability. Users themselves have also been inventive in expressing their emotions at the computer interface.

        Often user frustration is caused by bad design, no design, unexpected design, or ill-thought-out design. Its impact on users can be quite drastic and make them abandon the application or tool. Ideally error messages should be treated as how-to-fix-it messages. Instead of explicating what has happened, they should state the cause of the problem and what the user needs to do to fix it. Another way of providing information is through online help, such as tips, handy hints, and contextualized advice. The signaling used at the interface to indicate that such online help is available needs careful consideration. Interfaces overloaded with text and graphics make the users frustrate and makes it difficult to find the information desired and slow to access. The above mentioned factors have an emotional impact on the users and they should be well thought out before implementing.

2.3 Operator Training and Responsibilities

Accidents may begin in a conventional way, but they rarely proceed along predictable lines. Accident initiation and its propagation through possible pathways and branches within the system is a highly complex and hard to foresee event (Meshkati, 2006). So today's operators must be highly competent and must be able to perform their jobs with proficiency. For a plant to improve its profitability, reduce the costs and optimize its assets, training is essential. The federal office of pipeline safety (OPS) issued the Operator Qualification (OQ) rule in 1999, which states that the pipeline industries are required to develop and implement OQ programs (Kent Denny, 2003).

In one of the ASM study to understand the abnormal situation management in 6 chemical plants was able to identify the primary initiating cause of incidents from the plant incident reports. One of the reasons observed was that training programs were not effective to build the knowledge, skills and abilities of operations personnel. It was noted that the supervisors and field operators were not able to provide significant guidance to console operators (Bullemer, 1994). The authors stated that console operators expressed a need for more effective training and they also reported a feedback from the companies who expressed a reluctance to identify people as the initiating cause of an incident (Bullemer, 1994).Training strategy must be different for new hire operators, control operators and supervisors and should include different levels of training based on their position (Pankoff Sr, 1999). Training should be given over a period of time in regular intervals and the training should be given in all scenarios the operator faces in real time. It's been stated in EEMUA No. 191 that operators should be trained in detecting and diagnosing fault of the alarm system.

        According to (Pankoff Sr, 1999) training must also be given to experienced operators to care for the plant equipment and optimize production, apart from new hires to maximize the effectiveness. Some companies opt for stand- alone generic pipeline simulation in their training and it's been observed that the use of integrated offline training simulators has not been widespread in liquid pipeline community. As operators do not train on the actual pipeline system, trainees do not learn any of the specifics of their company's pipeline (Christie, 2007). The safety study published by NTSB on SCADA system in liquid pipeline noted that training of infrequent events like leak detection and mitigation must be learned from methods other than on-the-job training and this will improve the probability of controllers finding the problem. The operator has many responsibilities while controlling the system and the training environment should address as many aspects of the operating environment as possible (Christie, 2007).

2.4 Alarm Management

Proliferation of alarms is a major problem in process industry, making it difficult for operators to distinguish between critical events and nuisance alarms. When operators are overwhelmed by a large number of alarms, operators tend to take over control of the plant from their rule based engines that can run them at a much higher level of efficiency. The unfortunate results are lower production rates, and overall decreased operational efficiency.

Modern process control systems now not only provide an out of the box solution for general automation needs but they also have the added capability of an integrated alarm/interlock management and knowledge based system. For example, to prevent alarm flooding only the root cause incident and the first affected equipment may be alarmed when a sequence is triggered to shut down by a process condition or equipment shutdown. Alarms also can be linked to a knowledge base that provides the operator with information on the root cause of the alarm and a recommendation for corrective action. This proposed approach has the potential to increase throughput, improve quality and reduce costs by significantly increasing the proportion of time in which the equipment can be run in automatic mode by rule based engines at optimal levels of efficiency. The vast majority of alarm situations can be readily dealt with by operators without having to take the plant out of rule based control if they quickly understand the root cause of the problem. When the operator doesn't understand the situation or what is causing the problem, there is a tendency to shut down the rule engine and move into semi-automatic or manual mode while operators try and figure out what is going on.

It is often difficult to determine the severity of the problem. Is this a safety concern that justifies immediately shutting down the process or is it a simple matter that can be corrected while continuing with rule based control? The operator has to make these kinds of decisions in seconds and if he or she isn't sure then it is necessary to err on the side of safety even though this will have a negative impact on the plant's operating performance.

The goal of an alarm management strategy should be to organize and manage alarms so the operators can easily distinguish between critical and nuisance alarm's, can quickly identify the root cause of the problem and have information at their fingertips as to what type of corrective action is needed. Accomplishing this goal requires that an alarm management strategy be developed and that this strategy be embedded into the process control system. Fortunately, the latest generation of digital process control systems such as the Emerson's DeltaV digital automation system provide a complete toolset to build intelligence into alarms based on the knowledge of the most experienced plant personnel. This built-in intelligence or knowledge base enables operators to quickly identify and understand alarms that represent real problems that require immediate attention. This intelligence can be embedded into standard control modules that process these alarms behind the scenes to manage the way in which they are presented to users.

        Studies also indicate that alarm system re-engineering and improvement exercises, though beneficial, need a structured approach involving commitment, resources, and significant amount of time. The biggest obstructer for the industry has been the difficulty in continuously assessing alarm systems and justifying the benefits in improving those (A. Nochur).

One such incident is the explosion and fires at the Texaco Refinery, Milford Haven in the UK in 1994 that resulted in plant damage costing nearly US$ 72M to repair, significant production losses, and a fine of US$ 300,000 plus associated costs (Health & Safety Executive, 1997). The alarm system obstructed and contributed to the abnormal situation management problem by loading the operators with one alarm every 2-3 seconds (20-30 alarms/min) in the 5 hours leading to the incident (A. Nochur).

There are 3 plant states and they are 'Normal', 'Abnormal', 'Emergency'. There will be three different operating modes and the plant states with critical systems available to operations in each of these states with the operational goals and plant activities. This is extremely important that these plant states and operating modes are fully understood so that alarm priority and alarm usage can be designed to meet the requirements set (Nimmo).

2.5 Operator Workload

The operator has two kinds of workloads, mental and physical. Communication in radio, discussions with engineers and DCA systems involve lots of physical work. Therefore information provided to operators should be in manageable aptitude or else it would lead to mistakes.

In the normal operation work load operation is minimum, and rest of the support for optimizing is given by computer systems which help to operate in safe manner. Also, during upsets the readings from flow and level indicators might show unreliable or even false values due to pressure and/or temperature drop in various process streams. When system-pressure and/or temperature drops, the hydrocarbon composition in process streams will change, but the alarm set points will remain which are configured for normal operation. This operator has to bear in mind.

An observation at Scan raff proved that in normal operation the average number of operators per hour is 3.1 and it may vary to 52.8 in the upset conditions which is almost 1 action per minute. System actions should be added conversations via radio and telephone which have a significant impact on the total efficiency and quality of the operator performance.

Human interface design and the alarm system should be designed which do not add any operator workload. Everything should be easily accessible, which will make easy for the operators even in upset conditions. Unnecessary items should be removed; All the descriptions should be clear which can be easily understood. They shouldn't create any workload.

2.6 Operator Performance

During normal operation the operators task is to optimize, pushing towards constraints with a minimum of product quality giveaway. Person's job is to bring process back to normal operation when any minor upset occurs. In the major upset they have to bring the system to the nearest possible safe state and may shutdown the system in worst case scenarios. They should given some tools to carry out the duties more efficiently.

The information provided in the alarms effect the performance of the operators directly. These days process is dynamic and the system seems to be static where operator has to adjust to the situation. Static alarm system makes life hard when there is need to search for important alarms in the list, as alarm list is changed often. Think of situation where he has to keep an eye on the alarm and suddenly the alarm is not in the list, or it may be on the second page where operator has to browse the entire list. It is time consuming process.

2.6.1 Difference in Alarm Response Time

To determine which alarm rates showed difference, a Tukey's means test was performed. The results showed that for the 20 Alarms - 10 Min. experiment there was a significant difference in participant reaction time between all other experimental alarm rates used. Performing an expanded Tukey's Means test for the interaction between Alarm Rate & Alarm Display Type results showed that for the 20 Alarms - 10 Min. experiment there was a significant difference in participant reaction time between the categorical alarm window and chronological alarm window. Specifically, the mean response times (in seconds) observed for each experiment are as follows 112 (20 Alarms - 10 Min. - Chronological Alarm Display) and 74 (20 Alarms - 10 Min. - Categorical Alarm Display).

2.6.2 Differences in Alarm Acknowledge Time

To determine which alarm rates showed difference, a Tukey's means test was performed. The interaction between Alarm Rate & Alarm Display Type results showed that for the 20 Alarms - 10 Min. experiment there was a significant difference in participant acknowledgement time for Low priority alarms between the categorical alarm window and chronological alarm window. Specifically, the mean acknowledgement times (in seconds) observed for each experiment, for Low priority alarms only, are as follows 191 (20 Alarms - 10 Min. - Chronological Alarm Display) and 116 (20 Alarms - 10 Min. - Categorical Alarm Display).


  • A. Nochur, H. V. (n.d.). Alarm Performance Metrics.
  • Bullemer, P. T. (1994). Understanding and supporting abnormal situation management in industrial process control environments: a new approach to training. IEEE , 391-396.
  • Christie, B. ,. (2007). Considerations for training simulations of liquid pipelines. Proceedings of the Biennial International Pipeline Conference, IPC , 609-616.
  • Dr Jenny Preece, P. Y. (2002). Interaction Design: Beyond Human-Computer Interaction.
  • Errington, J. R. (2006). ASM outperforms traditional interface. Chemical Processing , 55-58.
  • Errington, J. R. (2005). Establishing Human Performance Improvements and Economic Benefit for a Human-Centered Operator Interface: An Industrial Evaluation. Human Factors and Ergonomics Society Annual Meeting Proceedings , 2036-2040.
  • Gordon Davis, M. O. MANAGEMENT INFORMATION SYSTEM: Conceptual Foundations, Structure and Development.
  • Ian Nimmo. (2002). Its time to consider human factors in alarm management. Chemical Engineering Progress , 31-38.
  • Kent Denny, D. M. (2003). PIPELINE OPERATOR QUALIFICATION. The Pipeline and Gas Journal .
  • M. Helander, T. L. (1997). Handbook of Human -Computer Interaction . Elsevier Science B.V.
  • Mattiasson, C. (Jun 1999). , "The alarm system from the operator's perspective,". Human Interfaces in Control Rooms, Cockpits and Command Centres, 1999. International Conference on , vol., no., pp.217-221, URL:
  • Meshkati, N. (2006). Safety and Human Factors Considerations in Control Rooms of Oil and Gas Pipeline Systems: Conceptual Issues and Practical Observations. International Journal of Occupational Safety and Ergonomics (JOSE) , 79-93.
  • Miller, G. (1956). The magic number seven(plus or minus two):Some limits on our capacity for processing information. Psychological Review ,63 , 81-93.
  • Mostia Jr, W. L. (2003). How to perform alarm rationalization. Control (Chicago, Ill) , 45-47.
  • National Transportation Safety Board. (2006). Safety Study :Supervisory Control and Data Acquisition (SCADA) in liquid pipelines. Washington, D.C.
  • Nimmo, I. (n.d.). The Importance of Alarm Management Improvement Project.
  • Pankoff Sr, J. (1999). Training today's process plant operator. Hydrocarbon Processing , 117.
  • Process Performance Improvement Consultants, LLC. (2006). White Paper on Gas Pipeline Controller Risk Analysis. Retrieved from American Gas Association:
  • Russel Treat, A. B. (2009). New Regulations Drive Expanded SCADA Curriculum. Pipeline and Gas Journal , VOL. 236 NO. 9.
  • Shahriari, M. A. (2006). The development of critical criteria to improve the alarm system in the process industry. Human Factors and Ergonomics in Manufacturing , 321-337.
  • U.S. Chemical safety and hazard investigation board. (2007). Investigation report vinyl chloride monomer explosion. Formosa Plastics Corp.