By Urban Norstedt, Carl F.O. Rollenhagen, and Per E. Eveneus
As part of a comprehensive review of its dam safety program, Swedish utility Vattenfall reviewed what is known about human factors in dam safety. “Human factors” refers to a multidisciplinary knowledge domain involving the study of human characteristics and actions in relation to technology (i.e., machines, tools, equipment, computers, etc.) and to the organizational/cultural context in which the human is embedded.
The utility discovered that little has been studied about human factors in the context of dam safety when compared to other industries such as nuclear power, transportation, and medicine. That may be because the human and organizational issues related to dam safety events typically are not revealed in such a public way as they are in events or accidents such as a reactor failure at a nuclear power plant or an airplane crash. Yet, learning more about how human factors affect the safety of dams, and then sharing that knowledge with dam safety professionals could enhance both worker productivity and dam safety.
Consequently, over the past several years, Vattenfall chose to invest in learning about human factors related to dam safety and determining how best to apply that knowledge to emergency preparedness plans, design of a control room camera surveillance system, and event investigations.
In 1999, the hydropower division of Swedish utility Vattenfall launched an effort to assess risk at its 93 hydro projects in Sweden. These assessments focused on the potential risk of failure of the plants’ critical technical systems, including dam safety equipment.
The results showed that a number of critical functions opening of spill gates and restoring electrical functions, to name a few depended on the reliability of manual interventions made by on-site personnel. The findings led Vattenfall management to pose such questions as: “How big is the risk of human interventions leading to errors?” and “How could it be effectively reduced and/or controlled?”
As the utility’s hydro group managers began looking for answers to these questions, they turned to their colleagues responsible for nuclear power plant operations. The nuclear group at Vattenfall had completed a considerable amount of work for supporting human and organizational aspects of nuclear safety, such as assessing safety, culture, and organizational influences; implementing systems for root cause analysis (in-depth event investigation); and evaluating and improving designs for man-machine interfaces.
Using the nuclear experience as a starting point, Vattenfall launched an effort to analyze the effects of human factors on dam safety. In 2000, the dam safety group contracted with the utility’s consultant group Vattenfall Power Consultant to examine how humans, organizational structure, and technology interact to affect dam safety. First, the human factors group at Vattenfall Power Consultant conducted an in-depth event analysis (i.e., root cause) investigation. The purpose of the investigation was to reveal not only technical weaknesses, but also weaknesses related to human and organizational processes and structures at various organizational levels that could cause dam safety problems. The investigation revealed weaknesses such as problems with design processes, classical human factors issues (man-machine interface, instructions, etc), and project management issues.
Then, a pilot study to evaluate the possibility of implementing a systematic “human factor” approach into Vattenfall’s dam safety risk management system was launched. The results of the pilot study showed a lack of awareness within Vattenfall as well as more generally in the international dam safety community about how human factors affect dam safety operations.
Implementing a human factor program at Vattenfall
Following the pilot study, Vattenfall introduced a human factors (HF) program for its dam safety group. The program consisted of several specific projects with an overall goal of demonstrating how a systematic human factors approach could be of value for dam safety at Vattenfall. Descriptions of a sampling of the projects are given below.
Emergency preparedness plans
Working through Elforsk AB, a research and development broker mutually owned by and serving the Swedish power industry, Vattenfall reviewed and evaluated a generic draft design of an Emergency Preparedness Plan (EPP), intended for application at almost all hydropower plants in Sweden. The results from the review and evaluation, in which specialists completed specific human factor analyses, such as task analysis and qualitative human reliability analysis, showed very clearly the need to consider human characteristics with regard to usability of EPPs.
Specifically, the specialists exposed a number of deficiencies in the EPP with regard to usability, such as use of terms, logical structure of the plan, information layouts of maps, and logic of references.
As a result of this assessment, Vattenfall revised its EPPs.
Camera surveillance system design
Vattenfall is planning to install between 100 and 200 cameras at hydro plants on each of the three major rivers in Sweden. Information recorded by the cameras will be fed to three remote control centers (one center for each river). The operators in these control rooms will be involved in using the information recorded by the cameras to supervise dam safety activities.
One aspect of designing the camera surveillance system is to determine, and plan for, how the job of the control room operators will be affected. To do so, Vattenfall addressed the following human factor aspects:
- How should the new camera system be integrated with other work in the control rooms?
- Will the control room operators’ work load increase?
- What role will the cameras play during high floods and/or other emergency situations?
- Will the information from the cameras aid in decision making during an emergency?
- What Vattenfall groups other than dam safety (i.e., security, public safety, production) could find the information from the cameras useful?
- What types of surveillance demands might these groups place on the control room operators?
To begin answering these questions, Vattenfall established a base line, describing the current work situation for control room operators. Next, the utility designed a series of scenarios, including a dam breach and an antagonistic threat, in which camera surveillance played a role. These scenarios were used in a tabletop exercise at an actual control center. (Instead of video from an actual camera, participants in the exercise used pictures of dam assets and their surroundings.) During the exercise, which was governed by a “director,” the operator was asked to verbally express both positive and negative thoughts concerning his ability to use the camera surveillance information (the pictures) as a tool for making decisions. The operator’s comments revealed that, in certain situations, cameras provided information that was not available from other information sources, and that this information was helpful in making efficient decisions. For other situations, the cameras were not used to the extent that had been expected. The reasons for this might be the operator’s inexperience with these kinds of tools.
Vattenfall is using the observations of the operator during the tabletop exercise as it more fully explores what specifications (i.e., response times, ergonomics, etc.) should be requested for camera systems and how to train operators to efficiently and effectively make use of such systems.
The objective is to design a camera surveillance system that gives adequate considerations to the assets and limitations of the control room operators. Additionally, Vattenfall wants to ensure good ergonomic standards (such as usability in terms of colors, navigation, and adequate information to support operator tasks) are applied.
Under this project, the hydropower division of Vattenfall conducted in-depth, human-factor-oriented investigations of several incidents and/or accidents that had occurred at its hydro projects.
One such event investigation was performed at the 240-mw Messaure hydro station where spill gates had been unintentionally opened. Through the investigation, Vattenfall learned that several human and organizational factors had contributed to the incident. For example, the investigation revealed weaknesses in documentation (e.g., technical drawings of design), risk analysis (e.g., risks associated with man-machine interfaces and project management), communication between the dam owner and the contractor, and work practices (e.g., associated with work order management).
Another event investigation concerning overtopping at the 375-mw Stornorrfors project revealed a number of problems with classical human factor issues: problems with man-machine design, failures in communication, and organizational factors such as the organization of the design process.
These in-depth, human-factors-oriented event investigations provided Vattenfall with important information. Results of the investigation were used as the basis for a workshop to seek remedial actions, including technical solutions, to prevent similar events. The investigation results also served to raise general awareness about the complexity of events and the need to conduct in-depth event investigations.
In addition to its own event investigations, Vattenfall cooperated with three other utilities, all working through CEATI’s Dam Safety Interest Group, to conduct event investigations at several hydro projects in Canada and Sweden and to train utility personnel to conduct effective, in-depth event investigations. Through these efforts, the utilities identified a need to improve overall dam safety and project management practices.
As a direct result of these efforts, Vattenfall started an extended process for the continuous reporting and analysis of dam safety incidents that, among other things, involves reviewing the human factor and organizational aspects of the incidents. As a consequence of the human factors program, several new issues have emerged and have been acted upon, including safety management training and assessment of the utility’s safety climate.
What Vattenfall learned about human factors in dam safety
A distinction should be made between human factor concepts in general and human factors denoting a specific professional field of knowledge. In everyday conversation and in the media, the concept of the “human factor” is commonly associated with explanations for accidents. If an accident occurs and the causes are not attributed to “technology,” what remains is the human factor. When “human errors” are found, the search for additional explanatory categories tends to stop and the investigation may therefore not proceed toward finding influencing factors more distant in the explanatory chain. Consequently, a host of organizational weaknesses and decision processes remain undetected. Moreover, the human factor concept when used as an everyday term (and not as a field of expertise) is commonly associated with:
- Something negative man is perceived as a source of risk rather than also an asset;
- Those who actually do the work and operate the equipment (i.e., control room operators, surgeons, pilots, etc.) rather than decision-makers who affect the performance of the workers; and
- A culture of guilt and blame.
Unfortunately, many practices of safety management (in dam safety as well as in other fields) reflect the human factor perceptions described above. Events are foremost perceived in simple causal categories (e.g., technology, human) rather than as complex combinations of processes involving people, technology, information, culture, and organizational issues. Consequently, valuable learning opportunities are missed. Missed learning opportunities, in turn, mean less safety as well as lower financial returns of investments.
Simplistic taxonomies separating technology factors from human factors, especially when human factors are primarily associated with “operators,” also may lead to an unrealistic understanding of the sources of risk (their nature, where they are situated, and how they may emerge). For instance, research has demonstrated that many accidents can be explained by a gradual drift toward an unsafe condition as a result of economic pressure-inducing reorganizations, cost cuts in maintenance, or delayed retrofits of technology.
Human factors perceived as a multidisciplinary knowledge domain is difficult to define precisely, but many of the specific topics treated within the field of human factors focus on performance, efficiency, and safety as a function of various context variables (e.g., working environment, technology, organisational structures). Also, the human factors discipline focuses on design and design issues (e.g., man-machine interfaces, organizational design, and design of instructions).
Methods and techniques
A variety of tools are available for systematically analyzing interactions among people, technology, and organization when retroactively assessing an accident.
Experience feedback: statistics and investigation of events
Collection of information about accidents and incidents represents a classical strategy supporting safety management. Estimates about “how much” human factor contributed to an accident are usually derived from classification schemes trying to differentiate human factors from technological factors. For example, Figure 1 illustrates the development over the past four decades for some of the most commonly attributed causal categories, namely technology/equipment, human performance, and organization, and their proportions as contributors to the explanation to accidents.
By and large, however, such estimates are not particularly informative as practical guides supporting risk management. That’s because they merely reflect an underlying, often implicit, model of the human factor. For example, if the model is focused on human errors made by the person doing the actual work, then one particular set of estimates will occur. However, if the model also contains human mistakes at management levels, another figure emerges. Moreover, if the model includes mistakes made by engineers responsible for a given technology or people engaged in safety analysis or safety reviews outside an organization, we arrive at still another estimate of the “human factor” contribution.
This is not to say that it is generally meaningless to collect statistics from events, but one should be aware of the challenges in making sense of such “human error” data.
In-depth event investigation
In-depth investigation of events can be used to enhance safety management practices. That’s because in-depth event investigations show the complexity of events and the contribution of different types of influencing factors (people, technology, culture, organization, etc.). In-depth studies of events usually reveal complex interactions in a much more concrete way compared with abstract discussions and generalizations about the human factor contributions.
Typically, in such an investigation, the functional connections among different areas of an organization are demonstrated. Many of these connections are informal, rather than following the path set out in the formal organizational design. In addition, people involved in event investigations for the first time often sometimes to their surprise spontaneously experience the benefit of transcending specific disciplines in their search for explanations of an event.
Perhaps the most profound effect of using the in-depth event investigation tool is the gradual emergence of a change in mindset about safety from one fragmented into very specific safety issues into a more systemic perspective on safety. This process may, however, take a very long time to develop and it is often unevenly distributed among people within an organization.
Conducting risk analysis is often primarily associated with technological aspects. However, a risk analysis can integrate human and organizational factors. Under the concept of human reliability analysis (HRA), many methods have been developed to assess the contribution of human actions to both safe and unsafe conditions. Although many of these methods are highly expert-oriented, there are also a set of rather easy-to-use, cost-effective methods that may identify sources of risk not detected in conventional technically oriented risk analysis techniques.
A basic tool that is involved in almost all HRA methods is task description and task analysis. In brief, these methods decompose tasks into subtasks and study the support given for individuals in performing different activities. Through this work, an organization can review task demands, situational factors, availability of support to perform the tasks, and communication practices, and then estimate how reliably a person can perform a particular task.
Man-machine interface design
In many situations, the interface between a person and a machine creates problems and risks. This area of human factors is well-researched; numerous articles, books, standards, and guidelines exist. However, organizations often are unaware of the knowledge and methods already developed. To address this problem, an organization can offer staff training in basic human factors principles and methods. Some organizations find employing a full-time human factors specialist is beneficial.
Safety climate assessment
Regularly collecting data about people’s perceptions and values about safety-related affairs is a useful way to identify areas in need of more attention. Safety climate assessments are especially effective at identifying topics that are otherwise difficult to get workers to share. s
Mr. Norstedt may be contacted at Vattenfall AB, Jamtlandsgatan 99, Stockholm S-16287 Sweden; (46) 8-7396970; E-mail: [email protected]. Messrs. Rollenhagen and Eveneus may be contacted at Vattenfall Power Consultant, P.O. Box 527, Stockholm SE-16216 Sweden; (46) 7-5397260 (Rollenhagen) or (46) 70-5397234 (Eveneus); E-mail: [email protected] or [email protected].
Urban Norstedt, MSc, is director of dam safety for Swedish utility Vattenfall. Carl Rollenhagen, PhD, and Per Eveneus are human factor specialists for Vattenfall Power Consultant, the utility’s consultant group.