(32a) Human Factors in Process Safety: Practical Application in Safety Instrumented Functions

Safety Instrumented Functions (SIF) are widely used in various process industries, such as chemical, oil and gas and mining, playing an essential role in enhancing operational safety of these units. According to IEC 61511-1:2016, a SIF typically comprises sensors, logic solvers, and final elements, and may also include human actions. However, the reliability assessments of these safety systems often overlook the human action components.

The human element is indispensable in all process industries, yet it remains one of the most vulnerable and error-prone factors. Historical events, such as the accidents at BP Deepwater Horizon (National Commission on the BP Deepwater Horizon Oil Spill and Offshore Drilling, 2011), Fukushima (Kurokawa et al., 2012), FPSO Cidade de São Mateus (ANP’s Investigation Report of the Explosion Incident Occurred on 11/02/2015 in the FPSO Cidade De São Mateus, 2015), underscore the critical impact of human factors. In response, oil and gas companies have increasingly applied Human Reliability Analysis (HRA) to better understand and estimate Human Error Probability (HEP) in operational critical tasks. In Norway, this is constantly applied as input for quantitative risk assessments. In Brazil, this analysis has become a regulatory requirement for oil and gas companies, as per ANP’s Technical Note no. 10/2023.

Despite this, the standard functional safety analysis outlined in IEC 61508:2010 does not provide specific methods for integrating HEP into safety integrity assessments, aside from the common cause failure factor (β-factor). This factor considers some general human factors in common cause analysis, such as human interface and procedures, but does not cover human error in enabling or directly interacting with a given safety instrumented function. In practice, various safety critical systems comprised by different SIFs or their setpoints rely on operational mode selection or manual input. In such cases, human failure could directly lead to SIF degradation, unavailability, or spurious actuation. The intention of this paper is to assess the interactions from human contribution to a SIF success, applying HRA to estimate the human error while enabling the safety instrumented function, by defining the operational mode of injection wells.

HRA is a structured approach to evaluate human performance and to estimate numerical probabilities of human errors, which can then be used in different quantitative risk studies. There are several methods of HRA. Many of them were developed in the nuclear industry and then applied in other industrial sectors such as the energy, due to the absence of specific approaches. Examples include the Technique for Human Error Rate Prediction (THERP), the Human Error Assessment and Reduction Technique (HEART) and the Standardized Plant Analysis Risk-Human Reliability Analysis (SPAR-H). In 2017, a method specifically developed for the oil and gas industry was published. The Petro-HRA is the outcome of a project involving Research Council of Norway, The Institute for Energy Technology (IFE), Equinor, DNV, SINTEF, the Idaho National Laboratory and the Norwegian University of Science and Technology (NTNU).

Petro-HRA consists of five high level steps: (1) scenario definition, (2) critical task analysis, (3) identification of human errors and performance shaping factors (PSF), (4) error reduction and (5) quantification. Hierarchical Task Analysis (HTA) and Tabular Task Analysis (TTA) are employed to break down tasks into steps and organize the collected information. The main steps are identified based on how operators are likely to detect problems, diagnose events, decide on actions, and implement final actions. Potential errors for each step are identified using the Systematic Human Error Reduction and Prediction Approach (SHERPA) error taxonomy. A total of nine performance shaping factors are considered in the Petro-HRA method: Time, Threat Stress, Task Complexity, Experience/Training, Procedures, Human-Machine Interface (HMI), Attitudes to Safety, Work and Management Support, Teamwork, and Physical Working Environment.

This paper proposed an enhancement in safety instrumented function (SIF) reliability analysis by integrating Petro-HRA with traditional Safety Integrity Level (SIL) analysis. This method analyzes the steps taken by operators during the selection of the operational mode of injection wells. The study focuses on human errors that could lead to the failure to enable the SIF, which is designed to protect against over-pressurization of the water injection riser during gas injection into the well, resulting in SIF unavailability. The results aim to compare the probability of failure on demand for the SIF, as determined by the SIL study, with the probability of failure on demand including the human component in the analysis. The process was composed of the following steps (an adaptation based on the five steps from the Petro-HRA method, adding the SIF reliability data into the quantification process step):

1. Step 1: Scenario Definition: a comprehensive talk-through of the procedure on operational mode selection of the injection wells is carried out by the end-user (control room operator, operations engineer, and production supervisor) to the HRA analysts.
2. Step 2: Critical Task Analysis: the applicable procedure is decomposed using hierarchical task analysis to identify critical subtasks that could potentially lead to not enabling the safety instrumented function.
3. Step 3: Identification of Human Errors and Performance Shaping Factors (PSF): for each critical subtask, the human failure modes were analyzed by using the SHERPA taxonomy and the level of influence of each one of the nine PSF from Petro-HRA method is assessed based on the qualitative date gathered during the analysis.
4. Step 4: Error Reduction: based on the PSF analysis, several Error Reduction Measures (ERM) are proposed to reduce the negative impact of some PSFs, thereby reducing human error probability.
5. Step 5: Quantification Process: an Operator Action Event Tree (OAET) is used to calculate the overall human error probability, i.e., the final HEP that could lead to SIF unavailability, considering two cases: 1. Base Case (current HEP) and 2. Base Case plus implementation of all ERMs. For each case, the final probability of failure on demand was calculated for the SIF using Fault Tree Analysis (FTA), comprising the four SIF elements: sensor, logic solver, final element, and human action.

The study reveals that incorporating human error quantification significantly impacts SIF reliability, highlighting the necessity of considering human factors. Furthermore, the implementation of Error Reduction Measures (ERMs) can substantially improve the overall reliability of the system, thereby enhancing the process safety of the unit. The findings provide valuable theoretical and technical support for managing human factors and reducing potential human errors in industry safety instrumented functions.