hci & safety critical systems lynne hall. overview zwhat are safety critical systems zwhy use...
TRANSCRIPT
![Page 1: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/1.jpg)
HCI & Safety Critical Systems
Lynne Hall
![Page 2: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/2.jpg)
Overview
What are safety critical systemsWhy use softwareCausationThe fallacy of human errorDesigning a good operator interfaceExample: Night Order Book
![Page 3: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/3.jpg)
Introduction
Incorporation of computers into potentially dangerous systems
Use of computers for control functionsComputers now control most safety
critical devicesOften replace traditional hardware
safety interlocks and protection systems
![Page 4: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/4.jpg)
Safety Critical Systems
Process Supervision and Control power stations electricity networks chemical sector
Health life support systems
Transport Aviation / Space Ground Transport
![Page 5: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/5.jpg)
Tornado F3 cockpit
Taken from: http://www.ptvideo.com/videos/Aviation/cockpit.html
![Page 6: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/6.jpg)
Telerobotic System
Taken from: http://www.cse.dmu.ac.uk/~arg/tmmi/interface.html
![Page 7: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/7.jpg)
Defence Sector
Taken from: http://www.army-technology.com/contractors/computers/orbit/index.html
![Page 8: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/8.jpg)
Control Rooms (ATC)
Taken from: http://www.wild-designs.demon.co.uk/ccd.htm
![Page 9: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/9.jpg)
Industrial Processes
Inherently riskyRisk compounded by:
practicalities of plant maintenance need for incremental improvements to
technology infrastructureEconomic loss through downtimeFailure can result in injury or death
![Page 10: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/10.jpg)
Characteristics
Exceptionally complex Hundreds of thousands of lines of code multiple pathways
Embedded systems hidden from user
OpaqueHigh information overload potentialDubious position of operator
![Page 11: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/11.jpg)
Some scarey facts
One error in every 50 lines of code safety critical systems 100,000 + lines Ariane 5 - missing full stop…
Impossible to test integrity of safety-critical systems until they are put into real world
Impact of failure can be catastrophic: 200,000 people injured in Bhopal
![Page 12: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/12.jpg)
Examples
Ariane 5ChernobylChallengerUnion Carbide chemical plant (Bhopal)Three Mile IslandBig One Rollercoaster (Blackpool)Channel Tunnel FireTexaco Oil Refinery
![Page 13: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/13.jpg)
Why not to use software
Automation can result in tedium De-skilling Lowered reaction times
Possible paths in software so extensive that they cannot be tested
![Page 14: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/14.jpg)
Why use software
Automate safety critical process Continual monitoring of processGive guidance to user in a safety critical
processProvision of advanced warningGrowing complexity of new systems
requires the use of software
![Page 15: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/15.jpg)
The Scapegoat - Human Error
75% of aviation accidents caused by mistake made by one of cabin crew
Inadequate design can place operator in situation where error is inevitable or at least very likely
Contribution operator can make to design of safety critical systems may be undervalued and underused
![Page 16: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/16.jpg)
Why do errors happen
Multi-level model Failings in social context
management and safety culturetraining and awareness
Cognitive level errors in human decision makingtrainingtask design
Design errors at interfacenot the user’s fault
![Page 17: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/17.jpg)
“Windows of Opportunity” for Human Error
Failure of human responsibilitiesEffect of unexpected hw/sw failureDealing with rare eventsLevel of user knowledgeCognitive workloadUtility and Usability
![Page 18: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/18.jpg)
Design of good operator interface
System design requires understanding of strengths and weaknesses which humans display under operational conditions
Soft facts can be very important LIFETRACK project information that underpins communication communication structures stakeholders training (and not just in-house)
![Page 19: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/19.jpg)
Designing the Operator Interface
Not a last minute taskNot just concerned with superficial factors
such as layout and displaysReaches deep into requirements and
design processesConcerned with what should be automated
and how this should be automated (and if..)Social, psychological and technical issues
![Page 20: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/20.jpg)
IEC 61508
Function safety of electrical / electronic / programmable electronic safety-related systems
Recognises need for human factorsStandardNot very explicitIntegrates human factors in development
process
![Page 21: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/21.jpg)
Night Order Book
Context: Chemical PlantProduced daily by technical supervisorMultiple paper copies distributed to
night shiftAllows day shift to inform night shift of
important process facts and developments
![Page 22: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/22.jpg)
Why move to computer based
Delivery delaysData loss and confusionClutterData access limitationsNo or limited access to past knowledge
![Page 23: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/23.jpg)
Operator Requirements
FastUncluttered, consistent, “known,”
interface styleImportant information readily available
in an at-a-glance formatLarge buttons Avoidance of pull-down menus
![Page 24: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/24.jpg)
Operator Requirements 2
Avoidance of excessive typingUse of keyboard rather than mouseFew basic queries should support all
requestsInformation access should be achieved
with minimum number of actionsAuthorised input onlyData security
![Page 25: HCI & Safety Critical Systems Lynne Hall. Overview zWhat are safety critical systems zWhy use software zCausation zThe fallacy of human error zDesigning](https://reader036.vdocuments.site/reader036/viewer/2022070409/56649e8f5503460f94b930ec/html5/thumbnails/25.jpg)
Summary
Safety-critical systems rely on the use of computing hardware and software
Need to include human factors throughout lifecycle of safety-critical systems
HCI for safety-critical systems is essential for appropriate work support
Display and lay out of interface must be rigorously tested and evaluated