Handbook of Reliability, Availability, Maintainability and Safety in Engineering Design - Part 55 pps

International Series in Industrial and Systems Engineering, Prentice Hall, Englewood Cliffs, NJ Carter CL 1978 The control and assurance of quality, reliability and safety.. Safety and R

68 Consider a steady-state solution to the availability Petri net model.

69 Explain complex systems theory

70 Discuss systems engineering and complex systems theory

71 Consider the application and significance of systems engineering in engineering design

72 Briefly discuss complexity in engineering design and its significance in systems engineering

73 Give a brief account of the functions of systems engineering analysis

74 Describe reliability block diagrams (RBDs) and availability block diagrams (ABDs), and indicate their fundamental differences

75 Consider effectiveness measures in systems engineering and their significance

in engineering design

76 Give a brief account of evaluating complexity in engineering design

77 Define complexity in systems design

78 Describe various system state definitions and evaluating complexity of the dif-ferent state definitions

79 Define complicatedness in systems design

80 Describe complexity in systems and complicatedness as a function of complex-ity in designing for complex but uncomplicated systems

References

Ajmone Marsan M, Balbo G, Conte G, Donatelli S, Franceschinis G (1995) Modelling with gen-eralised stochastic Petri nets Wiley, New York

Alfredsson P, Wååk O (1999) Constant vs non-constant failure rates: some misconceptions with respect to practical applications Systecon AB, Stockholm

Ayres RU (1988) Complexity, reliability, and design: manufacturing implications Manufacturing Rev 1(1):26–35

Barringer PH (1998) Life cycle cost and good practices In: NPRA Maintenance Conf, May, San Antonio, TX

Barringer PH, Weber DP (1996) Life cycle cost tutorial Fifth Int Conf Process Plant Reliability, Gulf, Houston, TX

Batill SM, Renaud JE, Xiaoyu Gu, (2000) Modeling and simulation uncertainty in multidis-ciplinary design optimization In: AIAA-2000-4803, 8th AIAA/NASA/USAF/ISSMO Symp Multidisciplinary Analysis and Optimization, American Institute of Aeronautics and Astronau-tics, California, September, pp 5–8

Bing G (1996) Due diligence techniques and analysis: critical questions for business decisions Quorum Books, Westport, CT

Blanchard BS, Verma D, Peterson EL (1995) Maintainability: a key to effective serviceability and maintenance management Prentice Hall, Englewood Cliffs, NJ

Bobbio A, Telek M (1997) Non-exponential stochastic Petri nets: an overview of methods and techniques Computer Systems Sci Eng

Booker JM, Bement TR, Meyer MA, Kerscher WJ (2000) PREDICT: a new approach to product development and lifetime assessment using information integration technology Los Alamos National Laboratory Rep LA-UR-00-4737

Boullart L (1988) Artificial intelligence and expert systems: next generation tools In: Boullart L, Van Ravenzwaaij E, Jansen JP (eds) Industrial process control systems: reliability availability and maintainability Proc IFAC Worksh, Bruges, Belgium, pp 45–52

Box GEP, Hunter WG, Hunter JS (1978) Statistics for experiments Wiley, New York

Bulgren WG (1982) Discrete system simulation Prentice Hall, Englewood Cliffs, NJ

Bussey LE (1978) The economic analysis of industrial projects International Series in Industrial and Systems Engineering, Prentice Hall, Englewood Cliffs, NJ

Carter CL (1978) The control and assurance of quality, reliability and safety C.L Carter, Richard-son, TX

Casti J (1979) Connectivity, complexity, and catastrophe in large-scale systems International Se-ries on Applied Systems Analysis, Wiley, New York

Casti J (1994) Complexification Harper Collins, New York

Chen R, Ward AC (1995) The RANGE family of propagation operations for intervals on simulta-neous linear equations Artificial Intelligence Eng Design Anal Manufacturing 9(3):183–196 Cheremisinoff NP (1984) Fluid flow Gulf, Houston, TX

Choi H, Kulkarni VG, Trivedi K (1994) Markov regenerative stochastic Petri nets Performance Evaluation 20:337–357

Ciardo G, Muppala J, Trivedi KS (1991) On the solution of GSPN reward models Performance Evaluation 12:237–253

Ciardo G, German R, Lindemann C (1994) A characterization of the stochastic process underlying

a stochastic Petri Net IEEE Trans Software Eng 20:506–515

Conlon JC, Lilius WA (1982) Test and evaluation of system reliability, availability and maintain-ability Office of the Under Secretary of Defense for Research and Engineering, USA Depart-ment of Defense, DoD 3235.1-H

Corkill DD, Gallagher KQ, Johnson PM (1987) Achieving flexibility, efficiency, and generality

in blackboard architectures Department of Computer and Information Science, University of Massachusetts, Amherst, MA

Deshmukh AV (1993) Complexity and chaos in manufacturing systems PhD Thesis, School of Industrial Engineering, Purdue University, West Lafayette, IN

Dhillon BS (1983) Reliability engineering in systems design and operation Van Nostrand Rein-hold, Berkshire

Dhillon BS (1999b) Engineering maintainability Gulf, Houston, TX

Diamond B (1995) Performance modelling for decision support Imagine That, San Jose, CA Diamond R (1997) Extend: performance modelling for decision support Imagine That, San Jose, CA

DoD 3235.1-H (1982) Test and evaluation of system reliability, availability and maintainability Office of the Under Secretary of Defense for Research and Engineering, USA, DoD 3235.1-H DoD 5000.2-R (1997) Reliability, availability and maintainability (RAM) USA Department of Defense, Office of the Under secretary of Defense for Research and Engineering, Rep DoD 5000.2-R, March

Drenick RF (1960) The failure law of complex equipment J Soc Industrial Appl Math 8:680–690

Du X, Chen W (1999a) Towards a better understanding of modeling feasibility robustness in engi-neering design ASME Design Technical Conf, Pap no DAC-8565, Las Vegas, NV

Du X, Chen W (1999b) A methodology for managing the effect of uncertainty in simulation-based design Sem Pap, 1999, University of Illinois at Chicago, Chicago, IL

Du X, Chen W, Garimella R (1999c) Propagation and management of uncertainties in simulation-based collaborative systems design University of Illinois at Chicago, Chicago, IL

Elsayed EA (1996) ‘Reliability engineering’ Addison-Wesley Longman, Reading, MA

Emshoff JR, Sisson RL (1970) Design and use of computer simulation models Macmillan, New York

Extend (2001) Extend performance modelling for decision support Imagine That, San Jose, CA Fabrycky WJ, Blanchard BS (1991) Life-cycle cost and economic analysis Prentice Hall, Engle-wood Cliffs, NJ

Garey M, Johnson D (1979) Computers and intractability: a guide to the theory of NP-completeness W.H Freeman, New York

German R, Lindemann C (1994) Analysis of stochastic Petri nets by the method of supplementary variables Performance Evaluation J 20:317–335

Goldratt EM (1990) What is this thing called the theory of constraints? North River Press, Croton-on-Hudson, NY

Gunter BH (1989a) The use and abuse of C pk Quality Progress, January, pp 72–73

Gunter BH (1989b) The use and abuse of C pk, part 2 Quality Progress, March, pp 108–109 Gunter BH (1989c) The use and abuse of C pk, part 3 Quality Progress, May, pp 79–80

Gunter BH (1989d) The use and abuse of C pk, part 4 Quality Progress, July, pp 86–87

Hicks CR (1993) Fundamental concepts in the design of experiments Oxford University Press, Oxford

Hill PH (1970) The science of engineering design Holt, Rinehart and Winston, New York Hillestad RJ (1982) Multi-echelon technique for recoverable item control Rand Corporation Project Air Force Rep R-2785-AF, Santa Monica, CA

Hoover SV, Perry RF (1989) Simulation: a problem-solving approach Addison-Wesley, Reading, MA

Huggett PJ, Edmundson JB (1986) Machinery damage control Edmundson Huggett, New Doorn-fontein, Johannesburg

Huzdovich JM (1981) Power plant availability engineering—methods of analysis, program plan-ning, and applications Electricity Power Research Institute Final Rep EPRI NP-2168 Nuclear Power Division

ICS (2002) The dynamic systems simulation blackboard model ICS Industrial Consulting Ser-vices, Miami, Gold Coast City, Queensland

INCOSE (2002) Systems engineering International Council on Systems Engineering, Seattle, WA, Wiley, New York

Jardine AKS (1973) Maintenance, replacement and reliability Wiley, New York

Kececioglu D (1995) Maintainability, availability, and operational readiness engineering Prentice Hall, Englewood Cliffs, NJ

Lam C, Yeh R (1994) Optimal maintenance policies for deteriorating systems under various main-tenance strategies IEEE Trans Reliability 43

Laviolette M, Seaman J Jr, Barrett J, Woodall W (1995) A probabilistic and statistical view of fuzzy methods Technometrics J 37:249–281

Law AM, Kelton WD (1991) Simulation modelling and analysis, 2nd edn McGraw-Hill, New York

Lee DE, Melkanoff ME (1993) Issues in product life cycle analysis In: ASME Design Automation Conf, Advances in Design Automation, Albuquerque, NM, ASME Press, New York, pp 75–86 Lindemann C, Thummler A (1999) Transient analysis of deterministic and stochastic Petri nets with concurrent deterministic transitions Elsevier, Amsterdam, Performance Evaluation 36/37:35–54

Little JDC (1961) A proof for the queuing formula: L=lW Operations Res 9:383–387

McGuire JG, Kuokka DR, Weber JC, Tenenbaum JM, Gruber TR, Olsen GR (1993) SHADE: technology for knowledge-based collaborative engineering Concurrent Eng Res Appl 1(3) McKinney M, Thompson G (1989) A survey of process plant maintainability problems Proc Inst Mech Engrs Part F J Process Mech Eng 203(El):29–35

Mead C (1994) Preface to Workshop report on New Paradigms for Manufacturing In: Mukherjee

A, Hilibrand J (eds) National Science Foundation Rep NSF 94-123, Arlington, VA, pp 1–2 MIL-HDBK-470A (1997) Designing and developing maintainable products and systems Depart-ment of Defense, Washington, DC

MIL-HDBK-471A (1996) Maintainability demonstration Department of Defense, Washington, DC

MIL-HDBK-472 (1996) Maintainability prediction Department of Defense, Washington, DC MIL-STD-470 (1996) Maintainability Improvement Program DoD, Washington, DC

MIL-STD-470A (1996) Maintainability Program for Systems and Equipment DoD, Washington, DC

MIL-STD-471A (1996) Maintainability verification/demonstration/evaluation Department of De-fense, Washington, DC

MIL-STD-1472D (1996) Human engineering design criteria for military systems, equipment and facilities DoD, Washington, DC

MIL-STD-46855B (1996) Human engineering requirements for military systems, equipment and facilities DoD, Washington, DC

Molloy MK (1982) Performance analysis using stochastic Petri nets IEEE Trans Computers C31:913–917

Montgomery DC (1991) Introduction to statistical quality control, 2nd edn Wiley, New York Murata T (1989) Petri nets: properties, analysis and applications Proc IEEE 77:541–580 Naylor TH, Balintfy JL, Burdick DS, Chu K (1966) Computer simulation techniques Wiley, New York

Nelson ME (1981) Handbook of availability improvement methodology Trident Engineering As-sociates, Annapolis, MD, US Department of Energy, Economic Regulatory Administration, Division of Power Supply and Reliability

Neuts MF (1981) Matrix geometric solutions in stochastic models Johns Hopkins University Press, Baltimore, MD

Olsen GR, Cutkosky MR, Tenenbaum JM, Gruber TR (1995) Collaborative engineering based on knowledge sharing agreements Concurrent Eng Res Appl 3(2):145–159

Orlicky JA, Plossi GW, Wight OW (1970) Material requirements planning systems 13th Int APICS Conf, Cincinnati, OH

Pancerella C, Hazelton A and Frost HR (1995) ‘An autonomous agent for on-machine acceptance

of machined components’, Proceedings of Modeling, Simulation, and Control Technologies for Manufacturing, SPIE’s International Symposium on Intelligent Systems and Advanced Manu-facturing.

Parkinson A, Sorensen C and Pourhassan N (1993) ‘A General Approach for Robust Optimal Design’, Trans of the ASME, Vol 115, pp 74–80

Patton JD (1980) Maintainability and maintenance management Instrument Society of America, Research Triangle Park, NC

Pecht M (1995) Product reliability, maintainability, and supportability handbook CRC Press, New York

Peterson JL (1981) Petri net theory and the modeling of systems Prentice Hall, Englewood Cliffs, NJ

Phadke MS (1989) Quality engineering using robust design Prentice Hall, Englewood Cliffs, NJ Pritsker AB (1990) Papers, experiences, perspectives Systems Publishing, New York

Shannon RE (1975) Systems simulation: the art and science Prentice Hall, Englewood Cliffs, NJ Simon HA (1981) The sciences of the artificial MIT Press, Cambridge, MA

Smith DJ (1981) Reliability and maintainability in perspective Macmillan Press, London Steiner S, Bovas A, MacKay J (1995) Understanding process capability indices Institute for Im-provement of Quality and Productivity, Department of Statistics and Actuarial Science, Uni-versity of Waterloo, Waterloo, Ontario

Suh NP (1999) A theory of complexity, periodicity, and the design axioms Res Eng Design 11:116–131

Suri R, Otto K (1999) System-level robustness through integrated modeling ASME Design Tech-nical Conf, Pap no DETC99/DFM-8966, Las Vegas, NV

Taguchi G (1993) Taguchi on robust technology development: bringing quality engineering up-stream ASME Press, New York

Taguchi G, Elsayed E, Hsiang T (1989) Quality engineering in production systems McGraw-Hill, New York

Tang V, Salminen V (2001) Towards a theory of complicatedness: framework for complex systems analysis and design 13 Int Conf Engineering Design, Glasgow, Scotland, UK

Thompson G, Geominne J, Williams JR (1998) A method of plant design evaluation featuring maintainability and reliability Proc Inst Mech Engrs vol 212 Part E

Vajda S (1974) Maintenance replacement and reliability Topics in Operational Research, Univer-sity of Birmingham

Virtanen I (1975) Application of supplementary variables and Laplace transforms to operational behaviour and reliability of a complex system Proc Turku School of Economics and Business Administration, Series A II(1):385–399

Virtanen I (1977) On the concepts and derivation of reliability in stochastic systems with states of reduced efficiency Doctoral Thesis Publ no 10, Institute for Applied Mathematics, University

of Turku, Turku

Warfield JN (2000) A structure-based science of complexity: transforming complexity into under-standing Kluwer, Dordrecht

Wolfram S (1988) Emerging syntheses in science In: Proc Founding Workshops of Santa Fe Insti-tute, Addison-Wesley, Reading, MA, pp 183–189

Zadeh LA (1995) Probability theory and fuzzy logic are complementary rather than competitive Technometrics, August, vol 37, no 3, pp 271–276

Zakarian A, Kusiak A (1997) Modeling manufacturing dependability IEEE Trans Robotics Au-tomation 13(2)

Safety and Risk in Engineering Design

Abstract In this chapter, the introduction of new or modified systems into an

engi-neering process is considered, whereby safety with respect to risk and loss through accidents or incidents resulting from the complex integration of systems is pre-dicted, assessed and evaluated, to ensure that the design will have as minimum

a risk as is reasonably practicable Risk relates to a combination of the likelihood

of occurring hazards, and to the severity of their outcome or consequence Safety

in engineering design begins with identifying possible hazards that could occur, as well as the corresponding system states that could lead to an accident or incident

in the designed system This is determined through hazards analysis The initial

hazards analysis should begin at the earliest concept formation stages of systems design, and the information should be used to guide the emerging design with re-spect to safety requirements throughout the engineering design process Safety in

engineering design normally includes a causal analysis, which involves

identify-ing various cause-effect sequences of hazardous events that may combine to cause

the identified hazards Thereafter, a consequence analysis identifies the sequences

of events that could lead from a hazard to an accident or incident Working through

these phases of hazards and safety analysis, and iterating where appropriate, a safety case is prepared that relates to the assurance that the system is relatively safe

Haz-ards and safety analyses provide a comprehensive methodology for designing for safety Designing for safety includes risk reduction measures and involves conduct-ing risk mitigation strategies to, first, reduce the likelihood that a hazard could result

in an accident or incident and, second, to aim at reducing the severity of the likely event Because designing for safety strives for a significant level of confidence in the results of these strategies, and the need for an objective systems scrutiny from

a safety viewpoint, it typically involves systematic safety analysis with independent safety prediction, safety assessment, and safety evaluation during the schematic, preliminary and detail design phases respectively of the overall engineering design process

R.F Stapelberg, Handbook of Reliability, Availability, 529

Maintainability and Safety in Engineering Design, c  Springer 2009

5.1 Introduction

The previous two chapters dealt with an analysis of engineering design that con-sidered prediction, assessment and evaluation of systems reliability and functional performance, and of systems availability and maintainability during engineering process operations In this chapter, the introduction of new or altered systems into

a complex engineering process environment is considered, whereby safety with re-spect to risk and loss through accidents or incidents resulting from the complex

integration of systems is predicted, assessed and evaluated, to ensure that the design will have as minimum a risk as is reasonably practicable Risk relates to the

combi-nation of the likelihood of occurring hazards, and to the severity of their outcome or

consequence An accident or incident may be viewed as an unintended event that re-sults in either a critical or non-critical loss, and may include events such as death or personal injury, and environmental or financial losses, according to a relative scale

of safety criticality.

Safety in engineering design starts by identifying the possible hazards of the

new system, which are system states that can lead to an accident or incident This

is typically conducted through a series of collaborative hazards analysis sessions,

during which keyword prompts and checklists are used to aid identification of haz-ardous system states Suitably qualified experts representing all the areas that are relevant to the system being designed must participate in these sessions Normally,

a causal analysis is then conducted, which involves identifying various cause-effect

sequences of hazardous events that may combine to cause the hazards already

iden-tified Thereafter, a consequence analysis is conducted, which identifies the next

sequences of events that could lead from a hazard to an accident or incident

Work-ing through these phases of analysis, and iteratWork-ing where appropriate, a safety case

is prepared, which relates to an assurance that the system is relatively safe This assurance is not a statement that the system is risk free—almost no system of any complexity can demonstrate this property Instead, risks are typically divided into three categories, and each category is treated slightly differently

The three categories of risks are the following:

• Intolerable risks:

These are risks that are not acceptable under any circumstances—for example, the hazardous exposure to process products of a system that have a high likeli-hood of affecting workers occupational safety and health The engineering design will need to include ways of removing such risks, or of drastically reducing their severity The safety case must show that no such risks remain in the system

• Tolerable risks:

These are risks that are considered acceptable provided they confer some benefit, and the risk has been reduced as much as was reasonably practicable The ‘ben-efit’ may be hard to measure objectively, especially in placing a cost value on accidents such as personal injury or death with respect to the cost of preventive measures A typical example is the consideration of tolerable risks in the case

of large construction projects of engineered installations during which accidents

and incidents are inevitable The safety case would argue that there is a trade-off benefit of allowing certain risks at a given criticality level

• Negligible risks:

These are risks that are so small as to be insignificant, and no further precautions are considered necessary The safety case would only include negligible risks that merit attention, such as those previously considered to be relatively significant risks

Designing for safety entails definitive risk reduction measures and involves

conduct-ing or specifyconduct-ing mitigation strategies to, first, reduce the likelihood that a hazard will result in an accident or incident and, second, to aim at reducing the severity

of the likely event Because designing for safety strives for confidence in the re-sults of these strategies, and the need for an objective systems scrutiny from a safety viewpoint, it typically involves systematic safety analysis, with independent safety prediction, safety assessment, and safety evaluation audits dovetailing with the re-spective schematic, preliminary and detail design phases of the overall engineering design process Designing for safety tends to be both costly and time consuming because of the number of domain and other experts needed to determine those areas

of high safety risk in the total integrated engineering design, the wide range of fac-tors that need to be considered, and the implementation of additional safety control systems

Techniques that are to be added into this work must therefore be cost and time effective, whilst fitting within existing as well as new methodologies in determining the integrity of engineering design

Hazards and safety analyses provide a comprehensive methodology for design-ing for safety The initial hazards analysis should begin at the earliest concept

for-mation stages of systems design, and the inforfor-mation should be used to guide the emerging design with respect to safety requirements throughout the engineering de-sign process Later equipment hazards analysis information is used to evaluate the

integrity of the design and to make trade-off decisions The development of a safety intent specification supports both the evolution of systems design as well as system

safety analysis The design rationale for safety issues that are normally lost during the design’s development stages is preserved in a single, logically structured docu-ment (or electronic database) that is based upon fundadocu-mental principles of human problem solving Safety-related requirements and design constraints are traced from the highest systems levels, down through system design to component design and into hardware schematics and detail design specifications An important feature of the safety intent specification is that it integrates formal and informal design speci-fications

It is thus during the design stage of an engineering project when major improve-ments in safety and occupational health relating to construction, ramp-up and op-eration of an engineered installation can be achieved However, there are real chal-lenges involved in designing for safety in order to achieve the required step change

in a safe and healthy environment in the construction and operation of industrial process plant and facilities To date, there have been many factors that have limited improvements in this area, such as a lack of time and funding—besides the lack

of communication, understanding and commitment The culture of a segmented en-gineering construction industry with its fragmented processes, along with the fact that many project clients are reticent in fully appreciating the significant added costs

of designing for safety, must be critically addressed in order to break through into

a new arena of safe working practices and performance In appreciation of the chal-lenges involved in designing for safety with the construction and operation of en-gineered installations, an agenda for change was developed at a major international conference on Designing for Safe and Healthy Construction, organised by the Euro-pean Construction Institute (ECI) and the Conseil International du Bâtiment (CIB)

in London in June 2000

These changes—in particular with respect to changes required of process engi-neering designs—included the following (ECI 2001):

• Recognising the fact that engineering designs will dictate, to a considerable

de-gree, the nature and extent of hazards that will pose a threat to worker safety and health, not only during construction but throughout the life cycle of the project

• Concentrating on significant complex risks that competent contractors would not

be expected to be aware of, rather than on easily identified residual risks

• Achieving better risk identification methods.

• Utilising different levels of risk assessment at different stages in the project.

• Concentrating on interfaces between systems where high risks occur.

• Developing a better awareness of safe working practices and ergonomics.

• Making occupational safety and health (OSH) a top priority in the design process.

• Considering OSH implications in the earlier part of the engineering design

pro-cess, such as safety predictions during the conceptual design phase

• Recognising duty of care in considering OSH requirements in engineering

de-signs, and its impact on construction activities

• Maximising the use of innovative techniques and methodology that reduces OSH

risk, such as pre-assembly and/or off-site manufacturing, and standardisation of equipment

• Using the appropriate CAD systems to schematically examine the project during

the preliminary design phase, to determine engineering design integrity

• Using intelligent computer automated methodology for determining the integrity

of engineering design through the application of automated continual design re-views throughout the engineering design process

• Applying safety constructability reviews that contribute towards addressing

con-struction worker safety in the design

• Maintaining communication feedback and risk data to reduce unplanned

con-struction work greater than required in the design

• Designing for safe access for maintenance personnel to restricted areas, including

access for routine and preventive maintenance and for installation of replacement equipment

• Including risk analysis not only for construction, commissioning, ramp-up and

operation but also for decommissioning or deconstructing of plant and facilities

Safety engineering has also received much attention from the defence industry for

several decades, particularly the US Department of Defence The first military safety

document titled “System Safety Engineering for the Development of United States Air Force (USAF) Ballistic Missiles” was published in 1962 In 1963, the USAF published a document titled “Safety Engineering of Systems and Associated Sub-Systems and Equipment” (MIL-STD-38130 1963) This document was superseded

in 1969 by a document titled “Requirements for Safety Engineering of Systems and Associated Sub-Systems and Equipment” (MIL-STD-882), which has subsequently been updated in 1977 STD-882A), in 1984 STD-882B), in 1993 (MIL-STD-882C) and in 2000 (MIL-STD-882D)

Additional military safety documentation covering system safety includes the

fol-lowing handbooks:

• the US Army handbook ‘System safety design guide for army materiel’

(MIL-HDBK-764 1994),

• the US Air Force Systems Command handbook ‘System safety design handbook’

(AFSC DH 1-6 1967),

• the US National Aeronautics and Space Administration (NASA) handbook

‘Sys-tem safety handbook’ (NASA DHB-S-00 1999)

In any engineered installation, human factors are an important part of process

con-trol Therefore, an effective safety program cannot consider only the automated sys-tems hierarchy but must also consider the impact of human error on the system, and the effect of systems design on errors in human judgement and control

Increased automation in complex systems has led to changes in the human con-troller’s role, and to new types of technology-induced human error Such errors abound in records of major process engineering catastrophes In a detailed survey

of safety incidents in the US nuclear power industry (INPO 84-027 1984, 1985), it was revealed that of the roughly 1,000 identified root causes of incidents that were investigated, 51% were classified as “human performance problems”, and 74% of these (i.e 38% of all root causes) were “maintenance related”, this being broadly defined to include preventive and corrective maintenance, surveillance testing and modification work

The Three Mile Island nuclear power generator accident in 1979 demonstrated the significance of human error The accident was attributed to mechanical failure

and operator error Despite the fact that about half of the reactor core melted, the

containment building that housed the reactor prevented any release of radioactivity, and the reactor’s other protection systems also functioned as designed The emer-gency core cooling system would have prevented the accident but for the interven-tion of the operators Investigainterven-tions following the accident led to a new focus on the human factors in nuclear safety No major design changes were called for in nuclear reactors but controls and instrumentation were improved and operator training was overhauled

By way of contrast, the Chernobyl reactor in the Ukraine did not have a

contain-ment structure like those used in the West or in post-1980 Soviet designs The April

1986 disaster at the Chernobyl nuclear power plant was the result of major design deficiencies in the type of reactor, the violation of operating procedures and the ab-sence of a safety culture The accident destroyed the reactor, killed 31 people, 28 of