1. Best Practices for Reliable and
Robust
Human Systems Integration
Dr. Cynthia H. Null
NASA Technical Fellow
NASA Engineering and Safety Center
Program Management
C. Null 1
Challenge Conference
2008
2. Outline
• Human Factors Design Philosophy
• Model of Human Factors in System Design
• Design Processes
• Summary
C. Null 2
3. Human System Integration
• Systems level approach
• Design for robustness for the life of the program
– Design
– Build
– Test
– Operate
– Maintain
– Retire
• Reliability is an attribute of the product
• Reliability is an attribute of operational processes
C. Null 3
4. Which humans do we design for?
• From a human factors viewpoint
Crewmembers
Not just for
Controllers
Training personnel human space flight.
Manufacturing personnel
Maintenance personnel
Ground operations
Ground testing
are apart of the spacecraft system.
• All elements of the system are influenced by human
performance.
• Human performance is influenced by the system design.
C. Null 4
5. Human Factors Design Principles
1. System demands are compatible with
human capabilities and limitations.
2. System enables utilization of
human capabilities in non-routine and
unpredicted situations.
3. System can tolerate and recover from
human errors.
C. Null 5
6. Environment Human Capabilities
• Physical •Operations Concept • Abstraction
• Noise •Command & Control • Problem Solving
• Vibration •Geographic Distribution • Creativity
• G-level •Nominal • Cope with novel situations
• Climate •Off-nominal •
•
• Illumination •Unexpected •
• Access
• Organization
• Culture
• Communication
• Responsibilities
• Authority
Tasks / Goals
System Capabilities • Requirements
• Monitoring • Moderators
• Control • Procedures
• Interfaces • Decision Aids
• Robotics • Interfaces
• Automation • Human-Human
•
C. Null 6
• • Human-system
•
7. Simplified Model •
Human Capabilities
Abstraction
Environment • Problem Solving
• Physical • Creativity
• Operational Concept • Cope with surprises
• Organization
Subsystems Humans
Displays Human Sensation
Machines
Cognition
Human
TASKS
Input Devices Human Actions
System Capabilities Tasks
• Monitoring • Requirements
• Control • Moderators
• Interfaces • Interfaces
• Robotics •Human-Human Null
C. 7
• Automation •Human-system
8. Simplified Model Human Capabilities
Environment Sensation/Perception
• Physical • Vision • Vestibular
• Operational Concept • Audition • Kinesthesia
• Organization • Tactile • Taste/smell
Subsystems Humans
Displays Human Sensation
Cognition
• Attention
Machines
Cognition
Human
• Memory
• Information processing
TASKS • Decision making
• Action Initiation
Tasks
Input Devices Human Actions • Requirements
• Moderators
System Capabilities
• Interfaces
• Monitoring Human Actions
•Human-Human
• Control • Motor coordination
•Human-system
• Interfaces • Object manipulation
• Robotics • Speech C. Null 8
• Automation
9. Simplified Model Displays Human Capabilities
• Display Response • Abstraction
•Visual • Problem Solving
•Sound • Creativity
Environment • Initiates Queries • Cope with surprises
• Physical
• Operational Concept Subsystems Humans
• Organization Displays Human Sensation
Machines
• Process Data
Machines
Cognition
Human
• Perform procedures
• Stores data
• Retrieves data TASKS
• Transmits responses
• Control
Input Devices Human Actions
Input Devices Tasks
System • Sensors • Requirements
• Controls, switches • Moderators
Capabilities • Keyboard, mouse, etc. • Interfaces
• Touch-screen C. Null 9
•Human-Human
• Voice recognition •Human-system
10. Fallacy: Human Factors Is Just
Common Sense
• Designs are not only built
to requirements but may
have hidden assumptions
or demands
• Simple example of
mismatch between
human capabilities and
tool operation
– PDA, cell phone & camera
displays use small,
efficient LCDs
– PDAs have thumb-
controlled keyboards C. Null 10
11. It is common to hear
• Automation will:
– Reduce human workload
– Simplify tasks performed by humans
– Reduce training requirements
– Reduced human error
• However, Aviation Automation has:
– Changed the human tasks, often increasing the complexity
– Moved tasks from control to monitoring, but not simpler
– Often increased training (systems are more complicated)
– Changed types of errors
– Increased concurrence of tasks
C. Null 11
12. It is common to hear:
• If the design isn’t perfect we can train
– However, under stress or time constraints trained
behavior may fail
• We will find any issues during training, and
design procedures to eliminate the issue
– Simulation training may not discover the interactions
with the tools and environment
– Changing procedures may not be enough
– Usually too late (or too expensive) to impact design
C. Null 12
13. Fallacy: Design Deficiencies will be
uncovered in human-in-loop testing
or training
• Example: STS-49
• Capture,
installation of new
perigee kick motor
& release of an
Intelsat-VI satellite View of Robotic Arm Operator
C. Null 13
14. STS-49
Attaching Capture Bar To Intelsat-VI
Practicing 3-Person Satellite Grab Performing 3-Person Satellite Grab
C. Null 14
15. Design Processes
Prominent in heritage systems are human-system
integration responsibilities
• DDT&E of
– “active” interfaces (displays and controls)
– “passive” interfaces with vehicle (seating, restraints,
lighting)
• Ensure reliable operations in space environment
C. Null 15
16. Apollo’s Display and Control
Systems Requirements (a few)
• No single display or control failure would jeopardize the
safety or the flight crew or be cause for an abort.
• Information would be presented so as to permit rapid
assessment of critical system status without resorting to
extensive troubleshooting procedures to identify
malfunctions
• All D&C used during accelerated flight would be
designed for operation by a pressure-suited fully
restrained crewman
• Automatic systems would be used to obtain precision, to
speed response, or to relieve the crewmen of tedious
tasks: but all automatic control modes would have a
manual backup C. Null 16
17. D = Design, B= Build, O= Operate, M= Maintain, T= Train C. Null 17
18. HFE methods & tools as a part of
overall design process
Testing is critical
HFE Activities
Planning HFE HSI Design Training Verification Performance
& & Monitoring
Analyses
Function Analysis Integration Validation
Concept of Ops
Human-System
Task Analysis Concept Design Systems
performance Continuous
Endpoint Vision Approach
Human in Loop Detailed Design testing improvement
• • • • •
• Testing and •
•
• •
Integration Simulation Nominal & Off-
•
Evaluation
• •
nominal
•
HFE
Guidelines
•
HFE Process
•
HSI Design
C. Null 18
Overall Engineering Design Process
20. Human Factors Design Principles
1. System demands are compatible
with human capabilities and limitations.
C. Null 20
21. “Top-Down”
High-level mission and goals
Define functions necessary to achieve the goals
Allocate functions to human and system resources
Decompose functions into tasks
Analyze tasks to define performance requirements
Design detailed HSI, procedures, and training
C. Null 21
22. “Bottom-Up”
• Prototype human activities (including
modeling)
• Identify human performance variability and
human error potential
• Design interfaces, tools, training, etc.
C. Null 22
25. Design trades
• Design trades are a fact of designing
complex systems
• HFE helps make explicit the trades that
effect human performance
and thus
effect system performance and reliability
C. Null 25
26. Humans Will
Adapt
Find New Ways To Solve Problems
Humans Can Cope with Uncertainty
• But at what cost?
• These characteristics are something we rely on
– As individuals
– As designers
• It is this creativity that adds reliability to complex
systems
C. Null 26
27. Human Factors Design Principles
2. System enables utilization of
human capabilities in non-routine and
unpredicted situations
Non-routine Unpredicted
* Procedures * Information is KEY
* Training * Transparent systems
* Diagnosis support
C. Null 27
29. Human Factors Design Principles
3. System can tolerate and recover from
human errors **
** Let me note: The human error mitigations:
Must not reduce humans ability to cope with
the unpredicted.
Must not leave humans unaware of
automatic actions, operational modes or
system status.
C. Null 29
30. Human Error and Reliability Analysis
Fault Tree Analysis (Top-Down)
1. What catastrophic outcomes could occur?
2. What event/error sequences and
combinations could lead to each outcome? 1. Identify
3. Are there scenarios when one or two human critical human
error could lead to a catastrophic outcome? risks
Human Factors Process failure 2. Formulate
Modes and Effects Analysis responses
(Bottom-Up)
1. How will humans interact with the system?
2. What errors could occur?
3. What consequence would result from these
errors? C. Null 30
31. 1997 MIR-
Progress
Collision
• During 4 months preceding
event, crew stressed by
frequent system failures
• Near-miss during an Toru-
assisted docking
• Low contrast and poor
resolution of the Toru
display
• Kurs radar shutdown
decreased spatial
C. Null 31
awareness
32. People Create Safe Operations
• Rarely is human operator error in complex
systems the proximate cause of the failure.
• In complex operations human error is often the
symptom of deeper system design issues.
• Human error is not random.
Error is systematically connected to features of
tool’s, task’s and operating environment
• People are vital to system safety.
C. Null 32
33. Design Principles
System Life 1. Human 2. Off- 3. Error
Cycle Phase Capabilities nominal Tolerant
Manufacture Objectively define Hazard analysis. Components designed
and evaluate skill. to make incorrect
assembly difficult.
Test Tasks are within System keeps Independent test
human perceptual operators in the verification.
envelope. loop.
Operate System demands System keeps Appropriate interlocks,
are consistent with operators in the make it difficult to do
human performance loop. dangerous things.
standards. Permits humans
to take control.
Maintain Maintenance tasks Non-routine Avoid simultaneous
are within human trouble-shooting maintenance of
capabilities. and repair is redundant systems.
possible.
C. Null 33
34. Some General Characteristics of a
Well Designed
Human-System Interface
• Accurately represents the system
• Meets user expectations
• Support task performance
• Minimizes distractions
• Balances workload
• Is tolerant to error
• Is consistent
• Provides timely information and feedback
• Provides access to explanations when needed
• Verified through extensive human-in-loop C. Null 34
testing, including off-nominal scenarios
35. Human Factors to Reliable Systems
• System view
– Human as part of system
– Environment context
• Designs for nominal, off-nominal & unexpected
• Matches tasks and tools to human capabilities &
limitations
• Data driven—human-system performance
testing is key to success
• Requires curious skeptic with knowledge of
human capabilities
C. Null 35
38. Fastener Starter
• HF-PFEMA uncovered high potential FOD issue
Shuttle Dome Heat Shield Installation Process
• Developed Fastener Starter by incorporating
– task requirements
– user preferences
– flight hardware constraints
– lessons learned from evaluations of currently
available tools
• Tested with technicians simulating hardware
installation
– evaluated the tool's performance (parts dropped)
– the technician's efficiency
– subjective rating of the tool.
C. Null 38
39. Fastener Starter
• Firmly grips and holds a single
screw, bolt, nut, washer, spacer,
or any combination of these
parts.
• Compact size allows it to be
used effectively in cramped,
difficult-to-see locations
Fastener Starter Holding a Screw
C. Null 39
