Upload
nasapmc
View
13.332
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
C. Null 1
Best Practices for Reliable and Robust
Human Systems Integration
Dr. Cynthia H. NullNASA Technical Fellow
NASA Engineering and Safety CenterProgram ManagementChallenge Conference
2008
C. Null 2
Outline
• Human Factors Design Philosophy
• Model of Human Factors in System Design
• Design Processes
• Summary
C. Null 3
Human System Integration
• Systems level approach• Design for robustness for the life of the program
– Design– Build– Test– Operate– Maintain– Retire
• Reliability is an attribute of the product• Reliability is an attribute of operational processes
C. Null 4
Which humans do we design for?• From a human factors viewpoint
CrewmembersControllers Training personnelManufacturing personnelMaintenance personnel Ground operationsGround testing
are apart of the spacecraft system.
• All elements of the system are influenced by human performance.
• Human performance is influenced by the system design.
Not just for human space flight.
C. Null 5
Human Factors Design Principles
1. System demands are compatible with human capabilities and limitations.
2. System enables utilization of human capabilities in non-routine and unpredicted situations.
3. System can tolerate and recover from human errors.
C. Null 6
Tasks / Goals• Requirements• Moderators
• Procedures• Decision Aids
• Interfaces• Human-Human• Human-system
Human Capabilities• Abstraction• Problem Solving• Creativity• Cope with novel situations
•••
System Capabilities• Monitoring• Control• Interfaces• Robotics• Automation
•••
Environment• Physical
• Noise• Vibration• G-level• Climate• Illumination• Access
• Organization• Culture• Communication• Responsibilities• Authority
•Operations Concept•Command & Control•Geographic Distribution•Nominal•Off-nominal•Unexpected
C. Null 7
Simplified ModelEnvironment• Physical• Operational Concept• Organization
Tasks• Requirements• Moderators• Interfaces
•Human-Human•Human-system
Human Capabilities• Abstraction• Problem Solving• Creativity• Cope with surprises
System Capabilities• Monitoring• Control• Interfaces• Robotics• Automation
Displays
Input Devices
Mac
hine
s
Human Sensation
Human Actions
Hum
an C
ognitionTASKS
Subsystems Humans
C. Null 8
Sensation/Perception• Vestibular• Kinesthesia• Taste/smell
Human Actions• Motor coordination• Object manipulation• Speech
Cognition• Attention• Memory• Information processing• Decision making• Action Initiation
Simplified ModelEnvironment• Physical• Operational Concept• Organization
Human Capabilities
Tasks• Requirements• Moderators• Interfaces
•Human-Human•Human-system
Sensation/Perception• Vision• Audition• Tactile
Displays
Input Devices
Mac
hine
s
Human Sensation
Human Actions
Hum
an C
ognitionTASKS
Subsystems Humans
System Capabilities• Monitoring• Control• Interfaces• Robotics• Automation
C. Null 9
Displays• Display Response
•Visual•Sound
• Initiates Queries
Machines• Process Data• Perform procedures• Stores data• Retrieves data• Transmits responses• Control
Simplified Model
Environment• Physical• Operational Concept• Organization
Human Capabilities• Abstraction• Problem Solving• Creativity• Cope with surprises
System Capabilities
Displays
Input Devices
Mac
hine
s
Human Sensation
Human Actions
Hum
an C
ognitionTASKS
Subsystems Humans
Input Devices• Sensors• Controls, switches• Keyboard, mouse, etc.• Touch-screen• Voice recognition
Tasks• Requirements• Moderators• Interfaces
•Human-Human•Human-system
C. Null 10
Fallacy: Human Factors Is Just Common Sense
• Designs are not only built to requirements but may have hidden assumptions or demands
• Simple example of mismatch between human capabilities and tool operation– PDA, cell phone & camera
displays use small, efficient LCDs
– PDAs have thumb-controlled keyboards
C. Null 11
It is common to hear• Automation will:
– Reduce human workload– Simplify tasks performed by humans– Reduce training requirements– Reduced human error
• However, Aviation Automation has:– Changed the human tasks, often increasing the complexity– Moved tasks from control to monitoring, but not simpler– Often increased training (systems are more complicated)– Changed types of errors– Increased concurrence of tasks
C. Null 12
It is common to hear:• If the design isn’t perfect we can train
– However, under stress or time constraints trained behavior may fail
• We will find any issues during training, and design procedures to eliminate the issue– Simulation training may not discover the interactions
with the tools and environment– Changing procedures may not be enough
– Usually too late (or too expensive) to impact design
C. Null 13
Fallacy: Design Deficiencies will be uncovered in human-in-loop testing
or training• Example: STS-49
• Capture, installation of new perigee kick motor & release of an Intelsat-VI satellite View of Robotic Arm Operator
C. Null 14
STS-49 Attaching Capture Bar To Intelsat-VI
Practicing 3-Person Satellite Grab Performing 3-Person Satellite Grab
C. Null 15
Design Processes
Prominent in heritage systems are human-system integration responsibilities
• DDT&E of – “active” interfaces (displays and controls)– “passive” interfaces with vehicle (seating, restraints,
lighting)
• Ensure reliable operations in space environment
C. Null 16
Apollo’s Display and Control Systems Requirements (a few)
• No single display or control failure would jeopardize the safety or the flight crew or be cause for an abort.
• Information would be presented so as to permit rapid assessment of critical system status without resorting to extensive troubleshooting procedures to identify malfunctions
• All D&C used during accelerated flight would be designed for operation by a pressure-suited fully restrained crewman
• Automatic systems would be used to obtain precision, to speed response, or to relieve the crewmen of tedious tasks: but all automatic control modes would have a manual backup
C. Null 17D = Design, B= Build, O= Operate, M= Maintain, T= Train
C. Null 18
HFE methods & tools as a part of overall design process
Overall Engineering Design Process
HSI Design &
Integration
•
Concept Design
•
Detailed Design
•Integration
HFE Analyses
•
Function Analysis
•
Task Analysis
•
Planning
•
Concept of Ops
•
Endpoint Vision•
Human-System performance testing
Nominal & Off-nominal
••
Verification &
Validation
Performance Monitoring
•
Continuous improvement
HFE Activities
HFEGuidelines•HFE Process•HSI Design
•
Systems Approach
•Simulation
Training
Human in Loop Testing and Evaluation
Testing is critical
C. Null 19
HSI System Development
C. Null 20
Human Factors Design Principles
1. System demands are compatible with human capabilities and limitations.
C. Null 21
“Top-Down”
High-level mission and goals
Define functions necessary to achieve the goals
Allocate functions to human and system resources
Decompose functions into tasks
Analyze tasks to define performance requirements
Design detailed HSI, procedures, and training
C. Null 22
“Bottom-Up”
• Prototype human activities (including modeling)
• Identify human performance variability and human error potential
• Design interfaces, tools, training, etc.
C. Null 23
Example: Two Approach Modes
input: -3.3° -800 ft/min
Mt (2700ft)
Planned approach: Track/Flight Path Angle mode: input: -3.3°
-13,6°input:
-3300 ft/min
Actual approach: Heading/Vertical Speed; input: -3300 ft/min
Eventual Crash
Mt (2700ft)
5000ft
5000ft
C. Null 24
Wrong Mode–Spot The Difference
C. Null 25
• Design trades are a fact of designing complex systems
• HFE helps make explicit the trades that effect human performance
and thus effect system performance and reliability
Design trades
C. Null 26
Humans Will AdaptFind New Ways To Solve ProblemsHumans Can Cope with Uncertainty
• But at what cost?
• These characteristics are something we rely on– As individuals– As designers
• It is this creativity that adds reliability to complex systems
C. Null 27
Human Factors Design Principles
2. System enables utilization of human capabilities in non-routine and unpredicted situations
Non-routine
* Procedures
* Training
Unpredicted
* Information is KEY
* Transparent systems
* Diagnosis support
C. Null 28
Apollo 13“Houston, we’ve had a problem”
C. Null 29
Human Factors Design Principles
3. System can tolerate and recover from human errors **
** Let me note: The human error mitigations:Must not reduce humans ability to cope with the unpredicted.
Must not leave humans unaware of automatic actions, operational modes or system status.
C. Null 30
Fault Tree Analysis (Top-Down)
1. What catastrophic outcomes could occur?
2. What event/error sequences and combinations could lead to each outcome?
3. Are there scenarios when one or two human error could lead to a catastrophic outcome?
Human Factors Process failure Modes and Effects Analysis
(Bottom-Up)1. How will humans interact with the system?
2. What errors could occur?
3. What consequence would result from these errors?
1. Identify critical human risks
2. Formulate responses
Human Error and Reliability Analysis
C. Null 31
1997 MIR-Progress Collision
• During 4 months preceding event, crew stressed by frequent system failures
• Near-miss during an Toru-assisted docking
• Low contrast and poor resolution of the Toru display
• Kurs radar shutdown decreased spatial awareness
C. Null 32
People Create Safe Operations
• Rarely is human operator error in complex systems the proximate cause of the failure.
• In complex operations human error is often the symptom of deeper system design issues.
• Human error is not random. Error is systematically connected to features of tool’s, task’s and operating environment
• People are vital to system safety.
C. Null 33
Design Principles
Appropriate interlocks, make it difficult to do dangerous things.
System keeps operators in the loop. Permits humans to take control.
System demands are consistent with human performance standards.
Operate
Avoid simultaneous maintenance of redundant systems.
Non-routine trouble-shooting and repair is possible.
Maintenance tasks are within human capabilities.
Maintain
Independent test verification.
System keeps operators in the loop.
Tasks are within human perceptual envelope.
Test
Components designed to make incorrect assembly difficult.
Hazard analysis.Objectively define and evaluate skill.
Manufacture
3. Error Tolerant
2. Off-nominal
1. Human Capabilities
System Life Cycle Phase
C. Null 34
Some General Characteristics of a Well Designed
Human-System Interface• Accurately represents the system• Meets user expectations• Support task performance• Minimizes distractions• Balances workload• Is tolerant to error• Is consistent• Provides timely information and feedback• Provides access to explanations when needed• Verified through extensive human-in-loop
testing, including off-nominal scenarios
C. Null 35
Human Factors to Reliable Systems• System view
– Human as part of system– Environment context
• Designs for nominal, off-nominal & unexpected
• Matches tasks and tools to human capabilities & limitations
• Data driven—human-system performance testing is key to success
• Requires curious skeptic with knowledge of human capabilities
C. Null 36
Examples
C. Null 37
Design for Maintainability• Physical access• Visual access• Tooling access• Modularity• Error-proofing• Labeling
C. Null 38
Fastener Starter• HF-PFEMA uncovered high potential FOD issue
Shuttle Dome Heat Shield Installation Process • Developed Fastener Starter by incorporating
– task requirements– user preferences– flight hardware constraints– lessons learned from evaluations of currently
available tools • Tested with technicians simulating hardware
installation– evaluated the tool's performance (parts dropped)– the technician's efficiency– subjective rating of the tool.
C. Null 39
Fastener Starter• Firmly grips and holds a single
screw, bolt, nut, washer, spacer, or any combination of these parts.
• Compact size allows it to be used effectively in cramped, difficult-to-see locations
Fastener Starter Holding a Screw