Accident reports are intended to ensure that faults in one system do not recur in other systems. They contain the analysis of many different experts, including human factors and systems engineers. The insights of these investigators are often separated into chapters which reflect the particular concerns and expertise of their authors. Such a separation often makes it difficult for readers to trace the ways in which human and system `failures' combine to create the necessary conditions for an accident. The following paper argues that mathematically based modelling techniques can be used to overcome this problem. It is hypothesised that the application of formal notations can be extended from the domain of systems engineering in order to represent the findings of human factors analyses. In particular, it is argued that Petri Nets can be used to represent and reason about the concurrent behaviour of multiple operators and their systems. Tool support can be recruited to validate the resulting networks. The sequences of events leading to an accident can be simulated and shown to human factors and systems engineers. This, in turn, may elicit further observations about the causes of an accident. A near collision analysed by the U.K. Department of Transport's Air Accident Investigations Branch (AAIB) is used in order to evaluate this approach.

We are concerned to identify techniques that support both human factors and systems engineering because the Commission of the European Community (International Atomic Energy Agency and The Commission of the European Community, 1984), the Japanese Fifth Generation Initiative (Watson, 1985) and United States' Presidential Task Forces (President's Task Force On Aircraft Crew Compliment, 1981) have all cited operator intervention as a primary factor in the cause and exacerbation of accidents. Unfortunately, many accident reports separate human factors considerations from the findings of systems engineers. They are frequently discussed in different chapters and appendices, for example see Air Accidents Investigations Branch (1989, 1990) or Worley and Lewis (1988). This paper starts from the premise that such distinctions are artificial. Human `errors' cannot be fully explained without considering the demands which application functionality places upon its operators. System failures cannot be fully explained without considering the managerial and operational circumstances which affect maintenance and reliability. Some accident reports use tortuous cross-referencing to draw together these strands of analysis. Others leave the reader wondering how the different findings of the experts can form

1

Petri Nets; Human Factors; Systems Engineering; Accident Analysis.Keyw ords:

The Human Computer Interaction Group, The Department of Computer Science, The University of York, Heslington, The United Kingdom, YO1 5DD.
E-mail: [email protected], Telephone: (0904) 433376.

C.W. Johnson

ABSTRACT

THE APPLICATION OF PETRI NETS TO REPRESENT AND

REASON ABOUT HUMAN FACTORS PROBLEMS DURING

ACCIDENT ANALYSES

1 Introduction