Human factors critical task reviews are a key tool for managing human error in safety critical rail operations

Figure 1: Overview of the HFCTR process

Human Reliability Associates is a specialist in the human factors aspects of safety critical industries such as oil and gas, aviation, nuclear power generation and marine and rail transport. The term ‘safety critical’ indicates the company’s interest in major disasters that can arise from human errors with potentially multiple fatalities, rather than occupational safety which focuses mainly on harm to individuals.

In the rail sector, it has contributed to more than 30 projects over the past 30 years, including analysis of the human errors leading to the Clapham Junction disaster for the public enquiry, the development of models of factors affecting signals passed at danger (SPADS), mitigation strategies following the loss of automatic warning systems, the effectiveness of CCTV in preventing platform edge incidents for Transport for London, the peer review of the safety case for the Extended Jubilee line, the management of human factors aspects of cross border operations for the European Union, and the human factors aspects of the Waterloo and City line upgrade.

This article will look at a methodology called Human Factors Safety Critical Task Review (HFCTR) which has been applied in many projects to analyse and prevent human errors in safety critical tasks. HFCTR is a structured risk analysis process for proactively identifying the steps where errors could arise which lead to severe safety or business consequences and developing mitigation strategies which will reduce the likelihood of these errors to acceptable levels.

HFCTR was originally developed in safety critical industries such as offshore oil and gas operations, aviation and nuclear power, to provide a process for predicting and the possible human failures that could arise when carrying out safety critical tasks. It has now been widely implemented as a process for satisfying HSE regulatory requirements for hazardous industries under the Control of Major Accident Hazards (COMAH) regulations. A common view of human error is that it originates in individual causes such as recklessness, lack of diligence or carelessness.

This is based on the fallacy that if people try hard enough then they can become error free. However, neither common experience nor human factors research supports this view. HFCTR is based on the systems approach, which states that in safety critical industries, human error is mainly driven by factors outside the control of the individual. This contrasts with the behavioural safety approach, which assumes that most incidents arise from individual choices to fail to comply with defined safety rules or procedures.

An important application area for HFCTR is in the development of operating procedures and instructions. The Office of Rail and Road states that: ‘A recurring theme in the last decade has been the extent to which ORR has found routine, informal non-compliance with Network Rail rules, procedures and standards, leading to incidents such as the Greyrigg derailment.

‘Often well-intentioned staff commit errors or omissions due to confusing instructions and/or a lack of understanding of the significance of their interventions.’ (Office of Rail May 2017 Industry staff competence & human failure Ch 2).

Figure 2: Examples of types of failure modes within Activity Types

Figure 3: Examples of failure modes for Action Activities

Stages of HFCTR

Safety critical task identification: This is a screening process used to identify the specific tasks which constitute the greatest sources of risk if they are omitted or not carried out correctly, e.g. failing to maintain a track circuit correctly, or respond to a hot axle box indication.

Selection of safety critical tasks is usually based on the severity of the consequences if a failure occurs, combined with the characteristics of the task which render it more likely to fail, e.g. complexity, infrequent performance. The screening process is important in minimising the amount of analytical effort required, thereby using risk reduction resources on the most cost-effective manner.

Task analysis: Using the existing procedures as the starting point, a facilitator works with a small team of experienced personnel (called a consensus group) to map the ways in which a task is performed in the field. One purpose of the consensus group is to generate procedures that are based on the practical realties of performing the task under real operating conditions. To facilitate communication within the group, task analysis is performed using a graphical representation of the task called Hierarchical Task Analysis.

Failure and Consequence Analysis: In this stage of the HFCTR analysis, potential failures which could give rise to severe consequences are identified. This uses a two-stage process. In the first stage, the types of activities involved in the task are identified. For example, a task step such as ‘tighten the bolts on a points linkage to torque X’ would be classified as an action.

Different activity types give rise to different failure modes, and more than one failure mode is possible within the same step is possible.

In the second stage, the analyst examines each of the task steps or subtasks to identify any credible failures could give rise to severe consequences.

Figure 3 below contains examples of task activities and their associated failure modes:

Performance Influencing Factors (PIF) Analysis: PIF analysis is used to identify the factors which are driving the failures identified in the preceding stage, and to evaluate their quality.

Typical PIFs include the design of equipment to maximise usability, labelling to facilitate correct identification, checklists to ensure that steps are not omitted, and clear definition of roles and responsibilities. The current state of the PIFs is evaluated numerically, and potential improvements are developed.

Figure 4: Structure of task, and failure analyses from HFCTA


Figure 4 illustrates the structure of a typical HFRM task and failure analysis. The task structure is represented as a series of subtasks or steps with a plan to describe how the steps are executed.

In practice, some steps could be broken down to finer levels of detail if required. The possible failure modes are shown as boxes below the task steps. The use of Performance Influencing Factors to determine the likelihood of the identified failures are shown in Figure 5.

Figure 5: Evaluating the Performance influencing factors which determine the failure probability

Use of the HFCTR to develop ‘risk aware’ procedures and competencies: As indicated previously, two pf the main approaches to error management are the optimisation of procedures and the development of high levels of competence. The HFCTR is essentially a risk management process which provides an effective basis for developing ‘risk aware’ instructions and Standard Operating Procedures (SOPs).

By working with experienced personnel within the group task analysis process, many of the factors which give rise to non-compliances can be identified. For example, SOPs that are out of date and impractical may lead to unauthorised practices becoming the norm, simply to get the job done.

The structured review of these ad hoc procedures provided in HFCTR will enable anomalies to be identified. In addition, improved ways of working may be identified from the sharing of experience from different shifts and these can be incorporated into new SOPs. The active involvement of the workforce also fosters a culture of involvement and compliance.

The insights from the failure and consequence analyses can be carried across into written procedures using warnings and comments, so that personnel can be aware of those activities which involve the highest risks, where vulnerabilities to human error are also present. This will lead to increased diligence when carrying out those operations

The use of the HFCTR approach encourages the integration of procedures with the competency management system. Ideally, risk assessed procedures should provide the basis for competency standards, by defining the best practices based on the task and risk analyses described earlier.

In addition, the task analyses performed in by HFCTR provide an understanding of the underlying reasons for performing the different subtasks within a procedure, which is an important knowledge component of competency.


The HFCTR process described in this article provides a validated and effective suite of tools and techniques to reduce the likelihood of human errors in safety critical tasks. In addition to its human error reduction benefits, HFCTR also supports the development of effective ‘risk aware’ procedures and competency management resources.

To minimise the effort required to carry out HFCTR, a software tool is available called the Human Factors Risk Manager (HFRM), which has been applied in more than 200 risk analyses over the last ten years. This performs task and error analyses which are automatically documented to provide a comprehensive set of reports. A particularly useful feature of the software is its ability to automatically convert the results of the human factors risk analyses into fully formatted procedures, complete with warnings and comments.

Similarly, risk-based competency and training documentation is also generated. Finally, in addition to its predictive capabilities, HFRM can also be used as a powerful root causes analysis tool.

Human Reliability Associates is a member of the Chartered Institute of Ergonomics and Human Factors.


Contact David Embrey
Tel: +44 1257 463121