This paper is a development of one I presented at Hazards 24 [Ref 1].  I believe that human factors can make a great contribution to the way the risks of major accidents are managed.  However, whilst its use in industry is growing it is failing to reach its potential because it is not properly integrated into other safety studies.  Task analysis is arguably the human factors technique that has the greatest potential for overcoming this hurdle.

Linking Human Factors to Safety Studies (download full paper in PDF format)

1.1  What are human factors?

According to the Health and Safety Executive (HSE) “Human factors refer to environmental, organisational and job factors, and human and individual characteristics, which influence behaviour at work in a way which can affect health and safety" [Ref 2].  Our main interest is understanding how the nature of the job being done, the people doing it and the organisation that they work for affects the likelihood of people doing things wrong.  Managing human failures is essential to prevent major accidents, which can be devastating for the people affected as well as costing businesses money, reputation and potentially their continued existence.

1.2  What is task analysis?

Task analysis is a formal method of describing and analysing actions performed by people.  It started to be used in the early 1900s, and from the 1940s played a key role in helping to understand the relationships between people and technology.  In the 1960s a method known as Hierarchical Task Analysis (HTA) was developed, which proved to be particularly practical and effective [3].  When combined with a formal human failure analysis HTA is usually considered to be the default method when assessing human factors.  The HSE has promoted its use in the management of major accident hazards since the early 1990s.  However, people have not always had good experiences of task analysis; often because it has been applied to the wrong types of task or the wrong approach has been taken.

1.3  How does task analysis fit with safety studies (currently)?

My experience is that task analysis is often carried out as a stand-alone exercise.  Information from other safety studies is not readily available and the output is accepted at face value with little consideration on how it may affect other studies.  This approach, in some ways, makes my job as a human factors consultant easier because I can basically do what I want.  I can analyse the tasks I think will be interesting, use techniques that I want to use and make as many recommendations as I like.  I don’t think this is good from the client’s perspective, but often it seems that they are just pleased to be able to say they are doing some task analysis. 

1.4  How does this compare with other safety studies?

To be honest, I think the same shortcomings apply to other safety studies.  They are often completed in relative isolation and they quickly end up on the shelf, having little influence on day to day activities.  This means their impact on reducing the risks of major accidents is limited and companies may not be getting a good return on the time, effort and money they have put in.

1.5  Is there any good news?

I am starting to see some positive changes.  I am being asked to consider the output from other safety studies when assessment human factors, and my reports are coming under greater scrutiny.  Whilst this is more challenging I am very pleased as I believe it is a sign that human factors has started to move from a niche activity to a more highly valued element of the management of major accident safety.

2     Achieving Better Integration

2.1  What does integration mean?

My feeling is that human factors will start to have a greater impact when task analysis is linked more closely with other safety studies.  This would mean that relevant information from other safety studies would be available and considered when carrying out task analysis.  Also, the output from task analysis will be used to influence other safety studies. 

2.2  What safety studies does this relate to?

Our overall aim with major accident safety is to identify and evaluate risks; and determine how they should be controlled.  There are a range of safety studies that assist in doing this.  Each one tends to address a different aspect or provide a different perspective.  Although not comprehensive, the following list gives an idea of the range of studies currently in use:

·         Hazard Identification (HAZID);

·         Quantified Risk Analysis (QRA);

·         Hazard and Operability (HAZOP);

·         Process Hazard Review (PHR);

·         Process Hazard Analysis (PHA);

·         Layers of Protection Analysis (LOPA);

·         Safety Integrity Level (SIL)

·         Barrier Analysis;

·         As Low As Reasonably Practicable (ALARP) demonstration;

·         Bow-Tie analysis.

2.3  How do these fit together?

I have developed the diagram below to illustrate how safety studies fit together.  I found that there was no simple relationship between individual studies but it is possible to assign them to particular regions of the overall risk management process: 


Figure 1: How safety studies work together


2.4  What have we learnt from this?

In developing this diagram I realised that the process is not linear.  For example, whilst HAZID may be one of the first studies performed, QRA will normally require more detailed information that will be generated by other safety studies (i.e. It appears lower on the diagram).  However, both studies are most effective at highlighting the areas within a system of greatest risk with regard to major accident. 

Another conclusion I made in developing the diagram was that Bow Ties are a useful method of illustrating the findings from other safety studies.  However, they are of limited value for identifying and assessing risks, which can be done far better using other types of safety study.

3     Assessing Barriers

3.1  What is a barrier?

In the context of safety studies a barrier is something that is put in place to prevent a major accident.  They are risk controls or layers of protection that can be physical items or less tangible human and organisational factors.  For those familiar with the “Swiss Cheese” model of accident causation, barriers are the slices of cheese that are intended to prevent an event progressing through to cause an accident [Ref 4]. 

3.2  What are hard barriers?

I am using the term ‘hard barrier’ to refer to engineered items.  There are two types of hard barrier:

1.    Passive – physical features that keep a hazard under control (e.g. pipework, vessels, open vents);

2.    Active – items that respond to a hazardous condition and function to reduce the hazard (e.g. relief valve, trip system, alarm).

The focus for this paper is on human factors, so I will not discuss hard barriers in any detail.  However, it is important to note that most hard barriers will generate human requirements for their maintenance and some aspects of operation.

3.3  What is a soft barrier?

I am using the term ‘soft barrier’ to refer to human actions that are performed to avoid, control or respond to a hazardous situation.  They include tasks, but also a range of other human and organisational factors.

3.4  How should task analysis be used?

The simple answer is that task analysis should be applied to safety critical tasks.  Whilst identifying soft barriers will help us identify these, we need to have a clear idea of what constitutes a task and what makes them safety critical.  Also, this raises the question of what to do about soft barriers that are safety critical but not tasks. 

3.5  What is a task?

The dictionary definition for task is ‘a piece of work to be done.’  However, people do a lot of things that are more general in nature.  Tasks typically:

·         Have a clear start and finish;

·         Involve discrete steps;

·         Result in a change of status;

·         Are specific to clearly defined circumstances. 

Soft barriers that do not have these characteristics can be described ‘activities’ rather than tasks.

3.6  What does safety critical mean?

It is unfortunate that the term ‘safety critical’ is used widely in different contexts, and this causes confusion when people are determining which tasks they should analyse.  In general terms a task is considered safety critical if it interacts with a hazardous system and the task has features that make it prone to human failure. 

One area where people often need some guidance is differentiating between process and personal safety.  They will often be more aware and concerned about the potential to hurt individuals carrying out a task rather than the potential to cause a major accident.  The fact that a task involves ‘normal’ health and safety hazards (e.g. work at height, confined space entry, manual handling etc.) is rarely enough to justify carrying out a formal task analysis. 

This is where integration with other safety studies becomes particularly beneficial.  Taking HAZOP as an example, if a human action is identified as either a potential cause of a hazardous condition (i.e. because of an error) or a barrier it would be considered to be safety critical.  If it is also considered to be a task according to the definition above, it would be considered as Safety Critical Task (SCT).  If not it would be considered as a Safety Critical Activity (SCA).  This is illustrated in the diagram


Figure 2: Differentiating SCT and SCA


3.7  How do we handle safety critical activities?

The reason for distinguishing between safety critical tasks and safety critical activities is to make sure task analysis is used where it can be most effective.  This does not mean that safety critical activities should be overlooked, but just that different approaches are required.  Whereas method is usually the most critical aspect of a task (i.e. how the task is performed), for an activity the following are often more relevant and hence the technique used to study it must focus on the appropriate critical factor:

  • Timing – performing the activity at the right time, either according to a planned frequency or in response to an event;
  • Tools and equipment – using items that are properly specified so that human failures are less likely;
  • Data interpretation – ensuring human machine interfaces present the information needed in the most effective way;
  • Decision making – understanding how people interpret data and other information so that they select the most appropriate response to circumstances;
  • Communication – how information is transferred between people and systems so people have the information they need to respond and act correctly;

4     Examples of SCT and SCA

This section is intended to provide examples SCT and SCA.  As with most things related to human factors there is not always a clear distinction.  I know this frustrates a lot of people, but I think it is why this area is so interesting!

4.1  Examples of SCT



Site/plant/unit start-up:

  • After planned shutdown
  • After trip

Start-up will normally involve a defined sequence of events and will result in an obvious status change.    Experience shows that accidents are more likely to occur during start-up and shutdown.  Task analysis is effective at identifying critical steps, including requirement to perform steps in order and achieve certain conditions before progressing.

Site/plant/unit shutdown

Same as start-up the node

Start-up main items of equipment during normal operation

Issues associated with starting main items are similar to site/plant/unit.  Hence task analysis can be beneficial. 

Shutdown main items of equipment during normal operation

Shutdown of equipment is often simpler and so task analysis is often not required.

Remove/replace active barrier:

·         Relief valve

·         Bursting disc

·         Critical instrument

Task analysis is effective at highlighting critical aspects of task that are usually related to organisational interfaces (operations to maintenance and/or contractors), communication of critical data (e.g. set-points), managing risks during task (i.e. whilst barrier is unavailable) and system reinstatement.

Operational tests:

·         Leak or pressure test

·         Test runs.

Tests will normally involve sequence of steps to achieve the required pressure rise and to confirm system integrity.


4.2  Examples of SCA



Control process

Continuous task, no discrete steps.  Critical because good control reduces demand on protective devices. 

Operator needs process information to be presented clearly in suitable form; and clear specification of acceptable operating range.  Assessments related to Human Machine Interface (HMI) (graphics and alarms) apply [Ref 5, 6 and 7]

Optimise process

Same as ‘control process.’ but less critical

Return to normal control range following an excursion

Usually an extension of ‘control process.’ 

Task risks controlled through HMI, particularly alarm design and presentation [Ref 5].

Possible exception is if response requires a separate task to be performed (e.g. equipment start-up or shutdown). 

Initiate emergency action due to a hazardous situation

Impossible to predict the exact scenario and hence cannot define discrete actions. 

Task risks covered by emergency planning. 

Staffing assessment used to confirm staffing arrangements are sufficient implement emergency procedures when required and appropriate culture in place [Ref 8].

Initiate rescue and mitigation following a failure or process accident

Same as ‘Initiate emergency action due to a hazardous situation.’

Basic maintenance:

·         Make and break joints

·         Replace components

Task is unlikely to apply to a specific circumstance. 

May be handled by a generic task analysis, but task risks usually controlled through joint design/selection and skill of personnel performing task.  Personal safety risks will be controlled through permit to work.

Inspect plant and equipment

Task is unlikely to apply to a specific circumstance. 

May be handled by a generic task analysis, but usually task risks are controlled through selection of correct inspection methods and equipment; and skills of personnel performing task.

Respond to active hard barrier:

·         Trip

·         Pressure relief

In most cases the operator actions should be minimal following a trip as the automated function should result in a safe condition

Inhibit or override protective device

Every circumstance will be different and specific risk assessment and management of change apply. Task analysis of how to inhibit or override unlikely to be of benefit.

Create temporary repair on a leaking item

Every circumstance will be different and specific risk assessment and management of change apply.

Personal safety risks will  be controlled through permit to work

Re-route process to bypass a failed item

Every circumstance will be different and specific risk assessment and management of change apply.

May be covered by other tasks depending on how bypass is achieved.


4.3  Examples of possible SCT or SCA depending on circumstances

Task or activity


Change operating mode

Usually covered by other SCT or SCA (e.g. including start/stop equipment, control process)

Separate analysis only required if mode change involves significantly different steps.

Manually stop/trip plant following an excursion

In most cases this will involve simple steps. 

Main issue is decision making and culture (willingness to stop production). 

Check/calibrate active barrier

·         Transmitter

In most cases this will involve simple steps.  May be handled by a generic task analysis, but usually task risks are controlled through selection of correct calibration methods and equipment; and skills of personnel performing task.

Frequency of checks is important.  Determined from analyses performed for SIS (IEC 61511).

If check/calibration requires changing process parameters outside of normal, may require formal analysis.

Function test a trip system

Task is unlikely to apply to a specific circumstance.  May be handled by a generic task analysis, but usually more likely to be covered by analyses performed for SIS (IEC 61511)

Maintain critical equipment:

·         Major items (e.g. large pumps, compressors)

·         Control equipment

·         Protection devices

Requirement and benefit of task analysis will depend on the specific circumstances including the type of equipment and who is performing the maintenance.

In many cases it is not possible to identify specific maintenance tasks that are critical in their own right because most of the risk is managed in the way equipment is prepared for maintenance and returned to service afterwards. 

In other cases maintenance can introduce latent failures in the system, and hence task analysis may be required.  There can be difficulties in getting task analysis performed if maintenance is performed by third parties (e.g. vendor, contractor).  However, this is not a reason to not perform such analyses.

Prepare plant for maintenance

Will depend on circumstances.  In some cases preparation will simply involve the normal process shutdown followed by isolation, which is covered by specific guidance such as HSG 253 [9].  If preparation for maintenance is more involved (i.e. involves draining, purging etc.) formal analysis may be appropriate.

Return plant to service after maintenance

Same as ‘prepare plant for maintenance’ in reverse.



5     Conclusion

I am convinced that improved integration of human factors with other safety studies will have great benefits.  Task analysis, when combined with systematic identification and evaluation of potential human failures, arguably has the greatest potential.

Not every soft or human barrier is a task.  Hence it is important to differentiate between Safety Critical Tasks (SCT) where task analysis can be applied and Safety Critical Activities (SCA) where other techniques focused on the more relevant human and organisational factors should be applied.

I don’t think it is just human factors that needs to change.  All safety studies need to be better integrated and used in a more iterative process so that they all combine to provide an improved understanding of risk and the effectiveness of controls.  Taking HAZOP as an example, the output would be far more useful for human factors if it included some simple coding that would allow the linkages to be identified quickly and easily.  For example, applying the following labels to the text recorded in the HAZOP worksheet:

·         HF – The cause of a deviation is a Human Failure;

·         SCT – The barrier providing protection is a Safety Critical Task;

·         SCA - The barrier providing protection is a Safety Critical Activity.


5.1  Further reading

HSE has published a ‘Roadmap’ that provides a useful overview of how task analysis fits into a process for managing major accident safety.  It can be downloaded at

I have published a paper about task analysis, including a proposed template.  It can be downloaded at






6     References

[1] Brazier 2014.  Linking Task Analysis with Other Process Safety Activities.  IChemE Hazards 24 Conference

[2] HSE Website (viewed December 2014)

[3] HSE 2012.  Understanding the task.  Download from

[4] Wikipedia (view December 2014).

[5] EEMUA 191. 2013.  Alarm systems.  A guide to design, management and procurement.  Engineering Equipment & Materials Users Association Publication 191 Third Edition. 

[6] EEMUA 201.  2002.  A guide to design, operational and human interface issues. Engineering Equipment & Materials Users Association Publication 201

[7] ISO 11064. Ergonomic design of control centres. 

[8] HSE 2001.  Assessing the safety of staffing arrangements for process operations in the chemical and allied industries.  Contract Research Report CRR 348/201

[9] HSE 2006.  The safe isolation of plant and equipment.  Health and Safety Guide 253.