ASAP and Threat and Error Management (TEM)

Bob Helmreich & Michelle Harper

Human Factors Research Project The University of Texas at Austin June 18, 2003

UT and Data Security

UT Human Factors Research Project has dealt with sensitive data for more than 25 years

Astronaut personality and performance data LOSA data 18 airlines in 6 countries Flight Management Attitudes Questionnaire

40 airlines in 19 countries

No data have been compromised

UT and Event Reporting

Collaboration with Swiss Critical Incident Reporting System for medicine (CIRS) MD Anderson Cancer Center near miss reporting system Continental ASAP classification system and data structure

The University of Texas Threat and Error Management Model UT-TEM

The model was derived empirically from observations of flight crew performance in normal line operations

Line Operations Safety Audit (LOSA) External threats and external errors and their management Crew errors and their management Undesired aircraft states and their management

UT-TEM has three components

1.

2.
3.

Use of UT-TEM
Framework for analysis of data and application of empirical taxonomies in Line Operations Safety Audits (LOSA) Analysis of incidents and accidents 2002: IATA adopts UT-TEM for classification of world accident data 2002: ICAO issues LOSA Handbook 2005: LOSA (TEM) becomes ICAO standard for 186 countries

Use of UT-TEM

Framework for training that stresses threat and error management as a central focus of Crew Resource Management (CRM 6th generation) Incident (ASAP) report analysis

Threats

Definition: Overt and latent factors

external to the flight crew that originate outside a flight crews influence and must be actively managed to avoid becoming consequential to safety
Threats

increase the complexity of the operational environment

External Threats

Expected
Forecast weather Terrain

Unexpected
Abnormals Traffic

External error
Air Traffic Control errors Dispatch errors

External Threat Examples

Adverse weather Terrain Traffic Airport conditions A/C malfunctions Automation events Communication events

Operational time pressures Non-normal operations ATC commands / errors Cabin events / errors MX events / errors Dispatch events / errors Ground crew events / errors

Latent Threats

Factors not directly linked to observable threat and error that increase risk and the probability of error Crew management of latent threats is difficult because they are not immediately visible Latent threat identification is key to accident and incident analysis

Latent Threat Examples

Inadequate oversight Flawed procedures Organizational culture and climate Scheduling and rostering practices Crew fatigue Performance assessment practices Inadequate accident and incident investigation

Errors

Definition: deviations from crew or

organizational intentions or expectations

Global Flight Crew Error Types

Procedural Followed procedures but wrong execution

Communication Missing information or

misinterpretation within cockpit procedure
example) Miscommunication by crew with ATC

example) Wrong altitude setting dialed into the MCP

Violation - Intentional non-compliance with required Decision Discretionary choice of action that
unnecessarily increases risk
example) Unnecessary navigation through adverse weather
example) Performing a checklist from memory

LOSA Handbook - ICAO Doc 9803

Specific Error Categories:

Aircraft handling

Documentation

Flt path deviations, speed, Wx penetration

ATIS, Jeppesens, clearances, etc

A/C systems and radio error Automation use Checklist SOP cross-verification Other procedural deviations

External communication Crew communication Decision Violation

Threat and Error Management and Outcomes

Threat and Error Management

In response to a threat or error crews can: Trap - threat or error is detected and managed before it becomes consequential Exacerbate - threat or error is detected and the crews action makes it consequential Fail to Respond no action to deal with a threat or error (undetected or ignored)

Outcome may be inconsequential or consequential

Threat and Error Outcomes

Inconsequential the threat or error has

no operational effect Additional error the response leads to an additional error (error chain) Undesired Aircraft State - deviation from normal flight that compromises safety

Undesired Aircraft State

A compromised situation placing the flight at increased risk

Lateral deviation
Vertical deviation Speed too high Speed too low Incorrect aircraft configuration Flight controls Systems Fuel Automation

Unstable approach
Abrupt aircraft control Long landing no go around

Firm landing Forced landing Wrong taxiway, ramp, runway, country

Runway incursion

Threat and Error Management Model

Threats: Latent and Overt

Threat M anagement

Errors

Inconsequential

Error M anagement

Incident / Accident

Undesired Aircraft State

Undesired Aircraft State M anagement

ASAP

Threat and Error Management Model

Application to ASAP

The primary factors assessed: Type of event Pilot errors Operational threats Pilot performance markers

Framework to collect, code, and retrieve relevant data Framework for analysis of underlying human and system issues that contribute to an event

Threat and Error Taxonomies

Threat and error taxonomies derived empirically from LOSA data are being used both for ASAP and LOSA They reflect what really happens on the line under non-jeopardy conditions - enable

Identification of high risk events Identification of contributing factors why Link to safety change process

Examples from the UT ASAP Database

Significant Contributing Factors ( percent of events)
60 40 20 0 ATC Related Mis-Comm Distractions & Interruptions Automation 56 24 13

The chart shows top 4 contributing factors by percent of events.

Top Six Reported Events

30 25 20 15 10 5 0

26 15 16 8 6 5

D Alt

ev

tD La

C mt TC ror MA -A Er lf/L a C S/N mm tM AT CA Co crf T s Mi Air ev

The chart above shows percentages of type of event

ASAP Threat and Error Management Model

ASAP Threat and Error Management Model

Pilot Reported Information

Outcomes

Crew Error

Threats

ERC Event Review

ERC Reported Information ASAP Manager

Corrective Action Recommendations

TEM Applied to Data Collection Stages

Pilot Report
Demographics Type of event Threats Errors Narrative

ERC Incident Review

FAA

ALPA
Manager

Risk matrix Performance Markers

ASAP Manager

Corrective Action Target Pilot Required Actions Corrective Action Progress Intervention Strategy Tracking

ASAP TEM: Composite Data For Event/Trend Analysis

Risk Code Error Corrective Action Recommendations Threat Performance Markers

Type of Event

Crew

System

Proposed UT Project

Support for participating airlines:

Set of data collection tools customized for each carrier Supporting database Analysis templates

System support for ASAP

Data management

Cross carrier assessment of critical events Data reside at individual carriers Accessed only for analysis De-identified reports on composite trends, events

The University of Texas Human Factors Research Project www.psy.utexas.edu/HumanFactors