C-HFAMF: A New Way to Accident Analysis
Considering Human Factor
Jie Wu, Tingdi Zhao
Department of System Engineering of Engineering Technology
Beijing University of Aeronautics and Astronautics
Beijing 100191 China
Email: wujiejie@hotmail.com
Abstract—Reason’s (1990) “Swiss cheese” model of human error
integrates the human error perspectives into a single unified
framework. The original description of his modal was geared
toward academicians rather than practitioners. The Human
Factors Analysis and Classification System, HFACS (Douglas A.
Wiegmann and Scott A. Shappell, 2003) was specifically
developed to define the latent and active failure implicated in
Reason’s “Swiss cheese” modal so it could be used as an accident
investigation and analysis tool.
But the hardware failure and human-machine interaction
failure are not considered in HFACS. However, in complex
systems, the human-machine interaction failure is the main
reason for the accident, in this paper, based on the HFACS and
the energy-based accident causation theory, Complex Human
Factor Analysis and Classification Framework (C-HFACF) is
proposed. It contains not only the human error, but also the
failure to consider the human-machine interaction. The
framework provides an effective way for accident analysis, which
will help to effectively find out the key nodes and core events in
the accident. At last, it illuminates how to apply C-HFACF to
accident analysis with an actual accident.
Keywords--HFACS; C-HFACF; Human Factor; Accident
Analysis
I. INTRODUCTION
Human error and reliability are always interdependent.
The safety and reliability of system and equipments were
much more studied. The reason may be that the reliability of
system and equipments is directly related to flight safety and
has much developed experience to follow. Meanwhile, the
complexity, variability and uncertainty what exist in the
human and the machine of the system brought much difficulty
into the research of the reliability of the pilot during flight.
Moreover, human is a complex giant system and motivation
and pressure of human also put great influences on human
reliability, which in turn increase uncertainty in the prediction
of the reliability of human. For these reasons, the study is still
based on the classical theory of probability and drawing on the
mechanical system failure and reliability of research methods
to expand.
In the early years of aviation it could reasonably be said
that the aircraft itself was responsible for the majority of
aircraft accidents. That is, early aircraft were intrinsically
unforgiving and, relative to their counterparts today,
mechanically unsafe. However, it now appears to some that
the aircrew themselves are more deadly than the aircraft they
978-1-61284-666-8/11$26.00 2011 IEEE
fly. Indeed, estimates in the literature indicate that somewhere
between 70 and 80 percent of all aviation accidents can be
attributed, at least in part, to human error[1].
It is difficult to obtain satisfactory solutions to problems in
the field of safety science by using traditional theories and
techniques. The existing types and techniques of hazard
analysis, such as event tree analysis and fault tree analysis,
generally pay little attention to software and to human factors
[2–7], which are often overlooked as a minor factor or dealt
with in the same way as the hardware. The existing techniques
cannot adequately reflect the interdependence between
software, humans, and systems, and the interaction between
them. Moreover, the current probabilistic safety assessment
methods encounter difficulties in dealing with complex
dynamic systems that include human and software interactions
and process variables, and have characteristics such as
multiple states, no coherence, and failure correlations. New
modeling and assessment methods are desired. In most cases,
we can obtain only an approximate solution because of the
exponential increase in the amount of computation with the
size of the system. The existing approximate formula applies
only to a dimorphism monotonic system. Although the use of
a continuous event tree to represent a dynamic safety
assessment can handle some of the process variables and
components of the dynamic state of the interaction, the theory
is too complex and the model is difficult to build. At the same
time, we lack a high-efficiency algorithm and reference
software. For these reasons, we are limited in what we can do
in practice.
Reason’s (1990) “Swiss cheese” model of human error
integrates the human error perspectives into a single unified
framework. The original description of his modal was geared
toward academicians rather than practitioners. The Human
Factors Analysis and Classification System, HFACS (Douglas
A. Wiegmann and Scott A. Shappell, 2003) was specifically
developed to define the latent and active failure implicated in
Reason’s “Swiss cheese” model so it could be used as an
accident investigation and analysis tool. Specifically, HFACS
describes four levels of failure, each of which corresponds to
one of the four layers contained within Reason’s modal. These
include: 1.Unsafe Acts, 2. Preconditions for Unsafe Acts,
3.Unsafe Supervision, 4.Organization Influence [1].
But the hardware failure and human-machine interaction
failure are not considered in HFACS. However, in complex
systems, the human-machine interaction failure is the main
reason for the accident.
319
 II. COMPLEX HUMAN FACTOR ANALYSIS AND
CLASSIFICATION FRAMEWORK (C-HFACF)
A. The role of accident model of human error in the
accident analysis in a complex system
The main purpose of human reliability analysis is to
provide a reasonable and credible probability of human error
of the personnel actions in accident sequences, while to
provide decision-making in improving the reliability of the
system. However, due to the diversity and highly complexity
of human error, there exists no reliability analysis which is
applicable to any pattern of behavior. The role of accident
model of human error in the accident analysis in a complex
system is shown in Figure 1.
Figure1. The role of accident model of human error in the accident analysis in
a complex system
B. The accident-energy theory
The accidental release of energy is an abnormal event, and
we do not want to release and transfer energy into the human
body [8]. When human beings use energy, they must take
measures to control it, so that the energy is produced, is
transformed, and does work in accordance with people’s
intentions. The energy flow in the system should be controlled
in accordance with the requirements of the distribution
channels. If we lose control of energy for some reason, energy
will be released or escape contrary to our wishes, and so
activities must be suspended when an accident happens. If an
accidental release of energy acts on the human body, and the
amount of energy is greater than the threshold that the human
body can withstand, it will inevitably harm the body, and may
act on the equipment or environment at the same time. The
improved accident-energy theory is shown in Figure 2.
The energy point of view of the accident model has five
levels of failure led to the accident, including 1) management
failure, 2) personal reasons and environmental reasons, and 3)
unsafe behavior of human and unsafe state of the system, 4)
the release of energy or hazardous substances, 5) remedial
measures.
C. Complex Human Factor Analysis and Classification
Framework (C-HFACF)
Compared to Reason’s “Swiss cheese” model, the energy
point of view of the accident model can provide more
effective analysis approach, particularly the human-machine
interaction in the accident analysis of complex system.
However, there are many problems in the specific
implementation process. For example, the relations of the five
levels are difficult to deal with. In practice, there have been
some specific accident analysis techniques such as MORT [3,
9-10] and Barrier analysis [3], but human error is not fully
considered in these methods. A new framework for human
320
factor analysis is proposed which is just Complex Human
Factor Analysis and Classification Framework (C-HFACF)
which is shown in Figure3.
III. ACCIDENT RESEARCH ON C-HFACF
A. Accident description
On April 21, 1981, a BO105 helicopter 763 of No.20
Battalion of No.2 Flying Corps of Beijing Civil Aviation
Administration of China was send to the South China Sea to
Figure 2 The accident-energy theory
conduct maritime transport for Petroleum Authority. After a
flight of a busy morning, the captain and co-pilot had a rest in
the 4th platform and then get ready to fly back to Suixi airport
at 1:00 pm. The weather conditions were wet, covered with
thick dense cloud. The sea looked a little brighter because of
the reflection of water. The captain decided to fly when
thinking of the task at night. Pre-flight inspection, start and
calibration of all the normal navigation were right. Because
the captain was not sure about the weather, the flight was
manipulated by the authority in the left seat. Pilot and
passengers were wet before boarding, when they sat on the
plane; the windshield was confused by the evaporation of
water of their clothes. The captain opened the wiper installed
on the right side of BO105 and cleaned the both sides of the
windshield again, but the left hit by heavy rain was still
blurred. The helicopter taken off at 12:40, then it flied into the
sea after one minute. Three people were killed and other two
were wounded[11].
B. Accident analysis
When making accident analysis with CHFACF, it is from
the left to the right of Figure3.
1) Crew issues
a. Although the weather was below the standard (the
visibility is 5km and the cloud height is 500 meters in
contract), the crew was so eager to perform the task
to take off which is the most important reason of the
accident.
ķ Obviously, the captain decided to take off whether to
meet the conditions is not only a violation of provisions but
also decision error. At the same time, it is exceptional
violation of violation.
b. Because bad weather, heavy rain and poor vision,
pilot made a false impression to make the sea as the
Figure3 Complex Human Factor Analysis and Classification Framework (C-HFACF)

321
 sky is the direct cause of the accident. http://nri.eu.com/NRI1.pdf, 2009.
[10] MORT-Management Oversight& Risk Tree, The Noordwijk Risk
ķ It was heavy rain and poor visibility when taking-off, Initiative Foundation , http://nri.eu.com/NRI2.pdf, 2009.
obviously it is physical environment of environmental [11] EuropeanBO105armed-helicopter-accident,
factors. http://baike.plane.cc/index.php?doc-view-757.html.
ĸ At that time, bad weather conditions made the sea
look brighter than the sky led to unable to distinguish between
water and sky. At the same time, pilot did not pay attention to
the indication of the cockpit altimeter. However, witnesses
saw the helicopter was down, but the co-pilot’s feeling was
rising. All this shows that the skill of this crew is not that
good what is a skill-based error.
Ĺ From the debris analysis, the helicopter manipulated
by the pilot went to the sea with a dip. However, pilot should
take emergency measures instinctively to make an emergency
landing when the helicopter was forced into the sea, but there
are no signs of survey results which show that the pilot once
took any actions when the helicopter went into the sea. So it is
obviously not only no effective implement of emergency
measures but also the skill-based error.
ĺ The captain decided to take off even in the case of
bad weather and a busy morning flight, which is the pressure
what were made by the crew on themselves. So it is adverse
mental state.
Ļ After an observation of the sky, co-pilot asked pilot
whether to fly, he hesitated a moment and decided to fly
considering the subsequent mission. So it is the failure of
human resource management.
2) Supervision and organizational issues
ķ The crew was arranged heavy mission including not
only the busy morning flight but also the night mission by
Airlines without considering the bad weather, which shows
that it is planned inappropriate operations.
ĸ That the same crew was assigned to implement two
transition missions is obviously the failure of resource
management.
Ĺ There are emergency measures which were not taken
by the pilot, so it may be the failure of technological
environment.

REFERENCES
[1] Douglas A. Wiegmann and Scott A. Shappell. “A Human Error
Approach to Aviation Accident Analysis”. ASHGATE(2003)
[2] Auyang, S. Y., “Foundations of Complex-System Theories”.
Cambridge University Press. 1999.
[3] Nancy G. Leveson, A New Approach to System Safety Engineering,
http://Sunday.mit.edu/.
[4] Clifton A. Ericson, II, Hazard Analysis Techniques for System Safety,
Hoboken, New Jersey, USA. John Wiley & Sons, Inc., 2005.
[5] Rune Elvik, “Laws of accident causation”, Accident Analysis and
Prevention, 38 (2006).
[6] John J. Sammarco, “Addressing the safety of programmable electronic
mining systems: Lessons learned”, in Proceedings of the 2002 Institute
of Electrical and Electronics Engineers 37th Industry Applications
Society Annual Meeting, Institute of Electrical and Electronics
Engineers, Piscataway, NJ, 2002, pp. 692–698.
[7] David C. Dunkle, “Prioritizing human interface design issues for range
safety systems using human factors process FMEA”, NASA Risk
Management Conference, 2005.
[8] Suipeng Cheng, Chen Baozhi, and Sui Jing, Safety Principles,
Chemical Industry Press, China, 2005.
[9] NRI MORT User’s Manual, The Noordwijk Risk Initiative Foundation,

322