Strategies for Managing Human Error in Aviation Safety

Posted on Oct 26, 2025 in Architecture

Managing Human Error in High-Reliability Systems

Understanding Human Error

  • “To err is human” is one of the oldest sayings.
  • No person can be expected to perform perfectly at all times.
  • Acceptable error levels are relative; they depend upon the situation.
  • Human error is an event that occurs whenever a task, or element of a task, is not performed in accordance with specifications.

Categories of Human Error

Human error occurs when a task or element is:

  • Error of Omission: Not performed when required (e.g., gear-up landing).
  • Error of Commission: Performed when not required (e.g., deploying thrust reversers in-flight).
  • Error of Substitution: Performed incorrectly (e.g., shutting down the wrong engine in an engine-out situation).
  • Out of Sequence: Performed out of sequence (e.g., cranking engine #2 before engine #1 main generator is on-line).
  • Performed Late: (e.g., late application of brakes and spoilers, resulting in a runway overrun).

Errors can also be categorized by severity (e.g., death or total system loss are categorized as catastrophic).

Management of Human Error

Effective human error management requires:

  • Timely detection and elimination of error, or
  • Minimizing error effects once errors have occurred.

Two basic strategies for controlling human error are:

  • Engineering Strategies
  • Administrative Strategies

Engineering Strategies for Error Control

These strategies concentrate on the use of design, automation, and human factors engineering to eliminate potential sources of error:

  • Simpler system designs
  • Redundant systems
  • Automated systems
  • Moving map displays
  • Automated checklists

Engineering strategies also involve managing residual error discovered during the operational phase by modifications designed to alert or warn of an error:

  • Engine Indicating and Crew Alerting System (EICAS)
  • Ground Proximity Warning Systems (GPWS)
  • Traffic Collision Avoidance Systems (TCAS)
  • Other aural and visual signals (e.g., gear, flaps, speed warnings)

Administrative Strategies for Error Control

Administrative strategies are generally viewed as less effective and not permanent because they do not eliminate the source of error. Examples include:

  • Governmental regulations
  • Operating and work rules
  • Workload management
  • Employee selection
  • Training:
    • Initial
    • Recurrent
    • General/Safety specific
  • Improved communications
  • Revised procedures and checklists
  • Simplification of tasks
  • Standardization of tasks

Key Administrative Control Examples

  • Employee screening and selection (focusing on attributes, training, and experience).
  • Schedule and crew management to allow proper rest and mitigate fatigue.
  • Training (both general and specific).
  • Procedures and checklists.
  • Workload management.
  • Improved communications.
  • Using the team/crew concept, such as Crew Resource Management (CRM).
  • Use of positive peer-pressure tactics.

Automation and Human Error

Competing Automation Control Strategies: Airbus vs. Boeing

  • Airbus Philosophy: Aims to take pilots “out of the loop,” giving most functions and decisions to the computer. Functions are automatic, and pilot approval or action is often not required. The goal is to make the system fail-safe via automation.
  • Boeing Philosophy: Focuses on never bypassing the crew. Emphasis is placed on system simplification and sophisticated crew notifications. Computers may recommend actions, but the crew authorizes and conducts the procedure.

Potential Problems with High Levels of Automation

  • Onboard computers may compensate for abnormal events without crew knowledge.
  • Crews may become less mentally and actively involved in flight, leading to a loss of situational awareness.
  • Crews can lose proficiency at tasks regularly performed by automation.
  • Computers require data entered by humans, which remains a potential source of error.
  • Computer systems can crash or be compromised (hacked).

Is Automation the Complete Solution?

Automation does not make error disappear; it merely changes the form and severity of potential errors.

Cockpit Standardization

Standardization is crucial for reducing error, particularly when pilots transition between aircraft types or specific airframes.

  • Between Fleets: Standardizing cockpits across different types of aircraft within the same airline (e.g., standardizing controls between a B-737, 757, and 767 fleet as much as practicable).
  • Within Fleets: Standardizing all aircraft of the same type within an airline (e.g., if an airline flies a pure fleet of B-737s, all 737 cockpits should be standardized).

Areas of focus for standardization include the type and placement of controls, radios, flight directors, flight instruments, navigation equipment, and switches.

Warning and Alerting Systems (WAS)

Warning and Alerting Systems serve as a critical line of defense against human error. They are generally categorized into three types:

  1. Anticipatory Systems: Those that anticipate a possible error or hazardous condition (e.g., insufficient fuel levels).
  2. Impending Hazard Alerts: Those that alert the crew to an impending hazard (e.g., Ground Proximity Warning System (GPWS)).
  3. Error Annunciation: Those that annunciate an error as it occurs (e.g., flaps in the wrong position for takeoff, or landing gear not deployed).

Challenges with Warning Systems

Problems that can allow errors to occur despite the presence of WAS include:

  • Failure or miscalibration of the device.
  • Crew inattention or intentional disablement of the device.
  • Crew complacency due to over-reliance on the WAS.

Display Conspicuity and System Recovery (DCSR)

DCSR aims to make an error, once it occurs, more conspicuous to the crew, thereby facilitating recovery from the error. For example, incorrect waypoint entries by the crew might cause flight display or navigation equipment to give a conspicuous indication, such as Electronic Flight Instrument System (EFIS) course shifts or explicit “questions” posed to the crew.

Role of Flight Management Computers (FMCs)

FMCs play a significant role in error mitigation:

  • They store and display immense amounts of information.
  • Much information is automatically displayed when needed, reducing the need for manual pilot input.
  • They may detect and warn of abnormal computer conditions (e.g., suggesting a switch to a backup computer).
  • They may warn of waypoints not listed in the database to detect erroneous entries.
  • They can execute commanded maneuvers without pilot input, reducing manual error potential.

Case Studies: Human Error Accidents

Notable accidents often cited in discussions of human error management include:

  • Comair Flight 5191 (2006)
  • Colgan Air Flight 3407 (2009)
  • Hudson River mid-air collision (2009)
  • Northwest Airlines Flight 188 (2009)
  • American Airlines Flight (Colombia)

The Sterile Cockpit Rule

This regulation requires aircraft pilots to refrain from non-essential conversations or activities in the cockpit during critical phases of flight.

  • Application: Applies below 10,000 feet (during taxiing, takeoff, landing, and anytime not in cruise flight).

The Four-Stage Model of Pilot Performance

  1. Information flows to the pilot.
  2. Processing of available information by the brain.
  3. The decision-making process.
  4. Implementation of decisions.

Stage 1: Information Flow

Information flows to the pilot primarily through the senses:

  • Sight and Hearing: Outside view, instruments, Air Traffic Control (ATC) and weather (WX) communications.
  • Smell: Smoke, exhaust, hot electrical components.
  • Vestibular Senses: Acceleration and turns.
  • Touch: Temperature, vibration, shape, and texture.

Stage 1 Errors: Information Gathering

Two primary types of error can occur during the information flow stage:

  1. Information may be wrong, distorted, incomplete, or missed entirely.
  2. Correct information is gathered, but it is incorrectly interpreted by the brain.

In both cases, the brain uses defective information to make decisions. The more defective the information, the higher the likelihood of a poor decision.

Stage 2: Processing of Information

This stage involves the brain’s ability to process available data, including:

  • The ability to notice available data.
  • The ability to choose between data that are available simultaneously.
  • The ability to discriminate between relevant and extraneous information.
  • The ability to rapidly switch between tasks that need to be handled concurrently.

Stage 2 Errors: Common Processing Failures

  • The brain is intent on one task and ignores information from another source.
  • The brain is bored and fails to notice changes in the environment.
  • Failure of the pilot to select the best available data.
  • Failure of the pilot to cross-check information.
  • The brain concentrates so intensely on one task or source of information that other tasks are neglected.

Stage 3: The Decision-Making Process

The decision-making process follows closely after information processing but is heavily influenced by external and internal factors:

  • Psychological Factors: Attitude, emotions, stress, etc.
  • Physiological Factors: Fatigue, nutrition, health, hypoxia, etc.
  • Human Relationship Factors: Peer pressure, enforcement, and crew dynamics.

Stage 4: Implementation of Decisions

Implementing decisions is not always straightforward; problems can occur due to:

  • Adverse effects of fatigue, drugs, or hypoxia.
  • Other physiological, psychological, or environmental stresses.
  • Poor communication between crew members.