7.7.6.2 __Stochastic
Models__

This approach to modeling the impact of the human in man-machine
systems employs Markov models to analyze parallel, k-of-n, and standby
redundant configurations with human errors and common failures. The human
error is defined as a failure to perform a prescribed task (or the performance
of a prohibited action), which could result in damage to equipment and
property or disruption of scheduled operations. The errors are categorized as
being "critical" or "noncritical." A critical error causes system failure.
Common cause failures are cases where multiple units fail due to a single
cause.

Five models are described by Dhillon [69] [70]. Each
addresses a different redundant configuration. The models assume that:

(1) Units fail independently

(2) Failure rates for hardware, human error, and common cause
failures are constant

(3) Repair rates are constant

(4) A repaired system is as good as new

(5) Switchover mechanisms are perfect for standby
configurations

(6) System units are statistically identical

The first model represents a two independent and identical unit
parallel system, which can fail because of human error or hardware failure. A
Markov model is constructed and an expression for system availability A and
mean-time-to-repair (MTTR) is obtained. An expression for meantime-to-failure
(MTTF) also is derived. All the expressions are complicated functions of the
state transition probabilities (failure rates, error rates, and repair
rates).

The second model is a special case of the first when the
non-critical human error rate is zero. The non-critical human errors are
omitted from the system transition diagram, which becomes much simplified.
Expressions are derived for A, MTTR, MTTF, and variance of time to failure
(TTF).

The third model represents a 2-out-of-3 unit system with
critical human errors and common cause failures. All system units are
identical. A system reliability function and an expression for MTTF are
derived. It is noted that repair helps to increase MTTF and human errors
decrease it, as expected.

The fourth model is a 3-out-of-four system with critical human
errors and common cause failures. MTTF and TTF variance expressions are
derived. The fifth model represents a standby system with critical human
errors and common cause failures. Again, MTTF and TTF variance are
calculated.