In October 2011 teenager Georgia Varley was killed by a train she had left 30-seconds earlier, after she was struck by the train and fell between the train and the platform. The investigation concluded that the guard had dispatched the train whilst the girl was leaning against the train.
On Liverpool’s Merseyside railway network, train guards are required to check the area along the side of the train is clear of passengers prior to despatching the train from each station. The procedures for this include closing all passenger doors, leaving the train to visually inspect the edge of the platform is clear of passengers, re-entering the train, closing the guard door and then sending the ‘ready to start’ code to the driver. The process from the guard’s door closing and the train departing can take up to 12 seconds.
Guards frequently used unauthorised methods during train dispatch, including sending the ‘ready to start’ code before the guard door is closed, and briefly opening and closing the passenger doors to prompt passengers to enter or leave the train. These methods could reduce the time needed to get the train moving by 6 seconds. This seems to have been done in this case.
This case study throws up a number of important human factors and process safety issues that could be applicable to other industries:
Looked but failed to see?
Moments before the train set off, the guard warned Georgia to move away from the train, however it is unknown if the guard failed to see Georgia before sending the ‘ready to start’ code. She had left the train late, walked over to the station wall and then walked back to the train, leaning against the window as the doors were closing for a second time. The guard was prosecuted for gross negligence, as it was assumed by the court that he had seen her and given the signal to start anyway, perhaps because he had expected her to move – a gross violation of operating procedures. However, the report notes that it is possible the Guard did not see her before sending the ‘ready to start’ code. His attention may have been on the crowd of people exiting the train, it may have been on the control panel used to send the ‘ready to start’ code, or he may have ‘looked but failed to see’ her, a common phenomenon in routine, repetitive tasks.
Non-compliance with procedures
After the accident, full compliance with authorised dispatch procedures resulted in significant delays, which only abated once common but previously unauthorised methods of dispatch were authorised. Although the report did not find evidence that the guard or driver was under time pressure and this does not seem to be a causal factor, this does beg the question of whether the use of unauthorised dispatch methods were a result of time pressure and whether time pressure poses a risk of similar incidents in future?
It may also be worth noting that if the authorised procedures had been followed, the time from closing the guard door and the train departing would have been around 12 seconds. Georgia had been leaning against the train for 11 seconds prior to the guard warning her to move (after the ‘ready to start’ code had been sent), and at least 3 seconds before the ‘ready to start’ code had been sent. The report notes that those 12 seconds provide adequate time for a situation such as this to arise which a guard could fail to notice:
“The guard could have followed Merseyrail’s published procedure to dispatch the train when the passenger doors first closed, as they were unobstructed and the platform adjacent to the train was clear. Under the Merseyrail procedure the guard would board and then wait until his door closed before sending the ‘ready to start’ code. He would not have been able to see the young person approach and come into contact with the train because of his narrow field of view through the door’s fixed window and, if all other events remain unchanged, the outcome would have been unchanged.”
The operating procedures in this case may therefore not have been ideal for both business and safety needs.
Ergonomics and design
If the guard’s door was closed before he sent the ‘ready to start’ code, he would not have been able to see along the platform edge anyway. Likewise, if the control panel was tactile, the guard could have sent the ‘ready to start’ code whilst still looking along the platform edge. Whilst these features are now standard, they were not at the time the train was built. The report notes other methods to improve visibility along the platform, such as mirrors, monitors and a different placement of controls.
Once the ‘ready to start’ code had been sent there was no way to quickly stop the train that would have affected the outcome of the incident. Both methods (sending a stop code, or pulling the emergency handle) took time to do, and were reliant on the driver reacting (in some cases the driver might decide to carry on to the next station).
One of the most effective improvements that could be made is to make it much harder for passengers to fall between the gap and the train, through screen doors, reducing the gap between the platform and the train, or other safety features. owever, these are likely costly improvements to make.
Case studies such as this show that, particularly when operating legacy equipment and designs which are hard to change, the human element is often (over?)relied on to control hazards.
Consider the risk that human failure (whether an error or a violation) poses to you organisation: is it the last link in the chain?
Is it possible to operate safely and efficiently by sticking to the procedures, or do the procedures need changing?
If a total system redesign is not possible, can the design be retroactively improved as a short-term solution to mitigate human failure?