Prohibit mishaps. The design should not be tolerant to mishaps. Risky situations should be expected and the design should include means to protect from these risks.
Design scope. The specifications should include a definition of its boundaries. Within these boundaries, the specification of system behavior should be complete.
Prohibit errors. The design should not be tolerant to any human
errors. The design should assume the Human Factors variant of
Murphy's law:
If the
system enables the operators to fail, eventually they will!
Usability. The interaction will be designed based on models of the
user's and operator's behavior, to ensure that they understand its
procedures and behavior.
Situation awareness. The design should be based on the premise that
the operator cannot trace the machine state reliably. It is the
designer's responsibility to ensure that the operators are always aware
of the system situation.
Load reduction. The design should consider all the user's main
tasks, including those that are not related to the system operation. To
prevent distraction, the design should reduce the mental load required
for the system operation.
Defend against mistakes. The probability of users' and operators'
mistakes in exceptional states is high. The design should incorporate
means to defend against them.
Training. The operators should be trained to operate in exceptional
conditions, and the design should propose means for such training.
Testing with users. The system validation should be based on testing
with real users and operators, in real operational conditions.
Management responsibility. The organization in charge of the system
operation should provide the operators with guidelines and procedures to
prevent operational errors.