Best Practices for HMI Design in Industrial and Safety-Critical Applications

(Source: Gatherina/stock.adobe.com; generated with AI)

The consequences of a poorly designed human-machine interface (HMI) can range from lost productivity to human harm. Especially in high-stakes industries like energy, manufacturing, and process automation, HMIs that fail to accurately display critical system information or receive operator feedback present a risk of catastrophic accidents.

However, when engineers approach an HMI design with the same rigor as any other critical system component, the outcome is far different. This blog explores how utilizing best practices for a well-designed HMI turns these tools into an extension of the operator, reducing cognitive load, enhancing decision-making, and minimizing the risk of human error.

Core Design Principles

Engineers can achieve high accuracy and usability by following core design principles, such as user-centric and task-oriented layouts, error handling and alarm management, and robust hardware design. Together, these elements ensure that the interface is functional and performs reliably in real-world conditions.

User-Centric and Task-Oriented Design

In user-centric design, HMIs are created to suit the operator's needs, tasks, and mental models rather than the system's technical implementation. This means involving actual operators early in the design process—through research, co-design workshops, and usability testing—to ensure the interface aligns with how they think and work.

A task-oriented HMI design presents information and functions in a way that supports an operator's situational awareness and decision-making by reducing visual clutter and cognitive load. To do this, engineers often deploy high-performance graphics with dynamic process visuals that display information in a context-aware manner.

The ISA-101 HMI design standard recommends a hierarchical display organization, from high-level overviews to detailed control screens, to underpin the interfaces’ control elements.^[1] The standard also suggests using gray-scale backgrounds and low-contrast colors, reserving brighter colors only for alarms and critical data.

Error Handling and Alarm Management

HMIs should actively support operators by providing clear feedback and minimizing the chance of errors. In an ideal scenario, the HMI and the underlying control system should be designed with built-in protections to make it difficult for a user to make a mistake. For example, the user interface (UI) can disable controls that are not valid in the current context, preventing inadvertent inputs.

In safety-critical operations, HMIs often include confirmations for actions that have significant consequences. For instance, an HMI might require the operator to verify a command that will shut down a running process, or a control panel may incorporate two-step activation for an emergency alert to avoid accidental triggers.

Alarm management is another facet of feedback and error handling in industrial HMIs. Best practices for alarm management include prioritizing and filtering alarms and providing clear on-screen indications of their status. For example, suppose the temperature of a storage tank rises above a certain threshold. In that case, the interface should display a message such as "Tank 7: High Temperature" with an alarm icon that allows the user to click for details or navigate to the relevant screen.

Environmental and Hardware Design Principles

Industrial HMIs do not exist in a vacuum, but instead must operate reliably in harsh real-world environments. One key consideration is the hardware's environmental ratings. For example, an HMI panel might need a high ingress protection (IP) rating against water and dust in a factory washdown area or on an outdoor oil rig. Ruggedization of these HMIs is crucial, involving shock and vibration mounting, electrical noise filtering, and power conditioning to handle surges or outages.

Lessons from Past Failures

Even with these best practices in mind, a failure to implement them correctly can have severe consequences, as seen in the following case studies. Throughout industries, there have been numerous instances where HMI designs have contributed to accidents or serious problems.

USS Fitzgerald Collision (2017)

In 2017, the USS Fitzgerald collided with the MV ACX Crystal commercial container ship, killing seven Fitzgerald sailors. The investigation concluded that sailors on the bridges of many US Navy vessels could not properly operate touchscreens in the ships' control systems. These complex touchscreens became a significant point of failure that contributed to the accident.^[2]

Critical engine controls were difficult to find within the touchscreen menu and lacked the tactile feedback of the physical levers, leading to operator mistakes in steering and speed control. Additionally, HMI touchscreen designs varied among US Navy ships, causing further confusion.

HMI design must ensure usability and context in high-stress settings. Simplicity and familiarity can help avoid such accidents in dynamic situations like these.

Hawaii Missile Alert (2018)

In 2018, a Hawaii Emergency Management Agency employee accidentally sent the public a real missile warning instead of a test message. The operator clicked the wrong option and confirmed it without realizing the mistake.^[3] The system's UI had multiple design flaws, including poorly differentiated options in the menu where the real alert was a near-identical option to the test alert. This lack of sufficient confirmation and a clear way to undo the action highlights critical flaws in error-prevention design.

Conclusion

Designing an HMI is more than just creating screen layouts; it requires trust between humans and machines. Engineers must adhere to design best practices, such as user-centric design, robust error handling, and environmental ruggedization, to ensure that HMIs become reliable partners in complex environments. When the stakes are high, a well-designed HMI improves productivity and protects lives.

[1]

 https://www.isa.org/standards-and-publications/isa-standards/isa-standards-committees/isa101