Human factors: Disruption: How is disruption of work controlled?

Options:

Option 1: No disruption defenses are used.
Option 2: Settings are configured to limit known disruptions where feasible.
Option 3: Different displays are used for different functions to limit interactions.
Option 4: Different inputs are used for different functions to limit interactions.
Option 5: Input and output are fully controlled to avoid overlap and focus changes.
Option 6: Multiple processors or real-time operating systems are used to support performance requirements.

Basis:

Work disruption typically comes in 2 forms:

• Disruption for protection is often used to stop a process forcing explicit user action.
• Disruption results from change of focus or interruption of input for another input.

In either case there is often the potential for harm in that the disruption may result in, for example:

• User actions not applied in the desired context: In this case, for example, typing underway in an input window does not get applied to that context, resulting in that typing being lost. Similarly, mouse clicks, speech input, or any other input may be misapplied because the input process was disrupted. This can happen under high load conditions, during certain operational modes of some common systems, when another input has been given precedence without explicit user action, when focus is removed from a window previously in use, when input devices are switched to a different connection, when a connection is temporarily disabled, a screen saver is enabled at the wrong moment, a screen is dimmed but still taking input, and so forth.
• User actions applied in a context or way they were not intended: This often happens when a "higher priority" prompt is put in place as the user enters data. The prompt may appear briefly taking focus, for example just as a user is typing something, with the result being that the user typing is entered into the new focus, applied, and the focus removed with the user put back into the previous or another context without even being able to tell what happened.
• Information revealed in a context it should not be revealed in: For example, in slide presentations it is common for a window to pop up indicating the arrival of messages, alarms, and similar things. The effect may be the unintentional revelation of confidential information, disruption of a point being made, or the presentation of information that may effect an action in the wrong context.

Multiple processors or real-time operating systems are used to support performance requirements: Because shared resources or priority interrupts may lead to disruption, in systems where (1) real-time performance is important, (2) loss from delayed input handling, or (3) bad decisions may result from old data displayed, performance must be assured at the user interface. This is typically done either by the use of a real-time operating system or multiple non-interfering processors. Priority interrupts are particularly problematic in these situations and must be carefully managed.

Input and output are fully controlled to avoid overlap and focus changes: As an example, mechanisms may be implemented in different ways, through different interfaces, or using a layout that prevents interruption and focus changes. At one extreme, all displays and controls are given their own physical devices so that no interaction is possible and each is independent of the other. At the other extreme, a single display. has relevant information and areas where different sorts of input and output occur and appear so that outputs do not interfere with inputs and different priorities are in different locations.

Different inputs are used for different functions to limit interactions: Multiple input methods are used so that input to different applications come from different devices. For example, a separate input device may be used for a critical application with input controlled by the application rather than as a part of the general inputs used by the operating system so that operating system or other application inputs cannot intercept the input mechanism..

Different displays are used for different functions to limit interactions: Multiple displays are implemented so that disruptive output is applied to different screens for different purposes. For example, a special display may be used for a critical application with output controlled by the application rather than as a part of the general display used by the operating system so that operating system or other application outputs cannot appear on the display.

Settings are configured to limit known disruptions where feasible: To the extent that settings allow disruptions to be disabled, they are configured so as to eliminate the known disruptions. For example, when doing a slide presentation, if there are settings to prevent windows from appearing above the presentation, they are configured to so limit disruptions. This is always desirable unless a stronger method is in place, and even then, it doesn't hurt.

No disruption defenses are used: No special measures are taken to disable interruptions, leading to the sorts of problems identified above. We never advise this, since the difficulty of doing something is low enough that it "pays for itself" very quickly.

Custom implementation: In custom implementations, higher surety methods are available, while most off-the-shelf mechanisms don't support anything more than limited settings.