Download presentation
Presentation is loading. Please wait.
2
HAZID as starting point for BowtieXP
Identify the high potential hazards Before a Bowtie can be created in BowtieXP you first need to establish your high potential hazards. This can be done by a (Risk Assessment) HAZID, example shown in the slide. Basically you are separating your top hazards from hazards of which you think they do not have a high potential. HAZIDS can be enormous, are hard to work with and lets be honest, no one gets excited by these documents Most Bowtie users establish about 10 to 15 high potential hazards. These will be the starting point for your Bowties
3
Risk Management Plan Check / Monitor Do Implement & communicate
Related to previous slide. The Bowtie method is the first step of the Deming Circle, but it needs the input of the HAZID. BOWTIE XP: Plan. Risk analysis and assessment. Before we start executing a process, we can already plan it. We can think about how it can hypothetically go wrong (threats) and what the negative consequences are. Once we know what can threaten our system, barriers can be identified to counter those threats. This can all be done before the first process is started! Input HAZID. BOWTIE XP : Do. Implement and communicate the SMS and identified barriers. As seen in the presentation, BowTies are very useful so for the barrier implementation ‘do’ part BowtieXP is a Barrier based risk management tool. Incident XP: Check/Monitor (What happened with the barriers) This can be done in two ways. 1.During the do phase, you try to execute the plan as good as possible. But things can go wrong! If this happens, it is possible that you will be confronted with incidents. Although they are negative, they can be used to learn about what went wrong. Because we have identified barriers during the planning stage, we can now inspect them and see why they did not stop the incident. We can then find the root causes to the barrier failures. Once the failure modes are known, we can go back to our BowTie diagram and indicate where improvements need to be made. 2. Instead of waiting for incidents to happen, we can also audit our barriers. By assigning verification questions to barriers, we can check whether they are operational, before incidents have occurred. Both incident and AuditXP provide barrier-based information. Because the BowTie method is a barrier based risk assessment tool too, they can easily communicate with eachother. By using IncidentXP or AuditXP to monitor the SMS and detect vulnerabilities. Audits are a proactive approach and incidents a reactive one. They speak the common language of barriers. You might say that incidents and audits are needed to prove the strength of your barriers… but do you want incidents;)? We can depict risk management in this Demming Circle. We begin at the top: Before we start executing a process, we can already plan it. We can think about how it can hypothetically go wrong (threats) and what the negative consequences are. Once we know what can threaten our system, barriers can be identified to counter those threats. This can all be done before the first process is started! Do: Execute the process and implement the barriers that have been identified. BowTieServer can help to distribute the information that the BowTie contains. Check/monitor: During the do phase, you try to execute the plan as good as possible. But things can go wrong! Maybe the plan was poorly executed (barriers were not implemented correctly), or the plan was flawed to begin with. If this happens, it is possible that you will be confronted with incidents. Although they are negative, they can be used to learn about what went wrong. Instead of waiting for incidents to happen, we can also audit our barriers. By assigning verification questions to barriers, we can check whether they are operational, before incidents have occurred. Both incident and AuditXP provide barrier-based information. Because the BowTie method is a barrier based risk assessment tool too, they can easily communicate with eachother. They speak the common language of barriers. -Bowtie method is a preventive method for identification of risks. For in depth analysis Audit XP Implement & communicate the management system BSCAT | Tripod Beta | BFA | RCA
4
Barrier thinking Hazard Losses Barriers
To avoid the Top hazard from causing losses, an organization can introduce barriers. They are sometimes called controls, safe guards, protection layers etc. This is configurable in the software Barriers: are all kinds of safety measures (either technical or behavioural) that prevent the hazard to create losses. (Example: Hazard: Driving a carTop Event: losing control over carThreat: blow out barrier: tyre pressure alarm, pre drive check of the tyres etc.) However, the barriers shown in the slides are not very realistic. They are completely solid. Every barrier is per definition fallible, there are always reasons why they fail. ( alarm malfunction, check not performed, driving over sharp materials on road etc...) Barriers
5
Barrier thinking Equipment failure Human Factors Poor planning Fatigue
Etc. So, the barriers are more like slices of Cheese. They have holes in them reasons why the could fail. Every barrier can fail: Even the most technologically advanced piece of equipment still needs to be designed by people, maintained by people and operated by people. Usually when we bring people into the mix, things can start to go wrong. Even though the holes in the cheese may be there, it does not mean you will have incidents all the time. Barriers strengthen each other. Incidents only occur when all the holes in the barriers line up and allow the hazard to pass through all of them (i.e. all relevant barriers fail simultaneously in a perfect way). This is where the Bowtie Method comes in, as it is Barrier based risk management tool. The Bowtie methodology focusses on the performance of the barriers that may prevent a top event from happening. But also prevents the consequence from happening of reaching its full potential if the top event happened. Copyright CGE Risk Management Solutions BV - Do not distribute
6
Bowtie analysis in 8 steps
BowTie analyzes in 8 Steps Example: Hazard: Airplane in flight (hazard not in controle, the event you don’t want to happen) Top event: engine shuts down during flight. Above two are the starting points the Bowtie diagram. Changing one of the two causes can change the barriers and threats and consequences. Threats: What events have the potential to cause the Top Event. Consequences: What can potentially happen if the Top Event took place. Barriers (Preventive and Reactive): What can prevent to prevent the Top Event from happening. What can help to prevents you from having a consequese Escalation factor: What causes the barrier not to work.
7
Visualisation / communication
1 VS. Information from excel sheets (most companies) is imput for Bowtie. Why Bowtie: a picture says more than heaps of text, is easier to look at. The tool has efficient functions to work efficiently and Excel creates monster like documents and are horrible to work with
8
Risk based decision making
2 Do you have enough barriers to be (enough) in control? ! A list show a number of barriers but says nothing about: - Effectiveness for the threats. - Relation with the threat or consequence the responsible person for the barrier(s) The bowtie makes it visual in one look
9
Risk based decision making: taking additional info into account
3 What if the Engineering Manageris fatigued? Or when you have a power blackout? ! ! !
10
Risk based Management System
4 Assessing barriers: - Red versus yellow and green: Red needs more attention as it’s not effective. But its more effective to asses the least performing barrier at the left threat site as these might prevent the top event from happening. Having said that: a red threat that follows after a green one might not be highest priority as the barrier before is effectively. This decision however is up to the subject matter experts.
11
Software Overview Tree view Diagram 11 11
12
Bowtie diagram in BowtieXP
By following the 8 steps the Bowtie can look like this. If we take a closer look its easily to conclude that we have a lot of Preventive barriers in place that (might) prevent the top event from happening. But if that happens; we do not have a lot of barriers that (might) prevent the consequences from happening. Off course this is a simple example. Secondly we are able to see colors; These reflect the effectiveness of the barrier; this is an expert judgement. that are examples of the added value that BowtieXP offers to make it more of a tool than just a picture. In the Software demonstration this will be shown.
13
New features BowtieXP Added hazard lookup ‘Phase’
Added new hazard lookup called ‘Phase’ – to indicate build phase of the bowtie. Such as: draft, awaiting approval i.e. This addition to the software makes the bowtie a ‘live document’ as it clearly defines the status of a document and it allows you to initiate more actions people within the organization. In the sign off section in the hazard screen the ‘ valid until’ function is added and actions more specific.
14
New features BowtieXP Incident grouping
Added ability to group incidents by type, category, tier, year, quarter and month in the treeview. In the top left corner of the treeview panel a button is added to enable the grouping of incidents. A screen with grouping selections will pop-up. The feature provides clear overview of the number of NM per month, year or month.
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.