A Roadmap for the Integration of BowTie into the Safety Management System

BowTie XP risk management roadmap

In this article we look at considerations for getting started with BowTie and how to implement the tool into a Safety Management System. It’s not suggested that users have to address or implement every aspect of this roadmap to make BowTie work for them, but hopefully this overview will help users get on the right track. 

Step 1. Train users.

As a methodology BowTie is simple enough, that is one of its strengths. To create high quality BowTies of a consistent standard, practitioners do need some initial training though. The amount and type of training need not be as detailed for all users and should vary according to how they will be expected to interact with the BowTies.

For example:

·      Those developing the BowTies (e.g. workshop facilitators) and safety managers complete a comprehensive training program (e.g. a two day classroom course).

·      Stakeholders that will view and use completed BowTies complete a 30-minute BowTie briefing.

 

 

Step 2. Decide where to integrate BowTie into the SMS.

It might be that you just want to use BowTie as a risk analysis tool, that’s fine but bear in mind that it can play a very useful role in many aspects of safety management. You invest time and resources on assessing risk, why not maximize the potential safety benefits by integrating it into your SMS in other areas too?

 

Check out our article 'The role of BowTie in SMS' for more information.

 

Step 3. Define what issues require BowTies.

When conducting risk assessments, it makes good sense to select a tool appropriate to the significance of the hazard under consideration. BowTie will be a great addition to your safety management toolbox as it goes into a level of detail well suited to risks at the higher end of your scale.  

You could develop a policy for when to do a BowTie along the lines of the following example:

  • Known major hazards or hazards identified as having potentially catastrophic outcomes.
  • Prior to significant operational changes:
    • Introduction of new operational equipment.
    • Significant changes to the operating environment.
  • When desirable for communication purposes.
  • To summarise existing safety studies.

 

Step 4. Structure the BowTie Hazard register.

It might seem very obvious but sometimes organisations spend quite a bit of time developing various BowTies and only later start to think about how to fit what has already been completed into a structured BowTie Hazard Register.  Whilst this approach can be made to work, having a pre-defined structure will usually be a more efficient way to go.

Example options for structuring the BowTie Hazard Register:

  • Based on types of Operations e.g. Ground vehicle operations; works in the movement area; works on the runway etc.
  • Based on Generic Risk Descriptions such as the UK CAA Significant Seven BowTie Project e.g. Loss of Control, CFIT, Fire etc.
  • Based on Phase of Flight e.g. Pre-Departure, Take-off, Initial Climb to Cruise Altitude, etc.

 

 

Step 5. Define the depth of analysis required.

Using a software tool such as BowTieXP allows users to go into various levels of detail in terms of the analysis. Particularly when it comes to examining the organisational activities and structures behind the diagram elements, you will usually find that the software will not be the limiting factor; it will be a question of what level of detail you feel is appropriate for your organisation.

When getting started, you might for example, stick to the more basic functionalities, with a view to evolving the process into more detailed understanding as your experience grows.

In order to have a consistent approach across the your organisation, it will be a good idea to define these aspects. Will you for example:

  • Assign Accountable persons to the Controls?
  • Describe and link the Activities required for the proper functioning of the controls?
  • Link documents (such as SOPs relevant to the Controls)? Etc.

 

Step 6. Develop an Organisational Template.

From early on it will be beneficial to decide on an ‘organisational template’. This is simply the starting point for all the BowTies that you develop as an organisation. BowTieXP software for example, lets you assign things like the terminology you will use (is it a Barrier, a Control or a Defence?) and a taxonomy for various categorisations (like effectiveness ratings and Control types). You only need do this once and  then you will ensure that everyone in the organisation will be starting from a common point of reference.

 

 

Step 7. Develop a Best Practice Reference Document.

A reference document that describes the practices and approaches that you consider appropriate for your organisation can be an invaluable tool. When numerous staff separated by time or location will be working on the development of your BowTies, it encourages consistency and appropriate standards.

 

 

Step 8. Define the required steps in the BowTie build process.

No doubt you will already have an established process for your risk assessments. When you implement BowTie, you simply need to update the details according to how you want things to be done when it comes to Bowtie. In our experience, the facilitated workshop is the format that produces the best results.

A description of the process might look something like this:

  • Assign a Project Leader.
  • Develop initial context/scope and reviews existing safety information.
  • Develop initial BowTie elements.
  • Identify required subject mater experts and/or stakeholders.
  • Workshop with subject mater experts and/or stakeholders (define the minimum number of participants e.g. three).
  • Complete BowTie and finalise with workshop group.
  • Review by other BowTie expert.
  • Communicate results as appropriate.

 

Step 9. Develop the Actual BowTies.

Get started by developing BowTies for your top three or four hazards. As you gain familiarity with the process this will become quicker and more intuitive. Once you have a few good quality BowTies and have started using them, you will probably find that buy-in for the methodology increases and further development and integration will evolve.

 

 

Step 10. Define the Usage Strategy.

Don’t forget to put some thought into what you want to do with your BowTies once they are completed!

For example:

  • Define the usage strategy relative to the intended use within the SMS:
    • Presentation to management for decision making.
    • Use for pro-active risk management  (for barrier based auditing).
    • Use as a re-active safety management tool (to collect information on threats and barrier failures)
    • Incorporation with existing Safety Training programs.
    • Incorporation with specific training prior to commencing certain operations.
  • Define a promulgation and availability strategy:
    • Hard copy accessibility.
    • Online access. 
    • Use of  text based reports.

 

Step 11. Define the review process.

Hazards and the way they are managed are rarely in a static state given an aviation type operational environment. Your BowTies will represent a snapshot of the issues as you understand them at the time that the BowTies were developed. In order to keep pace with reality, they should be thought of a living models with a defined review process, for example:

  • Why:
    • To incorporate any relevant changes to the operating environment (e.g. are all the Controls still there? Are there new ones?)
    • To incorporate information from the Safety Reporting System, Investigations, Audits, observations or studies. Where available, information from relevant industry or state bodies should form part of the review (e.g are we better informed as to the effectiveness of certain Controls? Are there additional Threats not yet accounted for in the BowTie?)
  • When:
    • Reactive: following a significant incident or accident.
    • Proactive: e.g. as per a scheduled annual review.
  • How:
    • BowTie project leader reviews available information.
    • Workshop with relevant stakeholders.

 

12. Further Developments/Capabilities.

An important aspect of good safety management is that of constantly striving for improvement. Developments in the ways we think about barrier based risk management (and software capabilities) are important considerations moving forward.

 

A couple of exciting developments currently evolving are:

  • Linking Safety Performance Indicators. For example, incorporating real-world data into the BowTie by identifying not only failed defences (but also the ones that work well) via safety intelligence sources (e.g. reporting systems, flight data etc.).
  • The use of barrier based audits to improve the efficiency of safety auditing processes.

13. Conclusion

There is no doubt a degree of commitment in terms of resources and time is required when implementing BowTie from scratch. Doing it yourself as an organisation can be very rewarding as the level of engagement and risk awareness is maximised.

There are alternatives though and for those looking to accelerate their implementation of barrier based risk management Across Safety provides pre-populated suites of BowTies customised to numerous specific industry sectors. 

Find out more about pre-populated BowTies by contacting us now

BowTie Training Live Online

Online BowTie training

With our live online training option, you can now attend any of our courses remotely. Learning is facilitated by our trainers in real time and in a fully interactive way so as to replicate an actual classroom setting whilst providing all the advantages of the online format.

Click here for more information on live online training
About | Terms | Return Policy | Privacy Policy | Cookie Policy | Sitemap
Copyright 2016 by Across Safety Development Ltd
Log out | Edit

Strictly necessary

Strictly necessary cookies guarantee functions without which this website would not function as intended. As a result these cookies cannot be deactivated. These cookies are used exclusively by this website and are therefore first party cookies. This means that all information stored in the cookies will be returned to this website.

  • Enable all
  • Jimdo-cart-v1

    Jimdo-cart-v1 Strictly necessary local storage which stores information on your cart to enable purchases via this online store. Provider: Jimdo GmbH, Stresemannstrasse 375, 22761 Hamburg Germany. Cookie/Local Storage Name: Jimdo-cart-v1. Lifetime: Local storage does not expire. Cookie Policy: https://www.jimdo.com/info/cookies/policy/ Privacy Policy: https://www.jimdo.com/info/privacy/

  • shd

    shd Cookie This cookie identifies returning visitors to this website and maintains the user’s state for all page requests. Provider: Jimdo GmbH, Stresemannstrasse 375, 22761 Hamburg, Germany. Cookie name: shd Cookie Lifetime: 1 year Cookie Policy: https://www.jimdo.com/info/cookies/policy/ Privacy Policy: https://www.jimdo.com/info/privacy/

  • cookielaw

    Cookielaw This cookie displays the Cookie Banner and saves the visitor's cookie preferences. Provider: Jimdo GmbH, Stresemannstrasse 375, 22761 Hamburg, Germany. Cookie Name: ckies_cookielaw Cookie Lifetime: 1 year Cookie Policy: https://www.jimdo.com/info/cookies/policy/ Privacy Policy: https://www.jimdo.com/info/privacy/

  • PHPSESSIONID

    PHPSESSIONID Strictly necessary local storage for the correct functioning of this store. Provider: Jimdo GmbH, Stresemannstrasse 375, 22761 Hamburg Germany Cookie /Local Storage Name: PHPSESSIONID Lifetime: 1 session Cookie Policy: https://www.jimdo.com/info/cookies/policy/ Privacy Policy: https://www.jimdo.com/info/privacy/

  • stripe

    Stripe This is strictly necessary in order to enable payments powered by Stripe via this store. Provider: Stripe Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. Cookie Names and Lifetimes: __stripe_sid(Lifetime: 30 min), __stripe_mid (Lifetime: 1 year), Ckies_stripe (Lifetime: 1 year). Cookie Policy: https://stripe.com/cookies-policy/legal Privacy Policy: https://stripe.com/privacy

  • postfinance

    Postfinance This is necessary in order to enable payments powered by Postfinance via this store. Provider: PostFinance AG, Kontaktcenter, Mingerstrasse 20, 3030 Bern, Switzerland. Cookie Name: ckies_postfinance. Cookie Lifetime: 1 year.Datenschutzerklärung: Cookie Policy: https://www.postfinance.ch/en/detail/privacy.html Privacy Policy: https://www.postfinance.ch/en/detail/privacy.html

  • ckies_*

    Jimdo Control Cookies Control Cookies for enabling services/cookies selected by the site visitor and saving these cookie preferences. Provider: Jimdo GmbH, Stresemannstrasse 375, 22761 Hamburg, Germany. Cookie Names: ckies_*, ckies_postfinance, ckies_stripe, ckies_powr, ckies_google, ckies_cookielaw, ckies_ga, ckies_jimdo_analytics, ckies_fb_analytics, ckies_fr Cookie Lifetime: 1 year Cookie Policy: https://www.jimdo.com/info/cookies/policy/ Privacy Policy: https://www.jimdo.com/info/privacy/

Functional

Functional cookies enable this website to provide you with certain functions and to store information already provided (such as registered name or language selection) in order to offer you improved and more personalized functions.

  • Enable all
  • powr

    POWr.io Cookies These cookies register anonymous, statistical data on the behavior of the visitor to this website and are responsible for ensuring the functionality of certain widgets utilized by this website. They are only used for internal analysis by the website operator, e.g. for the visitor counter etc. Provider: Powr.io, POWr HQ, 340 Pine Street, San Francisco, California 94104, USA. Cookie Names and Lifetime: yahoy_unique_[unique id] (Lifetime: session), POWR_PRODUCTION (Lifetime: session), ahoy_visitor (Lifetime: 2 years), ahoy_visit (Lifetime: 1 day), src 30 Days Security, _gid Persistent (Lifetime: 1 day). Cookie Policy: https://www.powr.io/privacy Privacy Policy: https://www.powr.io/privacy

Performance

Performance cookies gather information on how a web page is used. We use them to better understand how our web pages are used in order to improve their appeal, content and functionality.

  • Enable all
  • ga

    Google Analytics These cookies collect anonymous information for analysis purposes, as to how visitors use and interact with this website. Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA or, if you are resident in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Cookie names and Lifetimes: __utma (Lifetime: 2 years), __utmb (Lifetime: 30 minutes), __utmc (Lifetime: session), __utmz (Lifetime: 6 months), __utmt_b (Lifetime: 1 day), __utm[unique ID] (Lifetime: 2 years), __ga (Lifetime: 2 years), __gat (Lifetime: 1 min), __gid (Lifetime: 24 hours), __ga_disable_* (Lifetime: 100 years). Cookie Policy: https://policies.google.com/technologies/cookies Privacy Policy: https://policies.google.com/privacy

  • jimdo_analytics

    Jimdo Statistics The so-called Jimdo statistics function is a tracking technology, based on Google Analytics, which is operated by Jimdo GmbH. These cookies collect anonymous information for analysis purposes, as to how visitors use and interact with this website. Provider: Jimdo GmbH, Stresemannstrasse 375, 22761 Hamburg, Germany. Cookie Names and Lifetimes: ckies_jimdo_analytics (Lifetime: 2 years), __utma (Lifetime: 2 years), __utmb (Lifetime: 30 minutes), __utmc (Lifetime: session), __utmz (Lifetime: 6 months), __utmt_b (Lifetime: 1 day), __utm[unique ID] (Lifetime: 2 years), __ga (Lifetime: 2 years), __gat (Lifetime: 1 min), __gid (Lifetime: 24 hours), __ga_disable_* (Lifetime: 100 years). Cookie Policy: https://www.jimdo.com/info/cookies/policy/ Privacy Policy: https://www.jimdo.com/info/privacy/

Marketing / Third Party

Marketing / Third Party Cookies originate from external advertising companies (among others) and are used to gather information about the websites visited by you, in order to e.g. create targeted advertising for you.

  • Enable all
  • fb_analytics

    Facebook Analytics This is a tracking technology which utilizes the so-called, "Facebook pixel" from the social network Facebook and is used for website analysis, ad targeting, ad measurement and Facebook Custom audiences. Provider: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Cookie name(s): _fbp, fr Cookie Lifetime: 90 days Cookie Policy: https://www.facebook.com/policies/cookies Privacy Policy: https://www.facebook.com/policy.php

Cookie Policy

This website uses cookies to give you the best online experience. Please let us know if you agree by clicking on the “Accept” option below. If you’d like to find out more about the cookies we use and set your individual cookie preferences, please review our Cookie Policy.

Imprint Privacy Policy
  • Strictly necessary
  • Functional
  • Performance
  • Marketing / Third Party