A Roadmap for the Integration of BowTie into the Safety Management System
In this article we look at considerations for getting started with BowTie and how to implement the tool into a Safety Management System. It’s not suggested that users have to address or implement every aspect of this roadmap to make BowTie work for them, but hopefully this overview will help users get on the right track.
Step 1. Train users.
As a methodology BowTie is simple enough, that is one of its strengths. To create high quality BowTies of a consistent standard, practitioners do need some initial training though. The amount and type of training need not be as detailed for all users and should vary according to how they will be expected to interact with the BowTies.
- Those developing the BowTies (e.g. workshop facilitators) and safety managers complete a comprehensive training program (e.g. a two day classroom course).
- Stakeholders that will view and use completed BowTies complete a 30-minute BowTie briefing.
Step 2. Decide where to integrate BowTie into the SMS.
It might be that you just want to use BowTie as a risk analysis tool, that’s fine but bear in mind that it can play a very useful role in many aspects of safety management. You invest time and resources on assessing risk, why not maximize the potential safety benefits by integrating it into your SMS in other areas too?
Check out our article 'The role of BowTie in SMS' for more information.
Step 3. Define what issues require BowTies.
When conducting risk assessments, it makes good sense to select a tool appropriate to the significance of the hazard under consideration. BowTie will be a great addition to your safety management toolbox as it goes into a level of detail well suited to risks at the higher end of your scale.
You could develop a policy for when to do a BowTie along the lines of the following example:
- Known major hazards or hazards identified as having potentially catastrophic outcomes.
- Prior to significant operational changes:
- Introduction of new operational equipment.
- Significant changes to the operating environment.
- When desirable for communication purposes.
- To summarise existing safety studies.
Step 4. Structure the BowTie Hazard register.
It might seem very obvious but sometimes organisations spend quite a bit of time developing various BowTies and only later start to think about how to fit what has already been completed into a structured BowTie Hazard Register. Whilst this approach can be made to work, having a pre-defined structure will usually be a more efficient way to go.
Example options for structuring the BowTie Hazard Register:
- Based on types of Operations e.g. Ground vehicle operations; works in the movement area; works on the runway etc.
- Based on Generic Risk Descriptions such as the UK CAA Significant Seven BowTie Project e.g. Loss of Control, CFIT, Fire etc.
- Based on Phase of Flight e.g. Pre-Departure, Take-off, Initial Climb to Cruise Altitude, etc.
Step 5. Define the depth of analysis required.
Using a software tool such as BowTieXP allows users to go into various levels of detail in terms of the analysis. Particularly when it comes to examining the organisational activities and structures behind the diagram elements, you will usually find that the software will not be the limiting factor; it will be a question of what level of detail you feel is appropriate for your organisation.
When getting started, you might for example, stick to the more basic functionalities, with a view to evolving the process into more detailed understanding as your experience grows.
In order to have a consistent approach across the your organisation, it will be a good idea to define these aspects. Will you for example:
- Assign Accountable persons to the Controls?
- Describe and link the Activities required for the proper functioning of the controls?
- Link documents (such as SOPs relevant to the Controls)? Etc.
Step 6. Develop an Organisational Template.
From early on it will be beneficial to decide on an ‘organisational template’. This is simply the starting point for all the BowTies that you develop as an organisation. BowTieXP software for example, lets you assign things like the terminology you will use (is it a Barrier, a Control or a Defence?) and a taxonomy for various categorisations (like effectiveness ratings and Control types). You only need do this once and then you will ensure that everyone in the organisation will be starting from a common point of reference.
Step 7. Develop a Best Practice Reference Document.
A reference document that describes the practices and approaches that you consider appropriate for your organisation can be an invaluable tool. When numerous staff separated by time or location will be working on the development of your BowTies, it encourages consistency and appropriate standards.
Step 8. Define the required steps in the BowTie build process.
No doubt you will already have an established process for your risk assessments. When you implement BowTie, you simply need to update the details according to how you want things to be done when it comes to Bowtie. In our experience, the facilitated workshop is the format that produces the best results.
A description of the process might look something like this:
- Assign a Project Leader.
- Develop initial context/scope and reviews existing safety information.
- Develop initial BowTie elements.
- Identify required subject mater experts and/or stakeholders.
- Workshop with subject mater experts and/or stakeholders (define the minimum number of participants e.g. three).
- Complete BowTie and finalise with workshop group.
- Review by other BowTie expert.
- Communicate results as appropriate.
Step 9. Develop the Actual BowTies.
Get started by developing BowTies for your top three or four hazards. As you gain familiarity with the process this will become quicker and more intuitive. Once you have a few good quality BowTies and have started using them, you will probably find that buy-in for the methodology increases and further development and integration will evolve.
Step 10. Define the Usage Strategy.
Don’t forget to put some thought into what you want to do with your BowTies once they are completed!
- Define the usage strategy relative to the intended use within the SMS:
- Presentation to management for decision making.
- Use for pro-active risk management (for barrier based auditing).
- Use as a re-active safety management tool (to collect information on threats and barrier failures)
- Incorporation with existing Safety Training programs.
- Incorporation with specific training prior to commencing certain operations.
- Define a promulgation and availability strategy:
- Hard copy accessibility.
- Online access.
- Use of text based reports.
Step 11. Define the review process.
Hazards and the way they are managed are rarely in a static state given an aviation type operational environment. Your BowTies will represent a snapshot of the issues as you understand them at the time that the BowTies were developed. In order to keep pace with reality, they should be thought of a living models with a defined review process, for example:
- To incorporate any relevant changes to the operating environment (e.g. are all the Controls still there? Are there new ones?)
- To incorporate information from the Safety Reporting System, Investigations, Audits, observations or studies. Where available, information from relevant industry or state bodies should form part of the review (e.g are we better informed as to the effectiveness of certain Controls? Are there additional Threats not yet accounted for in the BowTie?)
- Reactive: following a significant incident or accident.
- Proactive: e.g. as per a scheduled annual review.
- BowTie project leader reviews available information.
- Workshop with relevant stakeholders.
12. Further Developments/Capabilities.
An important aspect of good safety management is that of constantly striving for improvement. Developments in the ways we think about barrier based risk management (and software capabilities) are important considerations moving forward.
A couple of exciting developments currently evolving are:
- Linking Safety Performance Indicators. For example, incorporating real-world data into the BowTie by identifying not only failed defences (but also the ones that work well) via safety intelligence sources (e.g. reporting systems, flight data etc.).
- The use of barrier based audits to improve the efficiency of safety auditing processes.
There is no doubt a degree of commitment in terms of resources and time is required when implementing BowTie from scratch. Doing it yourself as an organisation can be very rewarding as the level of engagement and risk awareness is maximised.
There are alternatives though and for those looking to accelerate their implementation of barrier based risk management Across Safety provides pre-populated suites of BowTies customised to numerous specific industry sectors.