- Source: Bow-tie diagram
A bow-tie diagram is a graphic tool used to describe a possible damage process in terms of the mechanisms that may initiate an event in which energy is released, creating possible outcomes, which themselves produce adverse consequences such as injury and damage. The diagram is centred on the (generally unintended) event with credible initiating mechanisms on the left (being where reading diagrams starts) and resulting outcomes and associated consequences (such as injury, loss of property, damage to the environment, etc.) on the right. Needed control measures, or barriers, can be identified for each possible path from mechanisms to the final consequences. The shape of the diagram resembles a bow tie, after which it is named.
A bow-tie diagram can be considered as a simplified, linear, and qualitative representation of a fault tree (analyzing the cause of an event) combined with an event tree (analyzing the consequences), although it can maintain the quantitative, probabilistic aspects of the fault and event tree when it is used in the context of quantified risk assessments.
Bow-tie analysis is used to display and communicate information about risks in situations where an event has a range of possible causes and consequences. A bow tie is used when assessing controls to check that each pathway from cause to event and event to consequence has effective controls, and that factors that could cause controls to fail (including management systems failures) are recognized. It can be used proactively to consider potential events and also retrospectively to model events that have already occurred, such as in an accident analysis. The diagram follows the same basic principles as those on which fault tree analysis and event tree analysis are based, but, in being far less complex than these, is attractive as a means of rapidly establishing an overall scope of risk concerns for an organisation, only some few of which may justify those more rigorous and logical methods.
Bow-tie diagrams are used in several industries, such as oil and gas production, the process industries, aviation, and finance.
History
It has been commonly noted that the earliest mention of the bow-tie methodology appeared in the Imperial Chemical Industries (ICI) course notes of a lecture on hazard analysis given at the University of Queensland, Australia in 1979. Other sources point to Derek Viner (in the same year) at the then Ballarat College of Advanced Education (now the Federation University of Australia), who drew it as an aid to visualization of his generalized time sequence model (GTSM) for damage processes. The more complex risk analysis tools of fault tree analysis, event tree analysis use the same principle: Things go wrong, there is a reason for that and a result too, with the result generating the adverse consequences. The bow-tie diagram introduces the concept of a central energy-based event (the "bow tie knot") in which the damaging properties of the energy are no longer under control so that they result in outcomes and consequences.
Royal Dutch Shell is considered to be the first major company to successfully integrate bow-tie diagrams into their business practices, at least since the early 1990s.
Logic and structure of the diagrams
Bow-tie diagrams contribute to the identification, description and understanding of the different types of hazards that can arise in a given situation, facility or production process. They also help identify the relevant risk control measures (barriers) for a given hazard.
The fact that scientific effort benefits greatly from a focus on the process giving rise to the phenomenon of interest is well known in several scientific domains, as noted by William Haddon. The generalized time sequence model (GTSM) was developed in the 1970s by Viner as a process model suited to understanding this process to the phenomenon of unwanted damage. Bow-tie diagrams are a simplified extract of this, conceived of (and then named by students) during a lecture to assist explanation.
Bow-tie diagrams are centred on a central event in which the energy necessary to bring about the ultimate undesired consequences is released. In William Rowe’s seminal work, which explained half of the process of damage, the event of interest is defined as what produces outcomes and consequences of interest and outcomes as what results from an event. Derek Viner resolved this circularity by defining the event as "the point in time when control is lost of the potentially damaging properties of the energy source of interest." This is sometimes referred to as the top event (a fault-tree term) or the critical event. Thus, a bow-tie analysis is centred on an energy-based event. The need for energy sources in any damage process had been noted by Lewis DeBlois as early as 1926 as well as Gibson and Haddon in the decade prior to the introduction of the bow-tie diagram. It is evident that any central event may be originated by more than one mechanism and that, following the release of energy, a number of different outcomes may result. As Rowe made clear, it is these various unwanted outcomes that produce the adverse consequences of injury, damage etc.
Credible initiating mechanisms (which some call causes, triggers, threats, etc.) are shown on the left of the central event and its ultimate outcomes and consequences, such as injury, loss of property, damage to the environment, etc. on the right. This left to right flow of the process is also a time axis. Control barriers, either hard/engineered or administrative/procedural, are identified for each path from the mechanisms to the final outcomes.
For example, pressure in a process vessel is a form of energy that can be released if containment is breached (the central event). Possible mechanisms for breach of containment, shown to the left, include structural degradation (abrasion, corrosion, fatigue), spurious pressurization above design limits, inadvertent opening, etc. Shown to the right of the central event, are the results/outcomes of the release (e.g., noise, blast overpressure propagation, flying debris, loss of fluid, etc.) When mechanisms and outcomes and subsequently routes to adverse consequences are understood, the analyst can ensure that control measures (often now called barriers) exist to stop the initiating mechanisms from resulting in the central event and the central event from leading to the ultimate unwanted outcomes and consequences. Left-hand side (mechanism) control measures are, in this example, external and internal surface coatings, vessel inspection (internal and external), wall thickness measurements, pressure safety valves, etc. While some are relevant to design and commissioning, others are to maintenance and condition monitoring. Outcome (right-hand side) control measures in this example would include nearby structures designed to withstand modelled blast overpressure.
Bow-tie diagrams are typically a qualitative tool, used for simple damage process analysis as well as for illustrative purposes, such as in training courses to plant operators and in support of safety cases. However, a different type of bow-tie diagram exists that is more apt at supporting quantified risk analysis. This diagram is essentially the combination of a fault tree and an event tree and maintains the Boolean and probabilistic features of those approaches.
Use in various domains
Bow-tie diagrams are used in various disciplines and domains, including for example:
Occupational safety and health (OSH)
Process safety
Aviation safety
Information security and cyber security risks
Finance
Several software packages are available in the market for bow-tie diagram creation and management.
References
Kata Kunci Pencarian:
- Bow-tie diagram
- Diagram
- Bow tie (disambiguation)
- Regulatory risk differentiation
- Safety-critical system
- Swiss cheese model
- Network theory in risk assessment
- Cyber PHA
- Tied-arch bridge
- Ricardian contract