Scenario summaries are presented as separate pages with one event e.g. Loss of Containment (LoC) on each sheet. They include typical (suggested) Causes for the loss and visual representations of the scenarios in bowtie format, for example:
Visualisation aims to help ‘Players’ recognise Threats and respect Barriers e.g. ensure their actions or inactions do not disable, degrade or delete prevention measures associated with each LoC event. They include typical (suggested) Causes (Threats) and Controls (Barriers) and visual representations of the scenarios in bowtie format.
Although bowties are constructed on the principles of published practice (CCPS “Bow Ties in Risk Management: A Concept Book for Process Safety”), they do not rigorously follow the guidance as the aim is to provide simple effective summaries not wholly accurate representations of scenario evolution.
Hazards are operations, activities, or materials with the potential to cause harm.
The Top Event is the moment when control over the hazard or its containment is lost, releasing its harmful potential.
Hazards and Top Events (and their relative release potential & risk – see following sections) are shown as follows to help ‘players’ or Users remember that Major Accident Events are always a possibility:
Threats are potential reasons for (causes of) loss of control of the hazard leading to the top event (loss of containment).
Threats (and their relative likelihood) are shown as follows to help ‘players’ or Users recognise present or potential/developing Causes or Initiating Events that could lead to the Top Event:
Prevention or threat barriers prevent the Top Event from occurring. Mitigation barriers (not shown on these diagrams) are employed after the Top Event and should help prevent or reduce losses and regains control once it has been lost.
Barriers and their degradation factors & types are shown as follows to help ‘players’ or Users respect the Controls, Safeguards or Measures that could prevent the Top Event:
Respecting barriers means that ‘players’ or User acts or omissions i.e. what they do or don’t do, do not directly or indirectly result in barriers with reduced effectiveness because they are:
Operated beyond design limits or life
Overridden or inappropriately adjusted (poor temporary MoC)
Removed (poor permanent MoC)
Not fitted (poor Design Control or Action Management)
Barriers are categorised (colour coded) according to the CCPS Bowtie guidance as follows:
Hardware + Human
Combined actions e.g. Alarm
Detect + Decide + Do (Act)
Barrier vulnerabilities may be considered as the inverse of the effectiveness. In this case these are based on a simple ranking system of barrier types according to the predictability or warning of failure and reliance on human action or intervention:
Hardware + Human
Barrier vulnerabilities are graphically represented on the Threat line as follows:
These utilise Barrier Failure Analysis functionality (representing Missing, Inadequate, Failed, Unreliable or Effective barrier performance during incidents or unplanned demands) from IncidentXP.
If necessary, barrier Effectiveness can also be shown on the diagrams – this is at the User’s discretion:
Degradation (or Escalation) factors are conditions that can reduce the effectiveness of the barrier.
They do not directly cause a Top Event or Consequence but, by degrading the associated barrier, the likelihood of escalation towards the Consequences is higher. Normally they appear below the barriers as follows:
However, for clarity (to minimise diagram depth), they are included inside the barriers, as shown below:
The relative risk for each scenario is derived from the Threat & Release potentials.
To help inform plant/field & 3rd party personnel (who typically do not have access to failure databases) on the relative likelihood of the LoC occurring, a scale based on the anticipated occurrence is suggested using the following simple ranking system in descending order of frequency i.e. most likely at top of list:
◙ Human Factors
◙ Control Malfunction
◙ Equipment Failure
◙ Environmental or External Influences
In addition, the potential is influence by relative frequency of each LoC scenario is based on the occurrences of incidents investigated by the US Chemical Safety Board (CSB).
Likelihoods are subjective and must be taken as indicative only. Each user (site or company) should provide context to their own operations with respect to, for example, maintenance strategies, competence etc
Similarly, the relative scale of release (based on the anticipated opening or breach e.g. cracks vs. guillotine) resulting from a LoC is summarised using a 3-tier system.
The relative release (impact) of each LoC scenario is based on the onsite & offsite fatalities & injuries resulting from the event investigated by the CSB.
Releases are subjective and must be taken as indicative only. Each user (site or company) should provide context to their own operations with respect to, for example, material properties, operating conditions etc.
The relative risk for each scenario is derived from the following matrix based on the potential for or likelihood of release (Release Potential) and the scale of release (Potential Release):
Although an intuitive and simple approach to visualising integrity, not all users/players are familiar with the principles and components of bowties and barrier management – so, we’ve created an interactive game.
This is summarised in our BowTie Blockbusters blog and explained in this short video:
For more information please contact us.