Английская Википедия:Bow-tie diagram
A bow-tie diagram is a graphic tool used to describe an accidental event in terms of its initial causes, ultimate negative consequences, and safety barriers designed to prevent or control the associated hazards. It can be considered as a simplified, linear representation of a fault tree (analyzing the cause of an event) combined with an event tree (analyzing the consequences),[1] although it can maintain the quantitative, probabilistic aspects of the fault and event tree when it is used in the context of quantified risk assessments.[2] The diagram visualizes an unintended event, usually one with the potential to escalate to undesired consequences, with all its credible initiating causes on the left of the event and its ultimate outcomes (such as injury, loss of property, damage to the environment, etc.) on the right. A number of barriers, either hard/engineered or administrative/procedural, are placed on the path from the initiators to the final outcomes. The shape of the diagram resembles a bow tie, after which it is named.[3]
Bow-tie analysis is used to display and communicate information about risks in situations where an event has a range of possible causes and consequences. A bow tie is used when assessing controls to check that each pathway from cause to event and event to consequence has effective controls, and that factors that could cause controls to fail (including management systems failures) are recognized. It can be used proactively to consider potential events and also retrospectively to model events that have already occurred, such as in an accident analysis. The diagram follows the same basic principles as those on which fault tree analysis and event tree analysis are based, but, in being far less complex than these, is attractive as a means of rapidly establishing an overall scope of risk concerns for an organisation, only some few of which may justify those more rigorous and logical methods.[1][4]
Bow-tie diagrams are used to analyze and manage risk in several industries, such as oil and gas production, the process industries, aviation, and finance.[3][5]
History
It is generally accepted that the earliest mention of the bow-tie methodology appeared in the Imperial Chemical Industries (ICI) course notes of a lecture on hazard analysis given at the University of Queensland, Australia in 1979.[3][6] Other sources point to Derek Viner of the Ballarat College of Advanced Education (now the Federation University), who used it as an aid to explain aspects of his generalised time sequence model (GTSM) for accidental events.[4][7] Risk analysis tools such as fault tree analysis, event tree analysis, cause-consequence diagrams, as well as relevant concepts in nuclear safety (like defense-in-depth) were introduced separately but at similar times. The bow-tie diagram builds on some elements of those approaches and introduces the concept of a central event (the "bow tie knot") which frees the energy available to escalate to the final undesired consequences.[2][4]
Royal Dutch Shell is considered to be the first major company to successfully integrate bow-tie diagrams into their business practices, at least since the early 1990s.[3][8][9]
Structure of the diagrams
Bow-tie diagrams contribute to the identification, description and understanding of the different types of hazards that can arise in a given situation, facility or production process. They also help identify the relevant risk control measures (barriers) for a given hazard.
The fact that scientific effort benefits greatly from a focus on "process" is well known in several scientific domains as was noted by Haddon.[10] The generalised time sequence model (GTSM) was developed by Viner as a process model of which bow-tie diagrams are a simplified extract.[4]
Bow-tie diagrams pivot around a central event releasing the energy necessary to bring about the ultimate undesired consequences. In Rowe’s seminal work,[11] the central event is defined as "the point in time when control was lost of the potentially damaging properties of the energy source of interest". This element is sometimes referred to as the top event or the critical event. Thus, the bow tie approach recognizes the significance of energy sources in the accident process, something that had been identified by Deblois as early as 1926,[12] Gibson,[13] and Haddon[10] in the decades prior to the introduction of the bow-tie diagram. The top event is an event that is shared by multiple possible scenarios. It is not critical in the sense that it is the worst event that can occur, but because it can lead to multiple distinct negative outcomes.[2]
Credible initiating causes (or triggers, threats, etc.) are shown on the left of the top event and its ultimate outcomes (or consequences, such as injury, loss of property, damage to the environment, etc.) on the right. Control barriers, either hard/engineered or administrative/procedural, are placed on the path from the initiators to the final outcomes.
For example, pressure in a process vessel is a form of energy that can be released if containment is breached (the central event). The results/outcomes of the release may be noise, blast overpressure propagation, flying debris, loss of fluid, etc. These outcomes are shown at the right-hand side of the diagram. Causes for breach of containment are shown at the left-hand side of the diagram, as arising from such mechanisms as structural degradation (abrasion, corrosion, fatigue, external impact, application of other forces and the like), spurious pressurization above design limits, inadvertent opening, etc. When initiating causes and outcomes are understood, the analyst can ensure that sufficient control measures (barriers) exist to stop the initiating causes from resulting in the top event and the top event from escalating to the ultimate unwanted outcomes. Left-hand side barriers are, in this example, external and internal surface coatings, vessel inspection (internal and external), wall thickness measurements, pressure safety valves, etc. While some are relevant to design and commissioning, others are to maintenance and condition monitoring. A right-hand side barrier, in this example, are nearby structures designed to withstand modelled blast overpressure.
Bow-tie diagrams are often associated and used in conjunction with the Swiss cheese model of accident causation.[3] In particular, both approaches are eminently focused on the role of safety barriers in accident causation chains. When using a bow-tie diagram to illustrate and analyze an accidental scenario, it is essential that the integrity of the safety barriers is considered and confirmed. Barrier integrity is achieved by good design, procurement of parts and equipment, commissioning, operation, inspection, maintenance and management of change. A diagram can incorporate this elements by associating to each barrier a series of escalation factors (or degradation factors), to each of which, in turn, relevant elements of a robust management system are allocated to prevent the escalation factors from degrading barrier performance. For example, an escalation factor for a mitigative barrier such as a fire pump can be starting battery depletion, and an associated control that would capture and correct the fault could be periodic testing of the pump, as part of the facility maintenance management system. Thus, engineered (hard) barriers become safety-critical systems, whose reliability and integrity must be upheld at all times to manage hazard in an optimal way.[3]
Bow-tie diagrams are typically an eminently qualitative tool, used for accidental scenarios analysis and rationalization as well as for illustrative purposed, such as in training courses to plant operators and in support of safety cases. However, a different type of bow-tie diagram exists that is more apt at supporting quantified risk analysis. This diagram is essentially the combination of a fault tree and an event tree and maintains the boolean and probabilistic features of those approaches.[2]
Use in various domains
Bow-tie diagrams are used in various disciplines and domains, including for example:
- Occupational safety and health (OSH)[3]
- Process safety[3]
- Aviation safety[5]
- Information security and cyber security risks[14]
- Risk assessment based on network theoryШаблон:Citation needed
- Finance[3]
Several software packages are available in the market for bow-tie diagram creation and management. Bowtie Master (cloud-based) and BowtieXP (local only) are two examples.
References
- ↑ 1,0 1,1 Шаблон:Cite book
- ↑ 2,0 2,1 2,2 2,3 Шаблон:Cite journal
- ↑ 3,0 3,1 3,2 3,3 3,4 3,5 3,6 3,7 3,8 Шаблон:Cite book
- ↑ 4,0 4,1 4,2 4,3 Шаблон:Cite book
- ↑ 5,0 5,1 Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite journal
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite book
- ↑ 10,0 10,1 Шаблон:Cite journal
- ↑ Шаблон:Cite book
- ↑ Шаблон:Cite book
- ↑ Шаблон:Cite book
- ↑ Шаблон:Cite book