PT Notes
Challenges in Constructing Bow Tie Diagrams - Barriers
PT Notes is a series of topical technical notes on process safety provided periodically by Primatech for your benefit. Please feel free to provide feedback.
This PT Note is the third in a series on challenges faced by process safety practitioners in constructing bow tie diagrams. It addresses the specification of barriers in a bow tie diagram.
Bow tie analysis (BTA) involves the construction of diagrams that depict how prevention and mitigation barriers (i.e. safeguards) protect against threats (i.e. initiating events) that can cause hazardous events, or so-called top events, resulting from loss of control over a hazard, and the adverse consequences that can arise from them. Degradation factors that impair barriers and the controls used to protect against them often are also depicted.
Barriers must be defined in order to develop bow tie diagrams. Often, they are obtained from process hazard analysis (PHA) studies. However, care must be exercised to ensure PHA information is accurately transposed into the bow tie diagram.
Barriers must be selected and specified carefully to ensure a meaningful bow tie diagram is constructed and bow tie diagrams are not cluttered by too many barriers, and to make bow tie construction more efficient by minimizing iterations and revisions. This PT Note addresses the principal challenges faced by practitioners in selecting and specifying bow tie barriers in light of the subjective judgement required for the construction of bow tie diagrams.
Barriers are measures that prevent or mitigate top events. Prevention barriers appear on main pathways connecting threats with the top event and mitigation barriers appear on main pathways connecting the top event with consequences. Prevention barriers are intended either to prevent the threat from occurring, e.g. cathodic protection, or stop a threat that has occurred from leading to the top event, e.g. a relief valve. Mitigation barriers are intended either to stop a consequence from occurring, e.g. a blast wall, or reduce the magnitude of a consequence, e.g. a deluge system.
Care must be exercised by bow tie practitioners to avoid including non- applicable barriers that create clutter, making communication more difficult, and provide a false sense of security. The number of barriers should be kept to a reasonable maximum by tailoring the bow tie diagram to ensure it can be understood easily.
Barriers must have the ability to prevent or mitigate a top event on their own. They must also meet certain validity requirements to be included in the bow tie diagram. Commonly, practitioners apply criteria similar to those used for qualifying safeguards as independent protection layers in layers of protection analysis, e.g. effectiveness, independence, and auditability. A barrier is considered to be effective if performs its intended function when demanded and to the standard intended; independent if it functions independently of the threat, the top event, and other barriers on the pathway; and auditable if the barrier is capable of being audited to establish its effectiveness and independence. Additional criteria may also be applied, e.g. functionality, integrity, reliability, and access security.
Barriers must provide full coverage to be included in a bow tie diagram, that is, they must be effective against all instances of the threat or consequence. It maybe desirable to be more specific with the definition of threats and consequences to avoid less than full coverage situations by splitting them into two or more threats or consequences when some barriers apply only to the more specific threats or consequences. For example, for the threat, loss of cooling water, for the top event, runaway reaction, loss of cooling water due to power failure may have a standby diesel generator as a barrier whereas loss of cooling water due to a leak may have a low water pressure shutdown system as a barrier. Similarly, for the consequence, toxic exposure to people, toxic exposure to facility personnel may have sheltering in place as a barrier whereas toxic exposure to the public may have evacuation as a barrier.
Barriers are the most important aspect of a bow tie diagram. They must be selected and specified carefully to ensure a meaningful bow tie diagram is constructed and bow tie diagrams are not cluttered by too many barriers, and to make bow tie construction more efficient by minimizing iterations and revisions.