PT Notes
Challenges in Constructing Bow Tie Diagrams - Hazards and Top Events
PT Notes is a series of topical technical notes on process safety provided periodically by Primatech for your benefit. Please feel free to provide feedback.
This PT Note is the first in a series on challenges faced by process safety practitioners in constructing bow tie diagrams. It addresses the specification of the hazard and top event in a bow tie diagram.
Bow tie analysis (BTA) involves the construction of diagrams that depict how prevention and mitigation barriers (i.e. safeguards) protect against threats (i.e. initiating events) that can cause hazardous events, or so-called top events, resulting from loss of control over a hazard, and the adverse consequences that can arise from them. Degradation factors that impair barriers and the controls used to protect against them often are also depicted.
Hazards and top events must be defined in order to develop bow tie diagrams. The top event is the central element of a bow tie diagram. It represents loss of control over the hazard. The potential for harm is realized when control over the hazard is lost. Often, hazards are obtained from process hazard analysis (PHA) studies. However, care must be exercised to ensure PHA scenarios are accurately transposed into the bow tie diagram and also to avoid omitting important scenarios. Typically, bow tie diagrams are not developed for all hazard scenarios from a PHA study. Rather, they are developed only for the most important scenarios. Risk ranking can be used to assist in their selection.
A well-defined hazard makes it easier to properly define the top event for the bow tie diagram and careful specification of the top event helps to make bow tie construction more efficient by minimizing iterations and revisions. This PT Note addresses the principal challenges that must be faced by practitioners in specifying the hazard and top event for a bow tie diagram in light of the subjective judgement required for the construction of bow tie diagrams.
Hazard
The hazard is a potential source of harm. It is shown in the bow tie diagram to provide clarity as to the source of risk. The hazard should not be confused with the top event, which is a loss of control over the hazard, or a consequence, which is actual harm that results from the top event. Both are common mistakes by less experienced bow tie practitioners. For example, flammability is a hazard, fire is not. Hazards exist; they don’t happen, and they exist when the process is in its controlled state.
The hazard defines the coverage of the bow tie diagram and must be expressed in sufficient detail. The level of detail provided for the hazard determines the level of detail in the rest of the bow tie diagram. Generic hazards lead to generic bow tie diagrams, e.g. “flammable material” in too general. An improvement is “flammable hexane stored in tank TK-1”. However, more details may be needed, such as the location of the hazard, an indication of the magnitude of the hazard, and the circumstances under which the hazard occurs. Other pertinent information also may be needed, such as storage or processing conditions, or environmental factors such as the ambient temperature.
A well-defined hazard makes it easier to properly define the top event for the bow tie diagram.
Top Event
The top event is the central element of a bow tie diagram. It represents the loss of control over the hazard. The potential for harm is realized when control over the hazard is lost. Multiple top events may result from the loss of control over a hazard, for example, the hazard “charging catalyst” may result in the top events “operator exposure to catalyst” and “operator fall from catalyst charging platform”. Each top event is described in a separate bow tie diagram.
The use of a consequence as the top event must be avoided. It results in there being no right side to the bow tie diagram.
An optimum top event should be chosen. It should not be defined so narrowly that multiple bow tie diagrams are needed with each one containing few threats and consequences, nor defined so broadly that the bow tie diagram has many threats and consequences making it too complex. For example, “tank overflow” may be too narrow as it does not include all loss of containment scenarios for the tank. Other bow tie diagrams may be needed. “Tank overflow” could be replaced by “loss of hydrocarbon from tank” to provide a broader meaning. In contrast, “loss of process fluid” may be too broad. It could refer to liquid or vapor. Their threats, barriers and consequences may be different requiring separate bow tie diagrams.
The best point in the time sequence of events should be chosen for the top event to ensure a balance of threats and consequences that does not skew the bow tie to either the prevention or mitigation side. For example, possible top events for a reactive hazard are:
- Loss of temperature control (too early)
- Over-pressurization failure of reactor (arguably, optimum)
- Blast wave from explosion (too late)
It is challenging to construct bow tie diagrams correctly without iteration. Careful specification of hazards and top events helps to minimize revisions.
If you would like further information, please click here.
To comment on this PT Note, click here.
You may be interested in:
Copyright © 2020, Primatech Inc. All rights reserved.