Bowtie Analysis and Barrier-Based Risk Management - Part 3

This article was originally published in the January-February 2018 issue of Pharmaceutical Engineering® magazine.  Catch up on this series by reading:

Every business has legal, economical, and ethical objectives that range from mandatory safety to commercial goals to corporate citizenship. Businesses undertake a certain amount of risk to achieve these objectives. The balance between risk and reward is an ongoing challenge regardless of the activities involved. The bowtie technique can be used to visualize, assess, and manage risk.

By: David Hatch

Generic Example

Not all barriers are created equal, however, and appropriate attention should be given to those that pose a higher risk. Categorizing the bowtie components and then color-coding them helps prioritize risk by providing immediate impact, as shown in Figure 4.

Figure 4: Enhanced bowtie for a typical filter dryer


This displays a variety of parameters, each with a key message to help inform decision-making. In simple terms, the robustness of risk (or failure) management can be broken down as:

  • Quantity: Presence (how many and where they are located)
  • Quality: Performance (how effective they are)
  • Diversity: Independence between associated threats and other barriers Barriers are often classified as:
  • People: Personnel who design, operate, maintain, monitor, and manage
  • Process: Organizational measures (procedures)
  • Plant: Technical measures (equipment or structures)

These can be considered in several additional ways:

  • Too few barriers may suggest inadequate protection, but too many may be excessive and costly
  • Barriers that rely heavily on human interaction (operation) or intervention (maintenance) are typically weaker than more passive barriers and often have a lower lifetime cost
  • All eggs in one basket: If one party (role) is responsible for multiple barriers, or if technology (e.g., electrical) is applied within several barriers, the absence or reduced performance of that single element can have widespread effects
  • Barrier criticality (requirement) and effectiveness (achievement) are of major concern when a high criticality is combined with low effectiveness.

In Figure 4, the barrier types are categorized as:


Colors also categorize barrier effectiveness:


Threats can be classified as:

  • Type: Equipment failure, control malfunction, human error, or external/environmental influences
  • Contribution: Anticipated scale of possible effects
  • Frequency: How often the threat is likely or is known to occur

Two colors categorize threat types:


Since prevention is better than cure, attention should focus on threats with high contribution and high frequency. A quick scan of threat types related to human factors or errors, for example, can reveal where more training is required. Other approaches could be adopted for predominately computer-related threats, as is the case in Figure 4.

At the end of the scenario, consequences might be classified by:

  • Category: The predominant risk receptor or scale of concern related to the consequence
  • Type: The urgency of response required if/when the consequence occurs
  • Risk: A combination of the severity and likelihood of the inherent (unmitigated, no barriers) and residual (mitigated, with the barriers) risk

Consequences are categorized using the following colors:


More attention should be paid to consequences of major concern and/or those with the highest (mitigated or unmitigated) risk, since the barriers associated with these scenarios are neither actually or potentially effective in the overall risk-reduction strategy.