There are multiple ways to structure data in BowTieServer to suit different types of organizations. It is possible to create a “top-down” approach, which usually means there is a corporate standard that is rolled out to multiple sites. This is useful if the knowledge on how to manage risk are present on a corporate level. On the other hand, if sites have more knowledge on managing their specific risks, it might be better to go for a bottom up approach, where each site determines their own ways to manage risks. Obviously, a lot of organizations will be a mix between these two extremes, which can also be done. The next paragraphs explain these three types of organizations in more detail.


Top-down approach: “single truth”

A top-down approach is suitable for organizations that have operations on multiple sites with a high level of similarity and a corporate department that has enough knowledge to determine what should be done on these sites. For instance, a fast food chain with restaurants throughout the world. Although the physical locations may differ, the processes within each restaurant should be almost identical. Because of this, the corporate office can create standards that every restaurant should adhere to. The individual sites only have to make sure that the barriers indicated on the corporate bowties are implemented correctly. Having a single bowtie standard makes it much easier to monitor sites through audits and compare them because the audits will be based on the barriers from the same bowtie diagrams.

Bottom Up approach: “silos”

Where the ‘top down’ approach is mostly useful for organizations with a high level of similarity between sites, the ‘bottom up’ approach is a better option for organizations where sites all have different processes. These individual differences between sites makes it difficult to create a single generic bowtie that all sites should adhere to (like the ‘top down’ approach). The generic bowtie will not adequately represent individual sites. Instead, it may be better if sites create their own bowties to ensure a close fit. In order to share knowledge between sites, read-only access can be granted between sites, so they can view each other’s bowties . When selecting this approach, the role of the corporate office is different compared to the ‘top down’ approach. Instead of using bowties to dictate which barriers should be in place at each location, the bowties are now used by the individual sites to show they are adequately in control of their risks. The advantages of creating ‘bottom up’ is that the diagrams will be very specific and will have a close fit with reality. The disadvantage is that it is more difficult to compare sites and it will take more resources to create all the bowties .

Hybrid approach: “minimum requirements”

Of course, not all companies will fit exactly in a ‘bottom up’ or ‘top down’ profile. There are hybrid forms that try to bridge the gap between the rigid ‘top down approach and ‘bottom up’ approach. The hybrid approach is suitable for companies that run operations that share a lot of common ground, but also have slight differences per location. For example, an airline company may operate in different countries. Although the main operation is flying an aircraft, differences in legislation or airport facilities may result in some barriers or threats being present in one place but absent in another. So, even though there are some differences, a large proportion of the bowtie content will be the same for all locations. In that case, a hybrid approach might be most suitable.

In a typical hybrid approach, the corporate office creates a set of template bowties on a generic level. The barriers, threats and consequences that are identified on those should be seen as minimum requirements. Every individual site will then make a copy of the template bowties and add/remove content so it fits their particular reality. This way, the general structure of the bowties will remain consistent, but there is still room to make small adjustments to make them fit for the location. The corporate office can then audit against the minimum requirements, and individual sites can show where and why they deviated or added extra barriers.