3 concepts of great process safety minds that should be in your bowtie diagram

In 2006, the Journal of Loss Prevention in the Process Industries published an excellent article on barriers by Snorre Sklet. The name of the article is “Safety barriers: Definition, classification, and performance” and it is highly recommended to read for everyone in the process (safety) industry who is into barrier thinking.

In the article, Sklet looks at the safety barrier concept in different industries through literature study and based on experience from several research projects. He summarizes his findings by clarifying barrier terminology, classifications and other supporting concepts. In addition to creating a comprehensive summary from work of Svenson, Andersen et al, Vatn, Hollnagel and many others, he makes recommendations on which barrier classifications to use.

Many of the concepts presented by Sklet and others with and before him, have influenced the development of BowTieXP and the methodological framework in- and outside of our software. We see great value in these concepts; we promote them in our training and some of them have made it into the default set-up of BowTieXP. Of course, the software allows for the use of other frameworks too, by customizing terminology and taxonomies. In this blog, we will go into some of the recommended concepts that are mentioned by Sklet and have made it into the default installation of BowTieXP, or could be added through customization of the software.

Barrier definition

Through the years, there have been many terms, definitions and requirements for safety barriers. Terms that have been used are barrier, defense, protection layer, safety critical element, safety function etc. Because Sklet could not find a final definition amongst the ones he found, he combined the best of them and proposed a definition of his own:

“Safety barriers, are physical and/or non-physical means planned to prevent, control, or mitigate undesired events or accidents.”

We believe that this generic definition sufficiently covers the various types and functions. Therefore, we have adopted this definition and use it in our training and manuals. Now that we have a clear definition, it is time to jump to the next barrier attribute, barrier performance.

Barrier performance

To characterize the performance of safety barriers, BowTieXP uses the concept of effectiveness, which could be seen as a combination of reliability and adequacy. These were covered in- depth in a previous blog and are mentioned in Sklet’s article. In addition to these, he recommends to use ‘response time’, ‘robustness’ and to include the triggering event or condition. Robustness is in a sense part of reliability and thus, included in the effectiveness rating of a barrier. The triggering event in bowtie terms is usually modeled as the threat that activates the barrier response. Response time, however, does not have a conceptual counterpart in BowTieXP yet but could be added.

Response time

Response time is formulated by Sklet as: “The response time of a safety barrier is the time from when a deviation occurs that should have activated a safety barrier, to the fulfillment of the specific barrier function.” For instance, the time between the liquid level exceeding a certain threshold, and the high-level tripping stopping the inflow of new liquid into the system. It could add value to show response time on the barriers, to assess if the barriers are actually able to respond to an initiating event in time. You can visualize this in the software by linking the response time to the barriers, as can be seen in the picture below.

Figure 1 – visualize response time on barriers

Note, that the barriers are ordered from left to right by their response time. So preferably, the operator proactively acts in time upon the tank level monitoring system and shuts down the flow before the high-level alarm is reached. If the operator fails to monitor the level, or if the monitoring system fails technically somehow, the high-level alarm will alert the operator to manually close the valve. Finally, the last line of defense is the high-level automatic trip, that only takes a split second to close the valve once its threshold is reached. Therefore, it sits on the far right and has the shortest response time. Of course, the response time of the high-level trip should be shorter than the time between reaching the trip’s threshold level and an actual overfill. If these are too close to each other, lower the threshold, or accelerate the response time of the trip function.

Barrier classification

Besides identifying performance attributes, Sklet also writes about barrier classification. Classifying barriers helps to understand them and identify if a company is reliant on too many barriers of the same kind. For instance, one can identify the different types of systems that can implement a barrier function. These systems usually consist of either some type of hardware, behavior or a combination of both.

Barrier system types

There are different ways to categorize these systems. In the default set-up of BowTieXP, you will find five different categories: Behavioral, Socio-Technical, Active hardware, Continuous hardware and Passive hardware.

Depending on the category, a barrier can contain three distinct parts. A detection mechanism, a decision based on what is detected, and an action that follows the decision. When analyzing a barrier, one needs to identify its parts, and whether those parts are behavioral or technical in nature. The different combinations determine the system type.

For instance, a double check is a purely behavioral barrier because the detection, decision and action are all behavioral. Another example could be a sprinkler system that is activated by pressing a fire alarm button. The detection and decision are behavioral, whereas the action is technical, which makes it a socio-technical barrier. A fence or dike does not detect, decide or act. Its existence alone is enough to have an effect (we are leaving maintenance out of the discussion, as that is on a different level and not part of the barrier itself), which makes it passive hardware.

  1. Behavioral barrier: the detect decide act parts of the barrier are completely represented by people
  2. Socio-technical: the detect decide acts parts of the barrier are a mix between people and hardware
  3. Active hardware: the detect decide act parts of the barrier are completely hardware based
  4. Continuous hardware: a barrier with no detection, but a continuous action (like for instance a ventilation system)
  5. Passive hardware: is effective by just existing without any need for explicit action. Does not have detect, decide or act parts.

Figure 2 – barrier system types

The added advantage of categorizing barrier systems lies in understanding the diversity of barriers. More diversity in the type of barriers you have is generally better. Having only behavioral barriers or only hardware barriers makes a system vulnerable, not only because barriers of one type can compensate for the weaknesses of other types, but also because barriers of the same type are more vulnerable to common mode failure.

Learn more about barrier classifications and performance attributes

There are multiple ways of classifying barriers and the default installation of BowTieXP can be adjusted to reflect the taxonomies of the framework that you would like to use. This blog covered only a few of them. For inspiration on more barrier classifications and performance attributes, read Snorre Sklet’s article “Safety barriers: Definition, classification, and performance” as it is a comprehensive summary of relevant sources. You can also use the References of Sklet’s article as a starting point to explore underlying sources of information and learn even more about safety barriers.

 

2018-08-22T10:26:43+00:00Blog|

5 Comments

  1. John Sherban August 24, 2018 at 6:13 pm - Reply

    Excellent article Arjan; as always!

    I would like to plant a small seed for thought regarding Sklet’s definition of a Barrier and perhaps stimulate some comments here. His definition states, “Safety barriers, are physical and/or non-physical means…”. Although perhaps accurate, this domain includes everything in the universe and therefore I feel it is superfluous in a definition. I believe Barriers must have a direct effect reducing risk, and they must be tangible (i.e. physical and I consider a person to be physical).

    I am looking for a nice definition of a generic Barrier applicable to a wide variety of risks valid within both Bow Tie and Tripod analysis methodologies. So far I prefer the following:

    A measure that directly reduces risk by preventing or reducing:
    1) the release of an agent of change (e.g. a hazard); and/or
    2) the severity of the consequence(s) due to that agent of change.

    What do you think?

    • Bob van Riek (CGE Product Manager) September 4, 2018 at 2:32 pm - Reply

      Hi John,

      Thank you very much for your comment!

      I agree that the non-physical is a bit vague. Nowadays people are more strict with wording when formulating a barrier, which is a good thing. Before, a ‘procedure’ or ‘competence’ was sometimes regarded as a barrier and you could argue that without including the physical act in the barrier description, they are non-physical. However, these days most bowtie practitioners have made a habit of describing the actual (physical) act/intervention as the barrier function. So instead of ‘evacuation procedure’ we are now more specific, for instance ‘execute evacuation procedure’ which points to a physical act.

      As for your proposed definition, I really like the ‘direct risk reduction’ part which makes it more tangible. However, for some audiences the ‘agent of change’ might be a bit too technical as a concept. In Tripod, in some trios the agent of change is more like a bowtie threat, but more like the bowtie hazard in others. Bowtie/Tripod experts will probably get that, but I’m not sure beginners, or people that only know bowtie and not Tripod, will understand fully.

      It is definitely a more concrete definition and for many people possibly a better one! I’m curious on how other people see this, so feel free to join in!

      Best regards,
      Bob

      • Anton Ferreira September 6, 2018 at 9:33 am - Reply

        Hi, Bob, John, and others. I fully support the comment by Bob with regard to the “wording” used to describe a barrier. During training I sometimes have great difficulty in getting candidates to understand that a “piece of paper” cannot be an effective barrier (if indeed it is a barrier). Therefore a procedure, PTW system, etc. should not be the narrative! It is the proper execution of the safety critical steps that constitute and determines the efficacy of the barrier.

        I think what has also happened is that BowTie developers may also sometimes be “lazy” and tend to use a “short-hand” style of writing!

        Best regards,
        Anton

  2. Scott Randall August 31, 2018 at 12:44 am - Reply

    I am fascinated by this blog. This is really well written. Once again, you are putting out some thought leadership content that is very good. As a result, I have requested Snorre’s article from Research Gate and will be trying to incorporate it into some frameworks and courses for above ground risks for negotiators and lawyers in the Petroleum industry. All the best, Scott

    • Bob van Riek (CGE Product Manager) September 4, 2018 at 2:34 pm - Reply

      Thank you Scott! I’m happy that the content we are offering has value to you and hopefully to others as well. Please let us know what you think of the Sklet article once you’ve read it.

      Best regards,
      Bob

Leave A Comment