ISO 31000 blog series – Recording and reporting

Having walked through the previous ISO 31000 steps, we now come to the “Recording and Reporting” step. Recording is about recording information in a risk register so that this information can then be reported to decision-makers. In a sense this is what the bowtie does best – it records risks which can then be reported [...]

2019-07-11T10:05:27+02:00Blog|

CHASE – Visualizing cyber security vulnerabilities using bowties

Guest blog by David Hatch from Process Safety Integrity Hazards 29 is Europe’s leading process safety forum. At this year’s event, industry expert Andy Geddes and CGE Partner David Hatch from Process Safety Integrity presented their new CHASE concept. Their work has developed a practical methodology for Computer Hazard And Security Evaluation. You can't defend [...]

End of life SharePoint add-on for BowTieXP

We hereby announce that the BowTieXP SharePoint add-on will be End Of Life by the end of this year. The main reason for the EOL is that the maintenance on the add-on becomes very hard, because of (ongoing) changes to the way SharePoint works. In addition to that, nowadays, the basic Microsoft SharePoint functionality covers [...]

2019-06-24T11:16:25+02:00News|

ISO 31000 blog series – Risk treatment

This week’s blog is on Risk Treatment. It is an important step in completing the Plan-Do-Check-Act cycle for continuous quality improvement. Much like a doctor and her patient, before we can treat our operations, we need to diagnose what the problem is and where our treatment should be applied. Once the cure has been diagnosed, [...]

2019-06-18T13:24:35+02:00Blog|

A Mining Guest Blog Series by Jim Joy – Part 9: Considering ‘acts’ as critical controls and the challenge of their measurability

Welcome to the 9th article in the series. Article 8 overviewed the selection of critical controls, hopefully generating some thoughts about setting company or site objectives for moving to CCM, as well as considering the concept of ‘indicativeness’ as a potential critical control requirement. Critical control? This article will continue with the critical control selection [...]

2019-06-13T11:08:07+02:00Blog|

ISO 31000 blog series – Risk evaluation

In the past blogs, we covered how to set the scope, identify major risks and analyze them using the bowtie methodology. In this edition, our focus is on evaluating the risk which was analyzed previously. It is possible to evaluate risks in different ways, divided into two categories, the qualitative and the quantitative way. Using [...]

2019-05-24T16:29:59+02:00Blog|

A Mining Guest Blog Series by Jim Joy – Part 8: Identifying critical controls

The 9-step Critical Control Management (CCM) process was shown in the last article with a discussion about the need to establish quality Control-Based Risk Management (CBRM) for priority unwanted events (step 3) before moving to CCM. This article will continue with the CCM process, presenting a variety of approaches to selecting potential critical controls (step [...]

2019-05-13T15:50:31+02:00Blog|

LNER using bowtie to plan for contingency

The London North Eastern Railway, formerly known as Virgin Trains East Coast, developed a bowtie to be used as both a risk assessment and a project plan. In case of a strike, the company has two weeks to organize contingency operations. Using the bowtie ensures the operations are just as safe as during normal operations. [...]

2019-05-09T11:30:21+02:00News|