The TOP-SET Incident Investigation Method

The company Kelvin TOP-SET® is located in Scotland and has over 20 years of experience in incident investigation. The knowledge that came from this experience is incorporated in a methodology, named TOP-SET®. TOP-SET® is an incident investigation methodology that follows all known best practices in this field.

The method revolves around six elements: Technology, Organization, People, Similar Events, Environment and Time. The planning of the investigation, but also the facts that are gathered during the investigation are categorized by these items.

The TOP-SET® methodology starts with an initial incident statement to set the scope of the incident. After that the method basically follows three main steps: Planning, Investigate and Analyze.

1. Plan

Planning is a very important step in the TOP-SET® method. The investigator is guided in the planning to make sure not a single possible factor in the incident is overlooked. The TOP-SET investigation planner gives you a list of all these possible factors making sure that the investigator has a broad perspective on the incident.

2. Investigate

In the investigation part the investigator looks at all the factors he or she wants to find out. Witnesses are interviewed, the incident scene is visited, pictures are taken and simulations are performed. During the TOP-SET® course all these techniques are taught (for more information go to ). When all the facts are gathered they are put on the storyboard, which is categorized in the six main elements. The storyboard items can be of different colors showing the credibility of the item or the investigator that added it. Since time is also an important element, the storyboard can also be transformed into a timeline.

3. Analyze – Root Cause diagram

When all the facts are gathered the investigator can look at the causes of the incident. In the TOP-SET® method this is done with a Root Cause diagram. This diagram starts with identifying the immediate causes, then the underlying causes (failed barriers) all the way to the root causes. These root causes represent the latent failures of the organization. When these failures are resolved the incident will be prevented in the future together with a scope of similar incidents.

Tripod Beta Analysis

The tripod method is a way of conducting incident analysis. It is mostly used for high risk, complex incidents, since it is a very extensive and detailed method. Training is highly recommended when using the tripod method.

History: where it all began

The tripod theory started with research done in the late 80’s and early 90’s in human behavioral factors in incidents. The research was stimulated by Shell International and executed by the University of Leiden and Victoria University in Manchester.

The Tripod method

A Tripod Beta tree is built in three steps. The first step is to ask the question: ‘what happened?’. All the events that happened in the incident are listed as a chain of events. The next step is to identify the barriers that failed to stop this chain of events. The question that is asked in this step is: ‘How did it happen?’. When all the events and the failed barriers in between are identified, the reason for failure of these barriers is analyzed. The last question for this step is: ‘Why did it happen?’. For each of the failed barriers a causation path is identified.

All the items that appear in the Tripod Beta method are explained in more detail below.

1. What happened?

First it needs to be identified what happened during the incident; what events occurred. This is the core of the tripod diagram and is represented with three shapes, the head ‘trio’. These three elements are:

  1. Event

  2. Hazard

  3. Object

The trio can be explained as an AND gate, both the Hazard and the Object need to be present for the Event to occur. The Hazard acts on the Object to change its state or condition that is described as the Event. In a tripod tree there can be multiple trios. Hazards and Objects can form new Events.


In the tripod theory an Event is a happening, a ‘change of state’, whereby an object is affected by a Hazard. All events may cause potential injury, damage or loss. Examples of events are:

  • Cut in a finger

  • Car collision

  • A failed money investment


A Hazard is an entity with the potential to change, harm or damage an object upon which it is acting. Hazards can be a physical energy source or can have a more abstract nature. Examples of a Hazard are:

  • Working on height

  • Explosive material

  • Economic crisis


The Object is the item that is changed by the Hazard. The Object can be someone or something that is harmed, changed or damaged. Examples of Objects are:

  • Employee

  • IT system

  • Environment

2. How did it happen?


The second step in the tripod analysis is to analyze how the incident could have happened by identifying the failed barriers. The barriers can be placed between the Hazard and the Event and between the Object and the Event. To identify these two types of barriers two questions are asked:

  • What Barriers should have prevented the exposure to the Hazard?

  • What Barriers should have protected the Object from the Hazard?

A Barrier is something that should prevented the meeting of an Object and a Hazard. It protects people, assets, environment from the negative consequences of a Hazard. Barriers can have their effect on the Hazard (e.g. insulation) or the Object (e.g. PPE). In a Tripod analysis a Barrier can be qualified as failed, missing or effective.

3. Why did it happen?

The last step is to identify why the incident happened; what caused the Barriers to fail. To analyze this we follow a certain pathway, called the ‘Causation Path’. The causation path consists of three items:

  1. Active Failure

  2. Precondition

  3. Latent Failure

Active Failure

The Active Failure explains the human act that directly caused the Barrier to break. The Tripod method is based on the Human Error theory. This theory states that incidents happen when people make errors and fail to keep the barriers functional or in place. These errors are Active Failures. Examples of Active Failure are:

  • Neglecting to wear PPE

  • Wrong design decision

  • Inappropriate use of tools


The Precondition is the environmental, situational or psychological ‘state’ in which the Active Failure takes place. It explains the context of the human error and it provides the control breaching capacity of the Active Failure. This can be related to supervision, training, instructions, procedures, etc. Examples of Preconditions are:

  • Bad sight

  • Budget squeeze

  • Poor ergonomics of tools

Latent Failure

Latent Failures are the organizational or systemic deficiencies that create Preconditions. The Latent Failure acts on a system level, it always involves the organization. A Latent Failure is not incidental, but is present for a longer time; it is an underlying failure. Examples of Latent Failures are:

  • Inadequate training

  • Failure to identify hazards

  • Imbalanced budgets