In the Bow-Tie method, the designated top event output of a Fault Tree is the starting point for an Event Tree. This approach was initially developed by the Shell organization and gets its name from the shape of the combined diagrams that appear as a rotated hourglass shape (Figure 1). Bow-Tie adopts the Causal Factors Charting approach of a progressive timeline and expanded annotations for developing details of the safeguard measures (preventive or mitigative).  Safeguard barriers to prevent, or mitigate, progression of an accident scenario are depicted by dotted vertical lines on the diagram. These safeguard measures (preventive, mitigation, and recovery) can function as the basis for conducting a Layer of Protection Analysis (LOPA) study⁵.  Although not normally included during initial PHA studies, the reliability and independence of each safeguard measure can be evaluated and confirmed. Safeguard measures can be examined in increasing levels of detail as determined by the scope and objectives of the PHA study.

One feature of the Bow-Tie method is the concept of a potential recovery path. The diagram can depict and evaluate several different scenario outcomes, where the operator, or “system,” recovers or mitigates the consequences and avoids the ultimate worst case path. If desired, the pre-event side of the Bow-Tie can be used as a starting point for a full quantitative fault-tree analysis PHA study, and the post-event side can be used as the input for a quantitative Event Tree study.

The mechanics
The Bow-Tie analysis is most effective when conducted by a seasoned team led by a trained and experienced facilitator. Since the Bow-Tie encompasses a wide range of issues, team member selection is important to the success of the study and must include personnel with knowledge of the:

1. Design features and functions (process/project engineer)
2. Operational characteristics of the system (operations personnel),
3. Chemical reaction characteristics (process/project/safety engineer)
4. Existing safeguards and their reliability and vulnerabilities (instrumentation, safety, maintenance, and process/project engineer)
5. Environmental safety factors (process/environmental engineer)

Ideal team size ranges from four to seven people. Accurate and complete process safety information is critical for success (including reaction chemical kinetics and properties). It is essential that the team have sufficient knowledge of existing, or intended, administrative safeguards: operator training and competencies, permit systems, mechanical integrity systems, management of change systems, and emergency preparedness and response systems. The Bow-Tie approach shares some characteristics of a structured What-if study in that simultaneous multiple deviations can be identified and evaluated.

When conducting a Bow-Tie analysis, fault tree, or event tree, the selection and designation of the top event is a critically important step. For reactive chemical batch and semi-batch reactions, there are several options for selecting the top-event. In this illustrative example, the top event can be designated as either: 1) Undesired (or unintended) exotherm; 2) Significant overpressure in the reactor due to accelerating reaction; or 3) Loss of Containment of the reactor contents (Figure 2). Pre-event cause scenarios are depicted on the left side of the diagram and represent credible causes and potential failure modes. Post-event consequence outcomes are depicted on the right side of the diagram. Safeguard measures (pre- and post) are depicted by vertical lines. During the PHA study sessions, the team identifies these existing barriers (left of the top event) and makes a consensus decision as to adequacy of these existing safeguards. General time progression is from left to right of the diagram.

Top events

Figure 2: Click to enlarge

The reaction process chosen for this illustration is a typical semi-batch reactor (Figure 3).  In this process example, an initial charge of reactants is fed to the reactor. The exothermic reaction is started via addition of an initiating substance, and subsequently the batch proceeds by controlled addition of additional reactants. The initial exotherm is desirable, intended, and necessary. During the controlled addition phase of the batch, reactant feed rate is regulated by a temperature control system that senses both the absolute temperature at several locations and the rate of temperature change in the reactor. The reactants and solvent are presumed to be flammable liquids (NFPA Class One material) with moderate vapor pressure at atmospheric conditions. The exothermic reaction is presumed to release moderate to high rates of thermal energy (-800cal/g), and is presumed to have the potential to accelerate into an uncontrollable, run-away, reaction.

Generic reactor system PFD

Figure 3: Click to enlarge

Critical equipment for safe operation of the reaction system includes the reactor vessel, condenser, agitator, cooling system (internal coils), and control systems for:

• addition of reactants
• pressure control
• temperature control
• venting (normal venting and emergency venting), and reactor dump system