Bowtie Analysis Technical Guide
1 Scope
This document specifies the terms, principles, processes, technical requirements, quality control, and reporting specifications for conducting bowtie risk analysis in the petroleum and chemical process industry.
This document applies to bowtie risk analysis, visualization, and control of new, modified, expanded projects and in-service installations in the petroleum and chemical industry, and can be used in conjunction with methods such as HAZOP, LOPA, and SIL.
2 Normative References
The following documents are essential for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.
- SH/T 3240—2025 Technical Specification for Hazard and Operability Analysis (HAZOP) in Petroleum and Chemical Industry
- AQ/T 3034—2022 Guidelines for Chemical Process Safety Management
- GB/T 27921 Risk Management - Risk Assessment Techniques
- IEC 61882 HAZOP Application Guide
3 Terms and Definitions
The following terms and definitions apply to this document.
3.1 Bowtie Analysis
A visual risk management method that takes the Top Event as the core, identifies threats/causes and preventive barriers on the left, consequences and mitigative barriers on the right, and incorporates escalation factors and escalation controls.
3.2 Top Event
A process abnormality or accident scenario that requires key prevention and control and can lead to serious consequences (e.g., "reactor overpressure", "toxic medium leakage").
3.3 Preventive Barrier
Measures to prevent threats from developing into top events (e.g., interlocks, shut-off valves, operating procedures).
3.4 Mitigative Barrier
Measures to reduce the severity of consequences after a top event occurs (e.g., emergency pressure relief, sprinklers, containment dikes).
3.5 Escalation Factor
Factors that cause barrier failure and expand accident consequences (e.g., instrument power failure, human error, corrosion).
3.6 BX Bowtie Software
A specialized tool that complies with this specification, used to quickly generate, edit, and export standardized bowtie diagrams, supporting integration with HAZOP data, barrier verification, and report output.
4 Basic Principles
Bowtie analysis should follow the following basic principles:
- Visualization priority: A single diagram completely presents risk logic, facilitating review, reporting, and on-site application.
- Barrier as core: Focus on the integrity of the three-tier barrier system of "prevention—mitigation—escalation control"
- HAZOP compatibility: Bowtie analysis should be based on HAZOP results to achieve a closed loop of "identification—visualization—control"
- Traceable and verifiable: All threats, consequences, and barriers must have basis and be verifiable.
- Continuous improvement: Bowtie diagrams should be dynamically updated with facility changes, accidents, and inspection results.
5 Analysis Preparation
5.1 Data Collection
The following data should be collected before analysis:
- PFD, P&ID, process descriptions, operating procedures
- HAZOP reports, LOPA reports, SIL reports
- Equipment lists, medium properties, historical accident/hazard data
- Relevant regulations, standards, and enterprise management systems
5.2 Team Formation
The analysis team should include the following members:
- Team leader (with experience in risk analysis and bowtie methods)
- Process, equipment, instrumentation, safety, and operation experts
- BX bowtie software operators
- Green construction/safety review experts (when applicable)
5.3 Scope and Objectives
The scope of the analyzed facility, unit, top event, and output format (bowtie diagram + report) should be clearly defined.
6 Technical Requirements for Bowtie Analysis
6.1 Top Event Selection
Top event selection should meet the following requirements:
- Selected from HAZOP high/medium risk scenarios
- Focus on top events that can cause personnel casualties, equipment damage, and environmental impact
- Each bowtie diagram corresponds to 1 top event
6.2 Left Side (Threats—Preventive Barriers)
The left side analysis should include:
- Identify all threats/causes that may lead to top events (e.g., excessive flow, cooling failure)
- List corresponding preventive barriers (independent protection layers first)
- Identify escalation factors and escalation controls for barriers
6.3 Right Side (Consequences—Mitigative Barriers)
The right side analysis should include:
- Analyze all consequences that may be caused by top events (e.g., fire, explosion, poisoning)
- List corresponding mitigative barriers
- Identify escalation factors and escalation controls for consequences
6.4 Bowtie Diagram Drawing Specifications
Bowtie diagram drawing should meet the following specifications:
- Structure: Top event in the center, threat chain on the left, consequence chain on the right
- Symbols: Unified use of standard symbols (prevention/mitigation/escalation/control)
- Logic: Clear arrows, barriers labeled with "type + number + status"
- Information: Each element labeled with source (e.g., HAZOP node X, SIL report Y)
6.5 Barrier Effectiveness Assessment
Barrier effectiveness assessment should include:
- Assess effectiveness, independence, and operability for each barrier
- Propose improvement suggestions for missing or ineffective barriers (prioritize inherent safety → engineering → management)
- Suggestions should clearly define responsible department, completion time limit, and verification method
7 Functional Requirements for BX Bowtie Software
7.1 Basic Functions
- Template library: Built-in bowtie templates for common installations such as reactors, storage tanks, distillation, heat exchange, etc.
- Data integration: Can import HAZOP reports (Excel/Word) to automatically generate bowtie frameworks
- Symbol standardization: Built-in standard symbol library
- Editing: Drag-and-drop drawing, batch modification, version management
7.2 Compliance Verification
- Automatic checking: Top event completeness, barrier missing, escalation factor omission
- Standard matching: Prompt compliance with SH/T 3240, AQ/T 3034
- Risk matrix: Built-in risk matrix to automatically assess residual risk
7.3 Output
- Export: PDF, PNG, Word reports (including bowtie diagrams + barrier lists + suggestions)
- Reporting: One-click generation of review version, on-site version, management version bowtie diagrams
8 Quality Control
- Process review: Team leader controls the entire process, key nodes signed for confirmation
- Technical review: Expert group (e.g., Green Building Association) reviews bowtie diagrams and reports
- Software verification: All bowtie diagrams must pass BX software compliance verification
- Change management: After facility changes, corresponding bowtie diagrams should be updated within 30 days
9 Report Requirements
Bowtie analysis reports should include the following content:
- Project overview, analysis scope, team members
- Top event list, bowtie diagrams (by unit/facility)
- Barrier list (prevention/mitigation/escalation control)
- Risk assessment results
- Improvement suggestion list (responsibility, time limit, verification)
- BX software verification report