BowTieServer is designed for use across the organisation

Centralize risk information

BowTieServer centralizes all the bowtie, incident and audit information within an organization in a single database.

Risk information at all levels

BowTieServer aggregates and stores all risk information. It enables the users to get to the right level of detail to be able to perform their job well

Monitor barrier performance

BowTieServer takes the static bowtie diagram and moves it into a dynamic risk picture with an up-to-date overview of the health of your barriers. Important decisions can only be made if you know your current exposure to risk

What is BowTieServer?

BowTieServer unites different risk disciplines in a single, central repository with bowties and related information. It combines all the powerful tools we already have, like BowTieXP, IncidentXP, and AuditXP, and unifies them across the organization. It consists of several modules, which you can choose to activate according to your company needs. It solves some of the harder problems in risk management, how to get a good understanding of your risk exposure, how to aggregate and present all the risk data in your system to the relevant people and how you can be sure that barriers are fully operational.

Centralized Risk Information

The core of BowTieServer is the information repository, which allows you to store all the information you previously had in your BowTieXP/IncidentXP/AuditXP files, into a central database. BowTieServer is fully web based which makes it device independent and accessible from any location.

With BowTieServer companies introduce a consistent approach to risk management throughout the organization. BowTieServer monitors barrier performance over time with inputs from audits, incidents and other systems that provide information on the health of barriers. BowTieServer extends this functionality to the whole organization allowing for benchmarking between business units, detection of systemic errors in the organization and identification of emerging risks.

Personal landing page

Tailored to each user

After logging in to BowTieServer, the user will see their own personal landing page. This personal landing page will only show the information that is relevant to this particular user, based on his or her permissions. Different types of information are shown on the page, such as audit surveys the user needs to fill in, assigned actions and the activities & barriers the user is responsible for. The landing page contains a map, with an overview of the location(s) that are applicable to the user.

Starting point

The personal landing page enables the user to go quickly and effortlessly to the preferred information. For instance, from the landing page, the user can open an audit survey that he has to finish. Furthermore, the user can click on one of the barriers to view the barrier characteristics, related documents, audit results, and incident data of that specific barrier. It is also possible to zoom and pan around the map, or filter by organizational unit type. BowTieServer enables the user to get to the right level of detail to access the required information.

Bowtie WebViewer

The WebViewer enables the user to view the bowties and visualize the diagrams to the user’s wishes in a web browser. The WebViewer reads the bowties from the central repository. This ensures internal consistency and provides assurance that the whole organization is looking at the same bowtie diagram.

Adapting the view by viewer

The WebViewer allows the user to adapt the visualization of the bowtie diagrams. The user can display the diagram or the associated information to their own preference. The WebViewer is easy to use by people who have never worked with bowtie diagrams before.

Adapting the view by the organization

People in the organization only get to view the bowtie diagrams the organization allows them to see in BowTieServer’s WebViewer module. In this way, management controls the spread of information, whilst actively facilitating organizational learning with the WebViewer.

Dashboard & reporting

BowTieServer provides an organization-wide overview of all the risks and related information, and facilitates to quickly drill down to the right level of detail with the reports module. The reports and dashboards available in BowTieServer yield different perspectives on the bowtie data and associated information. This provides groups of users – such as managers, operational personnel or safety professionals – with specific information about how risks are being managed and what the current status of the management system is. The reports and dashboards aim to support informed decision making, by bringing relevant data together, visualizing information and enabling easy navigation between different types of information.

Easy navigation for continuous monitoring

Standard paper reports can get very bulky. For every update, they need to be reprinted and ploughed through to find the specific information you need. The different parts of information you need are also often in different places. This makes continuous monitoring a practical nightmare.

The reports in BowTieServer solve this problem by integrating and uniting many forms of data in a meaningful way. Secondly, the reports have user-friendly filters that allow you to filter the data in the reports to your own needs, to quickly drill down to the information you want. The reports in BowTieServer are interactive, giving the user the opportunity to click through to see the information in another context or in more detail. The picture below provides an overview of the various reports available in BowTieServer.


Action tracking

BowTieServer provides action tracking functionality that is integrated with the various modules. Users can assign actions as to-do items from the bowtie risk assessment, actions as recommendations from audits or incidents and formulate actions from HAZID studies. As actions are completed, the bowtie diagrams are updated with new information, making sure risk information is up-to-date.

Action tracking generates warnings and sends automatic emails when action target dates are overdue. With the BowTieServer action tracking function, you will be able to manage, subdivide and track all your actions. With so many actions relevant to the BowTieServer-managed information (risk, HAZID, audits, incidents, etc.) this has become a vital feature in BowTieServer.

(Sub-) action plan

Executing actions are often mini-projects on their own, for which you need multiple people from different departments to perform their part. The action tracking function now makes it possible to assign sub-actions to multiple sub-action responsible persons (BowTieServer users).

Email notifications & personal landing page

Once a BowTieServer user is assigned as (sub-)action responsible party, the (sub-)action will appear on the user’s personal landing page and an email notification will be sent to him/her.

Progress overview

The action tracking provides clear overviews about the progress of the actions and sub-actions. This gives the action manager the capability to intervene in a timely manner if plans and progress are not aligned. Management will be able to view action data on an enterprise level, interrogating KPIs such as the percentage of overdue actions and looking for any performance differences between organizational units.


Audits & compliance

Many organizations recognize the value of proactively monitoring their barriers. Audit and self-assurance data are an important source of proactive information on the actual status of your barriers. The audits module in BowTieServer facilitates the entire process from data gathering to visualization of the results and reporting. It is also possible to link compliance documents to audit questions and barriers, to specifically audit compliance adherence.

Gathering data

The web interface of the BowTieServer allows you to easily assign surveys to people as a one-off or periodically. An automated e-mail is sent to notify the person who is responsible for the survey. This person can then directly go to the survey or to his or her personal page in BowTieServer to see the survey. It can be filled out via the user-friendly web interface, or it can be downloaded as Excel and filled out offline, which is useful at locations with limited internet access.

Monitoring the cycle

Managers can be given permission to see the status of the surveys. In that way, they can easily monitor whether any surveys are overdue, completed or still in progress.

Compliance frameworks

There are many compliance standards in use across the world covering wide subjects ranging from quality control to safety management. Some of these are considered best practices, where others even have legal implications.

Compliance frameworks in AuditXP bridge the gap between bowties (i.e. barrier-based risk management) and the world of compliance assurance. This feature visualizes how compliance standards are intended to be realized through the deployment of barriers and related activities. If a part of the compliance framework can be mapped on a BowTieXP diagram, it demonstrates that a management system component has been identified and defined in order to address this requirement. By showing where it has not been linked to a barrier, it can also highlight any part of the compliance standard that cannot be directly mapped onto the barrier-based model. This process also demonstrates in various reports to which extent standards and legislative requirements are met, along with a maturity level in the organization.

Visualizing the data

After submitting the survey on BowTieServer, those who have permission can view the data in different ways. One option is to see the results on the bowtie. This gives a good overview of the protection per risk scenario in the bowtie.

The other option is to zoom into an individual barrier and the barrier sheet. This sheet contains all data for the barrier including the audit or self-assurance data. In this way, all information comes together so an expert judgment can be made about the actual status of the barrier and (for example) the effectiveness rating can be adjusted.

A third worthwhile overview is a table displaying the aggregated results per location. In this table, it is also possible to split out the results according to different variables, like criticality and effectiveness. This overview, like all other reports, includes filtering to get to the desired information easily. It also includes possibilities of drilling down to the details, like individual answers with remarks.


  • Easy distribution of surveys
  • User-friendly interface for filling in surveys and possibility to work offline
  • Overviews of survey status (i.e. open, completed, overdue)
  • Insight in current level of risk management via audit or self-assurance results on bowtie
  • All relevant data for barrier monitoring together on one barrier sheet per barrier
  • Flexible overview of results per location
  • Easy navigation between different types of overviews and ability to easily drill down to the level of detail you need
  • Linking compliance frameworks to audit results

Observations & incidents

Incident analysis is an essential way of generating realistic feedback on the quality of your barriers. Many organizations see this potential and try to capture all incidents, ranging from small process disturbances to larger incidents. Especially for larger organizations, this becomes a challenge as they are presented with large numbers of incidents on a daily basis. Keeping track of all that data can be difficult and analyzing it to produce practical recommendations can be even harder. The incidents module of BowTieServer is designed to relieve the burden of this process by:

  • Speeding up the incident registration process through a quick and easy online form
  • Reducing the workload by assessing which depth of analysis is required for each incident
  • Providing simple tools that collect meaningful data about barrier failures (SIR)
  • Offering the option for in-depth analysis for incidents that require this
  • Helping to prioritize recommendations and follow-up actions from a risk-based perspective.

The incident module of BowTieServer makes it easier to collect meaningful incident data and subject that data to effective analysis. All this information is stored in a central location, allowing multiple organizational units to also learn from incidents that occurred elsewhere.

Registration of an incident

Each incident analysis starts with the registration of an incident. Registration should be as quick and easy as possible and avoid long bureaucratic forms. The customizable incident registration forms in BowTieServer will only prompt the questions that are relevant based on previous answers (e.g. if it was indicated that there were no injuries in the incident, the subsequent questions dealing with the nature of the injury will not be prompted). This saves time and provides valuable information for the triage phase.

Triage of incident severity

No organization has the resources to scrutinize every incident to the full extent. While some more complex incidents warrant a full-fledged analysis, filling out a form may suffice for more mundane incidents. Deciding which level of analysis is required is often referred to as triage and is essential to capture the right information whilst keeping the workload at an acceptable level. Incidents with the lowest severity can be closed by completing the form. The medium severe incidents can be subjected to the Scenario-based Incident Registration (SIR) tool, an easy to use tool that uses bowtie scenarios as a template to link incidents to barrier failures. The highest severity incidents can be investigated with the full-fledged incident analysis tools in IncidentXP.

Scenario-based Incident Registration (SIR)

The Scenario-based Incident Registration (SIR) module is meant to capture barrier data on incidents with medium severity. Users are guided through the incident analysis with a simple wizard and helpful features. Questions become more specific based on given answers. The wizard includes simple pieces of a predefined bowtie to help provide context and understanding (see picture below). Once the wizard has been completed, the program will generate a list of failed barriers including the reasons why they failed. These results are automatically linked to the bowtie barriers and aggregated. This helps to monitor the overall health status of your barriers.

Full IncidentXP analysis

For incidents with a higher level of severity, filling out a form or using a template does not suffice. A more elaborate method is required to understand and learn from what happened. When incidents are classified as complex or highly severe in BowTieServer, the information already available can be pushed through to IncidentXP. Using this expert tool, a group of specialists can complete a full barrier-based incident analysis and produce elaborate reports. These results can also be linked to the bowtie barriers that can be viewed in BowTieServer.


After the incidents have been analyzed, recommendations can be made. As the incidents have been analyzed with barrier-based methods, the recommendations can be linked to actual barriers. These recommendations can then be projected onto the overall related bowtie diagrams. This provides the overview required to prioritize the recommendations realistically. For example, recommendations on critical barriers or particular weak spots in the bowtie should be addressed first.


Hazard Identification (HAZID)

The HAZID module is a user-friendly web interface that makes the hazard identification and assessment process easier to execute, standardize and communicate. The tool sets up a complete risk register containing all your hazards and helps you split them into high and low priority groups. The high priority hazards are immediately prepared for bowtie analysis by automatically creating a basic bowtie diagram based upon the input of the HAZID session. The low and high priority hazards will both be stored in a hazard register to provide a complete overview.

Easy to execute and communicate

When you start a new HAZID session, the tool will guide you through a logical and user-friendly workflow. This will result into a complete register, containing both high and low priority hazards. The results can be (re)viewed by all BowTieServer users who have permissions to do so.

Standardize the HAZID process

List(s) of already known hazards can be imported into the HAZID module. It is possible to load a generic list of hazards (e.g. ISO 17776 generic list of oil & gas hazards) or to create a unique list for your organization.

Ready for bowtie analysis

Potential top event(s) and consequences are identified for each of the individual hazards during the HAZID session. This information is used to assign an inherent severity rating for the hazard, using the organization’s risk matrices. The hazards will be divided into high and low priority hazards according to parameters set by the user. Subsequently, the high priority hazards will be automatically prepared for bowtie analysis. This provides the user with a flying start for the bowtie risk assessment.


Wiki information management

The BowTieServer wiki module allows documentation to be integrated into risk management. Instead of having separate documents floating around, the documentation can be part of the bowties and linked to specific sections or even paragraphs. No more wading through endless documents. Link and display only those pieces of a standard or procedure that are relevant to what you’re doing or viewing. Take the next step in structuring your risk information.

Structuring your information

Wiki pages are a way to manage extensive information relating to your management system. The information is always structured: either via the structure of your overall approach, via the chapters of your controlling documents, or by using a barrier based risk management model.

Information in the right context

The information that is structured in the wiki or via the barrier based risk management model can be used by all people in the organization in the right context. Via the personal landing page in BowTieServer you can view the information via the bowties, reports or the wiki pages in the context of your work.


The wiki functionality allows for a number of applications:

  • Electronic Safety Case
  • Contextual Information Management
  • Compliance Management
  • Project Control
  • Safety Management System (SMS)
  • Operating Procedures
  • Knowledge Management
  • Contract Management
  • Extended Audit Documentation
  • Extended Incident Documentation
  • Linking the paper compliance world to real barrier based risk management

This approach connects the paper risk compliance world and the real barrier based risk management world, so people that deal with risks in an organization understand how processes are related to barriers, threats, hazards, consequences, responsible people, relevant activities and procedures. Connecting the real world and paper world via BowTieServer wiki can get a company from a bureaucratic fallacy to a better situation. In the latter, the real world and paper world are the same.

The “bureaucratic fallacy” situation:

The wiki information management situation:


Work BowTies

The Work BowTie module is meant to support task risk assessment by the workforce, based on a set of standard bowties per type of job. Instead of a “tick-box exercise”, the individual workers see the hazards, top event, threats, consequences and critical barriers for the job that they will be performing in a visual diagram. The hazards and the barriers can be linked to major hazard risk assessments and life-saving rules.

Using bowties for task risk assessment

In oil & gas, the risks in high hazard operations need to be assessed before starting the task. This is traditionally done using a Task Risk Assessment (TRA), but even with good intentions the TRA quickly becomes a tick-the-box exercise that doesn’t adequately assess the possible risks. Together with our customers we have developed a way to apply the bowtie method to TRA. This has resulted in a method for visual risk assessment that greatly increased risk awareness of the operational crew during non-routine operations.

The Work BowTie process delivers a high-quality TRA, while still being time efficient. It does this by providing a set of template bowties that cover the most common risks (like working at height, electricity, hot work, etc.). This jump-starts the most difficult part of any risk assessment: determining the scope. Teams choose the applicable bowties and start removing scenarios that are not relevant.

This is not a tick-the-box exercise, as attention is required to remove the incorrect scenarios and avoid redundant work in the next steps. Once the template bowtie has been pruned, applicable scenarios and control measures that were not yet in the bowtie can be added. Lastly, responsibilities are assigned to the control measures, so everybody knows what they are supposed to do.

Balancing time constraints with the attention that a risk assessment requires is a challenge, but Work BowTies achieve this while providing a more thorough assessment that will increase risk awareness.


To make it more usable and accessible, the Work BowTies are presented in a web browser. Any PC, tablet or mobile device can use it.

Practical report

Produce useful reports, optimized to be taken into the field for quick reference. No useless paperwork.

Approval workflow

Getting an assessment signed off is part of the standard workflow. A supervisor can simply accept, or give comments where the risk is unacceptable.

image description


Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor.

Find out more
image description


Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor.

Find out more
image description

Another CTA

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor.

Find out more