• Control function

    As described in the Bowtie Elements section, controls can be identified according to their function within the bowtie.

    These ‘functions’ are allocated to provide clarity for the end user as well as appreciating where operational efforts are focused upon (e.g. is there more we can do to eliminate the threat as the majority of controls are preventative?).

    Control criticality

    Not all controls will have the same importance with regard to the management of a specific threat.

    Differentiating control significance according to criticality (e.g. ‘standard controls’ and ‘critical controls’) provides benefits such as:

    • Focusing attention for the purpose of communication to stakeholders.
    • Highlighting which controls require a greater depth of detail in terms of escalation factor consideration.
    • Standard controls are still required for the management of the threat (otherwise there would be no reason to have them) and their importance should not be disregarded. For example, having several standard controls failing in sequence may be just as significant a problem as having one critical control failure.

    Considerations for rating a control’s criticality

    To assist with the decision as to whether a control should be classified as critical or standard, consider the following questions:

    • If the control were absent or only rated as ‘very poor’ in terms of effectiveness, would you be thinking of stopping the operation?
    • If the control were absent or only rated as ‘very poor’ in terms of effectiveness and the operation were audited by the Regulator, would it be likely to result in a Level 1 finding?
    • If the control is related to a piece of technical equipment, would its un-serviceability be a ‘no-go’ item (e.g. there would not be MEL relief available)?

    These questions act as an aid to the decision making process. It is not necessary that a ‘yes’ to one of the above questions be obtained before rating a control as critical; similarly a ‘yes’ does not mean that it must be rated as ‘critical’ rather, it provides an indication that it may be appropriate to assign a ‘critical’ rating.