We use necessary cookies to make our website work. We'd also like to use optional cookies to understand how you use it, and to help us improve it.

For more information, please read our cookie policy.

UK Civil Aviation Regulations

These are published by the CAA on our UK Regulations pages. EU Regulations and EASA Access Guides published by EASA no longer apply in the UK. Our website and publications are being reviewed to update all references. Any references to EU law and EASA Access guides should be disregarded and where applicable the equivalent UK versions referred to instead.



Control function

As described in the Bowtie Elements section, controls can be identified according to their function within the bowtie.

These ‘functions’ are allocated to provide clarity for the end user as well as appreciating where operational efforts are focused upon (e.g. is there more we can do to eliminate the threat as most controls are aimed at being preventative?).

Control criticality

Not all controls will have the same importance with regard to the management of a specific threat.

Differentiating control significance according to criticality (e.g. ‘standard controls’ and ‘critical controls’) provides benefits such as:

  • Focusing attention for the purpose of communication to stakeholders.
  • Highlighting which controls require a greater depth of detail in terms of escalation factor consideration.
  • Standard controls are still required for the management of the threat (otherwise there would be no reason to have them) and their importance should not be disregarded. For example, having several standard controls failing in sequence may be just as significant a problem as having one critical control failure.

Considerations for rating a control’s criticality

To assist with the decision as to whether a control should be classified as critical or standard, consider the following questions:

  • If the control were absent or only rated as ‘very poor’ in terms of effectiveness, would you be thinking of discontinuing the operation?
  • If the controls were absent or only rated as ‘very poor’ in terms of effectiveness and the operation were audited by the Regulator, would it be likely to result in a Level 1 finding?
  • If the control is related to a piece of technical equipment, would its un-serviceability be a ‘no-go’ item (e.g. there would not be MEL relief available)?

These questions act as an aid to the decision-making process. It is not necessary that a ‘yes’ to one of the above questions be obtained before rating a control as critical; similarly, a ‘yes’ does not mean that it must be rated as ‘critical’ rather, it provides an indication that it may be appropriate to assign a ‘critical’ rating.