The Significant Seven bowtie templates provide a generic overview of the various hazards and how they are managed from an industry wide perspective.
You should customise these templates to improve their relevance and practical application to your own organisation.
- When conducting the reviews and customising the bowties see bowtie elements for guidance on bowtie best practices in general.
- Consider using the workshop format for the customising process (as described in getting the best content for a bowtie model). The relevance and accuracy of the bowties will benefit from the direct input of your Subject Matter Experts (SMEs).
Specific tasks required to customise a bowtie template
Review all of the basic elements to establish if they are applicable to your organisation (e.g. threats, consequences, controls, escalation factors and escalation factor controls) and modify / create / delete as appropriate.
- Tip: Bowtie templates often include controls managed entirely by other industry stakeholders.
Customise the additional information aspects of the bowtie (e.g. accountable post holders, control effectiveness and criticality etc.) by reviewing and modifying as appropriate.
- Tip: Don’t shy away from making definitive effectiveness ratings. There is often a tendency to use middle of the road ratings however by utilising the full range of options appropriately you will be improving the risk management potential of your bowtie by clearly highlighting strengths and weaknesses in the system.
- Tip: Link the appropriate accountable post holders to the controls under your management.
- Tip: Complete the escalation factor and escalation factor reviews before deciding on the appropriate control effectiveness ratings for controls under your management.
For controls that are under the management of external stakeholders, consider either using the baseline rating, rating them according to your experiences of them or discussing with the stakeholder involved directly.