We use necessary cookies to make our website work. We'd also like to use optional cookies to understand how you use it, and to help us improve it.

For more information, please read our cookie policy.

UK Civil Aviation Regulations

These are published by the CAA on our UK Regulations pages. EU Regulations and EASA Access Guides published by EASA no longer apply in the UK. Our website and publications are being reviewed to update all references. Any references to EU law and EASA Access guides should be disregarded and where applicable the equivalent UK versions referred to instead.

When a bowtie is completed, it provides a snapshot of the current risk landscape as it is understood at the time.

As with all risk assessment methodologies, bowties should be reviewed and updated in order to:

  • Ensure that they remain relevant in terms of changes to the operation or organisation; and
  • Reflect learning’s from various safety intelligence sources to validate or update assumptions made at the time of developing the bowtie.

Defining an appropriate review process will maintain the bowties as active representations of the risk landscape and ensure appropriate management strategies and targeted resource allocation.

What to review

Information sources

  • Safety Performance Indicators
  • Changes to the operating environment (e.g. types of equipment, changes to SOPs, emerging innovation etc.)
  • Changes to the organisational structure (e.g. restructuring of safety responsibilities and accountabilities)
  • External information from relevant industry or state bodies (e.g. awareness of issues not necessarily encountered first hand but nonetheless relevant)


  • Are there new threats or are some threats no longer pertinent?
  • Has the exposure to the Threats changed?


  • Are there changes to how the threats or escalation factors are being managed (e.g. have any controls been modified, created or removed)?
  • Are there changes to the post holders accountable for the controls?
  • Are the control effectiveness ratings still valid?

Escalation factors

  • Are the escalation factors an appropriate representation of the significant issues?

Keep in mind that the purpose of including escalation factors in a bowtie is to capture issues that require attention and active management. During the review process it is desirable not only to add new issues but also to remove those that are no longer required.


  • Has the nature of the consequences changed?
  • Is the likelihood or severity of the consequence changed given the review of the other diagram elements (e.g. have the risk matrix inputs changed)?

When to review

According to the existing SMS details regarding risk assessment reviews.

For example:

  • Reactively, following a significant incident or accident;
  • Proactively, as per a scheduled review program (e.g. annually).

How to review:

According to the existing SMS details regarding risk assessment reviews.

For example:

  • Facilitated workshop with relevant SMEs;
  • Distribution of results according to stakeholders and significance.