Bow-Tie Diagram

The bow-tie method is a powerful tool for visualizing and managing risks. Named after its distinctive shape, this tool is used to analyze the causes and consequences of potential risks.

At the center of the bow-tie diagram is the “top event,” which represents the risk being analyzed. On the left side of the diagram are the potential causes of the top event, while on the right side are the potential consequences. The diagram also includes barriers or controls that can be put in place to prevent or mitigate the risk.

To create a bow-tie diagram identify the “top event” representing the risk being analyzed. This is placed at the center of the diagram.

Next, you identify the potential causes of the top event and place them on the left side of the diagram. These causes can be further broken down into sub-causes if necessary.

On the right side of the diagram, you identify the potential consequences of the top event. These can also be further broken down into sub-consequences if necessary.

Once you have identified the causes and consequences of the top event, you can then add barriers or controls to the diagram. These are measures that can be put in place to prevent or mitigate the risk. Barriers can be placed between the causes and the top event to prevent it from occurring, while controls can be placed between the top event and its consequences to mitigate their impact.

The bow-tie method works by providing a clear and concise visual representation of a risk and its potential impacts. This allows stakeholders to better understand the risk and identify areas where additional controls may be needed.

This tool also works nicely with desirable consequences.

This picture showed up when I typed bow-tie on my computer. It’s relevant

Resilience

In the current world scenario, which is marked by high volatility, uncertainty, complexity, and ambiguity (VUCA), threats are increasingly unforeseen. As organizations, we are striving for this concept of Resilience.

Resilience is one of those hot words, and like many hot business terms it can mean a few different things depending on who is using it, and that can lead to confusion. I tend to see the following uses, which are similar in theme.

Where used	Meaning
Physics	The property of a material to absorb energy when deformed and not fracture nor break; in other words, the material’s elasticity.
Ecology	The capacity of an ecosystem to absorb and respond to disturbances without permanent damage to the relationships between species.
Psychology	An individual’s coping mechanisms and strategies.
Organizational and Management studies	The ability to maintain an acceptable level of service in the face of periodic or catastrophic systemic and singular faults and disruptions (e.g. natural disasters, cyber or terrorist attacks, supply chain disturbances).

For our purposes, resilience can be viewed as the ability of an organization to maintain quality over time, in the face of faults and disruptions. Given we live in a time of disruption, resilience is obviously of great interest to us.

In my post “Principles behind a good system” I lay out eight principles for good system development. Resilience is not a principle, it is an outcome. It is through applying our principles we gain resilience. However, like any outcome we need to design for it deliberately.

Principles behind a good system

We gain resilience in the organization through levers that can be lumped together as operational and organizational.

The attributes that give resilience are the same that we build as part of our quality culture:

The ability to anticipate problems before they build-up (includes risk management)
Diversified structural flexibility to respond to both adverse and beneficial changes
Broken down silos and glass ceilings to allow risk information to flow freely and prevent ‘risk blindness’
Rapid response capabilities to avoid incidents escalating into crises
Learn from previous mistakes from themselves and others making the necessary changes

On the operational side, we have processes to drive risk management, business continuity, and issue management. A set of activities that we engage in.

Like many activities they key is to think of these as holistic endeavors proactively building resiliency into the organizaiton.

Call a Band-Aid a Band-Aid: Corrections and Problem-Solving

A common mistake made in problem-solving, especially within the deviation process, is not giving enough foresight to band-aids. As I discussed in the post “Treating All Investigations the Same” it is important to be able to determine what problems need deep root-cause analysis and which ones should be more catch and release.

For catch and release you usually correct, document, and close. In these cases the problem is inherently small enough and the experience suggesting a possible course of action – the correction – sound enough, that you can proceed without root cause analysis and a solution. If those problems persist, and experience and intuition-drive solutions prove ineffective, then we might decide to engage in structured problem-solving for a more effective solution and outcome.

In the post “When troubleshooting causes trouble” I discussed that lays out the 4Cs: Concern, Cause, Countermeasure, Check Results. It is during the Countermeasure step that we determine what immediate or temporary countermeasures can be taken to reduce or eliminate the problem? Where we apply correction and immediate action.

It helps to agree on what a correction is, especially as it relates to corrective actions. Folks often get confused here. A Correction addresses the problem, it does not get to addressing the cause.

Fixing a tire, rebooting a computer, doing the dishes. These are all corrections.

As I discussed in “Design Problem Solving into the Process” good process design involves thinking of as many problems that could occur, identifying the ways to notice these problems, and having clear escalation paths. For low-risk issues, that is often just fix, record, move on. I talk a lot more about this in the post “Managing Events Systematically.”

A good problem-solving system is built to help people decide when to apply these band-aids, and when to engage in more structured problem-solving. This reliance on situational awareness is key to build into the organization.

Risk, Hazard and Harm

Risk Is….
The combination of the probability of the occurrence of the harm and the severity of that harm.	The effect of uncertainty on objectives	Often characterized by reference to the potential event and consequences or combination of these	Often expressed in terms of a combination of the consequences of an event (including in changes in circumstances) and the associated likelihood of the occurrence

Hazard, harm and risk

Hazard	Harm	Risk
Enabling state that leads to the possibility of harm	Injury or damage	Probability of harm from a situation triggered by the hazard.

Hazard harm and risk

A hazard is defined in ISO 12100 as “The potential source of harm.” This definition is carried through other ISOs and regulatory guidances. The hazard is what could go wrong, our “What If…”, it is when we start engaging the outcome identification loop to query uncertainty about the future.

Harm are those injuries or damages I should care about.

Every risk assessment is really asking “What could go wrong,” and then answering two questions:

If it did go wrong how bad is it – the Harm
And how likely is it to go wrong – Probability.

Risk is then the combination of those things as a magnitude or priority.

Risk assessment tools break down into two major camps. Those that start with the hazards, asking how something can fail; and those that start with the harms, asking what bad things do we want to avoid.

Escalation of Critical Events

Event management systems need to have an escalation mechanism to ensure critical events are quickly elevated to a senior level to ensure organization-wide timely reactions.

There are many reasons for a fast escalation.

Events that trigger reporting to Regulatory Agencies (e.g. Serious Breach, Urgent Safety Measures (UK), Field Alerts, Biological Product Deviation, Medical Device Report)
Events that require immediate action to prevent additional harm from across the organization
Events that require marshalling resources from large parts of the organization

GMP	GCP	GPVP	GLP	Research	IT
• Impact to data integrity • Impact to product quality/supply	• Impact to data integrity • Data/privacy breach	• Event impacting on-time compliance rates (not isolated/steady state)	• Impact to data integrity	• Impact to data integrity	• Reference GxP area for Impact resulting from/linked to system error/failure
• Product Quality/ CMC events in accordance with MRB criteria (or other events of similar scope of impact)	• Impact to study integrity • Impact to subject’s safety, rights or welfare	• Gaps in reporting/ collection of potential AEs	• Impact to study integrity	• Impact to study integrity	• System design, testing, deployment, upgrade, etc. event impacting GxP data integrity or regulatory compliance
• Recurring event with broad scope of impact	• Recurring event with broad scope of impact	• Recurring event with broad scope of impact	• Recurring event with broad scope of impact	• Recurring event with broad scope of impact	• Recurring event with broad scope of impact
• Impact to program milestones & corporate goals	• Impact to program milestones & corporate goals	• Impact to program milestones & corporate goals	• Impact to program milestones & corporate goals	• Impact to program milestones & corporate goals
• Potential Falsified or Counterfeit Product				• Potential Fraud or Misconduct	• Potential Fraud or Misconduct
• Credible Risk of Product Shortage				• Quality event with patient safety risk/gap	• GxP Data Breach
• Potential Product Recall				• Significant Quality Event Notified to Regulatory Authority	• System error or failure with significant GxP compliance impact
· Potential Critical Finding Resulting from Regulatory Authority Inspection or Audit by External Body/Third Party · Quality Event/Observation Classified as Critical (Event or Internal Audit) Notification from Regulatory Authority or other External Authority of Findings of Significant/Critical Quality Deficiency (inspection or other than through inspection) o e.g.; Refusal to File, Notification of Inadequate Response to Inspection Findings (e.g.; Other Action Indicated (FDA classification), Warning Letter

You can drill down to a lower, more practical level, like this

Escalation Criteria	Examples of Quality Events for Escalation
Potential to adversely affect quality, safety, efficacy, performance or compliance of product (commercial or clinical)	• Contamination (product, raw material, equipment, micro; environmental) • Product defect/deviation from process parameters or specification (on file with agencies) • Significant GMP deviations • Incorrect/deficient labeling • Product complaints (significant PC, trends in PCs) • OOS/OOT (e.g., stability)
Product counterfeiting, tampering, theft	• Product counterfeiting, tampering, theft reportable to Health Authority (HA) • Lost/stolen IMP • Fraud or misconduct associated with counterfeiting, tampering, theft • Potential to impact product supply (e.g., removal, correction, recall)
Product shortage likely to disrupt patient care and/or reportable to HA	• Disruption of product supply due to product quality events, natural disasters (business continuity disruption), OOS impact, capacity constraints
Potential to cause patient harm associated with a product quality event	• Urgent Safety Measure, Serious Breach, Significant Product Compliant, Safety Signal that are determined associated with a product quality event
Significant GMP non-compliance/event	• Non-compliance or non-conformance event with potential to impact product performance meeting specification, safety efficacy or regulatory requirements
Regulatory Compliance Event	• Significant (critical, repeat) regulatory inspection findings, lack of commitment adherence • Notification of directed/for cause inspection • Notification of HA correspondence indicating potential regulatory action