Home Course Concepts About

Safety models and accident models
What are the main factors that allow systems to operate safety?


Heinrich’s domino model A safety model is a set of beliefs or hypotheses (often implicit) about the features and conditions that contribute to the safety of a system. An accident model is a set of beliefs on the way in which accidents and incidents occur in a system and the causal factors that make them possible. The mental models concerning safety are important because they impact system design, operational decisions and behaviours.

We analyze a few accident models and safety models to understand the implicit assumptions underlying the models:

  • fatalism, or accidents as “acts of god”
  • H. Heinrich’s domino model of accident causation, a simple sequential accident model
  • H. Heinrich’s and F. Bird’s safety triangle, the companion safety model
  • epidemiological accident models such as J. Reason’s famous Swiss cheese model
  • the bow-tie model of accident causation and the role of barriers
  • a loss of control safety model
  • J. Rasmussen’s drift into failure model
  • non-linear accident models such as FRAM and STAMP

This submodule is a part of the hazard analysis module.

Course material

Safety models and accident models

Lecture slides (PDF)

Bow ties are a graphical and mostly qualitative method to assess risk and analyze barrier effectiveness. They probably originated in ICI (a UK chemical company) in the late 1970s, building on notions of defence in depth, fault tree analysis, event-tree analysis and Reason’s Swiss cheese accident causation model. It seems that Royal Dutch Shell was first major company to integrate bow-ties into business practices. Over the past twenty years, the method has gained popularity as an intuitive graphical manner of presenting accident scenarios and explaining the importance of barriers.

Applications of the bow-tie tool include:

  • communicating risks, accident scenarios, and the importance of preventive and protective barriers to front-line worker and to managers

  • integration with semi-quantitative risk analysis techniques such as LOPA (Layers of Protection Analysis)

  • identifying and assessing safety barriers (risk reduction measures)

  • making a link between critical safety tasks and the safety management system

  • identifying elements that should be inspected and discussed during safety audits

Assessing risk controls using bow-ties

Lecture slides (PDF)

Last updated: