Barrier Health Article

An article written by: Paul McCulloch

ChatGPT gives the following definition:

‘In barrier risk management, barrier health refers to the condition and effectiveness of barriers designed to prevent or mitigate risks in various systems, such as industrial facilities or natural environments. These barriers could include physical barriers, procedural controls, or technical safeguards. Assessing barrier health involves evaluating their integrity, functionality, and adequacy to withstand potential threats or hazards.’

Our definition on barrier health is simpler:

‘Barrier health refers to the adequacy of the barrier in its operation. Its health is evaluated by assessing its integrity in operation.’

There are 2 ways to consider is barrier health assessment, subjectively, i.e. based how we feel about the barrier or objectively, what does the evidence / data we have says about the barrier.

To further define this

Subjective Barrier Health Definition

Subjective barrier health refers to the perceived effectiveness or reliability of a barrier health based on human judgment, experience, or qualitative assessment.

• Based on Opinion & Experience – Evaluated by experts, operators, or inspectors rather than measured scientifically.
• Lack of Hard Data – May not have quantitative metrics to support its effectiveness.
• Influenced by Perception – Can be affected by biases, recent incidents, or personal confidence in the system.
• Common in Risk Management – Used when objective data is unavailable, expensive, or impractical to collect.

Objective Barrier Health Definition

Objective Barrier refers to a measurable assessment of the effectiveness, reliability, and condition of a barrier and is based on quantifiable data.

• Functionality – Is the barrier or control performing as expected?
• Integrity – Is it structurally or procedurally sound?
• Reliability – How often does it fail or require maintenance?
• Monitoring & Testing – How frequently is it checked and validated?
• Compliance – Does it meet regulatory and safety standards?

The following section considers how we perform each type of assessment.

An individual or team of people assess the barrier health based on a word model. Here are two typical word model styles we come across:

The difference between the two models is, Model A measures how well something is done or how good it is, and Model B assesses whether something works or not rather than how good it is. Model B is easier for an individual or team to use as it is simpler to assess if something is working rather than how well it works.

Both models do require a descriptor for each word to help with consistency across the users. For example, we could add the following descriptors to each word model.

As a first pass of barrier health, being subjective can be very achievable for an organisation to implement. It allows you to rank your barriers by barrier health to focus on those barriers not delivering the required outcomes.

But as you mature with barrier thinking as an organisation, being subjective starts to cause issues.

1. Lack of Precision
   1. Model A (Quality-Based): Terms like Good and Very Good are vague and open to interpretation. Different individuals or teams may rate the same barrier differently.
   2. Model B (Effectiveness-Based): While more focused, "Partially Effective" can be ambiguous—does it mean 50% effective or 90% effective?
2. Lack of Quantifiable Measurement
   1. Neither model provides numerical values or thresholds for decision-making.
   2. A barrier rated as Poor in Model A or Partially Effective in Model B doesn't indicate how much improvement is needed or what specific criteria were met.
3. Ambiguity in Actionability
   1. If a barrier is Poor or Partially Effective, it's unclear whether it needs minor improvements or a complete overhaul.
   2. Unknown in Model A and Not Present in Model B provide little insight into why data is missing or how to address it.
4. Potential for Misinterpretation
   1. A control rated Good in Model A may not necessarily be effective in preventing failures or risks.
   2. Effective in Model B may imply a barrier is working now but does not assess if it will remain reliable over time.
5. No Consideration for Degradation or Maintenance
   1. Barriers degrade over time, but these models do not track trends.
   2. A barrier rated as Effective today may become Partially Effective later, but without history, that decline may go unnoticed.

Being objective about barrier health is significantly harder than subjective, but the increased effort can be worth the benefit of moving to an evidence-based approach as it gives a reliable view of health by removing biases that being subjective introduces. The effort for being objective is very much front end loaded, once the evidence is known then it becomes repeatable and less influenced by individual bias.

First step in moving to an objective barrier health assessment is to consider the types of barriers your organisation has, as these types help you consider what evidence to you need to find to support the assessment.

The examples below use the barrier type word model from Center for Chemical Process Safety (CCPS) / Energy Institute publication ‘Bow ties in Risk Management’.

Active Hardware

Active hardware barrier is a physical system that requires activation or operation to function and are triggered by an event and must respond effectively.

• Trip system
• Pressure relief valves
• Electrical circuit breaker

Since these barriers must function immediately when needed, their health assessment should focus on:

• Readiness (is always it operational?)
• Activation reliability (does it respond when triggered?)
• Performance effectiveness (does it work as designed?)

Do we maintain, inspect and test at an appropriate frequency?

For example - High level trip system on a tank,

• Do we test the function of the trip to ensure, when the high level is reached, the system takes the appropriate action and confirm that the action occurs, i.e. the inlet trip valve closes fully, and the level stays static

Active Hardware and Human

This type of barrier requires both a hardware activation and human intervention to function effectively. Unlike purely automated systems, these barriers depend on:

• Human performance (decision-making, reaction time, and procedural compliance)
• Hardware reliability (equipment readiness, activation success, and effectiveness)

It’s good to introduce Detect, Decide & Act to help understand which element is doing which role, and hence how do we evaluate the health of the barrier.

For example, if we are talking about a high-level alarm with operator response on a storage tank, then the alarm is doing the Detection, we need to test the function of the alarm to ensure, it goes alerts the operator as the desired level.

The human performance is a much more abstract concept,

• Will the human see the alarm?
• Will they understand that they need Decide to do something?
• Do they have the knowledge to make the correct decision?
• Will the decision be communicated and action taken.

Another human could be performing the Action associated with the alarm.

• Have they understood the instruction?
• Can they act in a timely fashion?
• Have they carried out the instruction correctly as changed the run down to another tank and isolated the storage tank in alarm, then have the communicated back to say the action is completed.

Active Human

As we have said above, the human performance is a much more abstract concept versus the simplicity of hardware performance. It is a blend of sufficient time, knowledge/skills needed, fatigue, clarity, no conflicting instructions and supervision reinforcement.

If we consider the following barrier “Ullage calculation, import plan and monitoring / delivery of the import plan” The ullage calculation Detect how much space is in the tank, creating the import plan, decides what the operating team should do, and the monitoring / delivery of the import plan delivers the required Action

Passive Hardware

Passive Hardwar is a barrier that does not require activation or human intervention to function. Examples include:

• Fire-resistant walls (prevent fire spread)
• Blast walls (absorb explosions)
• Secondary containment systems (prevent spills)
• Pressure relief structures (prevent overpressure damage)

Because passive hardware does not actively respond to an event, assessing their health objectively requires consideration around structural integrity checks, degradation analysis, and compliance verification rather than performance tests like active hardware.

Continuous Hardware

Continuous hardware is a barrier that provides constant protection rather than activating only during an event. Examples include:

• Ventilation and air filtration systems (maintain air quality)
• Structural drainage systems (prevent flooding)

Because these barriers are always in operation, their health assessment must focus on real-time performance, reliability, and degradation over time.

Converting evidence

An objective barrier health assessment can become very complex, with lots of evidence associate to a barrier. That evidence needs to transition into a score or measure to allow ranking of barriers using their barrier health score and actionability from that score, i.e. fixing / making things better.

Converting evidence into a score requires understanding of how barrier works, either specific barriers or collections are barrier type. When designing an objective barrier health scoring system there are two main approaches are:

• Start at 100% and deduct points for negative evidence (Degradation Model)
• Start at 0% and add points for positive evidence (Building Model)

Option 1

Start at 100 and Deduct Points (Degradation Model)

Pros:

• Reflects real-world deterioration (e.g., aging equipment, human errors, non-compliance).
• Easy to interpret: A high score means minimal degradation, while a lower score signals a problem.
• Aligns with risk-based maintenance—barriers degrade over time without intervention.

Cons:

• Heavily penalised systems may appear worse than they actually are if minor issues accumulate.
• If not well-calibrated, over-deduction may lead to premature concerns.
• Best For: Physical and technical barriers (e.g., firewalls, alarms, ESD systems).

Option 2

Start at 0 and Add Points (Building Model)

Pros:

• Reinforces positive performance and rewards well-maintained systems.
• Encourages proactive behaviour, as only verified effectiveness increases the score.
• Useful for barriers heavily reliant on human intervention (e.g., training, procedural compliance).

Cons:

• Can underestimate the inherent reliability of systems that don’t need frequent intervention.
• If scoring criteria are weak, some barriers might never reach a high score even if effective.
• Best For: Human and procedural barriers (e.g., emergency response, PTW systems).

An organisation could take the approach that for hardware barrier, it follows the degradation approach and for Human barriers it follows the building approach.

Example scoring for a dual implementation could look like the following

Let’s consider a ‘High Level Alarm with operator response’ example with the scoring model:

Once we have established a score, that needs to be translated into a clear risk-based system for decision-making:

For the High-Level Alarm example above

• For the hardware element - a partial failure in testing (-30) and maintenance is overdue (-20), the total score would be 100 - 30 - 20 = 50 (Significant Degradation).
• For the Human element - If the operator is trained (+20), passed a drill test (+30), and made the right decision in a real event (+40), the total score would be 0 + 20 + 30 + 40 = 90 (Fully Effective).
• Final score – two elements so let’s take a 50:50 weighting.
  • Alarm health score: 50 goes to 25
  • Operator response score: 90 goes to 45
  • Final Score = 25 (50% Alarm) + 45 (50% Operator) = 70 (Moderate Degradation) and Action is needed.

Hybrid Approach

A hybrid approach combines objective, data-driven metrics with subjective expert judgment to provide a balanced and realistic assessment of barrier health.

• Objective assessments provide measurable, repeatable data, but may miss context (e.g., why a barrier is degrading).
• Subjective insights capture real-world experience and expert judgment but can be inconsistent and prone to bias.
• Combining both ensures a more holistic and accurate barrier health evaluation.

This is our preferred approach for an organisation in using both styles of assessments to assess barrier health. We can revisit the CCPS/EI barrier types and consider which is the most appropriate style of assessment to use for those collections of barriers.

Advantages of the Hybrid Approach

• Improves Accuracy – Uses hard data but allows expert contextual adjustments.
• Reduces Blind Spots – Captures technical failures (objective) and practical usability issues (subjective).
• Balances Risk & Performance – Prioritises actions based on both data and real-world experience.
• Encourages Workforce Engagement – Involving operators and engineers in assessments increases buy-in for improvements.

In part 2 of Barrier Health article, we will have some practical examples of undertaking an Objective Barrier Health assessment. The examples we will cover

• High level alarm with operator response on a storage tank
• Ignition control
• High level trip system on a storage tank