System analysis and risk mitigation using Swiss Cheese model

System analysis and risk mitigation using Swiss Cheese model
March 14, 2018 Lakshmi Yanamandra

System analysis and risk mitigation using Swiss Cheese model

Source: skybrary

The Swiss Cheese Model, originally propounded by James Reason, is a widely used framework for risk analysis and risk mitigation in diverse domains, including aviation, software systems, and IT security. This model is based on a simple principle that software systems can be visualized like slices of Swiss cheese stacked next to each other, and that a mistake or hole in one level or one slice, can be prevented from propagating to other layers or slices, by a set of appropriate checkpoints at multiple levels. These simple, yet carefully placed checkpoints can help isolated risks in one layer from becoming threats in other layers. In other words, layered security prevents single-point failures from propagating to the rest of the system. This model also recognizes how people, processes, and human error come together to cause breakdown of complex systems.

Imagine a scenario where there is a checkpoint failure at one level, and the risk is passed through to the next level ! Often this doesn’t get noticed or affect the system, thanks to checkpoints in other layers. It is only when the risk slips through checkpoints in all layers, or holes across all the slices of cheese, then all the holes are aligned, and results in a full-blown accident or business catastrophe. Thus, accidents or system failures in complex systems are often the result of confluence of multiple contributing factors.

Risk analysis and mitigation using Swiss Cheese Model

The Swiss Cheese Model provides a robust framework for proactive risk analysis and mitigation, and is a powerful tool to prevent accidents and system-wide disasters. This model provides a strong imperative for early identification of risks and timely mitigation strategies at all levels of the organisation, or across all layers of a system.

A Business analyst entrusted with the task of risk mitigation, should evaluate all possible risks from multiple dimensions, and propose appropriate strategies as required, and spread them across multiple layers. This ensures that defensive lapses and weaknesses in one layer, do not propagate to other layers, thereby preventing a single-point of failure.

In designing complex systems and processes, it’s important to build-in multiple layers of defense, especially when there’s a lot at stake. Risk analysis and mitigation must be approached from multiple perspectives as explained below:

Analysis from a time-frame perspective:

A Business analyst should look at risk from a timeline perspective, and suggest the most appropriate strategy for risk mitigation. Solutions should be proposed based on key factors such as – at what point in time has the risk been identified and what kind of an impact will it have on the system. Based on these factors, one should consider different strategies to plan, adapt, prepare, manage risk in the system.

Analysis from a catastrophic failure perspective:

Even though one cannot foresee all possible risks to a system, one should be always prepared for the unlikely scenario of all holes across multiple slices lining up perfectly, or in other words risks in one layer spreading across the system leading to catastrophic failure. Irrespective of the origin of the risk, or the failure of a specific check point, there should be a risk mitigation strategy for handling this extreme situation.

Systemic and interconnected risk analysis:

Sometimes risk arises due to errors occurring in parallel or even sequentially across various interconnected departments or teams. Therefore in complex, interconnected systems, one should analyse multiple scenarios of risk originating in one system, and spreading to other connected systems, and the mitigation strategy should be designed appropriately.


Inherent human nature is to seek simple answers, when catastrophic failure occurs, and try to identify the culprit for assigning the blame at the site of incident. Progressive organizations adopt a Swiss Cheese Model for risk analysis and risk mitigation, which provides a holistic framework for accident prevention, and recognizes that culture, organization, and process design are all essential building blocks to prevent human error and systemic failure.