Tag: PSM (Page 2 of 6)

Digging Yourself Out of a Hole

(What to do when you are suddenly responsible for years of Process Safety neglect.)

It’s a scene I come across time and time again: a newly assigned PSM/RMP coordinator staring at me with shock as we progress through their Compliance Audit, Process Hazard Analysis, or 5yr Independent Mechanical Integrity Inspection.

“I didn’t know things were this bad!” they’ll say under their breath, once the situation starts to become a little clearer to them. You can imagine them standing at the bottom of a deep, dark hole wondering how they’ll ever make it back to fresh air and bright sunshine they thought was all around them just a few hours ago. For those of you that have read my previous post on the “Stages of PSM Grief,” this is the moment they are breaking past the Denial stage.

It can be heartbreaking to watch the mixture of Anger, Bargaining and Depression, especially if you remember what it felt like to be there yourself.

Often, I will have to re-assure them that this is just the start of the process and the beginning isn’t going to be fun. Sometimes I’ll quote Winston Churchill.

 

 

What’s really important is that we understand there will be a way out if we remain calm and plan intelligently. Unsurprisingly, you need a process to address Process Safety issues

So, let’s start planning our escape!  We’re going to move slowly at first, with ever-increasing confidence, and once we get rolling we’re going to start seeing daylight.

Here’s how our progression will look:

  • Assess the situation
  • Prioritize the issues
  • Formulate the plans & assign responsibility
  • Implement, Implement, Implement!

 

Part 1: Assess the situation

Obviously, if you are in the middle of (or have just gone though) an audit or inspection, you’re well on the way! If you are recently assigned to this coordinator role and you don’t have a recent compliance audit, PHA, and MI report, then these are good places to start.

Assessment is really two parts which can share the same ground.

  • Compliance: Where you are in relation to where you need to be.
  • Culture: Where you are in relation to where you want to be.

I can’t stress this enough – being compliant is not some lofty place. It is the bare minimum of safety allowed under the law. How far past “my company isn’t violating federal and state law” you want to go depends a lot on the culture of your organization. For example, companies with a brand to protect tend to aim a lot higher than those that don’t. Companies that are barely making ends meet tend not to have a lot of resources to bring to bear on things that aren’t strictly required.

Recently, based on a conversation with colleagues, I half-jokingly formulated what I called the Haywood / Chapin Process Safety performance scale as a visual tool. Note that you get a score of zero for being compliant because that’s the baseline. We’re not going to go around congratulating each other for not violating Federal and State laws. Additionally, we aren’t going to give ourselves any credit for trying – only for results: Safety & compliance aren’t kindergarten so we aren’t giving out participation trophies.

Note: It’s common at this point to try and figure out how the company got themselves in this hole, but there is usually very little of value that comes out of this conversation. If the same people, and the same processes are in place, don’t expect different results unless they are willing to change. Don’t get your hopes up just because people want to change. What matters is if they are willing to put in the work to change. If only wanting to change was enough to effect change, nobody (including me) would be carrying around a few extra pounds.

 

Part 2: Prioritize the issues

All right. Now you have collected all the deficiencies so you know the ground you need to cover to get where you want to be – or, in our analogy, how far it is to get out of the hole you are in. Now we need to figure out in what order we need address these issues. Hopefully, your audits have given you some guidance here. For example, this is the color code I use for my compliance audits:

Obviously in this scheme, we’d focus our efforts on the red items, then the orange, etc. You will want to prioritize the actions you take based on the risk to your employees, your community and your business. I strive to get the “buy-in” from the audit team during the audit itself so this step is pretty much done for you. However, you may have a lot of findings & recommendations to deal with so further prioritization can be useful.

 

Part 3: Formulate the plans & assign responsibility

Formulating the plan(s) is one of the most difficult parts of the whole endeavor: How do we address all the issues we’ve found? We’re going to use a few strategies to help us formulate our plan:

  1. Group where appropriate
  2. Don’t reinvent the wheel
  3. Don’t make Perfect the enemy of the Good
  4. Leverage strengths & Avoid weaknesses

Grouping: One thing you may find is that a common root cause means you can group items. For example, if I have a poorly constructed MI inspection with 600 pipe label recommendations I can view each of those as individual recommendations or I can decide that the root cause is that we don’t have a system to ensure adequate pipe labeling. For me, I’d rather put a system in place to address that widespread deficiency than rely on just fixing the issues someone else found thus ensuring I’ll need them to find them next time too! For the example of pipe labeling, I would train my operating staff on the requirements of IIAR B114 and place a label check in the annual unit inspection work order. Properly implemented that system ensures that the issue will be addressed in the next year and will continue to be addressed regularly thereafter.

Don’t reinvent: There’s plenty of freely available templates for nearly all programs, procedures, work orders, etc. you may need. Don’t waste your time creating a policy or procedure from scratch when you can often use a pre-made one to address the issue with little or no change.

Don’t make Perfect the enemy of the Good: Sometimes altering a simple policy that solves the problem 99% of the time to one that solves it 100% of the time turns it into a lengthy and confusing mess. Policies and procedures aren’t meant to completely replace independent thought – they should be designed to guide it. We should bias our efforts towards “good enough” at first and strive towards perfection over time with continuous improvement.

Leverage Strengths & Avoid Weaknesses: Tasks should be assigned to people based on their competencies. For example,  if you have a good core competency in your staff for writing SOPs, then by all means go ahead and write them. But if you don’t have anyone with that experience, maybe outsource that issue so their time is spent on the things they are already good at. Using a stock template and the needed PSI, my personal average for SOPs is about 1.5 hours. I’ve seen relatively competent people take 10 hours or more on the same SOP. The difference is that I wrote the template and have used it thousands of times. On the other hand, I’ve been known to take 3x as long as a skilled operator to change oil filters on a compressor because I’ve only done it a handful of times.

Assigning Responsibility is crucial. What we want is to have someone own the solution. Even if you assign a task to an outside consultant or contractor, make sure someone in-house is assigned the responsibility for the task to ensure they keep that 3rd party in-line and on-schedule.

Also keep in mind that this is a great place in this process to manage expectations. Often a facility has been neglecting their PSM duties for decades but seems shocked that the newly assigned PSM coordinator can’t solve the problem in a few weeks. Let’s just say that if it took 10 years to dig the hole, it’s not realistic to expect anyone to dig you out of it quickly.

 

Part 4: Implement, Implement, Implement!

Prussian military commander Helmuth van Moltke is famous for saying that “No plan survives first contact with the enemy.” You are never going to get anywhere until you go out there and start implementing your plans. You can’t build a reputation on what you plan to do. 

Don’t be hesitant to reassess and change the plan if things aren’t going well.

One of the most important things you can do during this part of the process is having regular PSM meetings. Make sure everyone assigned a task is asked about their progress. It may seem like a waste of time, but it’s also a good practice to go over the things you have already accomplished. I recommend this for two reasons:

  • It gives everyone a chance to confirm that the implemented solution to the issue worked
  • It reminds you that progress is being made and you will eventually get out of the hole if you keep on!

 

 

As always, if there is anything we can do to help, please contact us!

How Many Operators do we Need?

Disclaimer: This post is a collaboration between an industry friend and colleague, Victor Dearman and I. The views expressed here do not necessarily represent the opinions of any entity whatsoever which we have been, are now, or will be affiliated.

It’s a question we hear often – sometimes as part of a PHA or Compliance Audit, but more often with someone just struggling to justify their staffing requests. Unfortunately, there really isn’t a simple, definitive answer to the question. No controlling RAGAGEP exists and state / local laws on the topic are relatively rare. This sort of problem isn’t rare in PSM because it is a performance-based standard. Our performance basis is that we are staffed sufficiently to ensure the safety of the people within the building and the surrounding community.

We need to answer the “How many Operators do we need?” question in a way that we can support it, or as we like to say, “Build a defensible case for the answer we arrive at. The answer itself will depend on many, many factors. So, let’s go on a journey and see how we can arrive at an answer we can feel confident in.

 

The road to an answer

The biggest factor for many is the design (age!?) of the system controls. A modern system with advanced controls requires less oversight on a day-to-day basis. If your system still relies on manual controls and people writing down pressures every hour, then that’s going to have a significant impact on your staffing needs. But once we get past that obvious issue, things get a bit more complicated.

Let’s be honest here, if things are running well; you have a good history with compliance audits, inspections, incident investigations, etc. and a low MI backlog, you’re probably not asking this question. If you are asking this question, it is probably due to an event related to a PSM/RMP element.

Let’s look at the kinds of element events that typically lead to this question.

  • Employee Participation
  • Mechanical Integrity
  • Incident Investigations
  • Management of Change / Pre-Startup Safety Review
  • Process Hazard Analysis
  • Emergency Action and Response Plans

 

Employee Participation: Look, everyone feels over-burdened at work, especially in the modern “Do MORE with LESS” era. But, if you pay attention to it, and look at these other elements, this employee feedback can provide valuable insights into the adequacy of your staffing.

 

Mechanical Integrity: What we’re looking for here is to understand if you have the skill sets and staffing to adequately maintain your refrigeration system. Whether you do everything in-house, or have a small in-house small crew performing basic rounds and contract out all the rest of the maintenance, inspections, and tests, is it adequate?

Here’s some MI related questions you might ask to help you determine if your staffing is adequate:

    • Are we properly implementing our Line & Equipment Opening (sometimes known as line break) procedures?
    • Are we caught up on ITPMR’s (Inspection, Test and Preventative Maintenance Reports) or work orders?
    • Is the documentation of ITPMR’s, Work orders, Oil Logs adequate?
    • Are we performing our scheduled walk-through’s and documenting them properly?
    • Are we addressing MI recommendations in a timely manner?
    • Are there indications that maintenance of the facility and system are being conducted properly and required repairs aren’t being delayed?
    • Are there no indications in the written MI records, or in your observations, that the system is running outside the written operating limits?

 

Incident Investigations: A review of incident investigation history can tell us a lot if the facility has a good process safety culture. But if they don’t have the right culture, and /or they don’t have any documented incidents, you’re going to have to do a little detective work and interview plant employees to find out if incidents are occurring that aren’t being recorded. Remember to spread your net wide here because incidents can happen at any time, not just on day-shift: Backshifts, weekends, holidays, etc. there’s no time immune to a possible incident.

You may also find indications of incidents occurring in walk-through logs, communications logs, ITPMRs, work orders, etc.

Here’s some II related questions you might ask to help you determine if your staffing is adequate:

    • Are incidents being reported, conducted, and documented? If not, is this a culture issue or a staffing issue?
    • Are incidents and incident report findings & recommendations being addressed, communicated, and followed to their conclusion?
    • Are there incidents that could have avoided with proper staffing?
    • Are there incidents that would have their severity reduced with proper staffing?
    • Are there incident investigations with recommendations that could be addressed with proper staffing?

 

Management of Change / Pre-Startup Safety Review: Properly implementing the MOC and PSSR elements takes a lot of time! We often find that these two elements are amongst the first to “fall behind” in suboptimal staffing situations. Here’s some MOC/PSSR related questions you might ask to help you determine if your staffing is adequate:

    • Have MOCs / PSSRs been conducted when they were supposed to be?
    • Were the MOCs / PSSRs conducted adequately to properly manage the hazards related to the change and the new systems?
    • Is the documentation of MOCs / PSSRs complete?
    • Are there any open items or recommendations from MOCs, PSSRs, or project punch lists?

 

Process Hazard Analysis: The PHA and open PHA recommendations can also help us understand if our staffing levels are appropriate. There may also be indications in the PHA itself. There’s a portion of the PHA that deals with staffing directly, but we’ll deal with that in the Building a defensible case on staffing section of this article.

Here’s some PHA related questions you might ask to help you determine if your staffing is adequate:

    • Are the PHA recommendations being addressed, communicated, and followed to their conclusion?
    • Is the facility provided with modern controls, alarm systems and equipment? (Newer, modern facilities often have significantly lower staffing needs than older ones)
    • Has the PHA been updated / validated as required by MOC activities and the 5yr schedule?

 

Emergency Action and Response Plans: Whether we’re looking at the plan(s) themselves, or analyzing an after-action report, a there can be a lot to learn here concerning proper staffing levels. Obviously, the required staffing levels for Emergency Response facilities is going to be higher, but that doesn’t mean there is no staffing requirement for Emergency Action plans.

Here’s some EAP/ERP related questions you might ask to help you determine if your staffing is adequate:

    • In the event of an incidental release of ammonia, do you have adequate staffing to investigate and respond?
    • In the event of an emergency response, even if you are not a “responding” facility, do you have adequate staffing to ensure that the equipment is properly shut down?
    • If you are a “responding” facility, do you have enough adequately trained personnel to staff your response team including an Incident Commander, safety officer, decontamination personnel, two entry teams, etc.
    • If you bring key staff back on-site to deal with emergencies, are they close enough to respond in a timely manner, or do you need to increase the size of your trained response team?

 

Building a defensible case on staffing

Ok, we’ve answered our questions and gathered a good impression of where we stand – and where we should stand. Maybe we need to adjust our staffing levels and/or increase the amount of services we ask contractors to complete for us. Where should we document this? In our opinion, the place in the system where the facility already had the opportunity to address this issue, was in the PHA. So, let’s go back to the PHA, end see if our results match the PHA team’s.

You are going to be looking for the following two questions (or their equivalents) from the standard Human Factors section of the IIAR What-If /Checklist worksheets:

HF14.37 – What if an employee is stressed due to shift work and overtime schedules?

HF14.38 – What if there are not sufficient employees to properly operate the system and respond to system upsets?

During the PHA, the facility should have answered those in a way that says they have adequate staffing or recommended that staffing be increased. Let’s say you decided that you had adequate staffing based on your answers to the questions above. If that’s the case, we’d expect to see something like the following:

 

If, however, we found some areas for improvement, we might expect something like this:

 

Closing Thoughts: We hope you didn’t start reading this hoping for an easy answer, but we’re fairly certain – now that you understand the full scope of the question being asked – that the answer doesn’t need to be easy, it needs to be correct and defensible.

You can build a much better understanding of your staffing needs by looking at the existing elements in your Process Safety program. Any decent Compliance Audit would cover this same ground, if staffing is an area of concern for you, make sure to bring it up.

P.S.  from Victor: Some facilities might try and get more value from a security guard on off shifts or holiday coverage to make roving patrols and report abnormal conditions and alarms? Sure, but that also means that guard has to be trained to identify what the alarms mean, how to identify an abnormal condition, and that they know what to do to either immediately correct the deviation or immediately contact someone that can (on call techs or service providers). By the time you have invested this much into a guard, you could have paid for a well-qualified operator.

My advice to any organization when making these decisions is to evaluate the above and take into consideration the attracting well rounded operators with the skill sets and experience often sought is more often through word of mouth about how the organization projects their Process Safety culture.

How to hire operators? Well, that sounds like a good subject for a future article!

Should we perform an Incident Investigation for Hail Damage?

The Issue: Recently an industry friend reached out with a question that I thought was worth sharing. They recently had some fierce storms roll through their area that involved tennis-ball sized hail. This hail caused some insulation damage, but didn’t cause any ammonia release. Here are some pictures of the type of damage they experienced.

Hail Damage pictures

Hail Damage pictures

The question is “Would this require an Incident Investigation?”

 

The Law: As always, first we look at the law.

OSHA 29CFR1910.119(m)(1): The employer shall investigate each incident which resulted in, or could reasonably have resulted in a catastrophic release of highly hazardous chemical in the workplace.

EPA 40CFR68.81: The owner or operator shall investigate each incident which resulted in, or could reasonably have resulted in a catastrophic release.

While there is obvious damage to the protective jacketing and vapor barrier, you could make a defensible argument that this is not something that could “reasonably have resulted in a catastrophic release of highly hazardous chemical.” That’s not to say there isn’t any value to such an investigation, but that there most likely is not a requirement to investigate this incident based solely on the PSM/RMP rules. But, the rules aren’t the only guidance available to us, so let’s look further.

 

RAGAGEP and Written Programs: In my opinion, the best RAGAGEP available on the topic is the CCPS book Guidelines for Investigating Chemical Process Incidents, 2nd Edition, which is what inspired the approach we take in our Incident Investigation element Written Plan. Similarly, the IIAR’s publication PSM & RMP Guidelines makes roughly the same types of arguments and include an EPA suggestion that any damage of $50,000 or more should be investigated. If you’ve priced insulation recently, you know we’re likely to hit that threshold.

Here’s the relevant part of our Incident Investigation element Written Plan which incorporates the CCPS guidance:

An Incident is an unusual or unexpected occurrence, which either resulted in, or had the potential to result in:

  • Serious injury to personnel
  • Significant damage to property
  • Adverse environmental impacts
  • A major disruption of process operations

That definition implies three types or levels of incidents:

Accident – An occurrence where property damage, material loss, detrimental environmental impact or human injury occurs. (off-site Ammonia release, product in freezer exposed to ammonia, personnel injury, etc.)

Near Miss – An occurrence when an accident could have happened if the circumstances were slightly different. We sometimes call these incidents “An Accident where something went right”. (Forklift strikes an air unit causing only cosmetic damage and no Ammonia is released, an activation of an automatic shutdown, etc.)

Process Upset / Interruption – An occurrence where the process was interrupted. (Vessel high-level alarm, a nuisance ammonia odor report, ice buildup on an air unit preventing it from cooling properly, failing to conduct required PSM activities as scheduled, etc. Many Process Interruptions are fixed before the event leads to a shutdown. If the equipment was shut down manually or automatically in response to an unexpected occurrence, then the incident is to be investigated as a Near Miss.

This storm damage would seem to trigger the “Significant damage to property” part of the Incident definition and classify it as an Accident due to “property damage.” In accordance with the relevant RAGAGEP and our element Written Plan, we’d expect you to conduct an Incident Investigation despitedefensible argument that the PSM/RMP rules do not require one.

 

What we accomplish with an Incident Investigation: With a formal assessment of the incident, we’re hoping to document the following:

  1. The safeguards in place were adequate such that an ammonia release did not occur;
  2. The damage was investigated and found to be largely cosmetic with no significant effect on integrity, and limited effect on efficiency;
  3. Provide a documented recommendation to address the damage, both in the long term (replacement/repair) and short-term (sealing up any vapor barrier tears with caulking for example);
  4. Provide a method of tracking the identified corrective actions to closure.

Conclusion: While it seems pretty clear the PSM/RMP rules themselves wouldn’t require an Incident Investigation, RAGAGEP would and there’s much to be gained from one.

Powered Industrial Trucks in Machine Rooms

Powered Industrial Trucks (PIT) in Machine Rooms are a known struck-by hazard.  What most people don’t realize is how serious the results of a PIT impact in a Machinery Room can be.

For example, a forklift / scissor lift impact that shears a 3″ TSS (ThermoSyphon Supply) or HPL (High Pressure Liquid) operating at a typical head pressure of 160PSIG results in a release rate of over 18,500 pounds per minute.

Many facilities attempt to establish a ban on PIT in their machinery rooms, but while the needs for PIT in machine rooms are very limited, there are situations where they are necessary. An outright ban won’t likely survive prolonged contact with reality.

To address this issue in a PHA, we usually recommend a Written Machine Room PIT policy as an administrative control. For years we’ve discussed the content of that policy informally with people. Recently a PSM coordinator shared her written policy & permit with us and after some alterations and formatting, we’re adding it to the SOP Templates section.

Front of the Permit:

Back of the Permit with additional explanations:

 

As always, you can find this on the Google Shared template drive.

CSB’s NEW Chemical Incident Reporting Rule is FINAL

“U.S. Chemical Safety Board and Hazard Investigation Board (CSB) has approved a final rule on accidental release reporting. The CSB has posted a prepublication version of the final rule… The official version should be published early next week in the Federal Register.

The rule requires prompt reports to the CSB from owners or operators of facilities that experience an accidental release of a regulated substance or extremely hazardous that results in a death, serious injury or substantial property damage. The CSB anticipates that these reports will provide the agency with key information important to the CSB in making prompt deployment decisions…

The rule is required by the CSB’s enabling legislation but was not issued during the first 20 years of CSB operations. Last year, a court ordered the CSB to finalize a rule within a year. “

What it means: If the incident resulted in Death, Serious Injury or Substantial Property Damage ($1kk or more) then you have to report the incident to the CSB (via phone 202- 261-7600 or email [email protected]) within 30 minutes. The report must include:

1604.4 Information required in an accidental release report submitted to the CSB
1604.4 The report required under §1604.3(c) must include the following information regarding an accidental release as applicable:
1604.4(a) The name of, and contact information for, the owner/operator;
1604.4(b) The name of, and contact information for, the person making the report;
1604.4(c) The location information and facility identifier;
1604.4(d) The approximate time of the accidental release;
1604.4(e) A brief description of the accidental release;
1604.4(f) An indication whether one or more of the following has occurred: (1) fire; (2) explosion; (3) death; (4) serious injury; or (5) property damage.
1604.4(g) The name of the material(s) involved in the accidental release, the Chemical Abstract Service (CAS) number(s), or other appropriate identifiers;
1604.4(h) If known, the amount of the release;
1604.4(i) If known, the number of fatalities;
1604.4(j) If known, the number of serious injuries;
1604.4(k) Estimated property damage at or outside the stationary source;
1604.4(l) Whether the accidental release has resulted in an evacuation order impacting members of the general public and others, and, if known:
1604.4(l)(1) the number of persons evacuated;
1604.4(l)(2) approximate radius of the evacuation zone;
1604.4(l)(3) the type of person subject to the evacuation order (i.e., employees, members of the general public, or both).

The good news is that if you have to report the incident to the NRC then you can skip reporting all the above data and simply report the NRC case number you’re given during the NRC call.

This new requirement takes effect 30 days from the posting in the Federal Register so ACT NOW. It’s important that you update your program because there are enforcement penalties associated with not following this new rule…

1604.5(b) Violation of this part is subject to enforcement pursuant to the authorities of 42 U.S.C. 7413 and 42 U.S.C. 7414, which may include
1604.5(b)(1) Administrative penalties;
1604.5(b)(2) Civil action; or
1604.5(b)(3) Criminal action.

 

What should I do? 

If you use the template program, the hard work has already been done FOR YOU. Just open up the template directory on Google Drive and follow these steps for your program:

  • In \Reference\ add new directory \Reference\CSB\ and place “CSB Reporting Accidental Releases – prepublicationcopy 020320.pdf” in it. You can get it from the templates directory or from the EPA link.
  • In \Reference\CFR\ add “40CFR1604 – Hazardous substances Reporting and recordkeeping requirements.doc” from the templates directory.
  • Update the Incident Investigation element Written Plan to the 020720 version from the templates directory.
  • Update the \01 – EPA RMP\ Definitions file to the 020720 version from the templates directory.
  • Train all Responsible Persons and affected management on the new policies.
  • Document the changes in your DOC-Cert in accordance with the Implementation Policy: Managing Procedure / Document Changes found in the MOC/PSSR element Written Plan.

Note: If you have instructions for Agency Notifications somewhere outside your Incident Investigation plan, you’ll need to update them to include the CSB contact information there too. Feel free to use the text in the Incident Investigation element Written Plan, Implementation Policy: Agency Notifications.

 

OSHA fines getting more expensive again!

The Obama administration signed the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 which requires OSHA to adjust their fine amounts for inflation. 2020’s numbers are in: OSHA will adjust the fines by the  Consumer Price Index cost-of-living adjustment multiplier of 1.01764 which turns into a $230 increase for Serious and a $2300 increase for Willful / Repeat. The table below shows the new penalty amounts.

 

 

Memo File:  2020 OSHA Annual Adjustments

Direct Replacement, Replacement in Kind and Management of Change

Of all the PSM/RMP requirements, the Management of Change element is the most consistently problematic. Most of the difficulty is in answering two questions:

  • The compliance question: Does the change you considering count as a “change” per the PSM/RMP rule.
  • The safety question: Does the change you are considering have the potential to affect the safety of the process?

Note, it is quite possible that you answer NO to the first question and YES to the second question.

 

The text of the Rule

1910.119(l)(1) – The employer shall establish and implement written procedures to manage changes (except for “replacements in kind”) to process chemicals, technology, equipment, and procedures; and, changes to facilities that affect a covered process.

From a compliance perspective, how broadly you interpret the “…changes to facilities that affect a covered process” portion dictates how many changes will be subject to this element.

Of course, there’s also a little window that allows you to avoid the MOC element if you classify the change as a “replacement in kind.” The rule provides a fairly useless definition of Replacement in Kind:

1910.119(b) …Replacement in kind means a replacement which satisfies the design specification.

The “replacement in kind” exception is routinely abused to avoid MOC. To understand this element better, let’s consider a few scenarios: Replacing a Valve, replacing a Motor, replacing an Ammonia Detector, and replacing a Condenser.

 

Example: Replacing a Valve

In this example, we’re replacing a valve with the same model, size, etc. Is this a change? Some people would call this a Replacement in Kind, but I would not. I would call this a Direct Replacement. It’s not kind of like the valve we’re replacing, it’s exactly like it. Such a change is outside the scope of the MOC element entirely.

What if we were replacing the valve with a different brand or model? Then we don’t know if it is a Replacement in Kind until we ask enough questions to assure ourselves that it satisfies the design specification. Some questions we might ask are:

  • Is it made of the same materials?
  • Does it have the same flow ratings / capacity?
  • Does it have the same mode of operation in manual and automatic?
  • Does it have the same Mechanical Integrity requirements?
  • Does it affect the PHA section that this equipment belongs to?

It’s quite possible that you answer enough questions to assure yourself that the replacement valve satisfies the design specification making it a Replacement in Kind. While this means it is outside of the MOC element for compliance purposes, we’d still recommend you document the rationale you used to determine that it meets these design specifications. You could even take this documentation one step further and declare that in the future all replacements of Brand A Model X valve with Brand B Model Y valve can be considered a Direct Replacement in this application.

 

 

Example: Replacing a Motor

A motor might be considered by some (incorrectly) to be outside of the MOC element because it doesn’t (usually) contain ammonia, but this is short-sighted. Remember, the MOC element is about Changes to…equipment…that affect a covered process. A motor for equipment that is part of your covered process would certainly fall within the scope of the element for consideration.

Ideally, we’re replacing the motor with the exact some one – a Direct Replacement that would place it outside the MOC element. But, if we are replacing it with another motor, we will be looking to prove that it satisfies the design specification so we can consider it a Replacement in Kind. Again, we need to ask questions:

  • Does it have the same electrical requirements (phase, voltage, etc.)
  • Does it have the same frame size?
  • Does it have the same RPM, duty rating, capacity, etc?
  • Does it affect the PHA section that this equipment belongs to?

Just like earlier in our valve example, it’s quite possible that you answer enough questions to assure yourself that the replacement motor satisfies the design specification making it a Replacement in Kind. While this means it is outside of the MOC element for compliance purposes, we’d still recommend you document the rationale you used to determine that it meets these design specifications. You could even take this documentation one step further and declare that in the future all replacements of Brand A Model X motor with Brand B Model Y motor can be considered a Direct Replacement in this application.

 

 

Example: Replacing an Ammonia Detector

Like earlier, with the motor example, a change to an ammonia detector might be considered by some (incorrectly) to be outside of the MOC element because it doesn’t (usually) contain ammonia, but this is short-sighted. Remember, the MOC element is about Changes to…equipment…that affect a covered process. You definitely consider these detectors as safeguards in your PHA, so we need to exercise some caution on this change.

If we’re replacing the detector with the exact same one, then it’s a Direct Replacement. If we’re replacing it with a different detector, we need to assure that it satisfies the design specification so we can consider it a Replacement in Kind. Again, we need to ask questions:

  • Does it have the same electrical requirements?
  • Does it have the same output signal / alarm outputs?
  • Does it have the same sensitivity?
  • Does it have the same Mechanical Integrity requirements? The same calibration equipment, schedule and calibration procedure?
  • Does it affect the PHA section that this equipment belongs to?

In my experience, unless you are dealing with a Direct Replacement, no detector meets the requirements for a Replacement in Kind because they almost all fail the last question on calibration equipment, schedule and procedure. That means such a change would require the implementation of a Management of Change procedure.

Here’s where we can get a little clever. The PSM/RMP rules require that we “establish and implement written procedures to manage changes” but they don’t require that we use the same procedure for every change! If we sit down and think through all we need to do to successfully change from Brand A Model X NH3 detector to Brand B Model Y NH3 detector, we could establish a standard procedure for doing so. That means that in a facility with, say, 45 detectors that you are changing over a period of time, you have a Single MOC (to establish the new procedure) and then simply implement the new NH3 Detector Change SOP 45 times as the changes occur.

 

 

Example: Replacing a Condenser

In this example we’re replacing a brand A evaporative condenser with 500 tons of capacity with a brand B evaporative condenser with 500 tons of capacity. Note: this would work the same with if you were replacing it with a different model of brand A as well. Also, if you were replacing a condenser with an exact duplicate, then theoretically you may be able to get by with a PSSR, but that assumes you don’t need any non-standard operating modes during the change-out.

First question: Is it a change to equipment which satisfies the design specification? Answer: Well, I don’t know because there is a lot that goes into that determination. But every part of a condenser changeout has the potential to affect the safety of your system. Questions you should ask include:

  • Does it have the same electrical requirements (phase, voltage, amp draw, etc.)
  • Is it have the same size and weight?
  • Is it made of the same materials?
  • Does it have the same flow ratings / capacity?
  • Does it have the same mode of operation in manual and automatic?
  • Does it have the same Mechanical Integrity requirements?
  • Does the P&ID need to be updated?
  • Does the SOP need to be updated?
  • Does it affect the PHA section that this equipment belongs to?
  • …and the list goes on.

While it is technically possible that you could ask these (and 100 other) questions concerning a condenser replacement in such detail that you ensure it satisfies the design specification, you are going to want to document all that work. I’ve personally never seen it happen unless it was the same make and model. In our opinion, the best way to document all that work is by following the Management of Change procedure.

 

Closing Thoughts

Management of Change is a difficult element. But by working this element, you can find and address hazards before they are introduced to your process. There’s very little that can be said about it better than this advice from the Petroleum NEP:

OSHA’s MOC requirement is prospective.

The standard requires that an MOC procedure be completed, regardless of whether any safety and health impacts will actually be realized by the change. The intent is, in part, to have the employer analyze any potential safety and health impacts of a change prior to its implementation. Even if the employer rightly concludes there would be no safety and health impacts related to a change, 1910.119(l)(1) still requires the employer to conduct the MOC procedure.

PSM is a Thief!

The view that PSM is a time-sink.

A common push-back from facilities that are covered under the OSHA PSM and EPA RMP regulations is the sheer amount of resources these programs require to successfully design, implement, and maintain.

One phrase, seared into my memory, is from a frustrated and over-burdened maintenance manager: “PSM is a thief!”

He was referring to the fact that he had to task high-performing, highly trained and highly compensated personnel to perform Process Safety tasks. Time spent on Process Safety is obviously time that isn’t spent elsewhere.

My counterpoint at the time was “Safety isn’t earned – it is rented. And the rent is due every damned day

After an experience I had last week, I think there’s a better way to respond. I’d like to share my new response with you, but first let’s talk about the experience that made me see a new way of approaching this issue.

 

The experience

During the recent RETA conference the guest speaker was Jóse Matta. Jóse suffered ammonia burns over 40+ percent of his body when a condenser failed in an overpressure event. The event involved a portable ammonia refrigeration system. Before transport the system is drained of ammonia. In this incident, the driver placed a cap on the relief valve outlet due to DOT concerns. However, once the unit arrived onsite, the capped relief valve wasn’t noticed. Eventually this led to an overpressure event once the unit was charged and started.

Jose Matta barely survived his exposure. He nearly died in the hospital. His wife was brought into the burn unit to say her final goodbyes to her husband – the father of their children. When he was lucky enough to survive, he had to endure multiple surgeries. He no longer has a sense of smell and can barely taste food. He no longer has the ability to sweat and has to constantly monitor his condition when it’s hot out to avoid heat-stress or heat-stroke.

 

What does Jose’s experience have to do with “PSM as a thief?”

Post-incident, several failures of the PSM program were noted:

  • Pre-Startup Safety Review failed to identify the capped relief.
  • SOPs and Training on startup either weren’t adequate to control the hazards, or weren’t followed.
  • Setup time and tight scheduling, location of safety showers, weren’t adequately addressed in the PHA.
  • The MI program didn’t ensure that the high-discharge-pressure interlock worked.
  • The technician and contractors at the site weren’t familiar enough to know there was a safety shower located in a nearby building.
  • The EAP didn’t provide adequate information to the facility or responders, leading to them delaying effective treatment.
  • There was no command system in place. Nobody called 911. Nobody took charge. Nobody met the responders when they arrived to explain what was going on.

If the Process Safety items above were properly in place, the incident either wouldn’t have happened, or the outcome would have been significantly better for Jóse.

You see, when I pushed back from the “PSM is a Thief” argument before, I was wrong. I should have agreed with that statement.

 

PSM *is* a thief. Yes, it takes resources, but it can also take a LOT more from you!

PSM can steal from you: the opportunity to nearly die in a chemical release.

PSM can steal from your family: the opportunity for tearful goodbyes.

PSM can steal from you: years of surgeries, painful rehabilitation, and diminished health.

 

Yeah, PSM is a thief. I’m plenty happy to have these experiences stolen from me and the people I work with.

Without Process Safety, people are taking risks without knowing they are taking them. NOBODY should have to do that.

If you want your Process Safety program to steal these experiences from your facility, your coworkers, your neighbors, and YOU, we can help!

Dealing with non-standard (non-routine) work in your Process Safety program

Occasionally we come across an issue we’ve customarily addressed, but never documented. Put another way: We realize we have a policy – even if an informal one – on how to deal with certain situations, but we’ve never turned that policy into a formal, written one.

It’s incredibly common to have these informal policies in smaller departments, or when a task is rare. You can usually identify them after-the-fact when you are told “That’s just the way we do things here. Everybody knows that.”

When we find these items in our Covered Processes, we should endeavor to document them. Today I’d like to talk about a big one: What do we do when the existing written procedures don’t match with the conditions or situations we are facing in our work. What written guidance are you providing to your Process Operators and Technicians on how to deal with this situation?

Every functioning Operations / Maintenance department has a policy – even if an informal, undocumented one – on how they deal with this issue.  

For years I’ve relied on the text in the SOP Written Plan concerning Temporary Operations:

The ammonia system is not operated in any temporary modes without a written SOP. If a component requires maintenance or replacement, that portion of the system is isolated and removed from service through a written SOP. Other Temporary Operations are handled through the MOC element which will ensure supervisory oversight. Temporary Operation SOPs are often via a written modification of an existing SOP in the form of an addendum.

This worked well, but it was a little bit obscure and (understandably) only thought to apply to SOPs themselves. That needed to change. What we’ve done to our system today, is formalized and documented guidance on how to deal with these non-standard / non-routine situations.

A new policy was placed in the RMP Management System Written Plan…

To ensure integration of this policy, the following text was added to the Operating Procedures (Implementation Policy: Using an SOP – Performing a Procedure, and Implementation Policy: Operating Phases, Temporary Operations) and Mechanical Integrity (Implementation Policy: Mechanical Integrity Procedures or MIPs) element Written Plans: “The Implementation Policy: Non-Standard Work. Addressing Conditions / Situations outside of existing Procedures found in the RMP Written Plan should be used when site/equipment/system Conditions or Situations are found to be different than those anticipated in the exiting written procedures.”

Are you handling non-standard / non-routine work well in your Process Safety program? If you are, and have a better idea, we’re always open to improvements. If you aren’t handling it well, perhaps you can implement the example above? 


For Inside-Baseball type people: This chart was inspired by the API RECOMMENDED PRACTICE 2201 Safe Hot Tapping Practices in the Petroleum and Petrochemical Industries, Chapter 4, Section 4.3.1, Figure 3—Example Decision Process for Authorizing Hot Tapping. Other than genericizing that flowchart to cover all types of work, I also made two large changes:

  • Routed the post “change conditions” step back to the start so we re-evaluate the existing procedure considering changed conditions/situations rather than short-circuiting back to the Management step.
  • Rewrote the flow/wording so that Condition Changes are preferred over mere procedural changes. The thinking was that we should prefer more engineering-type changes over administrative ones, where possible.

 

« Older posts Newer posts »