Safety Moment #81: Process Safety Fundamentals

Many of the publications that we offer are to do with the topic of Process Safety Management (PSM), or with related topics such as the offshore Safety and Environmental Management System (SEMS) and Safety Cases. Therefore, an overview of the topic of Process Safety Management is provided here. Much more detail is available in the books Process Risk and Reliability Management and Offshore Safety Management.

Overview

Process Safety Management (PSM) is a management system used in the design and operation of industrial processes that handle large quantities of hazardous and flammable chemicals.

PSM is not new; indeed it has always been an integral part of the process industries. Companies have always carried out activities such as the writing of procedures, planning for emergencies, training of operators and the investigation of incidents. But it was in the late 1980s and early 1990s that PSM programs became more formalized and regulated. Trigger events were the catastrophic release of toxic chemicals from a facility in Bhopal, India in the year 1984, and the offshore Piper Alpha disaster in the year 1986. 

In the United States the first nation-wide regulation was 29 CFR 1910.119, Process Safety Management of Highly Hazardous Chemicals, from OSHA (the Occupational Safety & Health Administration), introduced in the year 1992. This regulation served as a model for PSM programs in many other nations and for internal programs developed by many large energy and process companies.

Process safety programs are generally developed for large process and energy facilities such as chemical plants, refineries, offshore oil and gas platforms and pipelines. It is also used in related industries such as pharmaceuticals, food processing and power generation.

Process Safety Management

PSM can best be understood by examining its component words. 

The first word is Process. PSM is concerned with process issues such as fires and the release of toxic gases, as distinct from occupational safety issues, such as trips and falls. 

The second word is Safety. Although an effective PSM program improves all aspects of a facility's operation, the driving force for most PSM programs is the need to maintain safe operations, with a focus on the prevention of catastrophic accidents such as explosions, fires and the release of toxic gases.

The Center for Chemical Process Safety provides guidance as to what constitutes a PSM event.

  • It must involve a chemical or have chemical process involvement;
  • It must be above a minimum reporting threshold;
  • It must occur at a process location; and
  • The release must be acute, i.e., it must occur over a short period of time.

The third word is Management. A PSM program is to do with creating and implementing management systems that prevent and control major incidents. It is not fundamentally about meeting prescriptive rules or  engineering standards. In this context a manager is taken to be anyone who has some degree of control over the process, including operators, engineers and maintenance workers.

Elements of PSM

OSHA Process Safety Management.

Process safety programs are built up of management elements. The OSHA regulation contains the following fourteen elements.

  1. Employee Participation
  2. Process Safety Information
  3. Process Hazards Analysis
  4. Operating Procedures
  5. Training
  6. Contractors
  7. Prestartup Safety Review
  8. Mechanical Integrity
  9. Hot Work
  10. Management of Change
  11. Incident Investigation
  12. Emergency Planning and Response
  13. Compliance Audits
  14. Trade Secrets

Other organizations, such as the American Petroleum Institute (API) and the American Chemistry Council,  have developed their own lists. The one developed by the CCPS (Center for Chemical Process Safety) is shown below, and is the one we use in our Safety Moments.

  1. Process Safety Culture
  2. Compliance
  3. Competence
  4. Workforce Involvement
  5. Stakeholder Outreach
  6. Knowledge Management
  7. Hazard Identification and Risk Management
  8. Operating Procedures
  9. Safe Work Practices
  10. Asset Integrity / Reliability
  11. Contractor Management
  12. Training / Performance
  13. Management of Change
  14. Operational Readiness
  15. Conduct of Operations
  16. Emergency Management
  17. Incident Investigation
  18. Measurement and Metrics
  19. Auditing
  20. Management Review

Some large energy and chemical companies develop their own management elements. The following structure is used by Exxon Mobil (2016).

  1. Management leadership, commitment and accountability
  2. Risk assessment and management
  3. Facilities design and construction
  4. Information/ documentation
  5. Personnel and training
  6. Operations and maintenance
  7. Management of change
  8. Third-party services
  9. Incident investigation and analysis
  10. Community awareness and emergency preparedness
  11. Operations integrity assessment and improvement

In spite of the differences in detail these programs are generally similar to one another and have the same goals.

If should also be noted that the terminology used can also vary. For example, OSHA uses the term "Prestartup Safety Review" whereas CCPS uses "Operational Readiness". Both terms strive for the same goal: ensure that a facility is safe to start after it has been following modified.

Definition of Process Safety Management

Given the above background it is possible to develop definitions for the term Process Safety Management. The definition for Process Safety Management provided by the Center for Chemical Process Safety (CCPS 1992) is:

The application of management systems to the identification, understanding, and control of process hazards to prevent process-related injuries and incidents.

The following alternative definition is provided here.

Process Safety Management is an on-going process, involving all managers, employees and contract workers, that aims to minimize uncontrolled change from design and/or operating intent and to keep the process within its safe limits.

Safe Limits

The definition in the previous section used the term “safe limits”. It is crucial that those responsible for designing and operating process facilities know the safe limits for each process variable, and that those limits are defined quantitatively. For example, the safe temperature range for a certain reaction may be 125-150ºC. If the actual temperature deviates outside of that range, then that reaction is — by definition — out of control and potentially unsafe; action must be taken to bring the temperature back into the correct range.

The fact that the process variable has deviated outside the safe range does not mean that an emergency situation exists — management and the operators may have plenty of time to react. But they must do something because the facility must always be operated within its safe limits. The option of doing nothing is not an option.

The Table below illustrates the concept of safe limit values.

Safe limit values for process safety management

Once the safe range has been defined management must determine how to operate their facility so that it stays within that range. In the case of the reaction temperature example, instrument set points must be adjusted and operators trained so as to achieve the 125-150ºC range for the example just provided. All the people involved in running or maintaining the unit must know how to identify an out-of-control situation, what its consequences might be, and how they should respond. If it is management's intention to operate outside the prescribed range then the Management of Change program should be implemented in order to ensure that the new conditions are safe, that new limits have been set, or that new safeguards have been installed.

When a facility is new, the safe limits are defined by its designers. As operating experience is accumulated new safe limit values will be implemented — often through use of the hazards analysis and management of change processes.

Operating, Safe and Emergency Limits 

The concept of safe limits can be extended to include operating and emergency limits, as illustrated in the sketch below, which shows values for a process variable such as pressure, temperature, level or flow rate.

Operating, trouble shooting and emergency limits

Managing a PSM Program

The following issues need to be considered when developing and managing a PSM program.

Measurement

"What gets measured gets done". No management program can be effective unless progress against defined, quantitative goals is measured. PSM is no different. The catch is that it can be difficult to measure progress in this area because there are relatively few catastrophic events. Also, many of the management elements are quite subjective and so they are difficult to measure.

Involvement 

A Process Safety Management system is not something that is created and then handed down by management to their employees and contract workers; it is a program that involves everyone: designers, operators, maintenance technicians, managers and senior executives. The key word is involvement — which is much more than just communication. All managers, employees and contract workers are responsible for the successful implementation of the program. Management must provide determined and committed leadership, and needs to organize and lead the initial effort. But the employees must be fully involved in the program's implementation and improvement because they are the people who know the most about how a process really operates, and they are the ones who have to execute recommendations and changes. Specialist groups, such as staff organizations and consultants can provide help in specific areas, but process safety is fundamentally a line responsibility.

Thoroughness

The implementation of a PSM program also requires thoroughness. For example, a company may have a good training program, but one person may have missed part of it because he or she was on vacation. Management will have to make sure that this person is trained and that his or her personnel files are updated appropriately.

Holistic

The elements of process safety have strong interaction with one another — it is not possible to meet the requirements of one of the elements without considering its effect on the others.

The inter-connectedness of the elements can be illustrated by considering the development of an Emergency Response Plan, in which the following sequence of actions — involving seven of the CCPS elements listed above — may occur.

  • The writing of the Emergency Response Plan (element 16) requires a knowledge of which hazards have to be addressed.
  • Consequently, a Hazards Analysis (element 7) is required to identify the hazards.
  • In order to be able to carry out the hazards analysis, information from sources such as P&IDs and MSDS is needed. Much of this information is Included in the Knowledge Management program (element 6).
  • Once the Emergency Response Plan has been developed, it will be necessary to Train everyone in its use (element 12).
  • The Emergency Response Plan has to be Audited on a regular basis (element 19).
  • During the training process, those being trained will come up with ideas that will improve the quality of the emergency response plan. This is Workforce Involvement (element 4).
  • After going through the Management of Change step (element 13), these ideas can be used to upgrade the emergency manual.

When considered in isolation, many of the elements appear to be the "most important". For example, Workforce Involvement is the "most important" because, if the employees do not participate, the process safety program will not function properly. But Management of Change could be considered the "most important" because the root cause of all incidents is uncontrolled change. On the other hand, all of the elements require a solid base of up-to-date, comprehensive information. Therefore Knowledge Management is the "most important". But then it could be argued that Incident Investigation and Root Cause Analysis is what really matters because incidents reveal what is really going on in the organization. The real point, of course, is that they are all important and necessary, and that they all rely on one another to be effective.