In an earlier Safety Moment (Safety Moment #5: Management of Change — Defining Change) we discussed some of the difficulties to do with defining the word “Change” in the context of Management of Change. After all, change is a constant in any industrial operation. Process conditions, equipment items, personnel, contractors are changing all the time. So how do we know when a change is significant enough to trigger the need for implementing the Management of Change program? In other words, when is a “change” really a “Change”?
This is an important and difficult topic, so we continue the discussion in this Safety Moment.
Additional discussion to do with Management of Chane is provided in the following publications:
- Book: Process Risk and Reliability Management
- Ebook: Management of Change
- Ebook: Presentation: Management of Change — Defining Change
Management of Change (MOC) is one of the most important elements of a Process Safety Management (PSM) program. Indeed, after Employee Participation, it can be regarded as being the most important element. However, like all the other elements of PSM, Management of Change is faced with the inherent problem of circular thinking,
- When do we need to use the MOC process?
- When the proposed change is critical.
- How do we know if it is critical?
- Evaluate it with the MOC process.
Some means of determining when a “change” is actually a “Change” that triggers the MOC program is needed.
The Center for Chemical Process Safety (CCPS) defines MOC as,
A temporary or permanent substitution, alteration, replacement (not in kind), modification by addition or deletion of critical process equipment, applicable codes, process controls, catalysts or chemicals, feedstocks, mechanical procedures, electrical procedures, safety procedures, emergency response equipment from the present configuration of the critical process equipment, procedures, or operating limits.
A British Standard provides the following definition,
The discipline of identifying the components of a continuously evolving system (taking into account relevant system interfaces) for the purposes of controlling changes to these components and maintaining integrity and traceability throughout the system life cycle.
These definitions provide useful guidance, but they are still faced with the problems of inherent circularity. For example, the CCPS definition uses the terms ‘not in kind’ and ‘critical’ process equipment, but does not state what those terms mean.
To illustrate this problem of defining terms, consider the words “critical” and “non-critical.” If it is believed that a proposed change could, if improperly managed, lead to a serious incident, then that proposed change is defined as being critical. Critical changes will therefore receive a more thorough evaluation and scrutiny than those deemed to be noncritical.
At first sight, there seems to be no problem with this definition. If the consequences of a hazard are very serious, then that hazard is considered to be critical. Immediately, however, three concerns arise:
- What is the meaning of the word “serious” in the above sentence? Have we just shifted the definitional dilemma from one word to another?
- How badly does a person have to be hurt before his or her injuries are deemed to be critical (thus raising the vexed topic of “Acceptable Risk”)?
- Should criticality be determined by the consequence of an event, or by its risk, i.e., should the predicted frequency of occurrence of the event be factored into the criticality determination?
Moreover, it is not always obvious when a change is critical, and when it is not. Indeed, one of the principal purposes of an MOC review is to determine the impact of a proposed change, i.e., to define its criticality.
But, once more, there is a danger of falling into the trap of circular logic:
- A critical change requires thorough analysis as part of the MOC process;
- A thorough analysis is needed to determine if a proposed change is critical.
This critique of the term “criticality” as used in this context is not just theoretical. Examination of actual incidents shows that many of them were triggered by an apparently non-critical change. Indeed, it could be argued that changes which are judged prima facie to be critical actually require less analysis because they will certainly receive considerable attention. Hence, perversely, “non-critical changes” have a greater potential for catastrophe than do “critical changes”.
In order to help better understand the meaning of the word “Change” in the context of Management of Change, it is suggested that it can be better understood by considering two items:
- Safe Operating Limits; and
- Impact on Other Process Safety Elements
Safe Operating Limits
One way of deciding if a change requires use of the MOC program is to determine if the proposed change takes the process conditions outside its safe operating limits. This approach generates the following definition.
A change requires evaluation by the Management of Change program when a critical variable will be taken outside its predefined safe limits.
Impact on Other Process Safety Elements
Another way of defining the word change in the context of MOC is to determine if the proposed change affects any of the other elements of process safety. For example, if a new operating procedure has to be written then the MOC process must be followed. Similarly, if the proposed change means that updated P&IDs are needed, then the "change" is a "Change".
In a future Safety Moment we will look at the related topic of ‘In-Kind / Not-in-Kind’ change. This discussion includes,
- Same specification
- Same service and materials of construction
- Same storage and handling process
- Procedural replacement
- Process chemistry
- Instrumentation and control systems