Regulations for process safety

The process industries have to meet a plethora of regulations and rules to do with safety. Doing so is time-consuming, expensive and often feels merely like a bureaucratic exercise. But regulations have to be followed — the law is the law. Hence process safety professionals must spend a good deal of their time supporting regulatory, audits and then reporting to management on issues that must be addressed. Some of the articles and safety moments that address this topic are shown at the bottom of this post.

Prescriptive / Non-Prescriptive Standards

Broadly speaking, rules and regulations can be described as being either prescriptive or non-prescriptive. (In practice, there is usually considerable overlap between the two.) When the process safety management standards were first developed, it was recognized that safety could be achieved more effectively and with less fuss if a non-prescriptive and performance-based were to be used.

Prescriptive Standards

A prescriptive standard describes, often in great detail, what actions need to be taken (most environmental regulations are prescriptive). They are what most people think of when safety is discussed. To pick an example, OSHA has the following rule to do with ladders,

All rungs shall have a minimum diameter of three-fourths inch for metal ladders, except as covered in paragraph (b)(7)(i) of this section and a minimum diameter of 1 1/8 inches for wood ladders.

A statement such as that is quite clear and uncompromising; it is also easy to follow. A person installing a ladder at an industrial site need not think about the basic principles of ladder design or use. Nor does that person have to carry out any type of risk analysis. Simply follow the rule as written.

Some process safety related regulations are also prescriptive in nature. For example, most offshore platforms have a range of pressure vessels used for processing the oil and gas before it is sent to shore. API RP (Recommended Practice) 14C sets standards for the design of such vessels. Its requirements have been adopted into law as part of the SEMS (Safety and Environmental Systems) regulation. One section of RP 14C reads as follows,

The safety system should provide two levels of protection to prevent or minimize the effects of an equipment failure.

Although more nuanced than the OSHA rule to do with ladders, the above sentence is mostly prescriptive. It does, however, allow for some judgment. For example, the standard does not specify the types of protection. Most designers will protect against over-pressure using a combination of safety instrumentation and a mechanical device such as a pressure relief valve, but this approach is not an actual requirement.

Non-Prescriptive Standards

The other approach to regulatory structure is non-prescriptive. The regulators do not provide specific and detailed rules regarding what to do; instead managers at these companies set their own standards such that safe operations are achieved.

The basic idea behind this approach is that the companies that operate sophisticated facilities such as offshore platforms and drilling rigs are the ones who know the process and equipment the best, so they are the best qualified to decide what needs to be done to achieve safe operations. It is up to the managers, technical experts and the operations/maintenance personnel to determine how this should be done. There are no universally ‘correct answers’ as to what needs to be done to achieve a safe operation. What is appropriate in one location may or may not be appropriate in another. All that is required is that programs be in place, and that they be adhered to. (In this regard, PSM is similar to ISO 9000 and other quality standards, which also require that companies set their own standards, and then adhere to them.)

An important benefit of the non-prescriptive/performance-based approach is that an industry can immediately capture what has been found by experience or test to work well — there is no need for the regulators to vainly try to catch up with the latest technology.

The non-prescriptive approach can be illustrated by the following quotation from OSHA’s Process Safety Management standard to do with the topic of Mechanical Integrity. It states,

The employer shall establish and implement written procedures to maintain the ongoing integrity of process equipment.

The standard provides no specific requirements regarding the amount of detail or the content of those procedures.

One consequence of this approach is that the overall PSM standard is only about ten pages long. 

Performance-Based / Goal Oriented

Since there are no hard and fast rules as to what must be done to achieve acceptable safety, a risk-based approach must be followed when working in a goal-setting environment. Taking the example of the written procedures to do with maintenance once more, the logic flows on the following lines. 

  • We set our own standard for written maintenance procedures — a standard that is appropriate to our facility and our technology.
  • We conduct a risk analysis to determine that these procedures will meet our performance standards.
  • We do this by determining if they achieve an acceptable level of risk.
  • If they do not, then we need to upgrade our procedures-writing standards. 

The catch in the above logic is, of course, the meaning of the word “acceptable”. Who decides? What is that decision based on? As discussed below, this conundrum leads to difficulties with the term ‘Compliance’ and therefore the ‘Regulator’s Dilemma’.


In a performance-based, goal-driven management system it is, strictly speaking, never possible to be in compliance. The logic is as follows.

  • The goal is not to have incidents, the only measure of success is success.
  • We are using a risk-based approach to achieve this.
  • But risk can never be zero.
  • Therefore, we can never be in compliance.

The Regulator’s Dilemma

Regulators face a dilemma with regard to goal-setting, non-prescriptive safety management systems. Facility owners and operators develop their own safety programs that are designed to meet their specific circumstances. If a regulator approves those programs then he or she has implicitly stated that the program is satisfactory. If, later on, a deficiency is found with the program (either during an audit or an incident investigation) then the regulator must take some responsibility and the owner/operator can claim that the incident is not all his fault.

Copyright © Ian Sutton. 2018. All Rights Reserved.