Tag: RMP (Page 1 of 5)

How to respond to a Compliance Audit Report

Both PSM and RMP require a 3-year audit to “verify that the procedures and practices developed under the standard are adequate and are being followed.” While it is not required, this Compliance Audit is traditionally done through a 3rd party. A common failing I see in this element is end-users not understanding what to do with the Compliance Audit once they’ve received it. What follows are my thoughts on best-practices once you’ve received the Compliance Audit report.

  • Verify the Report
  • Certify the Report
  • Address the Findings / Recommendations
    1. Assess validity
    2. Decide on a solution to address valid recommendations
    3. Implement the solution including any needed interim solutions
    4. Document the resolution as closed

 

Verify the Report

You will want to ensure the report meets the requirements of the PSM/RMP rules as well as your internal Compliance Audit element Written Plan. First thing to do is to read through the report and any findings / recommendations to familiarize yourself with it. Your report may look different than the ones I deliver, but mine have five main parts:

  • An introduction letter describing the audit methodology and the report’s format
  • Closing meeting notes discussing highlights of the report and next steps.
  • An Audit Certification Page (discussed in the next section)
  • Statement of Qualifications: Qualifications of Company and PHA Facilitator / Compliance Auditor, Conflict of Interest Statement & Disclosure. This is basically a written answer to common “Who did this audit and why should we trust them” questions.
  • Compliance Audit worksheets & Findings / Recommendations

Once you understand the format of the report, decide if it met the goals of a Compliance Audit. I use the 3-levels of compliance as my performance basis.

Once you’ve established that the Compliance Audit report meets this performance basis, make sure it is:

  • Complete
  • Free of any copy-paste errors
  • Lacking any blank spaces / questions

If you have any questions or concerns, work with your auditor to address them at this stage, because once we go to the next step, this report is “set in stone.”

 

Certify the Report

Both PSM and RMP require that the employer/owner/operator certify the Compliance Audit report. I include a letter to be dated and signed. This step is often missed but it’s a very simple thing. You are not certifying that the report is 100% accurate, found every single thing wrong, etc. All you are certifying is that “you have evaluated compliance…to verify that the procedures and practices developed under the standard are adequate and are being followed.” In some sense, you’re really certifying that this collection of documents is your Compliance Audit, that you have received it, and that you believe it to be accurate.

 

Address the Findings /Recommendations

Each non-compliance finding will require some sort of action on your part. To assist in this endeavor, I personally rate the findings on a 4-level scale.

A simpler explanation of that rating system might be:

Green: All Good.

Yellow: It’s good, but there might be a better way.

Orange: This is wrong and can get you fined bur probably won’t get anyone hurt in the short-term.

Red: This is wrong and can get someone hurt or even killed.

Below is the flowchart from our model PSM/RMP program on dealing with recommendations. Please see this longer post on the subject for more information. Properly Addressing PSM / RMP Findings & Recommendations

Recommendations will be considered “addressed” when a plan has been put in place to address them. In some cases, a recommendation will not be accepted. OSHA considers an employer to have resolved recommendations when the employer has either adopted the recommendations or justifiably declined to do so. According to OSHA, an employer can justifiably decline to adopt a recommendation where it can document that:

  • The recommendation contains material factual errors;
  • The recommendation is not necessary to protect the health of employees or contractors, the public or the environment;
  • An alternative measure would provide a sufficient level of protection; or,
  • The recommendation is not feasible.

Whether accepting or rejecting a recommendation, it is important that you document your reasoning for doing so and any progress you are making, or have made. In our system we rely on an Implementation Policy called “Resolution of Recommendation” to do this. Below is an example of a recommendation that was tracked to resolution. Note that since it is now complete, they have shaded it green.

Conclusion: While it’s time consuming and labor-intensive, dealing with Compliance Audit recommendations is a fairly straight-forward task. As always, feel free to Contact Us if you have any questions, and check out our Compliance Audit section if you would like us to perform your next Compliance Audit.

Note: Nearly everything in this article is equally true for reports and recommendations from PHA’s, independent Mechanical Integrity Audits, etc.

What we can learn from the tragedy in Beirut, Lebanon?

“Smart people learn from their mistakes. Wise people learn from the mistakes of others.”

Or, in PSM terms: Incident Investigation is how you become smart. Process Hazard Analysis is how you become wise.

Yesterday, a horrific explosion occurred in the port of Beirut, Lebanon. This morning it is being reporting that over 100 are dead, over 4,000 are injured, and up to 300,000 are homeless. Estimates of the economic damage have been as high as five billion dollars. 

Beirut, Lebanon 080420

Beirut, Lebanon Explosion 08/04/20

It is believed that the explosion was the result of 2,750 tons of ammonium nitrate stored at the port. The authorities will now have to try and piece together what happened to see what they can learn from this incident.

Beirut, Lebanon 080420

Beirut, Lebanon Explosion Aftermath 08/04/20

In PSM terms, this is where we implement the Incident Investigation element. Refer back to that earlier quote, “Incident Investigation is how you become smart.” One of my first mentors put it another way: “Wisdom is healed pain.” It is right and proper that we learn from the mistakes we make, but there is a better way: Learn from the mistakes of others so you don’t repeat them!

Al Jazeera is reporting that the chemical storage was known about for seven years, and while the port authorities asked for assistance in dealing with the dangerous situation SIX TIMES, they did not receive a response. It appears that the authorities in Beirut had the information they needed to KNOW they had a hazards to address for many years. 

The dangers of Ammonium Nitrate explosion are WELL KNOWN.  Check out this older article on the events in West, Texas – or check out the pictures I took there after the explosion. (Note, according to the Al Jazeera timeline, the improper storage of this chemical in Lebanon began right around the time of this incident in America.)

West Texas 2013

Ammonia Nitrate explosion damage in West, Texas (2013)

A proper PHA prevents incidents. In the PHA process, we Identify hazards, Evaluate those hazards, and then Control those hazards.

A timely Process Hazard Analysis would have shown OBVIOUS problems with Facility Siting, RAGAGEP compliance, and equipment / facility suitability. It appears that in Beirut, the port officials informally identified at least some of the hazards, and to some degree they analyzed them. Those responsible in Beirut had AMPLE opportunity to CONTROL the hazards but chose not to – for reasons we don’t yet know. 

Put another way, because they did not accept their responsibility to perform a Process Hazard Analysis, they now have to accept their somber duty to perform an Incident Investigation.

Incident Investigation is how you become smart. Process Hazard Analysis is how you become wise.

Are there any issues in your facility that you are aware of that you haven’t yet addressed? Consider this tragedy in Beirut as a reminder to take action on them. There’s no time like the present!

P.S. There are large Ammonia Nitrate stockpiles all over the world. When stored properly it is very, very safe. But storing it next to a fireworks warehouse in a vault that wasn’t designed for it is begging for a disaster.

 

— Update: The Times of Israel quotes Lebanese Prime Minister Hassan Diab as saying: “What happened today will not pass without accountability. Those responsible for this catastrophe will pay the price.” With respect, no, they won’t pay the price.

The people that died paid the price. The loved ones of the deceased, the people that were injured, and those who are now homeless are paying the price. The people responsible may pay a price, but it’s unlikely to be as severe as the one paid by those who had no part in the series of errors that lead to this catastrophe.

Digging Yourself Out of a Hole

(What to do when you are suddenly responsible for years of Process Safety neglect.)

It’s a scene I come across time and time again: a newly assigned PSM/RMP coordinator staring at me with shock as we progress through their Compliance Audit, Process Hazard Analysis, or 5yr Independent Mechanical Integrity Inspection.

“I didn’t know things were this bad!” they’ll say under their breath, once the situation starts to become a little clearer to them. You can imagine them standing at the bottom of a deep, dark hole wondering how they’ll ever make it back to fresh air and bright sunshine they thought was all around them just a few hours ago. For those of you that have read my previous post on the “Stages of PSM Grief,” this is the moment they are breaking past the Denial stage.

It can be heartbreaking to watch the mixture of Anger, Bargaining and Depression, especially if you remember what it felt like to be there yourself.

Often, I will have to re-assure them that this is just the start of the process and the beginning isn’t going to be fun. Sometimes I’ll quote Winston Churchill.

 

 

What’s really important is that we understand there will be a way out if we remain calm and plan intelligently. Unsurprisingly, you need a process to address Process Safety issues

So, let’s start planning our escape!  We’re going to move slowly at first, with ever-increasing confidence, and once we get rolling we’re going to start seeing daylight.

Here’s how our progression will look:

  • Assess the situation
  • Prioritize the issues
  • Formulate the plans & assign responsibility
  • Implement, Implement, Implement!

 

Part 1: Assess the situation

Obviously, if you are in the middle of (or have just gone though) an audit or inspection, you’re well on the way! If you are recently assigned to this coordinator role and you don’t have a recent compliance audit, PHA, and MI report, then these are good places to start.

Assessment is really two parts which can share the same ground.

  • Compliance: Where you are in relation to where you need to be.
  • Culture: Where you are in relation to where you want to be.

I can’t stress this enough – being compliant is not some lofty place. It is the bare minimum of safety allowed under the law. How far past “my company isn’t violating federal and state law” you want to go depends a lot on the culture of your organization. For example, companies with a brand to protect tend to aim a lot higher than those that don’t. Companies that are barely making ends meet tend not to have a lot of resources to bring to bear on things that aren’t strictly required.

Recently, based on a conversation with colleagues, I half-jokingly formulated what I called the Haywood / Chapin Process Safety performance scale as a visual tool. Note that you get a score of zero for being compliant because that’s the baseline. We’re not going to go around congratulating each other for not violating Federal and State laws. Additionally, we aren’t going to give ourselves any credit for trying – only for results: Safety & compliance aren’t kindergarten so we aren’t giving out participation trophies.

Note: It’s common at this point to try and figure out how the company got themselves in this hole, but there is usually very little of value that comes out of this conversation. If the same people, and the same processes are in place, don’t expect different results unless they are willing to change. Don’t get your hopes up just because people want to change. What matters is if they are willing to put in the work to change. If only wanting to change was enough to effect change, nobody (including me) would be carrying around a few extra pounds.

 

Part 2: Prioritize the issues

All right. Now you have collected all the deficiencies so you know the ground you need to cover to get where you want to be – or, in our analogy, how far it is to get out of the hole you are in. Now we need to figure out in what order we need address these issues. Hopefully, your audits have given you some guidance here. For example, this is the color code I use for my compliance audits:

Obviously in this scheme, we’d focus our efforts on the red items, then the orange, etc. You will want to prioritize the actions you take based on the risk to your employees, your community and your business. I strive to get the “buy-in” from the audit team during the audit itself so this step is pretty much done for you. However, you may have a lot of findings & recommendations to deal with so further prioritization can be useful.

 

Part 3: Formulate the plans & assign responsibility

Formulating the plan(s) is one of the most difficult parts of the whole endeavor: How do we address all the issues we’ve found? We’re going to use a few strategies to help us formulate our plan:

  1. Group where appropriate
  2. Don’t reinvent the wheel
  3. Don’t make Perfect the enemy of the Good
  4. Leverage strengths & Avoid weaknesses

Grouping: One thing you may find is that a common root cause means you can group items. For example, if I have a poorly constructed MI inspection with 600 pipe label recommendations I can view each of those as individual recommendations or I can decide that the root cause is that we don’t have a system to ensure adequate pipe labeling. For me, I’d rather put a system in place to address that widespread deficiency than rely on just fixing the issues someone else found thus ensuring I’ll need them to find them next time too! For the example of pipe labeling, I would train my operating staff on the requirements of IIAR B114 and place a label check in the annual unit inspection work order. Properly implemented that system ensures that the issue will be addressed in the next year and will continue to be addressed regularly thereafter.

Don’t reinvent: There’s plenty of freely available templates for nearly all programs, procedures, work orders, etc. you may need. Don’t waste your time creating a policy or procedure from scratch when you can often use a pre-made one to address the issue with little or no change.

Don’t make Perfect the enemy of the Good: Sometimes altering a simple policy that solves the problem 99% of the time to one that solves it 100% of the time turns it into a lengthy and confusing mess. Policies and procedures aren’t meant to completely replace independent thought – they should be designed to guide it. We should bias our efforts towards “good enough” at first and strive towards perfection over time with continuous improvement.

Leverage Strengths & Avoid Weaknesses: Tasks should be assigned to people based on their competencies. For example,  if you have a good core competency in your staff for writing SOPs, then by all means go ahead and write them. But if you don’t have anyone with that experience, maybe outsource that issue so their time is spent on the things they are already good at. Using a stock template and the needed PSI, my personal average for SOPs is about 1.5 hours. I’ve seen relatively competent people take 10 hours or more on the same SOP. The difference is that I wrote the template and have used it thousands of times. On the other hand, I’ve been known to take 3x as long as a skilled operator to change oil filters on a compressor because I’ve only done it a handful of times.

Assigning Responsibility is crucial. What we want is to have someone own the solution. Even if you assign a task to an outside consultant or contractor, make sure someone in-house is assigned the responsibility for the task to ensure they keep that 3rd party in-line and on-schedule.

Also keep in mind that this is a great place in this process to manage expectations. Often a facility has been neglecting their PSM duties for decades but seems shocked that the newly assigned PSM coordinator can’t solve the problem in a few weeks. Let’s just say that if it took 10 years to dig the hole, it’s not realistic to expect anyone to dig you out of it quickly.

 

Part 4: Implement, Implement, Implement!

Prussian military commander Helmuth van Moltke is famous for saying that “No plan survives first contact with the enemy.” You are never going to get anywhere until you go out there and start implementing your plans. You can’t build a reputation on what you plan to do. 

Don’t be hesitant to reassess and change the plan if things aren’t going well.

One of the most important things you can do during this part of the process is having regular PSM meetings. Make sure everyone assigned a task is asked about their progress. It may seem like a waste of time, but it’s also a good practice to go over the things you have already accomplished. I recommend this for two reasons:

  • It gives everyone a chance to confirm that the implemented solution to the issue worked
  • It reminds you that progress is being made and you will eventually get out of the hole if you keep on!

 

 

As always, if there is anything we can do to help, please contact us!

How Many Operators do we Need?

Disclaimer: This post is a collaboration between an industry friend and colleague, Victor Dearman and I. The views expressed here do not necessarily represent the opinions of any entity whatsoever which we have been, are now, or will be affiliated.

It’s a question we hear often – sometimes as part of a PHA or Compliance Audit, but more often with someone just struggling to justify their staffing requests. Unfortunately, there really isn’t a simple, definitive answer to the question. No controlling RAGAGEP exists and state / local laws on the topic are relatively rare. This sort of problem isn’t rare in PSM because it is a performance-based standard. Our performance basis is that we are staffed sufficiently to ensure the safety of the people within the building and the surrounding community.

We need to answer the “How many Operators do we need?” question in a way that we can support it, or as we like to say, “Build a defensible case for the answer we arrive at. The answer itself will depend on many, many factors. So, let’s go on a journey and see how we can arrive at an answer we can feel confident in.

 

The road to an answer

The biggest factor for many is the design (age!?) of the system controls. A modern system with advanced controls requires less oversight on a day-to-day basis. If your system still relies on manual controls and people writing down pressures every hour, then that’s going to have a significant impact on your staffing needs. But once we get past that obvious issue, things get a bit more complicated.

Let’s be honest here, if things are running well; you have a good history with compliance audits, inspections, incident investigations, etc. and a low MI backlog, you’re probably not asking this question. If you are asking this question, it is probably due to an event related to a PSM/RMP element.

Let’s look at the kinds of element events that typically lead to this question.

  • Employee Participation
  • Mechanical Integrity
  • Incident Investigations
  • Management of Change / Pre-Startup Safety Review
  • Process Hazard Analysis
  • Emergency Action and Response Plans

 

Employee Participation: Look, everyone feels over-burdened at work, especially in the modern “Do MORE with LESS” era. But, if you pay attention to it, and look at these other elements, this employee feedback can provide valuable insights into the adequacy of your staffing.

 

Mechanical Integrity: What we’re looking for here is to understand if you have the skill sets and staffing to adequately maintain your refrigeration system. Whether you do everything in-house, or have a small in-house small crew performing basic rounds and contract out all the rest of the maintenance, inspections, and tests, is it adequate?

Here’s some MI related questions you might ask to help you determine if your staffing is adequate:

    • Are we properly implementing our Line & Equipment Opening (sometimes known as line break) procedures?
    • Are we caught up on ITPMR’s (Inspection, Test and Preventative Maintenance Reports) or work orders?
    • Is the documentation of ITPMR’s, Work orders, Oil Logs adequate?
    • Are we performing our scheduled walk-through’s and documenting them properly?
    • Are we addressing MI recommendations in a timely manner?
    • Are there indications that maintenance of the facility and system are being conducted properly and required repairs aren’t being delayed?
    • Are there no indications in the written MI records, or in your observations, that the system is running outside the written operating limits?

 

Incident Investigations: A review of incident investigation history can tell us a lot if the facility has a good process safety culture. But if they don’t have the right culture, and /or they don’t have any documented incidents, you’re going to have to do a little detective work and interview plant employees to find out if incidents are occurring that aren’t being recorded. Remember to spread your net wide here because incidents can happen at any time, not just on day-shift: Backshifts, weekends, holidays, etc. there’s no time immune to a possible incident.

You may also find indications of incidents occurring in walk-through logs, communications logs, ITPMRs, work orders, etc.

Here’s some II related questions you might ask to help you determine if your staffing is adequate:

    • Are incidents being reported, conducted, and documented? If not, is this a culture issue or a staffing issue?
    • Are incidents and incident report findings & recommendations being addressed, communicated, and followed to their conclusion?
    • Are there incidents that could have avoided with proper staffing?
    • Are there incidents that would have their severity reduced with proper staffing?
    • Are there incident investigations with recommendations that could be addressed with proper staffing?

 

Management of Change / Pre-Startup Safety Review: Properly implementing the MOC and PSSR elements takes a lot of time! We often find that these two elements are amongst the first to “fall behind” in suboptimal staffing situations. Here’s some MOC/PSSR related questions you might ask to help you determine if your staffing is adequate:

    • Have MOCs / PSSRs been conducted when they were supposed to be?
    • Were the MOCs / PSSRs conducted adequately to properly manage the hazards related to the change and the new systems?
    • Is the documentation of MOCs / PSSRs complete?
    • Are there any open items or recommendations from MOCs, PSSRs, or project punch lists?

 

Process Hazard Analysis: The PHA and open PHA recommendations can also help us understand if our staffing levels are appropriate. There may also be indications in the PHA itself. There’s a portion of the PHA that deals with staffing directly, but we’ll deal with that in the Building a defensible case on staffing section of this article.

Here’s some PHA related questions you might ask to help you determine if your staffing is adequate:

    • Are the PHA recommendations being addressed, communicated, and followed to their conclusion?
    • Is the facility provided with modern controls, alarm systems and equipment? (Newer, modern facilities often have significantly lower staffing needs than older ones)
    • Has the PHA been updated / validated as required by MOC activities and the 5yr schedule?

 

Emergency Action and Response Plans: Whether we’re looking at the plan(s) themselves, or analyzing an after-action report, a there can be a lot to learn here concerning proper staffing levels. Obviously, the required staffing levels for Emergency Response facilities is going to be higher, but that doesn’t mean there is no staffing requirement for Emergency Action plans.

Here’s some EAP/ERP related questions you might ask to help you determine if your staffing is adequate:

    • In the event of an incidental release of ammonia, do you have adequate staffing to investigate and respond?
    • In the event of an emergency response, even if you are not a “responding” facility, do you have adequate staffing to ensure that the equipment is properly shut down?
    • If you are a “responding” facility, do you have enough adequately trained personnel to staff your response team including an Incident Commander, safety officer, decontamination personnel, two entry teams, etc.
    • If you bring key staff back on-site to deal with emergencies, are they close enough to respond in a timely manner, or do you need to increase the size of your trained response team?

 

Building a defensible case on staffing

Ok, we’ve answered our questions and gathered a good impression of where we stand – and where we should stand. Maybe we need to adjust our staffing levels and/or increase the amount of services we ask contractors to complete for us. Where should we document this? In our opinion, the place in the system where the facility already had the opportunity to address this issue, was in the PHA. So, let’s go back to the PHA, end see if our results match the PHA team’s.

You are going to be looking for the following two questions (or their equivalents) from the standard Human Factors section of the IIAR What-If /Checklist worksheets:

HF14.37 – What if an employee is stressed due to shift work and overtime schedules?

HF14.38 – What if there are not sufficient employees to properly operate the system and respond to system upsets?

During the PHA, the facility should have answered those in a way that says they have adequate staffing or recommended that staffing be increased. Let’s say you decided that you had adequate staffing based on your answers to the questions above. If that’s the case, we’d expect to see something like the following:

 

If, however, we found some areas for improvement, we might expect something like this:

 

Closing Thoughts: We hope you didn’t start reading this hoping for an easy answer, but we’re fairly certain – now that you understand the full scope of the question being asked – that the answer doesn’t need to be easy, it needs to be correct and defensible.

You can build a much better understanding of your staffing needs by looking at the existing elements in your Process Safety program. Any decent Compliance Audit would cover this same ground, if staffing is an area of concern for you, make sure to bring it up.

P.S.  from Victor: Some facilities might try and get more value from a security guard on off shifts or holiday coverage to make roving patrols and report abnormal conditions and alarms? Sure, but that also means that guard has to be trained to identify what the alarms mean, how to identify an abnormal condition, and that they know what to do to either immediately correct the deviation or immediately contact someone that can (on call techs or service providers). By the time you have invested this much into a guard, you could have paid for a well-qualified operator.

My advice to any organization when making these decisions is to evaluate the above and take into consideration the attracting well rounded operators with the skill sets and experience often sought is more often through word of mouth about how the organization projects their Process Safety culture.

How to hire operators? Well, that sounds like a good subject for a future article!

Should we perform an Incident Investigation for Hail Damage?

The Issue: Recently an industry friend reached out with a question that I thought was worth sharing. They recently had some fierce storms roll through their area that involved tennis-ball sized hail. This hail caused some insulation damage, but didn’t cause any ammonia release. Here are some pictures of the type of damage they experienced.

Hail Damage pictures

Hail Damage pictures

The question is “Would this require an Incident Investigation?”

 

The Law: As always, first we look at the law.

OSHA 29CFR1910.119(m)(1): The employer shall investigate each incident which resulted in, or could reasonably have resulted in a catastrophic release of highly hazardous chemical in the workplace.

EPA 40CFR68.81: The owner or operator shall investigate each incident which resulted in, or could reasonably have resulted in a catastrophic release.

While there is obvious damage to the protective jacketing and vapor barrier, you could make a defensible argument that this is not something that could “reasonably have resulted in a catastrophic release of highly hazardous chemical.” That’s not to say there isn’t any value to such an investigation, but that there most likely is not a requirement to investigate this incident based solely on the PSM/RMP rules. But, the rules aren’t the only guidance available to us, so let’s look further.

 

RAGAGEP and Written Programs: In my opinion, the best RAGAGEP available on the topic is the CCPS book Guidelines for Investigating Chemical Process Incidents, 2nd Edition, which is what inspired the approach we take in our Incident Investigation element Written Plan. Similarly, the IIAR’s publication PSM & RMP Guidelines makes roughly the same types of arguments and include an EPA suggestion that any damage of $50,000 or more should be investigated. If you’ve priced insulation recently, you know we’re likely to hit that threshold.

Here’s the relevant part of our Incident Investigation element Written Plan which incorporates the CCPS guidance:

An Incident is an unusual or unexpected occurrence, which either resulted in, or had the potential to result in:

  • Serious injury to personnel
  • Significant damage to property
  • Adverse environmental impacts
  • A major disruption of process operations

That definition implies three types or levels of incidents:

Accident – An occurrence where property damage, material loss, detrimental environmental impact or human injury occurs. (off-site Ammonia release, product in freezer exposed to ammonia, personnel injury, etc.)

Near Miss – An occurrence when an accident could have happened if the circumstances were slightly different. We sometimes call these incidents “An Accident where something went right”. (Forklift strikes an air unit causing only cosmetic damage and no Ammonia is released, an activation of an automatic shutdown, etc.)

Process Upset / Interruption – An occurrence where the process was interrupted. (Vessel high-level alarm, a nuisance ammonia odor report, ice buildup on an air unit preventing it from cooling properly, failing to conduct required PSM activities as scheduled, etc. Many Process Interruptions are fixed before the event leads to a shutdown. If the equipment was shut down manually or automatically in response to an unexpected occurrence, then the incident is to be investigated as a Near Miss.

This storm damage would seem to trigger the “Significant damage to property” part of the Incident definition and classify it as an Accident due to “property damage.” In accordance with the relevant RAGAGEP and our element Written Plan, we’d expect you to conduct an Incident Investigation despitedefensible argument that the PSM/RMP rules do not require one.

 

What we accomplish with an Incident Investigation: With a formal assessment of the incident, we’re hoping to document the following:

  1. The safeguards in place were adequate such that an ammonia release did not occur;
  2. The damage was investigated and found to be largely cosmetic with no significant effect on integrity, and limited effect on efficiency;
  3. Provide a documented recommendation to address the damage, both in the long term (replacement/repair) and short-term (sealing up any vapor barrier tears with caulking for example);
  4. Provide a method of tracking the identified corrective actions to closure.

Conclusion: While it seems pretty clear the PSM/RMP rules themselves wouldn’t require an Incident Investigation, RAGAGEP would and there’s much to be gained from one.

Powered Industrial Trucks in Machine Rooms

Powered Industrial Trucks (PIT) in Machine Rooms are a known struck-by hazard.  What most people don’t realize is how serious the results of a PIT impact in a Machinery Room can be.

For example, a forklift / scissor lift impact that shears a 3″ TSS (ThermoSyphon Supply) or HPL (High Pressure Liquid) operating at a typical head pressure of 160PSIG results in a release rate of over 18,500 pounds per minute.

Many facilities attempt to establish a ban on PIT in their machinery rooms, but while the needs for PIT in machine rooms are very limited, there are situations where they are necessary. An outright ban won’t likely survive prolonged contact with reality.

To address this issue in a PHA, we usually recommend a Written Machine Room PIT policy as an administrative control. For years we’ve discussed the content of that policy informally with people. Recently a PSM coordinator shared her written policy & permit with us and after some alterations and formatting, we’re adding it to the SOP Templates section.

Front of the Permit:

Back of the Permit with additional explanations:

 

As always, you can find this on the Google Shared template drive.

Trump EPA goes LIVE with new RMP rule: Is this finally the end of the saga?

The story so far…

Dec 2016: Outgoing Obama EPA releases changes to the RMP rule on the way out the door.

Apr 2017: Incoming Trump EPA puts the RMP rule changes on hold.

Jun 2017: Trump EPA further delays the RMP rule changes.

May 2018: Trump EPA proposes new RMP rule changes, reversing Obama changes.

Aug 2018: DC District Court reverses Trump Rule and re-instates Obama rule essentially making it the existing rule with compliance dates in the past. Trump EPA is basically told that it can change the rules, but it needs to follow different procedures to do that. Trump admin appeals and the rule changes are put on hold.

Sep 2018: Trump admin loses appeals. Obama RMP rule changes are officially LIVE. Trump EPA announces that they will follow the different procedures and change the rule the right way. (Not-so-secretly, the entire EPA is told NOT to enforce the new rule, but out of an abundance of caution, most RMP adherents implement the changes anyway. After all, it IS the law.)

Dec 2019: Trump EPA officially posts the new rule and places it in the CFR making it LIVE on 12/19/19. (See links at the end of the post)

 

So, where do we stand now?

Ok, we’ve got a new RMP rule. It appears to have gone through the correct rulemaking process. It’s been published in the Federal Register making it the law of the land.

 

So, what do we do now?

Well, let’s be honest; the Trump administration IS GOING TO GET SUED over this. What happens then? Who knows!? If you follow the courts in modern America, you know there is very little that can be accurately forecasted.

What we do know is that we have a new rule. The new rule appears to have been done correctly with sound documentation as to the reasoning for the changes. In my opinion, the new rule will LIKELY hold up in court. Even if it doesn’t, it is highly unlikely the EPA could get away with fining / citing people for not following a court-reinstated rule under such a cloud of confusion.

In any case, the new rule is easier to follow and makes more sense than the Obama EPA rule changes did. It reverts the majority of the RMP rule to match the PSM rule where they SHARE jurisdiction. The only substantive changes are to the EPA-specific areas where the EPA alone holds jurisdiction.

 

Ok, so how do I comply with this new rule?

If you do use our template system, I’ve got some good news for you! This is where using a set of open-sourced, professionally curated templates really shines. ALMOST ALL THE WORK has been done FOR YOU!

  • To improve your understanding of the new rule, read how we changed the program to meet the new requirements. This will help you to train your colleagues on them.
  • Replace existing copies of the affected Written Plans / Forms, taking a moment to look at the changes between the older versions and the new ones.
    1. Implement new EAP-C form.
    2. Modify the MI-EL1 EAP/ERP line to reflect the new text.
  • Train all Responsible Persons and affected management on the new policies.

Note: Estimated time for the above is about 2-4 hours depend on how well you know your PSM/RMP program.

 

On the other hand, If you don’t use our template system, you’re going to have to re-create the work I’ve already done:

  • Skip to the end of this article to get the links to the new information.
  • Read the 83-page Federal Register notice and make a series of notes about the new requirements. You can probably skip the 109 footnotes for now.
  • Compare those new requirements to the version of the RMP rule your program is CURRENLY written to comply with; whether that’s the pre-Obama, Obama, or Trump proposed version.
  • Starting at the beginning of your program, read through each of your Element Written Plans and see what changes have to be made. Refer to your notes from the first step. (You may wish to read how we changed our program to meet the new requirements)
  • Update / alter your program to meet these new requirements.
  • Train on these new changes

Note: Estimated time for the above is about 40-80 hours depend on how well you know your PSM/RMP program and the EPA RMP rule.

 

Template Program changes in detail

Please note, where not specifically shown below all affected Element Written Plans had their CFR section updated to the current 12/19/19 CFR.

Element What Changed Changes to Program Templates
01 – RMP
  1. A few definitions were deleted
  2. Some compliance dates and RMP references were changed
  3. Various Program 2 Changes
  4. Public meetings changes
  5. RMP Filing changes regarding 3rd party compliance audits, public meetings, etc.
  6. Removed significant amounts of publicly available information
  1. As our definition file isn’t limited to EPA sources, no changes were made to the template program documents.
  2. Previously there were sections about the Obama-era law that had a 2021 date tag – these sections were either deleted (because they were removed) or the date tag was removed.
  3. The element written plans are designed around Program 3, so no changes were made in them however all relevant CFR sections were updated.
  4. Updated the Element Written Plan to address these issues
  5. Updated the CFR to reflect the changes.
  6. Updated the Element Written Plan to address these issues
02 – EP N/A None
03 – PSI
  1. Removed the explicit requirement to keep PSI up to date.
  1. While we updated the CFR text, this is sort of implicit in the MOC/PSSR program and the very nature of PSM, so no changes made to the Element Written Plan.
04 – PHA
  1. Removed a nebulous requirement to look for “any other potential failure scenarios”
  2. Removed a section on alternative risk management for chemical / petro plants.
  1. While we updated the CFR text, this is sort of implicit in the idea of a PHA, so no changes were made in the Element Written Plan.
  2. These changes did not cover the NH3 refrigeration industry, so no changes were needed in the Element Written Plan.
  3. Since the explicit PSI “up to date” requirement was removed from the PSI section, it was removed from the PSI checklist in the PHA What-If checklists.
05 – SOP N/A None
06 – OT
  1. Removed an explicit requirement that “supervisors with process operational responsibilities” were covered under this program.
  1. We believe that operators under this element are defined by their function not their title / job position, so no changes were needed in the Element Written Plan.
07 – CQ N/A None
08 – MI No changes to RMP requirements
  1. The MI-EL1 section covering recurring PSM tasks in EAP/ERP was updated to remove the 2021 date codes. While the 10yr Field Exercise frequency is now just a suggestion (rather than a mandate) we’ve kept it in as a good practice.
09 – HW N/A None
10 – MOC / PSSR No changes to RMP requirements
  1. The procedural section “Implementation Policy: Managing Equipment / Facility Changes and using form MOC-1” includes a chart on possible changes to RMP-required information based on an MOC. The reference to “public information” has been removed from this chart.
11 – II
  1. Removed explicit requirements for incident location, time, all relevant facts, chronological order, amount released, number of injuries, etc.
  2. Removed a requirement that Incident Investigations be completed within a year
  1. While we removed these requirements from the CFR section, we believe they are still important for Incident Investigations and they’re already required by relevant RAGAGEP, so no changes were made to the Element Written Plan, the investigation instructions, or the Form-IIR Incident Investigation form.
  2. While we can’t imagine this wouldn’t occur naturally in a functioning process safety program, we removed the requirement. The program – as written – already suggests interim reports when investigations are lagging.
12 – EPR
  1. Lots of changes here: Modified information sharing requirements with responders, modified frequency of field exercises, modified scope of field and tabletop exercises, documentation requirements, compliance dates, etc.
  1. These changes were all incorporated in the Element Written Plan.
  2. To improve program performance, a new form was created “EAP-C Local Authority Coordination Record.” This form was also included in the Element Written Plan.
13 – CA
  1. Removed requirements for 3rd party audits
  1. These changes were all incorporated in the Element Written Plan.
14 – TS
  1. Modified text in the “CBI” section to reflect new wording in the updated rule.
  1. While it’s been changed in the CFR text, it requires no change to the Element Written Plans.

Item-by-Item changes:

  • Reference\EPA Reference\ has been updated with a PDF of the Register Notice.
  • Reference\CFR – Text of Federal Rules\ has been updated with a complete and formatted CFR reflecting the new changes.
  • The various element affected template directories have been updated with Element Written Plans that incorporate the new CFR text AND modified policies to comply with the rule changes
    • 01 – EPA RMP
      • Element Written Plan – REPLACE
    • 03 – Process Safety Information
      • Element Written Plan – REPLACE
    • 04 – Process Hazard Analysis
      • Element Written Plan – REPLACE
      • PHA Worksheet Template – REPLACE
    • 06 – Operator Training
      • Element Written Plan – REPLACE
    • 08 – Mechanical Integrity
      • MI-EL1 Form updated. You may just wish to modify the EAP/ERP line to reflect the new text rather than re-create the form.
    • 10 – Management of Change and PSSR
      • Element Written Plan – REPLACE
    • 11 – Incident Investigation
      • Element Written Plan – REPLACE
    • 12 – Emergency Planning and Response
      • Element Written Plan – REPLACE
      • NEW Form EAP-C – Implement
    • 13 – Compliance Audits
      • Element Written Plan – REPLACE
      • Optional Combined PSM RMP Compliance Self-Audit Checklist – REPLACE
    • 14 – Trade Secrets
      • Element Written Plan – REPLACE

 

EPA links for new information:

  • Updated CFR (aka “law”) from eCFR: link (37 Pages)
  • Federal Register Notice including reasoning for changes: link (83 Pages)

Direct Replacement, Replacement in Kind and Management of Change

Of all the PSM/RMP requirements, the Management of Change element is the most consistently problematic. Most of the difficulty is in answering two questions:

  • The compliance question: Does the change you considering count as a “change” per the PSM/RMP rule.
  • The safety question: Does the change you are considering have the potential to affect the safety of the process?

Note, it is quite possible that you answer NO to the first question and YES to the second question.

 

The text of the Rule

1910.119(l)(1) – The employer shall establish and implement written procedures to manage changes (except for “replacements in kind”) to process chemicals, technology, equipment, and procedures; and, changes to facilities that affect a covered process.

From a compliance perspective, how broadly you interpret the “…changes to facilities that affect a covered process” portion dictates how many changes will be subject to this element.

Of course, there’s also a little window that allows you to avoid the MOC element if you classify the change as a “replacement in kind.” The rule provides a fairly useless definition of Replacement in Kind:

1910.119(b) …Replacement in kind means a replacement which satisfies the design specification.

The “replacement in kind” exception is routinely abused to avoid MOC. To understand this element better, let’s consider a few scenarios: Replacing a Valve, replacing a Motor, replacing an Ammonia Detector, and replacing a Condenser.

 

Example: Replacing a Valve

In this example, we’re replacing a valve with the same model, size, etc. Is this a change? Some people would call this a Replacement in Kind, but I would not. I would call this a Direct Replacement. It’s not kind of like the valve we’re replacing, it’s exactly like it. Such a change is outside the scope of the MOC element entirely.

What if we were replacing the valve with a different brand or model? Then we don’t know if it is a Replacement in Kind until we ask enough questions to assure ourselves that it satisfies the design specification. Some questions we might ask are:

  • Is it made of the same materials?
  • Does it have the same flow ratings / capacity?
  • Does it have the same mode of operation in manual and automatic?
  • Does it have the same Mechanical Integrity requirements?
  • Does it affect the PHA section that this equipment belongs to?

It’s quite possible that you answer enough questions to assure yourself that the replacement valve satisfies the design specification making it a Replacement in Kind. While this means it is outside of the MOC element for compliance purposes, we’d still recommend you document the rationale you used to determine that it meets these design specifications. You could even take this documentation one step further and declare that in the future all replacements of Brand A Model X valve with Brand B Model Y valve can be considered a Direct Replacement in this application.

 

 

Example: Replacing a Motor

A motor might be considered by some (incorrectly) to be outside of the MOC element because it doesn’t (usually) contain ammonia, but this is short-sighted. Remember, the MOC element is about Changes to…equipment…that affect a covered process. A motor for equipment that is part of your covered process would certainly fall within the scope of the element for consideration.

Ideally, we’re replacing the motor with the exact some one – a Direct Replacement that would place it outside the MOC element. But, if we are replacing it with another motor, we will be looking to prove that it satisfies the design specification so we can consider it a Replacement in Kind. Again, we need to ask questions:

  • Does it have the same electrical requirements (phase, voltage, etc.)
  • Does it have the same frame size?
  • Does it have the same RPM, duty rating, capacity, etc?
  • Does it affect the PHA section that this equipment belongs to?

Just like earlier in our valve example, it’s quite possible that you answer enough questions to assure yourself that the replacement motor satisfies the design specification making it a Replacement in Kind. While this means it is outside of the MOC element for compliance purposes, we’d still recommend you document the rationale you used to determine that it meets these design specifications. You could even take this documentation one step further and declare that in the future all replacements of Brand A Model X motor with Brand B Model Y motor can be considered a Direct Replacement in this application.

 

 

Example: Replacing an Ammonia Detector

Like earlier, with the motor example, a change to an ammonia detector might be considered by some (incorrectly) to be outside of the MOC element because it doesn’t (usually) contain ammonia, but this is short-sighted. Remember, the MOC element is about Changes to…equipment…that affect a covered process. You definitely consider these detectors as safeguards in your PHA, so we need to exercise some caution on this change.

If we’re replacing the detector with the exact same one, then it’s a Direct Replacement. If we’re replacing it with a different detector, we need to assure that it satisfies the design specification so we can consider it a Replacement in Kind. Again, we need to ask questions:

  • Does it have the same electrical requirements?
  • Does it have the same output signal / alarm outputs?
  • Does it have the same sensitivity?
  • Does it have the same Mechanical Integrity requirements? The same calibration equipment, schedule and calibration procedure?
  • Does it affect the PHA section that this equipment belongs to?

In my experience, unless you are dealing with a Direct Replacement, no detector meets the requirements for a Replacement in Kind because they almost all fail the last question on calibration equipment, schedule and procedure. That means such a change would require the implementation of a Management of Change procedure.

Here’s where we can get a little clever. The PSM/RMP rules require that we “establish and implement written procedures to manage changes” but they don’t require that we use the same procedure for every change! If we sit down and think through all we need to do to successfully change from Brand A Model X NH3 detector to Brand B Model Y NH3 detector, we could establish a standard procedure for doing so. That means that in a facility with, say, 45 detectors that you are changing over a period of time, you have a Single MOC (to establish the new procedure) and then simply implement the new NH3 Detector Change SOP 45 times as the changes occur.

 

 

Example: Replacing a Condenser

In this example we’re replacing a brand A evaporative condenser with 500 tons of capacity with a brand B evaporative condenser with 500 tons of capacity. Note: this would work the same with if you were replacing it with a different model of brand A as well. Also, if you were replacing a condenser with an exact duplicate, then theoretically you may be able to get by with a PSSR, but that assumes you don’t need any non-standard operating modes during the change-out.

First question: Is it a change to equipment which satisfies the design specification? Answer: Well, I don’t know because there is a lot that goes into that determination. But every part of a condenser changeout has the potential to affect the safety of your system. Questions you should ask include:

  • Does it have the same electrical requirements (phase, voltage, amp draw, etc.)
  • Is it have the same size and weight?
  • Is it made of the same materials?
  • Does it have the same flow ratings / capacity?
  • Does it have the same mode of operation in manual and automatic?
  • Does it have the same Mechanical Integrity requirements?
  • Does the P&ID need to be updated?
  • Does the SOP need to be updated?
  • Does it affect the PHA section that this equipment belongs to?
  • …and the list goes on.

While it is technically possible that you could ask these (and 100 other) questions concerning a condenser replacement in such detail that you ensure it satisfies the design specification, you are going to want to document all that work. I’ve personally never seen it happen unless it was the same make and model. In our opinion, the best way to document all that work is by following the Management of Change procedure.

 

Closing Thoughts

Management of Change is a difficult element. But by working this element, you can find and address hazards before they are introduced to your process. There’s very little that can be said about it better than this advice from the Petroleum NEP:

OSHA’s MOC requirement is prospective.

The standard requires that an MOC procedure be completed, regardless of whether any safety and health impacts will actually be realized by the change. The intent is, in part, to have the employer analyze any potential safety and health impacts of a change prior to its implementation. Even if the employer rightly concludes there would be no safety and health impacts related to a change, 1910.119(l)(1) still requires the employer to conduct the MOC procedure.

PSM is a Thief!

The view that PSM is a time-sink.

A common push-back from facilities that are covered under the OSHA PSM and EPA RMP regulations is the sheer amount of resources these programs require to successfully design, implement, and maintain.

One phrase, seared into my memory, is from a frustrated and over-burdened maintenance manager: “PSM is a thief!”

He was referring to the fact that he had to task high-performing, highly trained and highly compensated personnel to perform Process Safety tasks. Time spent on Process Safety is obviously time that isn’t spent elsewhere.

My counterpoint at the time was “Safety isn’t earned – it is rented. And the rent is due every damned day

After an experience I had last week, I think there’s a better way to respond. I’d like to share my new response with you, but first let’s talk about the experience that made me see a new way of approaching this issue.

 

The experience

During the recent RETA conference the guest speaker was Jóse Matta. Jóse suffered ammonia burns over 40+ percent of his body when a condenser failed in an overpressure event. The event involved a portable ammonia refrigeration system. Before transport the system is drained of ammonia. In this incident, the driver placed a cap on the relief valve outlet due to DOT concerns. However, once the unit arrived onsite, the capped relief valve wasn’t noticed. Eventually this led to an overpressure event once the unit was charged and started.

Jose Matta barely survived his exposure. He nearly died in the hospital. His wife was brought into the burn unit to say her final goodbyes to her husband – the father of their children. When he was lucky enough to survive, he had to endure multiple surgeries. He no longer has a sense of smell and can barely taste food. He no longer has the ability to sweat and has to constantly monitor his condition when it’s hot out to avoid heat-stress or heat-stroke.

 

What does Jose’s experience have to do with “PSM as a thief?”

Post-incident, several failures of the PSM program were noted:

  • Pre-Startup Safety Review failed to identify the capped relief.
  • SOPs and Training on startup either weren’t adequate to control the hazards, or weren’t followed.
  • Setup time and tight scheduling, location of safety showers, weren’t adequately addressed in the PHA.
  • The MI program didn’t ensure that the high-discharge-pressure interlock worked.
  • The technician and contractors at the site weren’t familiar enough to know there was a safety shower located in a nearby building.
  • The EAP didn’t provide adequate information to the facility or responders, leading to them delaying effective treatment.
  • There was no command system in place. Nobody called 911. Nobody took charge. Nobody met the responders when they arrived to explain what was going on.

If the Process Safety items above were properly in place, the incident either wouldn’t have happened, or the outcome would have been significantly better for Jóse.

You see, when I pushed back from the “PSM is a Thief” argument before, I was wrong. I should have agreed with that statement.

 

PSM *is* a thief. Yes, it takes resources, but it can also take a LOT more from you!

PSM can steal from you: the opportunity to nearly die in a chemical release.

PSM can steal from your family: the opportunity for tearful goodbyes.

PSM can steal from you: years of surgeries, painful rehabilitation, and diminished health.

 

Yeah, PSM is a thief. I’m plenty happy to have these experiences stolen from me and the people I work with.

Without Process Safety, people are taking risks without knowing they are taking them. NOBODY should have to do that.

If you want your Process Safety program to steal these experiences from your facility, your coworkers, your neighbors, and YOU, we can help!

« Older posts