Elements of Process Safety Management
Paul R. Amyotte1; Cathleen S. Lupien Dalhousie University, Halifax, NS, Canada
1 Corresponding author: email address: [email protected]
Abstract
The purpose of this chapter is to present the current state of process safety management (PSM) systems employed in the global process industries. A review of relevant literature on safety management systems in general, and PSM systems in particular, is presented with the aim of identifying best practices in terms of both systems and their specific elements. PSM systems from jurisdictions in Asia, Australia, Europe, and North America, as well as approaches for the development of process safety performance indicators, are analyzed. The core process safety concepts of inherently safer design, recognition of warning signs, process safety culture, and dynamic risk assessment are also considered from the perspective of their integration within PSM. Practical examples drawn from the process safety literature and the US Chemical Safety Board reports of investigation are given throughout the chapter.
Keywords
Process safety; Process safety management; Process safety management system; Process safety performance indicator; Inherently safer design; Warning sign; Safety culture; Dynamic risk assessment
1 Introduction
Process—any activity involving a highly hazardous chemical including using, storing, manufacturing, handling, or moving such chemicals at the site, or combination of these activities.
Process Safety—the prevention and mitigation of process-related injuries and damage arising from process incidents involving fire, explosion and toxic release.
Process Safety Management (PSM)—the application of management principles and systems to the identification, understanding and control of process hazards to prevent process-related injuries and incidents.
The scope of this chapter is embodied in the above suite of definitions—i.e., management actions directed at the reduction of risk arising from flammable, reactive, and toxic materials found in the process industries. The specific objective is to examine key process safety management (PSM) systems and their elements, as well as process safety concepts requiring integration within a PSM system for them to be truly effective. Fig. 1 indicates the structure of the chapter which progresses from a brief look at management systems and safety management systems (SMSs) in general, through to a more detailed analysis of PSM systems including regulatory, performance measurement, and improvement aspects. The penultimate section preceding the conclusion gives an overview of the relationship between a PSM system and several important process safety concepts: (i) inherently safer design (ISD), (ii) recognition of warning signs, (iii) process safety culture, and (iv) dynamic risk assessment.
In terms of research methodology, a search was conducted of the process safety literature dealing mostly with management system features over the past decade. The search was, again for the most part, restricted to industrial and process safety books, internet sources, and journals (e.g., Journal of Loss Prevention in the Process Industries, Process Safety and Environmental Protection, Process Safety Progress, and Safety Science), with some coverage of conference proceedings. We make no claim that the search design and results are exhaustive, but we are confident that the sampling is well representative of the body of knowledge in this area. There are undoubtedly national and perhaps international PSM systems we have not discussed; the systems and elements described here are, however, indicative of the global consensus for comprehensive PSM coverage.
Motivation for the current work—i.e., why attach special significance to the use of management systems in assuring process safety?—comes from a number and variety of sources. In their review of the occurrence of major process incidents, Amyotte et al. (2016) describe seven core concepts for the prevention of such events: (i) the creation of paradigm-enhancing organizations (e.g., the Center for Chemical Process Safety in the United States), (ii) ISD, (iii) awareness of the total cost of major accidents, (iv) consideration of the broader societal and cultural aspects of major accidents, (v) process safety culture, (vi) process safety competency, and (vii) dynamic risk assessment. As illustrated throughout this chapter, each of these concepts is related in some fashion to the success or lack thereof in employing a PSM system. They are also key contributors, either implicitly or explicitly, to the evolution of process safety practice that is illustrated in Fig. 2.
The following general works also reference the relevance of PSM systems, elements, and concepts (as discussed in this chapter):
• MKOPSC (2012)—An international panel drawn largely from academia identified 19 focus areas for future research, including PSM knowledge transfer, standardization of process safety methods, safety culture, ISD, and risk management.
• Knegtering and Pasman (2009)—The authors’ proposed improvement foci for modern PSM include an adequate process safety measurement system and a continuous learning system.
• Vaughen and Kletz (2012)—Fig. 3 shows how many of our current process safety elements (e.g., management of change) and concepts (e.g., ISD) have been developed in response to major process incidents such as Flixborough, Seveso, and Bhopal. The authors describe our present situation of managing risk, the unexpected, and complex systems, as well as a future in which managing information and addressing public perception are paramount.
• Pasman, Knegtering, and Rogers (2013)—Central to the authors’ holistic approach to process risk reduction are the concepts of dynamic risk assessment, monitoring safety performance indicators for PSM systems, and recognizing weak signals to improve situational awareness—all of which are critical in enhancing facility resilience.
• De Rademaeker, Suter, Pasman, and Fabiano (2014)—This paper (along with MKOPSC, 2012) provides the foundation for Fig. 2 in the current work. The authors also describe the major themes for the 14th International Symposium on Loss Prevention and Safety Promotion in the Process Industries held in 2013 and organized by the European Federation of Chemical Engineering (EFCE); two of these themes were human factors and management systems, and learning from accidents and knowledge transfer.
• Khan, Rathnayaka, and Ahmed (2015)—Safety management and SMSs figure prominently in this comprehensive review of the state-of-the-art with respect to process safety and process risk management.
In closing this section, we present a quote from one of the last papers written by the late Professor Trevor Kletz—a mentor and teacher to all in the field of process safety:
As a consultant I knew the importance of talking to employees at all levels and checking details from time to time. After promotion many people take a helicopter approach, leaving the detail to others. From a helicopter all we see are forests. If we want to see if the forest is healthy, we have to land the helicopter and look at the leaves and twigs.
To continue with Trevor's analogy, we will now board the helicopter for an overview of management and SMSs. We will then disembark and walk among the details of PSM systems and concepts.
2 Management Systems
A management system describes the set of procedures an organization needs to follow in order to meet its objectives.
Management is doing things right; leadership is doing the right things.
Peter F. Drucker, as quoted in Kletz and Amyotte (2010)
According to Schein (2010), management is a largely North American construct for which there is no comparable word in several other languages. He cites the example of the German language, which—although conveying the meaning of concepts such as leading and directing—does not have a counterpart for the act of managing (Schein, 2010). Perhaps then, as remarked by Kletz and Amyotte (2010), it would be more appropriate to speak of process safety leadership rather than process safety management. We will, however, abide with convention and use the familiar term PSM; it should come as no surprise though that later sections of this chapter examine the key role of corporate leaders in managing process safety efforts. (On a personal note from one of the authors (P.R.A.), a highly educational and entertaining treatise on leadership from a completely different field can be found in the book by Ferguson and Moritz, 2015.)
Meyer and Reniers (2016) identify two main categories of management systems: business management systems and risk management systems. Regardless of the classification, the ISMEC progression of steps proposed by Bird and Germain (1996) for management control is appropriate: (1) Identification of the work to be performed, (ii) Standards for the work at all levels, (iii) Measurement of performance to standards, (iv) Evaluation of performance level compared to standards, and (v) Commendation for compliance to standards and constructive correction of substandard work. With only minor tweaking of the ISMEC framework, one easily arrives at the currently accepted view of the essential elements of any management system, often expressed as plan, do, check, act (Arntz-Gray, 2016; Dougherty, 1999—with emphasis on the check function by means of independent auditing).
The thoughts expressed above are in accordance with Asfahl and Rieske (2010) who remark that a manager assumes an enlarged scope of responsibility (and therefore accountability) that involves hazard analysis, standards compliance, and capital investment planning. Brauer (2006) states that management involves planning, organizing, and directing the elements integral to an organization achieving its goals. These elements include activities, people, equipment, materials, facilities, regulations, time, cost, and the physical, social, and management environments (Brauer, 2006).
Analogous to Meyer and Reniers (2016), Hammer and Price (2001) comment that several different, overlapping management systems will typically be functioning within a given organization. These could be core management functions unique to the enterprise, as well as aspects related to financial, personnel, quality, environmental, and health and safety aspects (Hammer & Price, 2001). Meyer and Reniers (2016) give several examples of international management systems for dealing with quality and business performance, and also environmental, integrity, and occupational health and safety matters. The website of the International Organization for Standardization (ISO, 2016) provides information on standards for energy, environmental, quality, food safety, information security, sustainable events, occupational health and safety, and antibribery management systems.
Goetsch (2015) refers to total quality management (TQM) in the context of this system being a forerunner to total safety management (TSM), in which a holistic approach is taken to enhance the safety of employees, products, and processes when establishing safe operating procedures and practices. One recognizes in this approach the modern integrated view of preventing and mitigating loss in the categories of people, property, process, and environment (Wilson & McCutcheon, 2003). In a similar vein, Coulter (1995) deals with the application of TQM to the health, safety, and environmental spheres; Kontogiannis, Leva, and Balfe (2016) give a comprehensive and contemporary review of TSM principles and methodologies. For coverage of systems dealing with general and safety management, quality and safety management, and health, safety, and environmental management, readers are directed to the papers by Swuste et al. (2016), Celik (2009), and Gholami, Nassiri, Yarahmadi, Hamidi, and Mirkazemi (2015), respectively.
3 Safety Management Systems
The objective of a SMS [Safety Management System] is to reduce injuries and to preserve the environment and the productive lives of assets. An effective SMS is recognized by many businesses as an essential requirement for remaining in business.
Having established the industrial relevance of management systems in general, we now turn our attention to those systems that focus on management of safety concerns. Lutchman et al. (2012) argue the business case for SMSs by virtue of the profitability and sustainability benefits accruing to an organization, as shown in Table 1.
Table 1
Benefits of an Effective Safety Management System (Lutchman et al., 2012)
The archival journal literature reviewed in the current work is replete with papers dealing with various aspects and applications of SMSs. Here we have separated them into three categories of papers dealing primarily with: (i) fundamental features, (ii) sectoral examples, and (iii) transportation examples. There is, of course, some overlap in the categories in that a given paper could involve, for example, performance measurement (fundamental feature) of a management system for occupational safety in the construction industry (sectoral example).
3.1 Fundamental Features
Grote (2012) provides an interesting analysis of SMSs in which the issue of system similarity for various high-risk activities is addressed. She establishes three attributes for customizing a purpose-fit SMS: (i) the types of safety being managed, (ii) how uncertainty is managed, and (iii) the regulatory regime applicable to the safety management efforts (Grote, 2012). Grote (2012) speaks of the desirability of knowledge transfer across high-risk sectoral boundaries involving the nuclear industry, chemical process industries, and aviation domains.
In a somewhat similar vein, Pillay (2015) gives an analysis of published articles to demonstrate the relationship between accident causation factors in different industries and the safety management strategies typically employed in those industries. Examples given include sociotechnical systems in the aviation industry, technological and cultural systems in the oil and gas industry, and behavioral systems in road transportation (Pillay, 2015).
Wahlstrom and Rollenhagen (2014) take a creative look at SMSs by using a metaphor based on requirements from control theory:
• a system model to enable prediction of outcomes for specific actions (e.g., SMS elements),
• observability of the system so its state can be determined (e.g., system performance indicators),
• controllability of the system so specific actions can be taken to effect changes in the system state (e.g., risk reduction measures), and
• a preference relation to distinguish between desired and undesired system states (e.g., cost/benefit analysis).
A different sort of comparison is drawn by Moorkamp, Kramer, van Gulijk, and Ale (2014) in their examination of the relationship between SMS theory and resilience engineering theory. They consider the former theory to be one in which uncertainty is minimized, while the latter involves coping with uncertainty (Moorkamp et al., 2014). One can see clear overtones of dynamic operational risk management—as discussed later in this chapter—in their comment that resilience engineering attempts to manage safety by accounting for the constantly changing nature of dynamic operational conditions (Moorkamp et al., 2014). There is thus a role for probabilistic as well as deterministic measures in managing an organization's safety efforts; this observation is in accordance with the earlier discussion of the work of Grote (2012).
Fernandez-Muniz, Montes-Peon, and Vazquez-Ordas (2007) performed a study involving 455 Spanish companies in an attempt to develop a scale for measurement of the extent to which SMSs had been implemented. The developed tool consists of 43 items spread over eight groupings: safety policy, worker incentives, safety training, communication related to prevention, preventive planning, emergency planning, internal control, and benchmarking techniques (Fernandez-Muniz et al., 2007).
Bianchini, Donini, Pellegrini, and Saccani (2017) describe their use of an Efficacy Index for the same purpose—i.e., quantitatively evaluating the effectiveness of implementation of a SMS (in this case, for occupational health and safety). The index relates the costs arising from a loss-producing event or near-miss to the estimated costs to prevent and protect with respect to the unintended event.
Finally, there is clear evidence in the general safety literature of research into concepts that are also key to the success of PSM (as discussed later in this chapter). These include knowledge management and communication (Vinodkumar & Bhasi, 2010), safety leadership (Pilbeam, Doherty, Davidson, & Denyer, 2016; Sheehan, Donohue, Shea, Cooper, & De Cieri, 2016), and leading and lagging indicators for safety performance measurement (Sheehan et al., 2016).
3.2 Sectoral Examples
As demonstrated in Table 2, the breadth of system applications for managing different types of safety in different industrial/activity sectors throughout the world is quite comprehensive. While the depth of subject matter coverage in these papers is substantial, comments here are limited to three brief points. First, it is interesting to note the adoption of a risk-based approach for occupational health and safety management in the work of Sousa et al. (2014, 2015); this is similar to developments over the past decade in the field of PSM (as subsequently explained in this chapter). Second, the role of a SMS in relation to input parameters, other core functions, and management objectives is clearly illustrated in Fig. 4 from the work of Qian and Lin (2016). Third, the coal mine SMS from the work of Wu et al. (2014), as presented in Fig. 5, can be seen to explicitly embody the cycle of plan/do/check/act that was previously described as being essential to the effective functioning of any management system.
Table 2
Examples of Safety Management Systems in Different Industrial/Activity Sectors
Reference | Sector | Management Concern |
Antonsen, Skarholt, and Ringstad (2012) | Oil and gas industry offshore Norway | Safety |
Boustras, Hadjimanolis, Economides, Yiannaki, and Nicolaides (2015) | Microfirms (<10 employees) in Cyprus | Health and safety |
Newslow (2014) | Food industry | Food safety |
Sousa, Almeida, and Dias (2014, 2015) | Construction industry | Occupational health and safety |
Zhou, Goh, and Li (2015) | Construction industry | Safety |
Lingard, Hallowell, Salas, and Pirzadeh (2017) | Infrastructure construction project in Australia | Safety |
Battaglia, Passetti, and Frey (2015) | Municipal waste companies in Italy | Occupational health and safety |
Jeon, Lee, Shin, and Park (2009) | Dams in Korea | Dam safety |
Zhang, Wu, Chen, Skibniewski, and Hsu (2014) | Buildings adjacent to tunneling excavation in China | Building safety |
Qian and Lin (2016) | Underground (tunnel) engineering in China | Safety/risk |
Wu, Xu, Zhou, Peng, and Yu (2014) | Coal mines in China | Mine safety |
Donaldson, Borys, and Finch (2013) | Community sporting organizations in Australia | Sports injury safety |
3.3 Transportation Examples
Literature examples of SMS applications to the transportation industry exist for each of the land, sea, and air sectors. According to Warmerdam, Newnam, Sheppard, Griffin, and Stevenson (2017), work-related vehicles account for 30% of traffic volume in Australia; additionally, drivers engaged in work-related activities are more likely to suffer injury than drivers on the road for purposes unrelated to work. With this risk-based justification for their research, Warmerdam et al. (2017) present their findings on the need for improvements in organization accountability, communication practices, vehicle-related risk reduction, driver competency, and incident investigation. These improvement areas are equally applicable to the management of risks posed by flammable, explosible, and toxic materials.
Similarly, Mooren, Grzebieta, Williamson, Olivier, and Friswell (2014) cite statistical evidence for their risk-based examination of safety management of heavy vehicle transport. Heavy trucks comprise 3% of registered vehicles in the United States, account for 7% of total vehicular mileage, and are involved in 11% of all driver fatalities (Mooren et al., 2014). Again, their findings on the importance of factors such as management commitment, safety training, and worker participation (Mooren et al., 2014) are equally applicable to the field of PSM.
In his study of safety and risk at sea (specifically with respect to tankers), Havold (2010) gives an extensive discussion of safety culture—a concept that underpins all SMSs. His description of safety culture being composed of values, attitudes, perceptions, and competencies (Havold, 2010) gives a good preview of our discussion later in this chapter on process safety culture. The theme of management system measurement requirements is also evident in the call for safety culture metrics that can be employed as leading performance indicators (Havold, 2010).
The Civil Aviation Safety Authority in Australia has provided a SMS guide (CASA, 2014) for aviation operators and organizations. The guide distinguishes between a SMS and a business/quality management system, and discusses principles such as safety culture that are broadly applicable (CASA, 2014). The document also considers human factors within a SMS and presents the familiar Swiss cheese model (Reason, 1990) in the context of flight operations of a Boeing 737-300 aircraft (CASA, 2014).
Cacciabue, Cassani, Licata, Oddone, and Ottomaniello (2015) also present the management system approach to safety from an aviation perspective, but again with broad applicability. They use terminology instantly recognizable to process safety practitioners—such as bow-tie analysis and risk matrix—and when describing the purpose of a SMS as being to prevent, control, and contain the consequences of hazardous events (Cacciabue et al., 2015). Cacciabue et al. (2015) further comment on the significant cultural changes that must accompany the SMS approach. This recurring notion of the critical role of safety culture in managing aviation safety is also apparent in the work of Remawi, Bates, and Dix (2011) and Liao (2015), with the latter study invoking the concepts of just, reporting, and learning cultures (as discussed later in this chapter with respect to PSM).
Before moving on to PSM, we conclude the review in this section with mention of two additional research studies on aviation safety management. Stroeve, Som, van Doorn, and Bakker (2016) present a holistic, risk-based approach for examination of a specific aviation hazard (runway incursions). The work of Nascimento, Majumdar, Ochieng, Schuster, and Studic (2016) describes the development of a SMS for a specific mode of air transport (helicopters).
4 Process Safety Management
Process safety is about keeping it in the pipes (as expressed by numerous process safety practitioners).
Process safety is about understanding the chemistry and physics of the manufacturing process.
Given the above quotes (and notwithstanding the more formal definitions found in Section 1), process safety can be said to be about containment—i.e., keeping hazardous materials (the chemistry), and energy (the physics), within their designed process boundaries. PSM is then about planning, doing, and checking the work needed to ensure containment, and also acting on the results of these efforts. And a PSM system is about assisting company personnel (especially managers) in achieving the organization's containment objectives.
In this section, we examine PSM with a focus on various PSM systems and their elements. The starting point is a brief look at the regulation of PSM; the section concludes with an analysis of performance metrics associated with PSM systems, as well as suggestions from the literature for the continuous improvement of these systems. Case study examples from both the archival literature and the investigations of the US Chemical Safety Board (CSB) are also given.
4.1 Regulatory Aspects
As noted earlier in reference to the work of Grote (2012), the regulatory regime is one of the determinants in designing a SMS. Thus, our objective here is to touch on the topic of PSM regulation; a detailed review of the subject is, however, outside the analytical scope of this chapter. For this latter purpose, readers are directed to the recent paper by Sreenevasan (2015) and the comprehensive review undertaken by the Canadian Association of Petroleum Producers (CAPP, 2014).
We first comment that it would seem well advised to view the regulation of PSM—whether by prescription or based on performance (as explained in the next paragraph)—in the manner expressed by the following authors and corresponding quotes:
… it must be noted that regulations themselves cannot improve process safety performance; instead, regulations should be considered as the minimum standards that can provide the motivation for improvement.
Thoughtful companies recognize that meeting the minimum legal requirements may not be sufficient, and also audit for conformance with their internal company standards and procedures.
… regulatory compliance should be an outcome of a good process safety management program, not an objective.
Attributed to M. Broadribb in Hendershot (2016).
Mannan (2015) also remarks that regulations should be based on science and an understanding of risk, and that compliance must be enforced by the appropriate regulatory body.
The second point made here is that when PSM regulations have been introduced in various parts of the world, it has usually been in response to major process incidents (see, for example, Shin, 2013; Sreenevasan, 2015; recall also Fig. 3). Maher, Long, Cromartie, Sutton, and Steinhilber (2016) describe the US regulatory response to the 2010 Deepwater Horizon (Macondo) incident, and the resulting modified SMS requirements for offshore operations. They also distinguish between prescriptive regulations and goal- or performance-based regulations in the following manner (Maher et al., 2016):
• Prescriptive regulations state-specific actions and requirements that must be met to achieve compliance.
• Goal- or performance-based regulations state the required outcome but leave the manner in which the outcome is achieved to the implementer.
Engineering educators will recognize in these definitions an analogy with undergraduate engineering accreditation systems based on input measurements (e.g., lecture and tutorial hours), and those based on outcomes (i.e., graduate attributes such as proficiency in design and use of engineering tools).
Luo (2010) examines the relationship between PSM inspection citations in the United States (as regulated by OSHA, the Occupational Safety and Health Administration), and management system deficiencies identified in investigations conducted by the US CSB for 19 major chemical accidents. The correlation between the two datasets was found to be significant and enabled suggestions for improvements in enforcement and implementation of the OSHA-regulated PSM system. Kwon, Lee, Seo, and Moon (2016) provide another case study related to experiences with PSM regulation in a particular country (in this case, Korea).
Our third comment on regulatory aspects is that in most industrialized countries, PSM is indeed heavily regulated. A notable exception is Canada, which relies mostly on voluntary compliance and initiatives led largely by industry and industry/technical associations (e.g., the PSM Standard (Piette, 2012) developed by the Canadian Society for Chemical Engineering (CSChE, 2012b)). The CAPP (2014) report terms this voluntary compliance more perception than reality, given the bits and pieces of PSM-type requirements in existing legislation; one such example is the emergency response planning requirements for chemical accidents as specified in the Canadian Environmental Protection Act (Di Menna, 2012).
Macza (2008) provides a historical perspective for the Canadian PSM regulatory scene in terms of constitutional authority over most process industry plants resting with the provinces rather than the federal government. A complicating factor for those in favor of PSM regulation in Canada is that the vast majority of safety regulation at the provincial level deals explicitly only with occupational safety. Although some authors (e.g., Sreenevasan, 2015) have called for national PSM regulation in Canada, this sentiment is not shared by all practitioners (Di Menna, 2012).
In their study of the effect of complex occupational health and safety rule sets on the behavior of managers and corporations, Hale, Borys, and Adams (2015) state that their findings are applicable to any externally imposed regulations (e.g., those promulgated by government). They further comment on the likely applicability of their analysis to internal company standards, and the desirability of extending their research to rules that are not legally binding such as in the case of industry standards (Hale et al., 2015). The current situation in Canada with respect to PSM regulation would seem to afford an excellent opportunity in this regard.
In summary, PSM regulations are best viewed as minimum standards for which compliance should be an outcome not an objective. Major process incidents are a key driving force for governments to introduce or alter a PSM regulatory framework. PSM regulation, although prevalent globally, is not universal as evidenced by the largely voluntary compliance regime in Canada.
4.2 Systems
We now present a number of PSM systems utilized in countries and regions throughout the world. The elements for each system are given in a series of tables and figures drawn from pertinent references. The primary objective in this section is to present the various frameworks of PSM elements, with the elements themselves being the subject of the next section.
Table 3 gives both the elements, and the components for each element, in the PSM system recommended by the Canadian Society for Chemical Engineering (CSChE). Details can be found in the form of a 4th edition Guide (CSChE, 2012a) and a 1st edition Standard (CSChE, 2012b). As noted in CSChE (2012a), the purpose of the Guide is to provide an overview of PSM and an introduction to the Standard; the objective of the Standard is to identify performance requirements that are auditable for continuous improvement purposes (CSChE, 2012b).
Table 3
PSM Elements and Components: Canadian Society for Chemical Engineering (CSChE, 2012a, 2012b)
The PSM approach in Canada (Table 3) is based on an earlier system shown in Table 4 that was originally developed by the Center for Chemical Process Safety (CCPS) in the United States. Table 5 gives the PSM Standard regulated by the US Occupational Safety and Health Administration (OSHA) under 29 CFR 1910.119; descriptions of this system are given in groupings of the first 3 elements by Mason (2001a) and the remaining 11 elements by Mason (2001b). PSM elements regulated by the US Environmental Protection Agency (EPA) under 40 CFR 68 in the Risk Management Plan (RMP) Rule are shown in Table 6 (CFR=Code of Federal Regulations).
Table 4
PSM Elements: Center for Chemical Process Safety, American Institute of Chemical Engineers (CCPS, 1992)
1. Accountability: Objectives and goals
2. Process knowledge and documentation
3. Capital project review and design procedures
4. Process risk management
5. Management of change
6. Process and equipment integrity
7. Human factors
8. Training and performance
9. Incident investigation
10. Standards, codes, and laws
11. Audits and corrective actions
12. Enhancement of process safety knowledge
Table 5
PSM Elements and Relevant 29 CFR 1910.119 Articles: US Occupational Safety and Health Administration (OSHA, 2000, 2013)
Element | Article |
Employee participation | 29 CFR 1910.119(c) |
Process safety information | 29 CFR 1910.119(d) |
Process hazard analysis | 29 CFR 1910.119(e) |
Operating procedures | 29 CFR 1910.119(f) |
Training | 29 CFR 1910.119(g) |
Contractors | 29 CFR 1910.119(h) |
Prestartup safety review | 29 CFR 1910.119(i) |
Mechanical integrity | 29 CFR 1910.119(j) |
Hot work permit | 29 CFR 1910.119(k) |
Management of change | 29 CFR 1910.119(l) |
Incident investigation | 29 CFR 1910.119(m) |
Emergency planning and response | 29 CFR 1910.119(n) |
Compliance audits | 29 CFR 1910.119(o) |
Trade secrets | 29 CFR 1910.119(p) |
Table 6
PSM Elements and Relevant 40 CFR 68 Sections: US Environmental Protection Agency (EPA, 2004)
Element | Section |
Process safety information | 40 CFR 68.65 |
Process hazard analysis | 40 CFR 68.67 |
Operating procedures | 40 CFR 68.69 |
Training | 40 CFR 68.71 |
Mechanical integrity | 40 CFR 68.73 |
Management of change | 40 CFR 68.75 |
Prestartup review | 40 CFR 68.77 |
Compliance audits | 40 CFR 68.79 |
Incident investigation | 40 CFR 68.81 |
Employee participation | 40 CFR 68.83 |
Hot work permit | 40 CFR 68.85 |
Contractors | 40 CFR 68.87 |
Emergency response program | 40 CFR 68.95 |
Table 7 illustrates the newer risk-based PSM (RBPS) system now recommended by CCPS; the arrangement is by accident prevention pillar (4) and PSM element (20). The evolutionary thinking behind the development of this system is shown in Fig. 6 from CCPS (2014), which gives an updated overview of the risk-based approach. The fit of RBPS within CCPS's Vision 20/20 is explained in the following passage quoted from CCPS (ccpsonline.org) in Amyotte, Berger, et al. (2016): [Vision 20/20…] looks into the not-too-distant future to demonstrate what perfect process safety will look like when it is championed by industry; driven by five tenets of culture, standards, competency, management systems and lessons learned; and enhanced by community passion and four global societal themes. The American Institute of Chemical Engineers publication Chemical Engineering Progress has recently introduced a new column, Process Safety Values, to communicate the Vision 20/20 tenets and themes—e.g., a committed process safety culture (PSV, 2016). (See also McCavit, Berger, & Nara, 2014; McCavit, Berger, Grounds, & Nara, 2015 for discussion of CCPS's Vision 20/20.)
Table 7
Accident Prevention Pillars and Risk-Based PSM Elements: Center for Chemical Process Safety, American Institute of Chemical Engineers (CCPS, 2007)
Rosen (2015) provides an interesting and personal look at risk-based PSM in the form of ten commandments (several of which—in particular I, IV, and VI—will be quite familiar by now). Thou shalt (Rosen, 2015):
I. Always honor thy container.
II. Always maintain a sense of vulnerability.
III. Eliminate normalization of deviation (i.e., not accept operation outside set limits).
IV. Know thy chemistry.
V. Educate, train, and drill employees.
VI. Create and nurture a strong risk-based process safety culture.
VII. Recognize those who exemplify process and occupational safety.
VIII. Not tolerate omissions in documentation.
IX. Not manage from behind thy desk.
X. Not violate rules.
There are clearly many similarities among the PSM systems displayed in Table 3 (CSChE), Table 4 (original CCPS), Table 5 (OSHA), Table 6 (EPA), and Table 7 (RBPS CCPS). There are also differences in the naming, number, and arrangement of elements in each of the systems. Detailed comparisons are given in: (i) CAPP (2014) for the CSChE PSM system (Table 3) and the OSHA PSM (Table 5)/EPA RMP (Table 6) systems, (ii) CCPS (2007) for the original CCPS PSM system (Table 4), the OSHA PSM (Table 5)/EPA RMP (Table 6) systems, and the RBPS CCPS system (Table 7), and (iii) CCPS (2016a) for the OSHA PSM (Table 5)/EPA RMP (Table 6) systems and the RBPS CCPS system (Table 7).
The comparison given in CCPS (2016a) demonstrates that at least in terms of element identification, the following concepts are made explicit in the risk-based approach to PSM management promoted in CCPS (2007, 2014):
• process safety competency,
• conduct of operations,
• measurement and metrics, and
• management review and continuous improvement.
This move by professional industry organizations to identifying more system elements and grouping them in thematic areas is also reflected in the PSM system recently developed by the Energy Institute in the United Kingdom. One again sees in Table 8 the explicit naming of key process safety concepts—e.g., competency. Defining and ensuring process safety competency at all levels in a company is critical to the success of PSM efforts (CCPS, 2015).
Table 8
PSM Focus Areas and Elements: Energy Institute (Energy Institute, 2010)
By regulation in Australia, major hazard facilities (MHFs) are required to establish and implement a comprehensive system to safely manage the hazards and risks encountered during operations (SWA, 2012). Table 9 shows guidance on such systems provided by Safe Work Australia (SWA, 2012). Concepts such as leadership, competency, and improvement are again present, along with the familiar technical requirements for hazard identification, risk management, permit-to-work systems, confined space entry procedures, etc.
Table 9
Common Safety Management System Elements Found at Most Major Hazard Facilities (MHFs): Safe Work Australia (SWA, 2012)
Leadership, management, accountability, and commitment |
Hazard and risk management |
Information and documentation |
Design and construction |
Incident management |
Management of change |
Contractor management |
Emergency preparedness and response |
Purchasing |
Systems of work/operations and maintenance |
Personnel |
Monitoring, auditing, review, and improvement |
Possible inclusion of other management system elements:
• Environment and waste management • Quality management |
As a direct result of the 1976 dioxin release in Seveso, Italy, the European Union (EU) operates in a highly regulated environment for the control of major-accident hazards involving dangerous substances (Meyer & Reniers, 2016). Table 10 gives a listing of the primary requirements in this regard for upper tier (Seveso high or tier 2) facilities under the EU Seveso III Directive; Table 11 identifies the broad issues that must be addressed by the SMS referenced in Table 10. Implementation of the Seveso III Directive in Great Britain is accomplished by the Control of Major Accident Hazards (COMAH) Regulations (HSE, 2015).
Table 10
Principal Obligations for Upper Tier Establishments and Relevant Directive 2012/18/EU Articles Concerning the Control of Major Accident Hazards Involving Dangerous Substances: Seveso III Directive of the European Union
Obligation | Article |
Notification to competent authority | 2012/18/EU Article 7 |
Development of major-accident prevention policy (MAPP) and safety management system (SMS) for implementation | 2012/18/EU Article 8 |
Consideration of intersite domino effects | 2012/18/EU Article 9 |
Provision of safety report | 2012/18/EU Article 10 |
Development of internal emergency plan | 2012/18/EU Article 12 |
Provision of information to competent authority to enable development of external emergency plan | 2012/18/EU Article 12 |
Provision of information to land-use planning authorities | 2012/18/EU Article 13 |
Provision of information to the public | 2012/18/EU Article 14 |
Adapted From Leonard, T. (2013). Seveso III directive. Implications for the Irish industry. Presentation to Engineers Ireland, Dublin, Ireland (November 28, 2013). Available at: https://www.engineersireland.ie/EngineersIreland/media/SiteMedia/groups/Divisions/fire-safety/Seveso-III-Directive-implications-for-Irish-Industry.pdf?ext=.pdf (last accessed November 16, 2016); Seveso III. (2012). Directive 2012/18/EU of the European Parliament and of the Council of 4 July 2012 on the control of major-accident hazards involving dangerous substances, amending and subsequently repealing Council Directive 96/82/EC. Official Journal of the European Union, L 197, 1–37.
Table 11
Issues to be Addressed by the Safety Management System Implemented for the Control of Major Accident Hazards Involving Dangerous Substances: Seveso III Directive of the European Union (Annex III of Seveso III, 2012)
Organization and personnel
Identification and evaluation of major hazards
Operational control
Management of change
Planning for emergencies
Monitoring performance
Audit and review
Of particular note in Table 10 is the obligation to consider intersite domino effects. A case in point here is the 1986 Sandoz/Schweizerhalle chemical warehouse fire in Basel, Switzerland, which resulted in far-reaching pollution of the Rhine River (Meyer & Reniers, 2016). Process safety incidents do not respect facility or even national boundaries.
Three examples from Asia help to illustrate the efficacy and widespread adoption of the core principles embodied in the PSM systems found in Tables 3–6. Fig. 7 shows the PSM elements mandated by the State Administration of Work Safety (SAWS) in China. Tables 12 and 13 present similar information for PSM in Korea and Singapore, respectively. As part of a special issue of the journal Process Safety and Environmental Protection to commemorate the 30th anniversary of the Bhopal disaster, Goh, Tan, and Lai (2015) reviewed what happened at Bhopal in relation to the practice of PSM in Singapore. This is an excellent example of leadership in driving the continuous improvement loop critical to the success of any PSM system.
Table 12
Contents of the Process Safety Report Mandated for Submission by Hazardous Installations to the Regulator: Korea (Kwon et al., 2016)
Table 13
PSM Elements: Singapore Standard SS 506 Part 3 (Huat, 2012)
Process safety information
Hazard identification, risk assessment and risk control
Training, awareness and competence
Operating procedures and safe work practices
Management of change
Prestartup safety
Contractors
Mechanical integrity and reliability
Control of hazardous substances
Emergency preparedness and response
Incidents, accidents, nonconformity, corrective action, and preventive action
In a document intended primarily for senior leaders in high-hazard industries, the Organization for Economic Cooperation and Development (OECD) provides helpful advice to ensure an appropriate process safety culture lives in the corporate boardroom as well as the facility workspaces (OECD, 2012). The notion from the previous paragraph that leadership and culture sit at the center of a continuous improvement cycle from risk-awareness through to action is also illustrated in Fig. 8.
We close our discussion of PSM systems with a brief mention of the safety case approach which is prevalent in regulation of the nuclear, aerospace, and offshore oil and gas industries. AcuTech (2012) describes the Safety and Environmental Management Program (SEMP), developed in 1993 by the offshore oil and gas industry, as a process safety-like program that was published in API RP 75 (American Petroleum Institute, Recommended Practice 75). Current US SEMS (Safety and Environmental Management System) offshore regulations have incorporated SEMP/API RP 75 by reference (AcuTech, 2012).
Sutton (2014) identifies the use of a safety case as another manner in which offshore safety can be managed. He defines a safety case as the case that the designers and operators of a facility make to all interested parties that the facility is safe (Sutton, 2014), and gives three principles upon which a safety case is built:
1. Risk control is the responsibility of the people who create the risk.
2. Setting and achieving goals, not following prescriptive regulations, is how safe operations are achieved.
3. Risk must be reduced below an acceptable threshold.
Sutton (2014) argues that the difference between the SMS and safety case approaches is not as great as one might think, with both sharing the first two principles in the above list. He comments that the heart of a safety case is in fact a SMS, and that the safety report required under the Seveso III Directive (Table 10) is essentially a safety case (Sutton, 2014).
The same statement concerning the Seveso safety reports is made by the US CSB in the safety case analysis conducted as part of its regulatory review following the 2012 Chevron refinery fire in Richmond, CA (CSB, 2014a). Key among the CSB's recommendations (CSB, 2014a) is the recommended requirement within PSM for continuous risk reduction to ALARP (as low as reasonably practicable). This, coupled with the need for more goal-based and fewer activity-based or compliance-driven regulations, addresses the second and third safety case principles in Sutton's list (Sutton, 2014).
Readers are referred to Sutton (2014) and CSB (2014a) for further ideas on the relationship between safety cases and PSM (regulated or otherwise). Both documents offer clearly written, authoritative information.
4.3 Elements
There is, of course, no substitute for careful examination of the relevant technical documentation if one wishes to learn the theoretical underpinning for a given PSM element (e.g., CSChE (2012a, 2012b) with respect to the elements in Table 3). Then follows the incubation period of practical experience with respect to the element and how it interacts in an integrated manner with its counterparts in the entire system. This experience can be personal and can also be learned from others in the form of case studies.
In this section, therefore, we review the recent process safety literature for guidance and practical examples related to individual PSM elements. We first draw attention to an innovative study by Aziz, Shariff, and Rusli (2016) in which the interrelationship among the OSHA PSM Standard elements (Table 5) is examined. Table 14 gives the interrelations among the 14 PSM elements and a subset of seven elements deemed critical on the basis of OSHA citations. While the authors recognized the importance of all elements working together as an integrated whole, process hazard analysis (PHA) and mechanical integrity (MI) were the most highly correlated with other elements in their analysis (Aziz et al., 2016).
Table 14
Matrix Showing the Interrelationship Among Critical Elements in the OSHA PSM Standard; the Symbol • Indicates a Significant Correlation Between Elements (Aziz et al., 2016)
Element | PSI | PHA | OP | TNG | PSSR | MI | MOC |
Employee participation | • | • | • | • | • | • | • |
Process safety information (PSI) | N/A | • | • | • | • | • | • |
Process hazard analysis (PHA) | • | N/A | • | • | • | • | |
Operating procedures (OP) | • | • | N/A | • | • | • | • |
Training (TNG) | • | • | • | N/A | • | • | • |
Contractors | • | • | • | • | • | • | |
Prestartup safety review (PSSR) | • | N/A | • | • | |||
Mechanical integrity (MI) | • | • | N/A | • | |||
Hot work permit | • | • | |||||
Management of change (MOC) | • | • | • | • | • | N/A | |
Incident investigation | • | • | • | • | |||
Emergency planning and response | • | • | • | ||||
Compliance audits | • | • | • | • | • | • | • |
Trade secrets | • | • | • |
Table 15 provides references for papers related to elements of the RBPS system (CCPS, 2007) shown in Table 7. The analysis was limited to papers having an explicit management focus; thus, the numerous works available on topics such as specific hazard identification and risk analysis techniques are not referenced here.
Table 15
References From the Recent Process Safety Literature With Respect to Specific Elements in the CCPS Risk-Based PSM System (Table 7)
References | Representative PSM Element |
Frank (2007) | Process safety culture |
Hendershot (2012) | Process safety culture |
King (2013) | Process safety culture |
Olewski, Ahammad, Quraishy, Gan, and Vechot (2016) | Process safety culture |
Baybutt (2016a) | Process safety competency |
Puyosa (2012) | Process knowledge management |
Aziz, Shariff, and Rusli (2014) | Process knowledge management |
Rowe and Francois (2016) | Process knowledge management |
Scholtz and Maher (2014) | Operating procedures |
Hayes (2015) | Asset integrity and reliability |
Majid, Shariff, and Rusli (2015) | Contractor management |
Philley (2002) | Management of change |
Kelly (2013) | Management of change |
Wincek, Sousa, Myers, and Ozog (2015) | Management of change |
Gerbec (2016) | Management of change |
Haesle, Devlin, and McCavit (2009) | Conduct of operations |
Forest (2012) | Conduct of operations |
Forest (2014) | Conduct of operations |
Majid, Shariff, and Loqman (2016a) | Emergency management |
Baybutt (2015) | Auditing |
Allford (2016) | Auditing |
As an example of how a given reference citation was categorized in Table 15, consider the title of Dennis Hendershot's paper (Hendershot, 2012): Process Safety Management—You Can’t Get It Right Without a Good Safety Culture. It seems clear that this reference relates primarily to the element process safety culture, and this is indeed the case. Note, however, that the second column in Table 15 is headed Representative PSM Element. When reading Hendershot (2012), one sees additional references to the influence of safety culture on activities such as PHA and incident investigation, as well as the following section heading: A Good Culture—Critical to all PSM Activities (Hendershot, 2012). This is in accordance with the previously described work of Aziz et al. (2016).
Our presentation now touches on a sampling of Table 15 references to illustrate some features of specific PSM elements. Olewski et al. (2016) describe the importance of safety culture from a university perspective—in their case, managing a major research project on the consequences of ground spills of LNG (liquefied natural gas). As recent events have demonstrated, serious incidents involving hazardous materials are not restricted to industry (CSB, 2010a).
Scholtz and Maher (2014) provide helpful advice on the development of effective operating procedures. They suggest consideration of the following points (Scholtz & Maher, 2014):
• approval of the procedure template by all stakeholders,
• use of a user-friendly procedure format that is consistently applied across the facility,
• breaking down processes into separate units to facilitate referencing of procedures, and
• establishing an appropriate depth of information to be included in procedures, with subsequent adjustment of the training program.
Hayes (2015) gives an illustrative case study of the importance of effective asset integrity management by examining a gas transmission pipeline rupture. This 2010 incident in San Bruno, CA caused eight fatalities (members of the public), and resulted from the failure of a longitudinal seam weld on a line that had not been inspected or tested since installation in 1956 (Hayes, 2015). Among the many excellent points made by the author is the following key observation (Hayes, 2015): The primary strategy for ensuring public safety was the management of system integrity by means of compliance with regulations. The key question in people's minds was “does it comply?,” rather than “is it safe?” One is reminded of the earlier quote from Hendershot (2016) that PSM regulatory compliance should be an outcome not an objective (quote attributed to M. Broadribb in Hendershot, 2016).
MOC is a powerful system that enables continuous improvement through change. If it is not properly applied, however, it can cripple an organization and inhibit such progress (Kelly, 2013). These statements by Brian Kelly aptly summarize the multifaceted nature of MOC—management of change. Change is inevitable for progress, yet it must be effectively managed so as not to impede the very thing it enables; Kelly (2013) refers to MOC as one of the more fundamental elements of PSM. It must be well understood that risk can be heightened not only by technical changes involving valves, pumps, and compressors, but also by organizational changes that occur in the normal course of business and in major events such as mergers and acquisitions (Philley, 2002; Wincek et al., 2015).
As identified in CCPS (2007, 2016a), conduct of operations is one of the new PSM elements appearing in the risk-based PSM system shown in Table 7. CCPS (2014) describes this element as the execution of operational and management tasks in a deliberate and structured manner. Further details can be found in CCPS (2011a, 2012) for both conduct of operations and its subcomponent operational discipline (defined in CCPS (2012) as displaying behaviors within a system of checks and balances that help ensure that things are done correctly and consistently). Conduct of operations has strong ties to the cultural dimension of an organization (CCPS, 2014), as well as other PSM elements such as operating procedures, training and performance assurance, and management of change (Haesle et al., 2009). Forest (2012) offers a timely reminder in Fig. 9 that effective conduct of operations requires discipline not only by process operators (operational discipline), but also by engineering and management personnel (engineering discipline and management discipline, respectively).
There are other examples in the literature that do not correspond directly by element name to the RBPS system given in Table 7—such as the work of Abu-Khader (2004) on human factors and Majid, Shariff, Rusli, and Azman (2016b) on trade secrets. These papers do, however, correlate by specific element name to the CSChE system (Table 3) and the OSHA Standard (Table 5), respectively; they would also be relevant to risk-based PSM (Table 7) by virtue of the various subcomponents of the 20 primary elements. For example, Forest (2012) comments on how conduct of operations helps to reduce the likelihood of human error.
Before moving on to the measurement of PSM performance, we conclude this section by making note of the usefulness of CSB investigation reports and case studies for learning about the functioning of a PSM system and, in particular, the individual elements. This is a theme that reappears later in this chapter when discussing important process safety concepts and their relation to PSM. In a similar vein, Amyotte (2013b) remarks on how CSB reports and videos have significant value in teaching process safety to undergraduate engineering students.
The cover page of each CSB report (which are freely available at csb.gov) typically contains a listing of key issues related to some aspect of incident root causation (management system deficiency, process safety concept, regulatory concern, etc.). The reports therefore afford excellent learning opportunities and should constitute a critical component of a company's efforts to enhance process safety knowledge. The final component (process safety resource center and reference library) under this PSM element (no. 12) in Table 3 includes case histories concerning incidents illustrating PSM principles (CSChE, 2012a). There is of course no reason for library resources to be restricted to books on shelves. Table 16 provides a snapshot of what is possible using resources available in the public domain.
Table 16
Sampling of US Chemical Safety Board (CSB) Reports and Key Issues Identified
Reference | Incident | Key Issue |
CSB (2016a) |
• Williams Geismar Olefins Plant • Geismar, LA • Reboiler rupture, explosion, fire • Two fatalities, 167 reported injured |
• Process hazard analysis • Management of change • Prestartup safety review • Operating procedures • Hierarchy of controls • Process safety culture |
CSB (2014b) |
• Anacortes, WA • Heat exchanger rupture, explosion, fire • Seven fatalities |
• Tesoro process safety culture • Control of nonroutine work • Mechanical integrity industry standard deficiencies • Regulatory oversight of petroleum refineries |
CSB (2010b) |
• Xcel Energy Hydroelectric Plant • Cabin Creek, CO • Penstock fire • Five fatalities, three injured |
• Safe limits for working in confined space flammable atmospheres • Prejob safety planning of hazardous maintenance work • Contractor selection and oversight • Emergency response and rescue |
4.4 Metrics
You don’t improve what you don’t measure.
Process Safety Performance Indicators (PSPIs)—key performance metrics that indicate when a process safety accident is most likely to occur.
Leading Indicators—Indicators that proactively measure the effectiveness of risk controls.
Lagging Indicators—Indicators that monitor reactively the effectiveness of risk controls.
Much has been written over the past 5–10 years on the subject of process safety performance indicators (PSPIs)—or more generally, safety performance indicators (SPIs), and what would have been referred to earlier as key performance indicators (KPIs). Table 17 provides a listing of research and case study references taken from the recent process safety literature on PSM performance measurement.
Table 17
References From the Recent Process Safety Literature With Respect to Performance Measurement of Process Safety Management
Reference | Overview |
Rosenthal, Kleindorfer, and Elliott (2006) | Examination of survey factors likely to predict low-probability/high-consequence (LP/HC) accidents given the limited LP/HC accident database available at the time |
Chosnek and Clifton (2008) | PSM system implementation at Gulf Coast Waste Disposal Authority and use of metrics related to: (i) incidents and near-misses, (ii) management of change, (iii) training, (iv) enforcement actions, and (v) LEL (lower explosive limit) control actions |
Chang and Liang (2009) | Model development for performance evaluation of PSM systems used at paint manufacturing facilities in Taiwan |
Cummings (2009) | Review of the development, current state, and future possibilities for PSM metrics based on the author's experience with DuPont |
Payne, Bergman, Rodriguez, Beus, and Henning (2010) | Study of the leading/lagging effects of process safety climate on incidents by means of surveying a multinational corporation working with hazardous materials |
Khan, Abunada, John, and Benmosbah (2010) | Development of risk-based process safety indicators using the UK HSE barrier approach with consideration of the relationship between leading and lagging indicators |
Knijff, Allford, and Schmeizer (2013) | Guidance from the European Process Safety Centre (EPSC) concerning leading indicators for process safety performance |
Wang, Mentzer, Gao, Richardson, and Mannan (2013) | Exploration of denominators (normalization factors) for lagging performance indicators which offer an alternative to the commonly used “work hours” |
Mendeloff, Han, Fleishman-Mayer, and Vesely (2013) | Study conducted on behalf of the US Chemical Safety Board to critically examine the usefulness of ANSI/API RP 754 Tier 1 and Tier 2 process safety events as indicators of PSM performance |
Pasman and Rogers (2014) | Application of Bayesian networks to relate process safety performance indicators to facility risk level |
Kadri et al. (2014) | Presentation of cases from Air Products and Chemicals, Inc. in which CCPS and ANSI/API RP 754 leading and lagging indicators were used to drive process safety performance improvement programs |
Kenan and Kadri (2014) | CCPS review and update on the use and effectiveness of leading indicators of process safety performance |
Vaughen, Downes, Fox, and Belonger (2015) | Overview of CCPS (2016b): Guidelines for Integrating Management Systems and Metrics to Improve Process Safety Performance, which is aimed at helping companies consolidate process safety metrics throughout their safety, health, environmental, quality, and security (SHEQ&S) efforts |
Leveson (2015) | Identification of system-specific leading safety indicators based on the author's accident causation model STAMP (system-theoretic accident model and processes) |
Kerin (2016) | Exposition of leading process safety metrics developed by the IChemE Safety Centre (ISC) |
We also draw attention to the comprehensive review of the literature on process safety indicators given by Swuste, Theunissen, Schmitz, Reniers, and Blokland (2016), and the very accessible treatment of PSPIs written by Azizi (2016). These two papers collectively form an excellent entry point to the world of PSM metrics for novice readers, as well as a thoughtful refresher for those who are more experienced in this field. Hence, our further discussion here on PSM performance measurement is brief.
From a fundamental perspective, Fig. 10 outlines a general, four-step methodology for program operation with respect to process safety performance measurement. The deliverables from the second step are the sets of leading and lagging indicators for identified safety critical activities (WSHCouncil, 2012). [As an aside—it is well established that occupational safety indicators are typically not appropriate for process safety purposes. For example, near-miss indicators must be directly related to process events such as pressure or temperature excursions, not occupational safety-type activities such as working at height.]
Azizi (2016) describes two methods for PSPI selection which rely either on the use of barriers (Fig. 11) or tiers (Fig. 12). The barrier-based approach utilizes Reason's Swiss cheese model (Reason, 1990), whereas the tier-based approach comes from the accident pyramid concept of consequences escalating from base to tip (Azizi, 2016). Azizi (2016) identifies the barrier-based approach with the UK Health and Safety Executive (HSE, 2006), and the tier-based approach with the American Petroleum Institute (API, 2010), International Association of Oil and Gas Producers (OGP, 2011), and Center for Chemical Process Safety (CCPS, 2011b).
Examples of PSPIs drawn from ANSI/API Recommended Practice (RP) 754 (API, 2010) include the following:
– hospital admission and/or fatality of a third party
– officially declared community evacuation or shelter-in-place
– fire or explosion resulting in direct company cost of $25,000 or more
• Tier 2 (Lagging)
– employee, contractor, or subcontractor recordable injury
– fire or explosion resulting in direct company cost of $2500 or more
– discharge of a pressure relief device to atmosphere resulting in liquid carryover
• Tier 3 (Leading)
– safe operating limit excursions
– primary containment inspection results outside acceptable limits
– demands on safety systems
• Tier 4 (Leading)
– completion of process hazard evaluations
– work permit compliance
– management of change and prestartup safety review compliance
It should be noted that the above examples are for illustration only. ANSI/API RP 754 (API, 2010) and HSE (2006) should be consulted for all other purposes related to the development and use of tier-based and barrier-based PSPIs, respectively. For information on SPI development related to chemical accident prevention, preparedness, and response—in this case for public authorities and the general public—OECD (2008) provides guidance in relation to activities such as land-use planning and emergency coordination with facilities processing hazardous materials.
4.5 Improvements
The need for continual improvement has been mentioned several times to this point in our discussion of PSM systems and their constituent elements. Here we present practical advice on this point with reference to the recent process safety literature. First though, we make note of a recently published CCPS book: Guidelines for Implementing Process Safety Management, 2nd edition (CCPS, 2016c). Although not yet reviewed by the current authors, it is expected that this new addition to the CCPS guideline series will provide helpful information on many PSM-related topics including the subject of this section. Chapter 6 in CCPS (2016c) is titled Improving an Existing PSM Element or System.
While the need to improve PSM elements and systems is perhaps self-evident, additional motivation can be found in the review by Shariff, Aziz, and Majid (2016) who remark on the continued occurrence of major process accidents decades after the formal adoption of PSM by industry. Having said this, the study by Bottani, Monica, and Vignali (2009) reminds us that companies operating without a SMS at all are at a distinct disadvantage with respect to activities like risk analysis, corrective actions, and employee training.
Nevertheless, PSM systems do sometimes fail. Kelly (2011) gives 10 contributing reasons for these failures (in no particular order of priority): (i) failure by senior management to understand and support the goals of a process safety program, (ii) focus of PSM activities primarily on regulatory compliance, (iii) inappropriate assignment of resources to support process safety, (iv) discipline of workers involved in an incident for reasons other than policy/protocol violations, (v) mismatch between the type of operation and the process safety framework selected, (vi) competition among process safety and other management programs and initiatives, (vii) ineffective risk communication to management resulting in poor understanding of risk by corporate decision makers, (viii) lack of engagement/commitment to process safety by all staff, (ix) management failure to learn from previous incidents, and (x) failure to hold middle managers accountable for process safety deliverables.
On the final item in the above list, a recent paper by Rezvani and Hudson (2016) highlights the indispensable role of middle management in effectively managing safety in the process industries. In an overall sense, Arendt (2006) provides practical suggestions for strategies to improve PSM (e.g., adding new PSM activities to existing PSM elements and creating new PSM elements), as well as sources of information for improvement (e.g., sharing best practices within industry groups and benchmarking within a peer group). Several authors have written on the development and improvement of PSM systems in small companies (Bragatto, Ansaldi, & Agnello, 2015; Goddard, 2012; Herber, 2012; Louvar, 2008).
Klein and Dharmavaram (2012) write on achieving higher levels of PSM performance by focusing on improvements in, among other areas, maintaining a sense of vulnerability, risk management practices, and operational discipline. Young and Hodges (2012) suggest establishing a mentoring program to enhance competencies with regard to the CCPS risk-based PSM system (Table 7).
Paradies (2011) makes an interesting comparison between safety management in the process industries and in the US nuclear navy. He identifies a number of PSM gaps that can be viewed as potential areas for PSM improvement (Paradies, 2011): (i) assuming of ultimate responsibility for research, design, operations, and maintenance of process facilities by senior management, (ii) appropriate management resolution of conflicts between PSM priorities and production/budget issues, (iii) requirements for advanced technical training and competence of PSM-facility leadership, (iv) strict standards for operational and supervisory personnel training, both on hiring and on a continuing basis, (v) performance auditing and direct reporting requirements of audit results to senior leadership, (vi) emphasis on regular self-assessments, (vii) strict enforcement of compliance with procedure and management standards, and (viii) emphasis on design to prevent plant upsets and accidents.
Table 18 gives several case studies that afford excellent learning opportunities on PSM improvement needs and techniques. (Although presented in a previous section as avenues for understanding specific PSM elements, industry examples such as Hayes (2015) and the CSB reports in Table 16 have additional value as improvement motivators.) While only one representative PSM improvement topic was selected for most of the entries in Table 18, the source references contain a wealth of information in this regard. For example, Cazabon and Erickson (2010) comment on process safety information, PHA, and prestartup safety review in addition to MOC. The exception to this single-entry rule for the third column in Table 18 is the paper on Bhopal by Vaughen (2015). Given the extreme nature of Bhopal, and its global and enduring impact, we have included Fig. 13 from the work of Vaughen (2015). Readers interested in further consideration of the PSM legacy of Bhopal are referred to the paper by Amyotte, Berger, et al. (2016) in the journal Current Opinion in Chemical Engineering.
Table 18
References From the Recent Process Safety Literature With Respect to Case Study Lessons for PSM Improvements
Reference | Incident or Area of Emphasis | Representative Topic for PSM Improvement |
Bloch and Wurst (2010) | Spent caustic tank explosion in a refinery | Recognition of precursor warning signs |
Cazabon and Erickson (2010) | Natural gas explosion in a facility making glass fiber mat | Management of change |
Howell (2010) | Explosion in a reactor at a chemical company | Operating procedures |
Brackey (2013) | Various over three decades, including a dust explosion, reactor explosion, and explosion and fire in a compressor train | Process hazard analysis |
Rashid, Ramzan, Iqbal, Yasin, and Yousaf (2013) | Fertilizer plant; no single incident, although examples are given in relation to specific PSM elements (startup of an ammonium carbamate pump for the element given in the next column) | Incident investigation |
Koivupalo, Sulasalmi, Rodrigo, and Vayrynen (2015) | Global steel company; emphasis is on managing health and safety as a complete entity in a frequently changing organization | Consistency of PSM practices and tools among various plant sites within an organization |
Vaughen (2015) | Bhopal | Fig. 13 |
Wold and Laumann (2015) | Oil and gas producing company; emphasis is on the role of a safety management system as a communication system | Use of work procedures and safety standards as both tools and communication avenues within an organization |
Lee, Kwon, Cho, Kim, and Moon (2016) | Hydrogen fluoride release at a chemical plant in Gu-mi City, Korea | Emergency management |
The final piece of advice in this section comes from John Bresland—a former member and chair of the US CSB, and also someone with a long and continuing career in the process industries. He comments in Bresland (2016) that he saw three types of companies during his time at the CSB: (i) those that do not understand the hazards in their operations, lack an appropriate process safety program, and thus experience major accidents, (ii) those that do understand the hazards they face and the pertinent regulations, have an excellent process safety program driven by qualified people, yet still experience process incidents having minor and also severe consequences, and (iii) those that understand the hazards and regulations, have an excellent safety program and well-qualified people, and do not have serious process incidents.
The third category above is clearly the desired state for a process industry company. To help achieve this goal, Bresland offers his top 10 rules for process safety success (Bresland, 2016):
1. Having leadership that is committed to process safety, including CEOs, managers, and supervisors—anyone in a leadership position.
2. Attracting the best possible people from senior managers to control room operators by means of strict hiring procedures.
3. Ensuring equipment reliability through an effective mechanical (asset) integrity program.
4. Being passionate about attention to detail.
5. Carefully monitoring operations with process safety metrics.
6. Taking a long-term view on risk; shutting down when necessary to resolve problems.
7. Preparing for injuries and off-site consequences of process incidents.
8. Investigating all accidents in a comprehensive manner.
9. Refusing to let complacency set in.
10. Developing and nurturing a strong process safety culture.
5 Process Safety Concepts in PSM
For a long time, people were saying that most accidents were due to human error and this is true in a sense but it's not very helpful. It's a bit like saying that falls are due to gravity.
Professor Trevor Kletz, as quoted in Edwards (2014).
Earlier, we briefly observed that attention to human factors (and the accompanying reduction in human error) is either an explicit element or an underlying component of successful management of process safety. There are, in fact, a number of overarching process safety concepts that achieve maximum benefit when interwoven through the fabric of a PSM system. We therefore offer a brief coverage of: (i) ISD, (ii) recognition of warning signs, (iii) process safety culture, and (iv) dynamic risk assessment. These and other important concepts are covered in detail in other chapters of this volume; our intention here is to examine the elements within a PSM system where each finds particular relevance. Examples drawn from the work of the US CSB are again given to reinforce the theoretical treatment.
5.1 Inherently Safer Design
ISD, or simply inherent safety, is a maturing area within the broader field of process safety. Book treatments are available (e.g., CCPS, 2009; Kletz & Amyotte, 2010) and research is actively underway (e.g., Abidin, Rusli, Shariff, & Khan, 2016; Roy et al., 2016).
How then does ISD dovetail with PSM? Amyotte, Goraya, Hendershot, and Khan (2007) comment that explicit incorporation of the principles of inherent safety in the basic definition and functional operation of the various PSM elements can help to improve the quality of the safety management effort. They then give several illustrations of ISD incorporation in the elements of the CSChE-recommended PSM system shown in Table 3 (Amyotte et al., 2007). An example from an earlier paper by Goraya, Amyotte, and Khan (2004) is given in Fig. 14, which demonstrates how inherent safety guidewords and checklist items can enhance a traditional incident investigation protocol. The guidewords are simply the primary ISD principles of minimization, substitution, moderation, and simplification; these principles are identified in CSChE (2012a) under the reduction of risk component of the process risk management element.
The usefulness of CSB investigation reports as a learning tool for PSM enhancement is demonstrated once again in the work of Amyotte, MacDonald, and Khan (2011). They analyzed a set of 63 CSB reports and identified over 200 examples from the hierarchy of controls for risk reduction: inherent safety, passive engineered safety, active engineered safety, and procedural safety (Amyotte et al., 2011). Fig. 15 shows that it is possible to assign each safety measure example to a specific PSM element, thus establishing a quantitative link between a process safety concept—ISD, or more broadly, the hierarchy of controls—and PSM (Amyotte et al., 2011). A similar study has recently been conducted for the period 2011–16 (Irvine, Amyotte, & Khan, 2016) and will be the subject of a future archival journal submission.
5.2 Recognition of Warning Signs
There are—or rather, there should be—no black swan (unforeseen and unpredictable) process incidents (Amyotte, Margeson, Chiasson, Khan, & Ahmed, 2014). In theory there are always warning signs of an impending undesirable event; in practice these precursor signals can be weak and conceptual or cultural, as opposed to strong and material or physical. A slow decline in a critical feature such as a willingness to report near-misses might be more difficult to identify than a mechanical integrity issue with a visibly corroded process vessel or pipeline. Nevertheless, both are important to the assurance of process safety.
As with ISD, numerous references are available on the subject of warning sign recognition. The publications of Andrew Hopkins (e.g., Hopkins, 2000, 2009a) are especially helpful in understanding the relationship between warning signs and the elements of an effective safety culture and SMS (Amyotte et al., 2014). The previous discussion on PSPIs and the PSPI references cited should also be viewed as relevant to the topic of warning signals for process incidents.
CCPS (2012) deals with the following areas as potentially beneficial in the identification of warning signs: (i) leadership and safety culture, (ii) training and competency, (iii) process safety information, (iv) procedures (operating and maintenance), (v) asset (mechanical) integrity, (vi) risk analysis and management of change, (vii) audits, (viii) learning from experience, and (ix) near-miss and incident reporting/investigation. The close correspondence of this list to the CCPS risk-based PSM system pillars and elements (Table 7) is not a coincidence. Like ISD, warning sign recognition is an integral PSM concept.
In his own review of CSB investigation reports, Baybutt (2016b) concludes that his analysis can be used by companies to improve their PSM performance by focusing on areas in which other companies have experienced difficulty. This epitomizes the concept of learning from experience as expressed in the above list from CCPS (2012). The final item in this list is the subject of a recent study by Gnoni and Saleh (2017) in which consideration of near-misses as accident precursors was shown to generate opportunities for system redesign, improved operational procedures, and worker training.
5.3 Process Safety Culture
In general, the problem is not that we don’t know what to do, but rather that we do not always do what we already know how to do, and what we know we should do.
Several compilations of thoughts and advice from the literature have been given in this chapter: (i) Rosen (2015) and his 10 commandments for risk-based PSM, (ii) Kelly (2011) on why PSM systems fail, (iii) Paradies (2011) with a comparison between PSM and safety management in the US nuclear navy, and (iv) Bresland (2016) and his top 10 rules for process safety success. Common to all is the concept of process safety culture—either explicitly in the case of Rosen (2015) and Bresland (2016), or clearly evident as the motivating force to effect the changes advocated by Kelly (2011) and Paradies (2011).
Text references on safety culture abound—e.g., Goetsch (2010) on developing a safety-first corporate culture; the fundamental treatise on safety culture by Hopkins (2005); and the compendium of lessons from high reliability organizations also provided by Hopkins (2009b). Whether a separately defined and named element as in Table 7 (RBPS), or an implicit component throughout a given system, process safety culture considerations have a significant impact on PSM success.
Hopkins (2005) is an excellent resource for understanding the basic principles of safety culture. He considers three concepts—safety culture, collective mindfulness, and risk awareness—and explains the similarities and overlaps in each approach (Hopkins, 2005). The breakdown of safety culture into just, reporting, learning, and flexible (decision-making) cultures (Hopkins, 2005) helps relate the overall concept to specific PSM elements (e.g., incident investigation). Collective mindfulness involves several features such as preoccupation with failure and sensitivity to operations (Hopkins, 2005); these correlate well with avoiding complacency and maintaining a sense of vulnerability, respectively, as expressed earlier in this chapter. Risk awareness incorporates the avoidance of normalizing evidence (Hopkins, 2005), sometimes called normalization of deviance or deviation. This is an extremely undesirable state in which abnormal events (such as “small” process fires) are accepted as the norm, eventually leading to a process incident with much more severe consequences.
Table 19 is a summary of the analysis involving ISD, warning signs, and process safety culture conducted by Amyotte, Khan, and Lupien (2016), which in turn builds on the work of Amyotte and Khan (2016). Six CSB-investigated incidents were reviewed with respect to these three common causation factors as referenced in Table 19 and Figs. 16–21. Each hazard is defined in terms of loss or generation of containment, and both hazards and incident causes are related to a specific PSM element from Table 3. Inadequate consideration of ISD, warning signs, and process safety culture increases risk by permitting the existence of hazards and creating management system deficiencies.
Table 19
Hazard and Causation Factor Correlation for CSB-Investigated Incidents With Elements of the CSChE-Recommended PSM System Shown in Table 3
Reference | Figure | Hazard | PSM Element (Table 3) |
CSB (2010c) | 16 | Gas blow | Training and performance |
CSB (2011) | 17 | Iron dust accumulations | Process knowledge and documentation |
CSB (2013) | 18 | Sulfidation corrosion | Process and equipment integrity |
CSB (2016b) | 19 | Inappropriate storage | Process risk management |
CSB (2010b) | 20 | Confined space | Company standards, codes, and regulations |
CSB (2014c) | 21 | Closure of the explosion pentagon | Process and equipment integrity |
Causation Factor | PSM Element (Table 3) | ||
Lack of consideration of inherently safer design | Process risk management | ||
Poor recognition of warning signs | Incident investigation | ||
Inadequate process safety culture | Accountability: Objectives and goals |
Adapted From Amyotte, P., Khan, F., & Lupien, C. (2016b). Different hazards, similar causes, same results. Loss Prevention Bulletin.
5.4 Dynamic Risk Assessment
Just as ISD is most effective when considered at the earliest possible stage in the design phase of a process plant, there is a concurrent need for dynamic risk assessment during the operational phase (Amyotte, Berger, et al., 2016). Khan et al. (2016) define dynamic risk assessment as a method that updates estimated risk of a deteriorating process according to the performance of the control system, safety barriers, inspection and maintenance activities, the human factor, and procedures.
Fig. 22 schematically represents the potential evolution of safety standards enabled by the familiar PDCA (plan, do, check, adjust/act) cycle embodied in both dynamic risk assessment and PSM. Based on name alone, dynamic risk assessment should be expected to interface with any PSM activities related to hazard identification and risk analysis, assessment, and management. Because one of the focal points of dynamic risk assessment is the potential degradation of safety barriers, its use is also relevant to the analysis of PSPIs (whether developed from a barrier- or tier perspective). Readers are referred to Khan et al. (2016) for a review of the current state-of-the-art with respect to dynamic risk assessment.
6 Concluding Remarks
SMSs are widely employed in numerous industrial, transportation, and recreational sectors throughout the world. We have attempted to show in this chapter how the professional management of safety—whatever the specific safety objectives might be—is critical to the advancement of both industry and society.
PSM systems typically consist of about 10–20 separate, yet intertwined, elements. Representative PSM systems from Asia, Australia, Europe, and North America have been presented to illustrate both their common features (e.g., management of change) and their differences (e.g., number and organization of elements). There has been a trend in recent years to systems with more elements and thematic groupings of elements, although earlier systems having fewer elements continue to be used globally (often in a regulatory context). Regardless of the system, there is a renewed emphasis in PSM on fundamental concepts such as competency and conduct of operations—essentially, doing what one is supposed to do and doing it well. It will be interesting to see whether the safety case approach, which is a mainstay of offshore oil and gas processing, makes further inroads into onshore PSM efforts.
For the most part, we have stayed out of the PSM regulatory debate. We have observed, however, that regulations are usually driven by the occurrence of major process incidents and that regulation, while prevalent, is not universal. There is a strong feeling among process safety practitioners that where they exist, PSM regulations need to be viewed as minimum standards requiring compliance as an outcome not an objective.
As with any management endeavor, measurement of process safety performance is paramount. While leading indicators are intuitively attractive as PSPIs, lagging indicators also have a role to play in avoiding future incidents. Given the current emphasis on barrier- and tier-based PSPIs, research on user-friendly tools for quickly translating process excursion/upset data into predictive indicators would seem valuable.
Continuous improvement is at the core of a PSM system by virtue of the plan/do/check/act (PDCA) cycle. Learning from the experience of others is key to continuous improvement. It is therefore essential that case studies continue to be presented and published to ensure wide dissemination of PSM lessons learned to the global process safety community. The investigations conducted by the US CSB and the ensuing reports are an invaluable resource in this regard.
Core process safety concepts such as ISD, recognition of warning signs, process safety culture, and dynamic risk assessment should not be viewed as stand-alone concepts. They are most effective in preventing and mitigating process incidents when considered as integral components of PSM. Ongoing research on these topics should include the PSM applications of the techniques and methodologies being developed.
The following statement by David Guss from his presentation Implementing PSM—Where is the Finish Line? seems a fitting end to this chapter: So where is the finish line? Maybe when we are able to successfully operate our facilities without having a serious process safety event every day, not just for a week, a month, a year, or even a decade, but for the life of the facility (Guss, 2015).
Acknowledgments
The authors gratefully acknowledge the funding assistance of the Natural Sciences and Engineering Research Council of Canada (Discovery Grant) and the Province of Nova Scotia (Cooperative Education Incentive).