Handling changes to process applications is never particularly easy, but when safety gets involved, it's a whole other ball game. Properly managing all the needs, variables and requirements inherent in altering any process safety system takes a calm, logical and almost obsessively methodical and well-documented approach. This is needed to overcome the uncertainties and potential dangers that can arise when high-stakes applications are maintained, repaired, updated or replaced.
"Hazards involve equipment failures, human errors, unforeseen chemical reactions or any situation that increases operating risk, such as potential deficiencies in safety management systems. Hazards can be introduced when change occurs, when modifications to a facility's operation are made, or when replacement equipment doesn't meet the design criteria of equipment being replaced," said Ulric Roy, Invensys Operations Management's lead engineer for Triconex safety systems, at a presentation this week at the Invensys North America Client Conference in Houston. "Other changes occur when operating procedures are modified, site staffing changes, or a company reorganizes. Changes that aren't carefully controlled increase operating risk and can directly cause or lead to catastrophic events."
To help eliminate or mitigate these risks, make sure new hazards aren't introduced and ensure that human and environmental safety aren't compromised, Roy said. "Consistent and effective management of change (MOC) is the most important element of the process safety management (PSM) program. It's the most difficult activity to implement, and it requires solid dedication from highly experienced resources and rigorous management commitment."
Roy explained that a MOC process is an organized, systematic effort that includes administrative procedures for the review and approval of changes before they are implemented. "Your PSM program shall define the MOC elements in detail. You define where the MOC process applies—the physical areas of the facilities, such as fence-to-fence, the phases of the process life cycle and the source of changes, such as hardware, software, procedures, personnel or organization," he said. "A MOC process should be designed to fit your organizational structure, culture and workforce, and it should be revised periodically to ensure adaptability."
However, Roy cautioned that a MOC process that is circumvented or used in a parallel environment with no widespread acceptance and commitment is worse than having no MOC process. "An effective MOC process demands a significant commitment from line management, departmental support organizations and employees," said Roy. "Success begins at the top, when management demonstrates leadership and commitment by making sometimes-hard decisions in favor of safety."
To manage risk by eliminating it, Roy described MOC's main goals as:
- Eliminate MOC deficiencies in safety management systems.
- Reduce quantity and magnitude of risks.
- Expand MOC into each phase of the process life cycle.
- Expand MOC into non-traditional changes.
- Make the MOC process more fault-tolerant and resilient to circumvention or human error.
- Reduce the number of PSM audit findings.
- Monitor MOC performance on-site and from a central location, where resources are specialized and cost-effective.
- Achieve better MOC results with fewer resources, if possible.
To accomplish these goals, Roy added that users must manage a variety of types of changes in their process applications. These types include changes to process equipment, process controls, safety systems, site infrastructure, operations and technology, preventive inspection maintenance, procedures and staffing. Likewise, they also must use MOC in each life-cycle phase of their equipment, application or facility. These phases include R&D, conceptual, design, detailed engineering design, procurement and construction, start-up (atypical operation), normal operation (typical operation), maintenance and turnaround, extended shutdown (atypical operation) and decommissioning.
"MOC is not a form. It's a process," said Roy. The seven steps in the MOC process include:
- An employee originates a request for change (RFC).
- PSM personnel independent of the RFC originator review the request to identify potential risks (adverse impacts) and list the process safety information (PSI) elements that may need modification.
- Based on this review, a facility manager approves or rejects the change.
- If the change is approved, it's implemented.
- The PSI is modified to reflect the change.
- Before start-up of the change, affected personnel are informed and trained if necessary.
- These activities must be completed prior to pre-start-up safety review (PSSR).
"The MOC process is the gatekeeper—a trackable sign-on/sign-off sheet—of most other documents," added Roy. "But you define where the MOC process applies in your PSM program, as well as the phases of the process life cycle, and the source of changes, such as from hardware, software, procedures, personnel or organization.”
However, it's the regulations that define what a change is. "Any modification that touches the process safety information is considered to be a change," added Roy. "Included in the PSI are the information about the chemicals used or produced by your operation, process technologies and process equipment, process flow diagrams (PFD), process piping diagrams (P&ID), process descriptions, risk hazard analysis (PHA), safety requirement specification (SRS), and codes and standards relied on to establish good engineering practice at your facility."
Once requested changes have been reviewed and accepted, the PSSR is used to close the MOC process. After a change is implemented and is running as part of the application, MOC compliance audits are done periodically to check its performance, usually every three years or annually. OSHA also conducts similar program quality verifications (PQVs).
Roy added that laws and agencies regulating the MOC process include:
- U.S. Occupational Safety and Health Administration's OSHA-PSM regulation 29 CFR 1910.119, "Process Safety for Highly Hazardous Chemicals" (PSM), which took effect in February 1992;
- U.S. Environmental Protection Agency's EPA-RMP regulation 40 CFR Part 68, "Risk Management Program for Chemical Accident and Release Prevention" (RMP), in effect since in June 1996; and
- The Canadian Chemicals Producer Association's "The Responsible Care Program" Code of Practice, in effect since 1987.
Other non-regulatory agencies and voluntary industry groups that promote MOC in process safety include the U.S. Chemical Safety Board (CSB), the Center for Chemical Process Safety (CCPS) and OSHA's Voluntary Protection Programs (VPP).
Roy explained that OSHA's minimum requirements for MOC include:
- Establishing written procedures for managing changes.
- Addressing the technical basis of each change.
- Evaluating potential safety and health impact of each change.
- Defining requirements for authorizing changes.
- Updating process safety information.
- Updating operating procedures or practices.
- Informing and training employees and contractors affected before changes occur.
- Considering potential off-site impact of changes.
Roy said there are 14 basic elements to develop and implement a MOC that complies with OSHA's Process Safety Management (PSM) standard. They are contained in its Log 300 document and include:
- 1910.119(c): Employee Participation
- 1910.119(d): Process Safety Information
- 1910.119(e): Process Hazard Analysis
- 1910.119(f): Operating Procedures
- 1910.119(g): Training Procedures
- 1910.119(h): Contractors
- 1910.119(i): Pre-Start-up Safety Review
- 1910.119(j): Mechanical Integrity
- 1910.119(k): Hot Work Permit
- 1910.119(L): Management of Change
- 1910.119(m): Incident Investigations
- 1910.119(n): Emergency Planning and Response
- 1910.119(o): Compliance Audits
- 1910.119(p): Trade Secrets
Besides dealing with each requirement, Roy added that their interrelationships also are important and that OSHA will cross-check to see if they show that the changes have been followed through to completion. "The PSM district offices routinely check three key elements to verify that changes have been implemented," he said. "They are 1910.119(e) Process Hazard Analysis, 1910.119(f) Operating Procedures and 1910.119(g) Training."
Roy added, "There are different ways to apply a MOC process, but the law has these 14 elements, so users must fit their culture within them. There are many new and online tools to help with this, but users must also stay flexible and not get too locked into their tools either."
CAPTION FOR IMAGE FILENAME "Roy.JPG"
"Management of change is not a form. It's a process." Invensys' Ulric Roy explained how change management methodologies work to fulfill OSHA's process safety management requirements.