Key highlights
- Risk tolerance is decreasing; so is credit for mitigating factors;
- Engineers search for more “independent layers” of protection; and
- The meetings and paperwork, while mundane, must still be executed.
Jackie was exasperated. She knew the requested change—to make an alarm redundant—could be achieved by moving a few wires and configuring the change in the distributed control system (DCS). If she simply made it happen and didn’t bother with piping and instrumentation diagram (P&ID) updates, training or loop drawing updates, would anyone notice or care?
Many of us work in facilities processing with highly hazardous chemicals, where no changes are made without multiple reviews. Some might have four or more process safety reviews that must be conducted with a prescribed cast of stakeholders, which are documented and produced for periodic audits. The mandate for this discipline arose when OSHA found evidence that inadequately reviewed, randomly communicated and poorly documented changes were common in a variety of process cultures. Ensuing accidents and injuries found this deficiency placed undue risk on employees, and OSHA 1910 “Management of Change” was mandated.
Another facet of OSHA 1910 prescribes that process hazard analysis (PHA)/hazard and operability (HAZOP) reviews must be renewed or revalidated every five years. A typical HAZOP discussion takes a deviation from normal, say less flow, for example. The review team analyzes each deviation to identify possible hazards, likely frequency and severity, and whether safeguards are adequate to mitigate the specific hazard.
Conducting a HAZOP review of a new facility or a major change was common prior to OSHA 1910’s inception, but after projects passed to the O&M operate and m (O&M) phase, disciplines such as updating P&IDs, loop diagrams, junction box drawings, piping isometrics, and so on, weren’t executed in a thoughtful or consistent manner—sometimes not at all. Some of us who were around when these practices were first mandated remember a concerted effort to update P&ID’s and other relevant documentation, capturing a couple decades or more of changes. The five-year revalidation cycle, among other things, helps ensure that any changes have been adequately captured in the relevant documentation.
A PHA/HAZOP review typically utilizes what we call a semi-quantitative assessment—the frequency of a hazard is assigned an order-of-magnitude probability—once a year, once a century or once a millennium. There are consequences in categories such as financial, environmental and personnel safety ranging from minor financial impact to multiple fatalities. One’s HAZOP software typically assigns a ranking, for example “A” through “E”, and individuals connected to leadership and law departments decide what level of mitigation is the target for such hazards. How much mitigation is assigned to a given safety measure has changed in the past 30 years. I recall past reviews where “operator training/action” was cited as a mitigation. Now, credit for operator action is only acceptable provided operator error was not an initiating action (e.g., “no flow” resulting from an operator closing the wrong block valve) and the operator has anywhere from 10 minutes or more to take the corrective action.
Get your subscription to Control's tri-weekly newsletter.
Management’s risk tolerance is decreasing at the same time countermeasures are deemed less effective. Consequently, the mitigation that was acceptable five years ago often needs another independent layer of protection to pass muster.
This was the source of Jackie’s work order to make two independent alarms out of one that had been combined—for example, a common trouble alarm from a panel or analyzer shelter. In days of yore, when operations wanted such a change, the work was completed without any specific requirement for drawing updates, P&ID updates or operator training. We once relied on “tacet” or tribal knowledge to understand a given alarm, back when we had grizzled veterans on every crew that could guide the newbies. Today, more experienced individuals have been retiring in greater numbers, and their replacements are less confident in a position that can take a few years—sometimes more—to master.
Jackie couldn’t dispute that point with management. Five years from now would there be any certainty someone would remain who understood the need she was addressing? While it’s rarely the most enjoyable role, the documentation updates are a must.
