// CODE SNIPPET
Appendix C Compliance Guidelines and Recommendations for Process Safety Management (Nonmandatory)
JUMP TO FULL CODE CHAPTER
Appendix C to §1910.119 -- Compliance Guidelines and Recommendations for Process Safety Management (Nonmandatory)
This appendix serves as a nonmandatory guideline to assist employers and employees in complying with the requirements of this section, as well as provides other helpful recommendations and information. Examples presented in this appendix are not the only means of achieving the performance goals in the standard. This appendix neither adds nor detracts from the requirements of the standard.
This appendix serves as a nonmandatory guideline to assist employers and employees in complying with the requirements of this section, as well as provides other helpful recommendations and information. Examples presented in this appendix are not the only means of achieving the performance goals in the standard. This appendix neither adds nor detracts from the requirements of the standard.
- Introduction to Process Safety Management. The major objective of process safety management of highly hazardous chemicals is to prevent unwanted releases of hazardous chemicals especially into locations which could expose employees and others to serious hazards. An effective process safety management program requires a systematic approach to evaluating the whole process. Using this approach the process design, process technology, operational and maintenance activities and procedures, nonroutine activities and procedures, emergency preparedness plans and procedures, training programs, and other elements which impact the process are all considered in the evaluation. The various lines of defense that have been incorporated into the design and operation of the process to prevent or mitigate the release of hazardous chemicals need to be evaluated and strengthened to assure their effectiveness at each level. Process safety management is the proactive identification, evaluation and mitigation or prevention of chemical releases that could occur as a result of failures in process, procedures or equipment.
The process safety management standard targets highly hazardous chemicals that have the potential to cause a catastrophic incident. This standard as a whole is to aid employers in their efforts to prevent or mitigate episodic chemical releases that could lead to a catastrophe in the workplace and possibly to the surrounding community. To control these types of hazards, employers need to develop the necessary expertise, experiences, judgment and proactive initiative within their workforce to properly implement and maintain an effective process safety management program as envisioned in the OSHA standard. This OSHA standard is required by the Clean Air Act Amendments as is the Environmental Protection Agency's Risk Management Plan. Employers, who merge the two sets of requirements into their process safety management program, will better assure full compliance with each as well as enhancing their relationship with the local community.
While OSHA believes process safety management will have a positive effect on the safety of employees in workplaces and also offers other potential benefits to employers (increased productivity), smaller businesses which may have limited resources available to them at this time, might consider alternative avenues of decreasing the risks associated with highly hazardous chemicals at their workplaces. One method which might be considered is the reduction in the inventory of the highly hazardous chemical. This reduction in inventory will result in a reduction of the risk or potential for a catastrophic incident. Also, employers including small employers may be able to establish more efficient inventory control by reducing the quantities of highly hazardous chemicals on site below the established threshold quantities. This reduction can be accomplished by ordering smaller shipments and maintaining the minimum inventory necessary for efficient and safe operation. When reduced inventory is not feasible, then the employer might consider dispersing inventory to several locations on site. Dispersing storage into locations where a release in one location will not cause a release in another location is a practical method to also reduce the risk or potential for catastrophic incidents.
- Employee Involvement in Process Safety Management. Section 304 of the Clean Air Act Amendments states that employers are to consult with their employees and their representatives regarding the employers efforts in the development and implementation of the process safety management program elements and hazard assessments. Section 304 also requires employers to train and educate their employees and to inform affected employees of the findings from incident investigations required by the process safety management program. Many employers, under their safety and health programs, have already established means and methods to keep employees and their representatives informed about relevant safety and health issues and employers may be able to adapt these practices and procedures to meet their obligations under this standard. Employers who have not implemented an occupational safety and health program may wish to form a safety and health committee of employees and management representatives to help the employer meet the obligations specified by this standard. These committees can become a significant ally in helping the employer to implement and maintain an effective process safety management program for all employees.
- Process Safety Information. Complete and accurate written information concerning process chemicals, process technology, and process equipment is essential to an effective process safety management program and to a process hazards analysis. The compiled information will be a necessary resource to a variety of users including the team that will perform the process hazards analysis as required under paragraph (e); those developing the training programs and the operating procedures; contractors whose employees will be working with the process; those conducting the pre-startup reviews; local emergency preparedness planners; and insurance and enforcement officials.
The information to be compiled about the chemicals, including process intermediates, needs to be comprehensive enough for an accurate assessment of the fire and explosion characteristics, reactivity hazards, the safety and health hazards to workers, and the corrosion and erosion effects on the process equipment and monitoring tools. Current safety data sheet (SDS) information can be used to help meet this requirement which must be supplemented with process chemistry information including runaway reaction and over pressure hazards if applicable.
Process technology information will be a part of the process safety information package and it is expected that it will include diagrams of the type shown in Appendix B of this section as well as employer established criteria for maximum inventory levels for process chemicals; limits beyond which would be considered upset conditions; and a qualitative estimate of the consequences or results of deviation that could occur if operating beyond the established process limits. Employers are encouraged to use diagrams which will help users understand the process.
A block flow diagram is used to show the major process equipment and interconnecting process flow lines and show flow rates, stream composition, temperatures, and pressures when necessary for clarity. The block flow diagram is a simplified diagram.
Process flow diagrams are more complex and will show all main flow streams including valves to enhance the understanding of the process, as well as pressures and temperatures on all feed and product lines within all major vessels, in and out of headers and heat exchangers, and points of pressure and temperature control. Also, materials of construction information, pump capacities and pressure heads, compressor horsepower and vessel design pressures and temperatures are shown when necessary for clarity. In addition, major components of control loops are usually shown along with key utilities on process flow diagrams.
Piping and instrument diagrams (P&Ids) may be the more appropriate type of diagrams to show some of the above details and to display the information for the piping designer and engineering staff. The P&IDs are to be used to describe the relationships between equipment and instrumentation as well as other relevant information that will enhance clarity. Computer software programs which do P&Ids or other diagrams useful to the information package, may be used to help meet this requirement.
The information pertaining to process equipment design must be documented. In other words, what were the codes and standards relied on to establish good engineering practice. These codes and standards are published by such organizations as the American Society of Mechanical Engineers, American Petroleum Institute, American National Standards Institute, National Fire Protection Association, American Society for Testing and Materials, National Board of Boiler and Pressure Vessel Inspectors, National Association of Corrosion Engineers, American Society of Exchange Manufacturers Association, and model building code groups.
In addition, various engineering societies issue technical reports which impact process design. For example, the American Institute of Chemical Engineers has published technical reports on topics such as two phase flow for venting devices. This type of technically recognized report would constitute good engineering practice.
For existing equipment designed and constructed many years ago in accordance with the codes and standards available at that time and no longer in general use today, the employer must document which codes and standards were used and that the design and construction along with the testing, inspection and operation are still suitable for the intended use. Where the process technology requires a design which departs from the applicable codes and standards, the employer must document that the design and construction is suitable for the intended purpose.
- Process Hazard Analysis. A process hazard analysis (PHA), sometimes called a process hazard evaluation, is one of the most important elements of the process safety management program. A PHA is an organized and systematic effort to identify and analyze the significance of potential hazards associated with the processing or handling of highly hazardous chemicals. A PHA provides information which will assist employers and employees in making decisions for improving safety and reducing the consequences of unwanted or unplanned releases of hazardous chemicals. A PHA is directed toward analyzing potential causes and consequences of fires, explosions, releases of toxic or flammable chemicals and major spills of hazardous chemicals. The PHA focuses on equipment, instrumentation, utilities, human actions (routine and nonroutine), and external factors that might impact the process. These considerations assist in determining the hazards and potential failure points or failure modes in a process.
The selection of a PHA methodology or technique will be influenced by many factors including the amount of existing knowledge about the process. Is it a process that has been operated for a long period of time with little or no innovation and extensive experience has been generated with its use? Or, is it a new process or one which has been changed frequently by the inclusion of innovative features? Also, the size and complexity of the process will influence the decision as to the appropriate PHA methodology to use. All PHA methodologies are subject to certain limitations. For example, the checklist methodology works well when the process is very stable and no changes are made, but it is not as effective when the process has undergone extensive change. The checklist may miss the most recent changes and consequently the changes would not be evaluated. Another limitation to be considered concerns the assumptions made by the team or analyst. The PHA is dependent on good judgment and the assumptions made during the study need to be documented and understood by the team and reviewer and kept for a future PHA.
The team conducting the PHA need to understand the methodology that is going to be used. A PHA team can vary in size from two people to a number of people with varied operational and technical backgrounds. Some team members may only be a part of the team for a limited time. The team leader needs to be fully knowledgeable in the proper implementation of the PHA methodology that is to be used and should be impartial in the evaluation. The other full or part time team members need to provide the team with expertise in areas such as process technology, process design, operating procedures and practices, including how the work is actually performed, alarms, emergency procedures, instrumentation, maintenance procedures, both routine and nonroutine tasks, including how the tasks are authorized, procurement of parts and supplies, safety and health, and any other relevant subject as the need dictates. At least one team member must be familiar with the process.
The ideal team will have an intimate knowledge of the standards, codes, specifications and regulations applicable to the process being studied. The selected team members need to be compatible and the team leader needs to be able to manage the team and the PHA study. The team needs to be able to work together while benefiting from the expertise of others on the team or outside the team, to resolve issues, and to forge a consensus on the findings of the study and the recommendations.
The application of a PHA to a process may involve the use of different methodologies for various parts of the process. For example, a process involving a series of unit operations of varying sizes, complexities, and ages may use different methodologies and team members for each operation. Then the conclusions can be integrated into one final study and evaluation. A more specific example is the use of a checklist PHA for a standard boiler or heat exchanger and the use of a Hazard and Operability PHA for the overall process. Also, for batch type processes like custom batch operations, a generic PHA of a representative batch may be used where there are only small changes of monomer or other ingredient ratios and the chemistry is documented for the full range and ratio of batch ingredients. Another process that might consider using a generic type of PHA is a gas plant. Often these plants are simply moved from site to site and therefore, a generic PHA may be used for these movable plants. Also, when an employer has several similar size gas plants and no sour gas is being processed at the site, then a generic PHA is feasible as long as the variations of the individual sites are accounted for in the PHA. Finally, when an employer has a large continuous process which has several control rooms for different portions of the process such as for a distillation tower and a blending operation, the employer may wish to do each segment separately and then integrate the final results.
Additionally, small businesses which are covered by this rule, will often have processes that have less storage volume, less capacity, and less complicated than processes at a large facility. Therefore, OSHA would anticipate that the less complex methodologies would be used to meet the process hazard analysis criteria in the standard. These process hazard analyses can be done in less time and with a few people being involved. A less complex process generally means that less data, P&IDs, and process information is needed to perform a process hazard analysis.
Many small businesses have processes that are not unique, such as cold storage lockers or water treatment facilities. Where employer associations have a number of members with such facilities, a generic PHA, evolved from a checklist or what-if questions, could be developed and used by each employer effectively to reflect his/her particular process; this would simplify compliance for them.
When the employer has a number of processes which require a PHA, the employer must set up a priority system of which PHAs to conduct first. A preliminary or gross hazard analysis may be useful in prioritizing the processes that the employer has determined are subject to coverage by the process safety management standard. Consideration should first be given to those processes with the potential of adversely affecting the largest number of employees. This prioritizing should consider the potential severity of a chemical release, the number of potentially affected employees, the operating history of the process such as the frequency of chemical releases, the age of the process and any other relevant factors. These factors would suggest a ranking order and would suggest either using a weighing factor system or a systematic ranking method. The use of a preliminary hazard analysis would assist an employer in determining which process should be of the highest priority and thereby the employer would obtain the greatest improvement in safety at the facility.
Detailed guidance on the content and application of process hazard analysis methodologies is available from the American Institute of Chemical Engineers' Center for Chemical Process Safety (see Appendix D).
- Operating Procedures and Practices. Operating procedures describe tasks to be performed, data to be recorded, operating conditions to be maintained, samples to be collected, and safety and health precautions to be taken. The procedures need to be technically accurate, understandable to employees, and revised periodically to ensure that they reflect current operations. The process safety information package is to be used as a resource to better assure that the operating procedures and practices are consistent with the known hazards of the chemicals in the process and that the operating parameters are accurate. Operating procedures should be reviewed by engineering staff and operating personnel to ensure that they are accurate and provide practical instructions on how to actually carry out job duties safely.
Operating procedures will include specific instructions or details on what steps are to be taken or followed in carrying out the stated procedures. These operating instructions for each procedure should include the applicable safety precautions and should contain appropriate information on safety implications. For example, the operating procedures addressing operating parameters will contain operating instructions about pressure limits, temperature ranges, flow rates, what to do when an upset condition occurs, what alarms and instruments are pertinent if an upset condition occurs, and other subjects. Another example of using operating instructions to properly implement operating procedures is in starting up or shutting down the process. In these cases, different parameters will be required from those of normal operation. These operating instructions need to clearly indicate the distinctions between startup and normal operations such as the appropriate allowances for heating up a unit to reach the normal operating parameters. Also the operating instructions need to describe the proper method for increasing the temperature of the unit until the normal operating temperature parameters are achieved.
Computerized process control systems add complexity to operating instructions. These operating instructions need to describe the logic of the software as well as the relationship between the equipment and the control system; otherwise, it may not be apparent to the operator.
Operating procedures and instructions are important for training operating personnel. The operating procedures are often viewed as the standard operating practices (SOPs) for operations. Control room personnel and operating staff, in general, need to have a full understanding of operating procedures. If workers are not fluent in English then procedures and instructions need to be prepared in a second language understood by the workers. In addition, operating procedures need to be changed when there is a change in the process as a result of the management of change procedures. The consequences of operating procedure changes need to be fully evaluated and the information conveyed to the personnel. For example, mechanical changes to the process made by the maintenance department (like changing a valve from steel to brass or other subtle changes) need to be evaluated to determine if operating procedures and practices also need to be changed. All management of change actions must be coordinated and integrated with current operating procedures and operating personnel must be oriented to the changes in procedures before the change is made. When the process is shutdown in order to make a change, then the operating procedures must be updated before startup of the process.
Training in how to handle upset conditions must be accomplished as well as what operating personnel are to do in emergencies such as when a pump seal fails or a pipeline ruptures. Communication between operating personnel and workers performing work within the process area, such as nonroutine tasks, also must be maintained. The hazards of the tasks are to be conveyed to operating personnel in accordance with established procedures and to those performing the actual tasks. When the work is completed, operating personnel should be informed to provide closure on the job.
- Employee Training. All employees, including maintenance and contractor employees, involved with highly hazardous chemicals need to fully understand the safety and health hazards of the chemicals and processes they work with for the protection of themselves, their fellow employees and the citizens of nearby communities. Training conducted in compliance with 1910.1200, the Hazard Communication standard, will help employees to be more knowledgeable about the chemicals they work with as well as familiarize them with reading and understanding SDSs. However, additional training in subjects such as operating procedures and safety work practices, emergency evacuation and response, safety procedures, routine and nonroutine work authorization activities, and other areas pertinent to process safety and health will need to be covered by an employer's training program.
In establishing their training programs, employers must clearly define the employees to be trained and what subjects are to be covered in their training. Employers in setting up their training program will need to clearly establish the goals and objectives they wish to achieve with the training that they provide to their employees. The learning goals or objectives should be written in clear measurable terms before the training begins. These goals and objectives need to be tailored to each of the specific training modules or segments. Employers should describe the important actions and conditions under which the employee will demonstrate competence or knowledge as well as what is acceptable performance.
Hands-on-training where employees are able to use their senses beyond listening, will enhance learning. For example, operating personnel, who will work in a control room or at control panels, would benefit by being trained at a simulated control panel or panels. Upset conditions of various types could be displayed on the simulator, and then the employee could go through the proper operating procedures to bring the simulator panel back to the normal operating parameters. A training environment could be created to help the trainee feel the full reality of the situation but, of course, under controlled conditions. This realistic type of training can be very effective in teaching employees correct procedures while allowing them to also see the consequences of what might happens if they do not follow established operating procedures. Other training techniques using videos or on-the-job training can also be very effective for teaching other job tasks, duties, or other important information. An effective training program will allow the employee to fully participate in the training process and to practice their skill or knowledge.
Employers need to periodically evaluate their training programs to see if the necessary skills, knowledge, and routines are being properly understood and implemented by their trained employees. The means or methods for evaluating the training should be developed along with the training program goals and objectives. Training program evaluation will help employers to determine the amount of training their employees understood, and whether the desired results were obtained. If, after the evaluation, it appears that the trained employees are not at the level of knowledge and skill that was expected, the employer will need to revise the training program, provide retraining, or provide more frequent refresher training sessions until the deficiency is resolved. Those who conducted the training and those who received the training should also be consulted as to how best to improve the training process. If there is a language barrier, the language known to the trainees should be used to reinforce the training messages and information.
Careful consideration must be given to assure that employees including maintenance and contract employees receive current and updated training. For example, if changes are made to a process, impacted employees must be trained in the changes and understand the effects of the changes on their job tasks (e.g., any new operating procedures pertinent to their tasks). Additionally, as already discussed the evaluation of the employee's absorption of training will certainly influence the need for training.
- Contractors. Employers who use contractors to perform work in and around processes that involve highly hazardous chemicals, will need to establish a screening process so that they hire and use contractors who accomplish the desired job tasks without compromising the safety and health of employees at a facility. For contractors, whose safety performance on the job is not known to the hiring employer, the employer will need to obtain information on injury and illness rates and experience and should obtain contractor references. Additionally, the employer must assure that the contractor has the appropriate job skills, knowledge and certifications (such as for pressure vessel welders). Contractor work methods and experiences should be evaluated. For example, does the contractor conducting demolition work swing loads over operating processes or does the contractor avoid such hazards?
Maintaining a site injury and illness log for contractors is another method employers must use to track and maintain current knowledge of work activities involving contract employees working on or adjacent to covered processes. Injury and illness logs of both the employer's employees and contract employees allow an employer to have full knowledge of process injury and illness experience. This log will also contain information which will be of use to those auditing process safety management compliance and those involved in incident investigations.
Contract employees must perform their work safely. Considering that contractors often perform very specialized and potentially hazardous tasks such as confined space entry activities and nonroutine repair activities it is quite important that their activities be controlled while they are working on or near a covered process. A permit system or work authorization system for these activities would also be helpful to all affected employers. The use of a work authorization system keeps an employer informed of contract employee activities, and as a benefit the employer will have better coordination and more management control over the work being performed in the process area. A well run and well maintained process where employee safety is fully recognized will benefit all of those who work in the facility whether they be contract employees or employees of the owner.
- Pre-Startup Safety. For new processes, the employer will find a PHA helpful in improving the design and construction of the process from a reliability and quality point of view. The safe operation of the new process will be enhanced by making use of the PHA recommendations before final installations are completed. P&IDs are to be completed along with having the operating procedures in place and the operating staff trained to run the process before startup. The initial startup procedures and normal operating procedures need to be fully evaluated as part of the pre-startup review to assure a safe transfer into the normal operating mode for meeting the process parameters.
For existing processes that have been shutdown for turnaround, or modification, etc., the employer must assure that any changes other than "replacement in kind" made to the process during shutdown go through the management of change procedures. P&IDs will need to be updated as necessary, as well as operating procedures and instructions. If the changes made to the process during shutdown are significant and impact the training program, then operating personnel as well as employees engaged in routine and nonroutine work in the process area may need some refresher or additional training in light of the changes. Any incident investigation recommendations, compliance audits or PHA recommendations need to be reviewed as well to see what impacts they may have on the process before beginning the startup.
- Mechanical Integrity. Employers will need to review their maintenance programs and schedules to see if there are areas where "breakdown" maintenance is used rather than an on-going mechanical integrity program. Equipment used to process, store, or handle highly hazardous chemicals needs to be designed, constructed, installed and maintained to minimize the risk of releases of such chemicals. This requires that a mechanical integrity program be in place to assure the continued integrity of process equipment. Elements of a mechanical integrity program include the identification and categorization of equipment and instrumentation, inspections and tests, testing and inspection frequencies, development of maintenance procedures, training of maintenance personnel, the establishment of criteria for acceptable test results, documentation of test and inspection results, and documentation of manufacturer recommendations as to meantime to failure for equipment and instrumentation.
The first line of defense an employer has available is to operate and maintain the process as designed, and to keep the chemicals contained. This line of defense is backed up by the next line of defense which is the controlled release of chemicals through venting to scrubbers or flares, or to surge or overflow tanks which are designed to receive such chemicals, etc. These lines of defense are the primary lines of defense or means to prevent unwanted releases. The secondary lines of defense would include fixed fire protection systems like sprinklers, water spray, or deluge systems, monitor guns, etc., dikes, designed drainage systems, and other systems which would control or mitigate hazardous chemicals once an unwanted release occurs. These primary and secondary lines of defense are what the mechanical integrity program needs to protect and strengthen these primary and secondary lines of defenses where appropriate.
The first step of an effective mechanical integrity program is to compile and categorize a list of process equipment and instrumentation for inclusion in the program. This list would include pressure vessels, storage tanks, process piping, relief and vent systems, fire protection system components, emergency shutdown systems and alarms and interlocks and pumps. For the categorization of instrumentation and the listed equipment the employer would prioritize which pieces of equipment require closer scrutiny than others. Meantime to failure of various instrumentation and equipment parts would be known from the manufacturers data or the employer's experience with the parts, which would then influence the inspection and testing frequency and associated procedures. Also, applicable codes and standards such as the National Board Inspection Code, or those from the American Society for Testing and Material, American Petroleum Institute, National Fire Protection Association, American National Standards Institute, American Society of Mechanical Engineers, and other groups, provide information to help establish an effective testing and inspection frequency, as well as appropriate methodologies.
The applicable codes and standards provide criteria for external inspections for such items as foundation and supports, anchor bolts, concrete or steel supports, guy wires, nozzles and sprinklers, pipe hangers, grounding connections, protective coatings and insulation, and external metal surfaces of piping and vessels, etc. These codes and standards also provide information on methodologies for internal inspection, and a frequency formula based on the corrosion rate of the materials of construction. Also, erosion both internal and external needs to be considered along with corrosion effects for piping and valves. Where the corrosion rate is not known, a maximum inspection frequency is recommended, and methods of developing the corrosion rate are available in the codes. Internal inspections need to cover items such as vessel shell, bottom and head; metallic linings; nonmetallic linings; thickness measurements for vessels and piping; inspection for erosion, corrosion, cracking and bulges; internal equipment like trays, baffles, sensors and screens for erosion, corrosion or cracking and other deficiencies. Some of these inspections may be performed by state or local government inspectors under state and local statutes. However, each employer needs to develop procedures to ensure that tests and inspections are conducted properly and that consistency is maintained even where different employees may be involved. Appropriate training is to be provided to maintenance personnel to ensure that they understand the preventive maintenance program procedures, safe practices, and the proper use and application of special equipment or unique tools that may be required. This training is part of the overall training program called for in the standard.
A quality assurance system is needed to help ensure that the proper materials of construction are used, that fabrication and inspection procedures are proper, and that installation procedures recognize field installation concerns. The quality assurance program is an essential part of the mechanical integrity program and will help to maintain the primary and secondary lines of defense that have been designed into the process to prevent unwanted chemical releases or those which control or mitigate a release. "As built" drawings, together with certifications of coded vessels and other equipment, and materials of construction need to be verified and retained in the quality assurance documentation. Equipment installation jobs need to be properly inspected in the field for use of proper materials and procedures and to assure that qualified craftsmen are used to do the job. The use of appropriate gaskets, packing, bolts, valves, lubricants and welding rods need to be verified in the field. Also, procedures for installation of safety devices need to be verified, such as the torque on the bolts on ruptured disc installations, uniform torque on flange bolts, proper installation of pump seals, etc. If the quality of parts is a problem, it may be appropriate to conduct audits of the equipment supplier's facilities to better assure proper purchases of required equipment which is suitable for its intended service. Any changes in equipment that may become necessary will need to go through the management of change procedures.
- Nonroutine Work Authorizations. Nonroutine work which is conducted in process areas needs to be controlled by the employer in a consistent manner. The hazards identified involving the work that is to be accomplished must be communicated to those doing the work, but also to those operating personnel whose work could affect the safety of the process. A work authorization notice or permit must have a procedure that describes the steps the maintenance supervisor, contractor representative or other person needs to follow to obtain the necessary clearance to get the job started. The work authorization procedures need to reference and coordinate, as applicable, lockout/tagout procedures, line breaking procedures, confined space entry procedures and hot work authorizations. This procedure also needs to provide clear steps to follow once the job is completed in order to provide closure for those that need to know the job is now completed and equipment can be returned to normal.
- Managing Change. To properly manage changes to process chemicals, technology, equipment and facilities, one must define what is meant by change. In this process safety management standard, change includes all modifications to equipment, procedures, raw materials and processing conditions other than "replacement in kind." These changes need to be properly managed by identifying and reviewing them prior to implementation of the change. For example, the operating procedures contain the operating parameters (pressure limits, temperature ranges, flow rates, etc.) and the importance of operating within these limits. While the operator must have the flexibility to maintain safe operation within the established parameters, any operation outside of these parameters requires review and approval by a written management of change procedure.
Management of change covers such as changes in process technology and changes to equipment and instrumentation. Changes in process technology can result from changes in production rates, raw materials, experimentation, equipment unavailability, new equipment, new product development, change in catalyst and changes in operating conditions to improve yield or quality. Equipment changes include among others change in materials of construction, equipment specifications, piping pre-arrangements, experimental equipment, computer program revisions and changes in alarms and interlocks. Employers need to establish means and methods to detect both technical changes and mechanical changes.
Temporary changes have caused a number of catastrophes over the years, and employers need to establish ways to detect temporary changes as well as those that are permanent. It is important that a time limit for temporary changes be established and monitored since, without control, these changes may tend to become permanent. Temporary changes are subject to the management of change provisions. In addition, the management of change procedures are used to insure that the equipment and procedures are returned to their original or designed conditions at the end of the temporary change. Proper documentation and review of these changes is invaluable in assuring that the safety and health considerations are being incorporated into the operating procedures and the process.
Employers may wish to develop a form or clearance sheet to facilitate the processing of changes through the management of change procedures. A typical change form may include a description and the purpose of the change, the technical basis for the change, safety and health considerations, documentation of changes for the operating procedures, maintenance procedures, inspection and testing, P&IDs, electrical classification, training and communications, pre-startup inspection, duration if a temporary change, approvals and authorization. Where the impact of the change is minor and well understood, a check list reviewed by an authorized person with proper communication to others who are affected may be sufficient. However, for a more complex or significant design change, a hazard evaluation procedure with approvals by operations, maintenance, and safety departments may be appropriate. Changes in documents such as P&IDs, raw materials, operating procedures, mechanical integrity programs, electrical classifications, etc., need to be noted so that these revisions can be made permanent when the drawings and procedure manuals are updated. Copies of process changes need to be kept in an accessible location to ensure that design changes are available to operating personnel as well as to PHA team members when a PHA is being done or one is being updated.
- Investigation of Incidents. Incident investigation is the process of identifying the underlying causes of incidents and implementing steps to prevent similar events from occurring. The intent of an incident investigation is for employers to learn from past experiences and thus avoid repeating past mistakes. The incidents for which OSHA expects employers to become aware and to investigate are the types of events which result in or could reasonably have resulted in a catastrophic release. Some of the events are sometimes referred to as "near misses," meaning that a serious consequence did not occur, but could have.
Employers need to develop in-house capability to investigate incidents that occur in their facilities. A team needs to be assembled by the employer and trained in the techniques of investigation including how to conduct interviews of witnesses, needed documentation and report writing. A multi-disciplinary team is better able to gather the facts of the event and to analyze them and develop plausible scenarios as to what happened, and why. Team members should be selected on the basis of their training, knowledge and ability to contribute to a team effort to fully investigate the incident. Employees in the process area where the incident occurred should be consulted, interviewed or made a member of the team. Their knowledge of the events form a significant set of facts about the incident which occurred. The report, its findings and recommendations are to be shared with those who can benefit from the information. The cooperation of employees is essential to an effective incident investigation. The focus of the investigation should be to obtain facts, and not to place blame. The team and the investigation process should clearly deal with all involved individuals in a fair, open and consistent manner.
- Emergency Preparedness. Each employer must address what actions employees are to take when there is an unwanted release of highly hazardous chemicals. Emergency preparedness or the employer's tertiary (third) lines of defense are those that will be relied on along with the secondary lines of defense when the primary lines of defense which are used to prevent an unwanted release fail to stop the release. Employers will need to decide if they want employees to handle and stop small or minor incidental releases. Whether they wish to mobilize the available resources at the plant and have them brought to bear on a more significant release. Or whether employers want their employees to evacuate the danger area and promptly escape to a preplanned safe zone area, and allow the local community emergency response organizations to handle the release. Or whether the employer wants to use some combination of these actions. Employers will need to select how many different emergency preparedness or tertiary lines of defense they plan to have and then develop the necessary plans and procedures, and appropriately train employees in their emergency duties and responsibilities and then implement these lines of defense.
Employers at a minimum must have an emergency action plan which will facilitate the prompt evacuation of employees when an unwanted release of highly hazardous chemical. This means that the employer will have a plan that will be activated by an alarm system to alert employees when to evacuate and, that employees who are physically impaired, will have the necessary support and assistance to get them to the safe zone as well. The intent of these requirements is to alert and move employees to a safe zone quickly. Delaying alarms or confusing alarms are to be avoided. The use of process control centers or similar process buildings in the process area as safe areas is discouraged. Recent catastrophes have shown that a large life loss has occurred in these structures because of where they have been sited and because they are not necessarily designed to withstand over-pressures from shockwaves resulting from explosions in the process area.
Unwanted incidental releases of highly hazardous chemicals in the process area must be addressed by the employer as to what actions employees are to take. If the employer wants employees to evacuate the area, then the emergency action plan will be activated. For outdoor processes where wind direction is important for selecting the safe route to a refuge area, the employer should place a wind direction indicator such as a wind sock or pennant at the highest point that can be seen throughout the process area. Employees can move in the direction of cross wind to upwind to gain safe access to the refuge area by knowing the wind direction.
If the employer wants specific employees in the release area to control or stop the minor emergency or incidental release, these actions must be planned for in advance and procedures developed and implemented. Preplanning for handling incidental releases for minor emergencies in the process area needs to be done, appropriate equipment for the hazards must be provided, and training conducted for those employees who will perform the emergency work before they respond to handle an actual release. The employer's training program, including the Hazard Communication standard training is to address the training needs for employees who are expected to handle incidental or minor releases.
Preplanning for releases that are more serious than incidental releases is another important line of defense to be used by the employer. When a serious release of a highly hazardous chemical occurs, the employer through preplanning will have determined in advance what actions employees are to take. The evacuation of the immediate release area and other areas as necessary would be accomplished under the emergency action plan. If the employer wishes to use plant personnel such as a fire brigade, spill control team, a hazardous materials team, or use employees to render aid to those in the immediate release area and control or mitigate the incident, these actions are covered by 1910.120, the Hazardous Waste Operations and Emergency Response (HAZWOPER) standard. If outside assistance is necessary, such as through mutual aid agreements between employers or local government emergency response organizations, these emergency responders are also covered by HAZWOPER. The safety and health protections required for emergency responders are the responsibility of their employers and of the on-scene incident commander.
Responders may be working under very hazardous conditions and therefore the objective is to have them competently led by an on-scene incident commander and the commander's staff, properly equipped to do their assigned work safely, and fully trained to carry out their duties safely before they respond to an emergency. Drills, training exercises, or simulations with the local community emergency response planners and responder organizations is one means to obtain better preparedness. This close cooperation and coordination between plant and local community emergency preparedness managers will also aid the employer in complying with the Environmental Protection Agency's Risk Management Plan criteria.
One effective way for medium to large facilities to enhance coordination and communication during emergencies for on plant operations and with local community organizations is for employers to establish and equip an emergency control center. The emergency control center would be sited in a safe zone area so that it could be occupied throughout the duration of an emergency. The center would serve as the major communication link between the on-scene incident commander and plant or corporate management as well as with the local community officials. The communication equipment in the emergency control center should include a network to receive and transmit information by telephone, radio or other means. It is important to have a backup communication network in case of power failure or one communication means fails. The center should also be equipped with the plant layout and community maps, utility drawings including fire water, emergency lighting, appropriate reference materials such as a government agency notification list, company personnel phone list, SARA Title III reports and safety data sheets, emergency plans and procedures manual, a listing with the location of emergency response equipment, mutual aid information, and access to meteorological or weather condition data and any dispersion modeling data.
- Compliance Audits. Employers need to select a trained individual or assemble a trained team of people to audit the process safety management system and program. A small process or plant may need only one knowledgeable person to conduct an audit. The audit is to include an evaluation of the design and effectiveness of the process safety management system and a field inspection of the safety and health conditions and practices to verify that the employer's systems are effectively implemented. The audit should be conducted or lead by a person knowledgeable in audit techniques and who is impartial towards the facility or area being audited. The essential elements of an audit program include planning, staffing, conducting the audit, evaluation and corrective action, follow-up and documentation.
Planning in advance is essential to the success of the auditing process. Each employer needs to establish the format, staffing, scheduling and verification methods prior to conducting the audit. The format should be designed to provide the lead auditor with a procedure or checklist which details the requirements of each section of the standard. The names of the audit team members should be listed as part of the format as well. The checklist, if properly designed, could serve as the verification sheet which provides the auditor with the necessary information to expedite the review and assure that no requirements of the standard are omitted. This verification sheet format could also identify those elements that will require evaluation or a response to correct deficiencies. This sheet could also be used for developing the follow-up and documentation requirements.
The selection of effective audit team members is critical to the success of the program. Team members should be chosen for their experience, knowledge, and training and should be familiar with the processes and with auditing techniques, practices and procedures. The size of the team will vary depending on the size and complexity of the process under consideration. For a large, complex, highly instrumented plant, it may be desirable to have team members with expertise in process engineering and design, process chemistry, instrumentation and computer controls, electrical hazards and classifications, safety and health disciplines, maintenance, emergency preparedness, warehousing or shipping, and process safety auditing. The team may use part-time members to provide for the depth of expertise required as well as for what is actually done or followed, compared to what is written.
An effective audit includes a review of the relevant documentation and process safety information, inspection of the physical facilities, and interviews with all levels of plant personnel. Utilizing the audit procedure and checklist developed in the preplanning stage, the audit team can systematically analyze compliance with the provisions of the standard and any other corporate policies that are relevant. For example, the audit team will review all aspects of the training program as part of the overall audit. The team will review the written training program for adequacy of content, frequency of training, effectiveness of training in terms of its goals and objectives as well as to how it fits into meeting the standard's requirements, documentation, etc. Through interviews, the team can determine the employee's knowledge and awareness of the safety procedures, duties, rules, emergency response assignments, etc. During the inspection, the team can observe actual practices such as safety and health policies, procedures, and work authorization practices. This approach enables the team to identify deficiencies and determine where corrective actions or improvements are necessary.
An audit is a technique used to gather sufficient facts and information, including statistical information, to verify compliance with standards. Auditors should select as part of their preplanning a sample size sufficient to give a degree of confidence that the audit reflects the level of compliance with the standard. The audit team, through this systematic analysis, should document areas which require corrective action as well as those areas where the process safety management system is effective and working in an effective manner. This provides a record of the audit procedures and findings, and serves as a baseline of operation data for future audits. It will assist future auditors in determining changes or trends from previous audits.
Corrective action is one of the most important parts of the audit. It includes not only addressing the identified deficiencies, but also planning, followup, and documentation. The corrective action process normally begins with a management review of the audit findings. The purpose of this review is to determine what actions are appropriate, and to establish priorities, timetables, resource allocations and requirements and responsibilities. In some cases, corrective action may involve a simple change in procedure or minor maintenance effort to remedy the concern. Management of change procedures need to be used, as appropriate, even for what may seem to be a minor change. Many of the deficiencies can be acted on promptly, while some may require engineering studies or indepth review of actual procedures and practices. There may be instances where no action is necessary and this is a valid response to an audit finding. All actions taken, including an explanation where no action is taken on a finding, needs to be documented as to what was done and why.
It is important to assure that each deficiency identified is addressed, the corrective action to be taken noted, and the audit person or team responsible be properly documented by the employer. To control the corrective action process, the employer should consider the use of a tracking system. This tracking system might include periodic status reports shared with affected levels of management, specific reports such as completion of an engineering study, and a final implementation report to provide closure for audit findings that have been through management of change, if appropriate, and then shared with affected employees and management. This type of tracking system provides the employer with the status of the corrective action. It also provides the documentation required to verify that appropriate corrective actions were taken on deficiencies identified in the audit.
Related Code Sections
Appendix C Hazardous Materials, Compliance Guidelines and Recommendations for Process Safety Management (Nonmandatory)
Appendix C to §1910.119 -- Compliance Guidelines and Recommendations for Process Safety Management (Nonmandatory) This appendix serves ...
OSHA 1910 General Industry > H Hazardous Materials > 1910.119 Process Safety Management of Highly Hazardous Chemicals > C Compliance Guidelines and Recommendations for Process Safety Management (Nonmandatory)
Appendix C Hazardous Materials, Compliance Guidelines
, the objectives of the program and the role of the site safety and health officer or manager and staff; (2) means or methods for the development of procedures ...
OSHA 1910 General Industry > H Hazardous Materials > 1910.120 Hazardous Waste Operations and Emergency Response > C Compliance Guidelines
Appendix D Machinery and Machine Guarding, Nonmandatory Supplementary Information
Nonmandatory supplementary information and guidelines relating to certification/validation of the PSDI safety system are provided to Appendix B ...
OSHA 1910 General Industry > O Machinery and Machine Guarding > 1910.217 Mechanical Power Presses > D Nonmandatory Supplementary Information
Appendix F Toxic and Hazardous Substances, Nonmandatory Protocol for Biological Monitoring
adverse health effects may be occurring. This nonmandatory protocol is intended to provide guidelines and recommendations to improve the accuracy ...
OSHA 1910 General Industry > Z Toxic and Hazardous Substances > 1910.1027 Cadmium > F Nonmandatory Protocol for Biological Monitoring
1910.119(o) Hazardous Materials, Compliance Audits
The compliance audit shall be conducted by at least one person knowledgeable in the process ...
OSHA 1910 General Industry > H Hazardous Materials > 1910.119 Process Safety Management of Highly Hazardous Chemicals > 1910.119(o) Compliance Audits