A structured risk based approach defines the pathways to successful implementation of process safety management objectiv...
A CEP Preprint © 2010 AIChE
Back to Basics
Understanding Process Safety Management A structured risk-based approach defines the pathways to successful implementation of process safety management objectives Adrian L. Sepeda A. L. Sepeda Consulting Inc.
P
rocess safety and process safety management systems touch almost every aspect of designing, constructing, operating, maintaining, modifying, and closing a manufacturing site. With requirements and regulatory obligations that are often difficult to understand and hard to implement, this field may seem extremely complex to the inexperienced engineer. Process safety management (PSM) has a variety of meanings and purposes. AIChE’s Center for Chemical Process Safety (CCPS) defines PSM as “a management system that is focused on prevention of, preparedness for, mitigation of, response to, and restoration from catastrophic releases of chemicals or energy from a process associated with a facility” (1). History has shown that a lack of, an ignorance of, or an improper or inadequate implementation of a suitable PSM program can be disastrous. The events that occurred in Flixborough, England, and Bhopal, India, exemplify this point. This article outlines the concepts and tools that are needed to develop, implement, audit, and manage a riskbased PSM system. It does so using a structured approach
COMMIT TO PROCESS SAFETY
UNDERSTAND HAZARDS AND RISK
that can be compared to constructing a building. The first step in erecting a building is to lay a foundation. Similarly, risk-based PSM systems are built on a foundation of four key components (Figure 1): 1. Commit to Process Safety 2. Understand Hazards and Risk 3. Manage Risks 4. Learn from Experience These four foundation blocks support 20 process-safetyrelated tools and areas of expertise that form a structurally sound, risk-based PSM program.
Commit to process safety This foundation block involves words, actions, demonstration, and support. It starts with developing and sustaining a culture that encourages, embraces, and supports process safety. The commitment exists at all levels of an organization and in every individual at every facility. It permeates the attitude and work ethic of every employee. Commitment to process safety includes understanding, implementing, and complying with applicable laws, regulations, standards, and
MANAGE RISK
LEARN FROM EXPERIENCE
p Figure 1. An effective risk-based PSM program is built on a strong foundation consisting of a commitment to process safety, an understanding of hazards and risk, appropriate risk management measures, and continual learning from experience.
26
www.aiche.org/cep August 2010 CEP
Process Safety Competency
Compliance with Standards
u Figure 2. The Commit to Process Safety foundation block supports five pillars related to company culture, practices and behaviors.
Stakeholder Outreach
Workforce Involvement
• develop and implement an appropriate management system that ensures compliance actions remain effective • install an audit system and distribute audit reports to the appropriate individuals to ensure they are notified of the actions required for continuous compliance. 3. Process Safety Competency encompasses three COMMIT TO related actions: PROCESS SAFETY • continuously improving knowledge and proficiency • ensuring that appropriate information is available to people who need it when they need it • consistently applying what has been learned. This often requires assessing the availability of information, gathering knowledge and lessons learned from external sources, customizing and disseminating that information for use throughout your organization, updating documentation as needed, implementing document control procedures, and conducting periodic training to institutionalize the new information. Process safety competency is achieved when every person in the organization knows his or her process safety responsibilities and is empowered to assume them. 4. Workforce Involvement. The fourth pillar recognizes that PSM must span from the lowest job level up to the top of the corporate ladder. Every level between must be educated, involved, and empowered. Process Safety Culture
accepted codes of recommended practices. As shown in Figure 2, the Commit to Process Safety foundation block supports five pillars. 1. Process Safety Culture is the combination of group values and behaviors that determine the manner in which process safety is managed. The culture can range from undesirable, with uncontrolled and unknown risk-taking, to desirable, where risks are identified and managed. Culture starts at the top of the organization and requires support, understanding, and adaptation at every level. Culture must constantly be reviewed, reinforced, and enhanced to ensure it is consistent. This is done by: • constantly maintaining a sense of vulnerability and avoiding complacency • empowering individuals to successfully fulfill their process safety responsibilities • maintaining a sufficient level of expertise • establishing and maintaining an open and effective communication system • establishing and fostering a questioning and learning environment • gaining and maintaining trust throughout the organization • ensuring prompt and timely responses to process safety issues and concerns. 2. Compliance with Standards. This pillar involves identifying the standards that apply to your operation, understanding and implementing those standards, and auditing against the standards to ensure adherence, effectiveness, and continuous improvement. Standards come in many forms, including voluntary industry standards, such as American Petroleum Institute Recommended Practices (e.g., API RP 752, which relates to the siting and protection of people in buildings), and consensus codes, such as those developed by the National Fire Protection Association (e.g., NFPA 921: Guide for Fire and Explosion Investigations). Other standards are mandatory, such as U.S. federal, state, and/or local laws and regulations (e.g., 29 CFR 1910.119, the Occupational Safety and Health Administration’s [OSHA] standard for the management of process safety), and international laws and regulations, such as the European Commission Seveso II Directive, which involves the control of major accident hazards involving dangerous substances. Standards-compliance activities may be managed by various groups within an organization, which must: • ensure that a consistent and appropriate understanding of the standard exists and that a matching implementation strategy is developed and is followed • implement a methodology for determining which standard requires compliance and by when • involve the right people with the needed competencies at the right time
The Center for Chemical Process Safety Formed in 1985 after the Bhopal tragedy, AIChE’s Center for Chemical Process Safety (CCPS) has provided leadership and technical support in an effort to eliminate process-safety-related incidents. CCPS’s most advanced approach is embodied in its book, “Guidelines for Risk Based Process Safety” (1). This article is based on the risk-based approach to process safety.
CEP August 2010 www.aiche.org/cep
27
Back to Basics
u Figure 3. The Understand Hazards and Risk foundation element serves as a basis for two pillars involving process knowledge and hazard identification.
28
www.aiche.org/cep August 2010 CEP
Hazard Identification and Risk Analysis
Understand hazards and risk There is an important difference between a hazard and a risk. A hazard is defined as “chemical or physical conditions that have the potential for causing harm to people, property, or the environment,” whereas risk is defined as “the combination
Process Knowledge Management
The people who operate and maintain the equipment are the front line of defense and the first layer of protection against catastrophic events. If these people are not educated in PSM, this level of protection is lost. Likewise, those who make resource decisions must also be educated to understand what needs must be met to maintain an effective PSM system. Workforce involvement includes not only employees, but contractors as well. A written action plan should be developed that summarizes the PSM requirements and captures the knowledge of those responsible for implementing PSM on the front lines. Such plans often become stagnant and ignored. Therefore, involving the front-line workforce in addressing processsafety-related problems capitalizes on their expertise — they often have valuable insight into how problems can be solved with the resources available. 5. Stakeholder Outreach is comprised of three activities: • seeking out individuals or organizations that can be affected by company operations and engaging them in a dialogue about process safety • establishing a relationship with community organizations, other companies, professional groups, and local, state, and federal authorities • providing accurate information about the company and the facility’s products, processes, plans, hazards, risks, and how they are managed. A company should use stakeholder outreach to secure and continuously renew its political license to operate in the community. Effective outreach can move the community from merely tolerating the presence of the facility to appreciating its presence as a trusted and valuable contributor. Outreach is not solely the responsibility of management or the corporate public relations staff. In fact, members of the community may find representatives of the local, operational work force — their neighbors — more believable. In some situations, when management talks, people listen, but when the front-line workers talk, people believe.
UNDERSTAND HAZARDS AND RISK
of three attributes: what can go wrong, how bad it could be, and how often it might happen” (1). The Understand Hazards and Risk foundation block supports two pillars (Figure 3). 1. Process Knowledge Management. This pillar requires one or more of the following types of information: • Chemical Hazard Information. Each chemical has hazards that must be identified, understood, and managed. Hazard information is often supplied in Material Safety Data Sheets (MSDS). Care should be taken to ensure the MSDSs are current and accurate. • Process Technology Information. Each process is built around a specific technology, which must be characterized, understood, and managed. Process technology information is usually contained in the original design documentation, but the design may change over time. An effective management of change (MOC) program should be in place to keep the process technology information current and accurate. • Process Equipment Information. Each piece of equipment in the facility has defined specifications, safe operating limitations, and approved uses. For example, the specifications for a centrifugal pump include impeller size, inlet and outlet piping connections, size and pressure ratings of the flanges, materials of construction, etc. These data must be updated when equipment is modified or replaced. All of this information must be shared with those who need it to do their job safely. In addition to ensuring that these data exist, the facility must have a validated method ology to ensure that those who need to know actually have the information when needed. 2. Hazard Identification and Risk Analysis. This pillar is also referred to as process hazards analysis (PHA). The most common PHA methodologies are scenario-based, and include (2): • What-if Analysis. In this free-form brainstorming approach, a group of experienced participants repeatedly asks the question “What if…?” and then discusses the hazards that might be uncovered in the answers to the question. • What-if/Checklist Analysis. This structured brainstorming approach combines the creative features of “What if?” with a checklist to make sure the questioning is pertinent to the potential hazards. • Hazard and Operability (HAZOP) Analysis. This systematic technique identifies potential hazards and operational problems that could result from deviations from the process design intent. A specific section (or node) of the process flow diagram is selected for analysis. Scenarios are constructed by combining specific guide words (e.g., no, less, more, reverse, etc.) with various process parameters (e.g., flow, temperature, pressure, level, etc.) to form the basis for exploring hypothetical conditions such as “more pressure” or “reverse flow.” When a hazard is identified, the group generates one or more
a high level of precision, so semi-quantitative values are sometimes used instead. Many companies use a two-dimensional risk matrix (Figure 4) to characterize risk. One axis represents the probability that a certain event will occur and the other axis represents the expected consequences. Each level on the probability and consequence axes must be defined, which is often done semi-quantitatively using a scale of 1 = very low to 5 = very high. Each cell within the risk matrix captures the probability and consequence of a specific event — i.e., the risk. The risk of one event can then be compared to preestablished levels of tolerability for risk, and the appropriate risk-reduction measures taken.
Manage risk Risks can be managed only after hazards have been identified and translated into risks and the potential impacts on the safety and viability of the facility characterized. Once the range of impacts is known, the risks can be compared and prioritized and the available risk-management resources allocated accordingly. The Manage Risk foundation block supports nine pillars (Figure 5). 1. Operating Procedures are (usually written) instructions that list the steps for a given task and describe the manner and order in which those steps are to be performed. Written and enforced procedures are necessary to manage the risks associated with operating a manufacturing process. Good operating procedures also describe the process, the hazards, the tools needed, the protective equipment C
D
D
E
E
5
B
C
D
D
E
4
B
B
C
D
D
3
A
B
B
C
D
2
A
A
B
B
C
1
1
2
3
4
5
Probability
recommendations to address the issue. Then it moves on to another question. After all meaningful questions associated with that node are asked and answered, the team repeats the procedure for the next node, and so on until the entire flow diagram has been analyzed. • Failure Modes and Effects Analysis (FMEA). This approach determines the ways that each piece of equipment in the process could fail and the most likely consequences if that were to happen. If the consequences are unacceptable, then risk-reduction plans are developed. These plans could reduce the probability of failure, its likely consequences, or both. FMEA is similar to HAZOP in that questions relating to deviations are asked and answered. Instead of moving from one process node to another node, however, the team moves from one piece of equipment to another. • Fault Tree Analysis. This deductive technique focuses on one particular incident or failure at a time and backtracks through all the events leading to that failure to determine the potential causes. A fault tree is a graphical model that uses standard symbols to display the combinations of failures and failure pathways that could result in a significant event of concern — called the top event. Since this technique starts with a failure, it is often used for incident investigations. • Event Tree Analysis. This graphical technique starts with an initiating cause, and then determines all of the possible outcomes that could result from the success or failure of protective systems. It is typically used to identify incidents that might occur in more-complex processes. • Cause-Consequence Analysis. This method combines the inductive reasoning used in event tree analysis with the deductive reasoning of fault tree analysis. A cause-consequence analysis generates a diagram that describes incident sequences and descriptions of possible outcomes of those incidents. These techniques identify and analyze hazards. The hazards must then be translated into risks before a riskmanagement program can be implemented. Risk is an expression of the probability that an event will occur combined with the consequences if it does. Normally, these elements are independent for process-related risks. However, if the risk relates to security, probability and consequence are not independent — because the higher the consequence, the more attractive the event is to someone intent on causing harm and the higher its probability (3). Risks need to be clearly and accurately characterized so that they can be properly prioritized. Risks may be expressed qualitatively or quantitatively. Quantitative risk assessment is more accurate than qualitative risk assessment, but it requires more expertise, takes more time, and is more expensive. A quantitative risk assessment requires numerical values for both the probability that a certain event may occur and the consequences that would result if it did. It is often difficult to obtain these values with
t Figure 4. An example of a risk matrix, in which the x axis represents consequence severity (1 = very low to 5 = most severe), and the y axis represents probability (1 = very low to 5 = very high). The letter in each cell indicates the level of risk and defines the appropriate risk-management strategy.
Consequence
Risk Level and Response A = Tolerable risk; no action required B = Low risk, but watch closely C = Questionable risk; look into inexpensive risk-reduction measures; watch closely for changes D = Intolerable risk; consider risk-reduction measures; report status to safety officers E = Very intolerable risk; Immediate action required to reduce risk at least one level; report to safety officers until permanently lowered at least one level
CEP August 2010 www.aiche.org/cep
29
Emergency Management
Conduct of Operations
Operational Readiness
Management of Change
Training and Performance Assurance
Contractor Management
Asset Integrity and Reliability
Safe Work Practices
Operating Procedures
Back to Basics
MANAGE RISK
p Figure 5. The Manage Risk foundation block supports nine pillars, encompassing a range of critical management and operational practices.
required, and the control system employed to manage the process and the risks (1). Operating procedures are usually more accurate, generally accepted, and followed more closely when they are developed jointly by operators and process engineers who have a high degree of involvement and knowledge of process operations. Changes to operating procedures should be closely monitored and approved through a management of change (MOC) process, just as any physical equipment or process change would be (1). 2. Safe Work Practices are the documents, actions, and routines that fill the void between operating procedures and maintenance procedures (1). Safe work practices are usually established for repeatable tasks, such as hot work, electrical lockouts, confined-space entry, and elevated work requiring fall protection. Some of these tasks are performed regularly, whereas others may done intermittently. They are not part of the manufacturing process, and usually require a permit issued by the safety and/or the manufacturing department because they are not fully described in an operating procedure. Safe work practices are important because such tasks may present new hazards not encountered during normal operations. 3. Asset Integrity and Reliability. This pillar involves the use of procedures, work orders, and management oversight to ensure that equipment is properly designed, installed, and maintained to remain fit for service until removed and/or retired. Reliability is performance as expected on 30
www.aiche.org/cep August 2010 CEP
demand. Reliability usually follows or is a result of proper asset integrity. Each company should have an asset integrity and reliability policy, and each operating facility should have a matching procedure. 4. Contractor Management. Contractors, i.e., noncompany employees with specific skills who perform specific targeted assignments, need to be educated and managed so that they are fully aware of the hazards the facility presents to them in their jobs and that they do not present new unaddressed hazards to the facility. Contractors must be educated about the facility, how it works, what it does, and the hazards it presents to them while doing their work. Conversely, the contractor must educate the facility personnel about the hazards they may be bringing onto the site and how their jobs might change the existing hazards and established risk-management system. Contract personnel should be held to the same safety standard as company employees. Furthermore, the facility and contracting companies should participate in annual performance and safety reviews to exchange information and ideas and resolve ongoing issues. 5. Training and Performance Assurance. This pillar is the tool that gives employees and contractors the understanding they need to do their jobs safely. Training can be general, such as what to do when the emergency alarm sounds, or it can be specific, defining exactly how to operate or repair a particular piece of equipment. Unlike some undergraduate classes, where an exam score of 80% is often considered passing, safety training requires mastery of all of the course content. Anything less than 100% is unacceptable and indicates a need for retraining. Front-line operations personnel often make the best trainers, because they can blend their expertise with their real-world experiences. 6. Management of Change. MOC may be the most important tool for keeping a facility safe. In the absence of change, even unsafe operations eventually improve, simply because the unsafe conditions manifest themselves and are addressed. However, when changes are made, it may be virtually impossible for such a natural reduction in risk to occur, because the hazards are changing and they may be compounding. To manage change, it must be recognized, then analyzed and characterized to determine its impact on risk. Change is defined as any addition, process modification, or substitute person or object that is not a replacement-in-kind, i.e., that does not meet the design specification (4). However, identifying change is not always easy, because change can creep into daily practice unnoticed — until something goes wrong. Be alert for signs of such changes. For example, if a member of the operations staff begins a sentence with “On my shift …,” this usually indicates that all shifts do not operate the same way and that a
knows what to do if something goes wrong. It also ensures that all stakeholders are knowledgeable in what they are to do and when to do it.
u Figure 6. The fourth foundation block — Learn from Experience — deals with gathering and disseminating information and lessons learned from yourself and from others.
Management Review and Continuous Improvement
Auditing
Measurement and Metrics
Learn from experience Retired Pittsburgh Pirates pitcher Vernon Law said, “Experience is a hard teacher because she gives the test first, the lesson afterwards.” Learning from our own experience is sometimes painful and slow. We must capture and apply the lessons learned from our own experiences. This requires an infrastructure to identify, document and disseminate learnings. A less-painful way to learn is by observing and gathering information and learnings from others. Networks for sharing safety lessons, both formally and informally, are very important. CCPS facilitates such sharing through its publications, conferences, and courses, as well as its Process Safety Incident Database (PSID) (5), in which it collects data about incidents and shares that information with participating companies. The Learn from Experience foundation supports four pillars (Figure 6). 1. Incident Investigation (6) involves tracking and analyzing safety incidents to discover their causes, both primary and contributing. This includes: • a formal process for investigating incidents, including staffing, performing, documenting, and tracking of process safety incidents • implementing corrective measures so that identical or similar incidents do not recur • studying trends to identify recurring incidents. For each incident, the investigation should discover: • what happened — the incident itself and contributing events and conditions • how it happened — the critical events and conditions in the incident sequence • why it happened — the management and organizational factors that allowed the critical events and conditions to occur. The fault tree analysis technique described earlier can be applied to incident investigation with the safety incident as the top event. The investigators Incident Investigation
change has occurred somewhere. Engineers sometimes need to evaluate the impact of change under stressful, hurried conditions. For instance, the facility may have shut down because a key component failed and an exact replacement will not arrive for four days, so the production department suggests substituting a similar part in order to get the plant back up and running sooner. Before the substitution is approved, the impacts of the change must be thoroughly evaluated to ensure the safety of the employees and the facility. An effective MOC program involves five key steps (1): 1. Design, implement and maintain a dependable MOC practice that is suitable for your facility 2. Identify potential change situations 3. Evaluate possible impacts if a change is made 4. Determine whether the requested change should be approved, modified, or rejected 5. Complete the necessary follow-up activities, including documentation, training, etc. It is important to complete the appropriate paperwork once a change has been approved. Take this opportunity to determine whether this change will always be acceptable or if this is just a one-time approval. If it will always be acceptable, perhaps the design specification should be changed. 7. Operational Readiness. Any process that has been shut down must undergo comprehensive inspection and testing before it is restarted to ensure that the process is able to handle hazardous materials and that it can resume manufacturing safely. This readiness inspection should review the physical condition of the equipment, the training and understanding of the operations personnel, the preparation and readiness of the maintenance staff, and the integration of all of these elements into the facility’s emergency response plan. It should also verify that all permits are in place and that the facility is in compliance with all applicable regulations. 8. Conduct of Operations refers to the execution of operational and management tasks in a deliberate and structured manner (e.g., per operating procedures, standards, codes, etc.) by qualified personnel. Conduct of operations applies to all work activities and includes all workers — employees and contractors. A clear chain of command, specific authorities and responsibilities, and performance metrics in accordance with approved procedures and work practices should also be established (1). 9. Emergency Management includes: reviewing the facility’s risks and developing possible scenarios that might lead to an emergency situation; developing a structured response plan and securing the resources needed to carry it out; and conducting training and practice drills involving all stakeholders. Effective emergency management ensures that everyone at the facility is constantly aware of the risks and
LEARN FROM EXPERIENCE
CEP August 2010 www.aiche.org/cep
31
Back to Basics
repeatedly ask why, then catalog the answers and depict them graphically. A fault tree diagram is developed from the top down. At each step in the analysis — i.e., for each fault — a set of necessary and sufficient lower-order conditions or events is identified. Moving from one level to the next requires passing through a gate. This gate can be either an “and” gate, if both events or conditions had to occur to cause the fault, or an “or” gate, if either event or condition could have caused the fault (7). The result is a graphical representation of the sequence of events leading up to the incident. 2. Measurement and Metrics. This pillar deals with keeping score. Metrics provide the information needed to determine when and by how much mid-course corrections need to be made. Measurements and metrics can be realtime, lagging, or leading (8–10): • lagging metrics — retrospective measures based on the number of incidents that meet a threshold of severity • leading metrics — forward-looking indicators of the performance of key work processes, operating disciplines, or layers of protection that prevent incidents • near-miss and other internal lagging metrics —
indicators of less-severe incidents (those below a threshold of severity), or unsafe conditions that triggered one or more layers of protection. Each company or facility should establish the parameters to be measured and tracked, the process for doing so, and the means for reporting and responding to the data. 3. Auditing. It is essential that every facility looks for and identifies weaknesses in its PSM systems. Safety audits should be systematic and conducted by people who are not involved with the process or employed by the organization being audited. The goal of an audit is to verify conformance to prescribed standards. The auditing process starts with an examination of the management systems in place, as well as policies, procedures, and support resources. The auditors then go out into the manufacturing areas to examine the process and facility. Weakness in management systems will typically manifest themselves in the processing areas. Therefore, corrective measures should be introduced to the management system, since a facility may have multiple deficiencies that are all caused by a single failure in a management
COMMIT TO PROCESS SAFETY
UNDERSTAND HAZARDS AND RISK
MANAGE RISK
Management Review and Continuous Improvement
Auditing
Measurement and Metrics
Incident Investigation
Emergency Management
Conduct of Operations
Operational Readiness
Management of Change
Training and Performance Assurance
Contractor Management
Asset Integrity and Reliability
Safe Work Practices
Operating Procedures
Hazard Identification and Risk Analysis
Process Knowledge Management
Stakeholder Outreach
Workforce Involvement
Process Safety Competency
Compliance with Standards
Process Safety Culture
PROCESS SAFETY MANAGEMENT SYSTEM
LEARN FROM EXPERIENCE
p Figure 7. Taken together, the process safety management foundation blocks, along with the programs, tools, and practices built upon them, provide the infrastructure for supporting a comprehensive and sturdy process safety management system.
32
www.aiche.org/cep August 2010 CEP
Literature Cited 1. Center for Chemical Process Safety, “Guidelines for Risk Based Process Safety,” American Institute of Chemical Engineers, New York, NY (2007). 2. Center for Chemical Process Safety, “Guidelines for Hazard Evaluation Procedures — Third Edition,” American Institute of Chemical Engineers, New York, NY (2007). 3
Abrahamson, D., and A. L. Sepeda, “Managing Security Risks,” Chem. Eng. Progress, 105 (7), pp. 41–47 (Sept. 2009).
4. Center for Chemical Process Safety, “Guidelines for Management of Change for Process Safety,” American Institute of Chemical Engineers, New York, NY (2008). 5. Center for Chemical Process Safety, Process Safety Incident Database, www.psidnet.com. 6. Dyke, F. T., “Conduct an Effective Incident Investigation,” Chem. Eng. Progress, 100 (9), pp. 33–37 (Sept. 2004). 7. Center for Chemical Process Safety, “Guidelines for Investigating Chemical Process Incidents — Second Edition,” American Institute of Chemical Engineers, New York, NY (2003). 8. Overton, T. and S. Berger, “Process Safety: How Are You Doing?,” Chem. Eng. Progress, 104 (5), pp. 40–43 (May 2008). 9. Center for Chemical Process Safety, “Process Safety Leading and Lagging Metrics — You Don’t Improve What You Don’t Measure,” www.aiche.org/ccps/publications/psmetrics.aspx and www/aiche.org/uploadedfiles/ccps/metrics/ccps_metrics%20 5.16.08.pdf, American Institute of Chemical Engineers, New York, NY (2008).
system (11). When deficiencies are identified, action plans to eliminate the deficiencies should be implemented and tracked to completion. OSHA’s PSM audit guidelines (12) explain how to do this. 4. Management Review and Continuous Improvement. This final pillar involves routine evaluation of existing PSM systems to determine their effectiveness and/or improving effective systems even further. What was good enough or even leading-edge last year may now be obsolete. The management review and continuous improvement process ensures that all systems are up to date and in harmony with current needs and expectations.
Closing thoughts When all four foundation blocks are in place — commitment to process safety, understanding of hazards and risks, management of risk, and learning from experience — they firmly support the 20 programs, tools, and areas of expertise that, in turn, support the roof — an all-encompassing, coordinated, risk-based process safety management system (Figure 7). CEP
10. Center for Chemical Process Safety, “Guidelines for Process Safety Metrics,” American Institute of Chemical Engineers, New York, NY (2009). 11. Sepeda, A. L., “Auditing Process Safety Management in Four Levels,” Process Safety Progress, 28 (4), pp. 343–346 (Dec. 2009). 12. U.S. Occupational Health and Safety Administration, “Standard for Hazardous Materials — Process Safety Management of Highly Hazardous Chemicals,” 29 CFR 1910.119, OSHA Instruction CPL 2-2.45A, Appendix A, “PSM Audit Guidelines” www.osha.gov/pls/oshaweb/owadisp. show_document?p_table=DIRECTIVES&p_id=1558.
Further Reading 1. Center for Chemical Process Safety, “Layer of Protection Analysis — Simplified Process Risk Assessment,” AIChE, New York, NY (2001).
adrian L. Sepeda, P. E., is president and owner of A. L. Sepeda Consulting Inc. (Plano, TX; E-mail:
[email protected]). He started his consulting firm after 33 years of service with Occidental Chemical Corp., where he was director of risk management. His background includes design, construction, utilities specialist, manufacturing, energy conservation, and a variety of process-safety-related activities and assignments. His firm specializes in hazard identification and risk management, process safety, and incident investigations. He provides consulting services to AIChE’s CCPS. He also teaches process safety courses for AIChE, the American Society of Mechanical Engineers, Texas A&M’s Mary Kay O’Connor Process Safety Center, and private clients. An Emeritus Member and Fellow of CCPS, he holds a BS in mechanical engineering from Lamar Univ. and a P.E. license in Texas.
CEP August 2010 www.aiche.org/cep
33
