The Principles of Process Safety Management

​Many of our publications are to do with the topic of Process Safety Management (PSM), or with related topics such as the offshore Safety and Environmental Management System (SEMS) and Safety Cases. Therefore, an overview of the topic of Process Safety Management is provided here. Much more detail is available in the books Process Risk and Reliability Management and Offshore Safety Management.

Overview

Process Safety Management (PSM) is a management system used in the design and operation of industrial processes that handle large quantities of hazardous and flammable chemicals.

PSM is not new; indeed it has always been an integral part of the process industries. Companies have always carried out activities such as writing operating procedures, planning for emergencies, training technicians and investigating incidents. But it was in the late 1980s and early 1990s that PSM programs became more formalized and regulated. Trigger events were the catastrophic release of toxic chemicals from a facility in Bhopal, India in the year 1984, and the offshore Piper Alpha disaster in the year 1986. 

In the United States the first nation-wide regulation was 29 CFR 1910.119, Process Safety Management of Highly Hazardous Chemicals, from OSHA (the Occupational Safety & Health Administration), introduced in the year 1992. This regulation served as a model for PSM programs in many other nations and for internal programs developed by many large energy and process companies. (OSHA is proposing a wide range of updates to its standard. Details are provided in the book The OSHA Process Safety Standard: The 30-Year Update.)

Process safety programs are generally developed for large process and energy facilities such as chemical plants, refineries, offshore oil and gas platforms and pipelines. It is also used in related industries such as pharmaceuticals, food processing and power generation.

Process Safety Management

PSM can best be understood by examining its component words. 

The first word is Process. PSM is concerned with process issues such as fires and the release of toxic gases, as distinct from occupational safety issues, such as trips and falls. 

The second word is Safety. Although an effective PSM program improves all aspects of a facility's operation, the driving force for most PSM programs is the need to maintain safe operations, with a focus on the prevention of catastrophic accidents such as explosions, fires and the release of toxic gases. (It is worth noting, however, that the 2019 fatal incident at the KMCO facility led to closure of the facility involved. The economic impact of a process safety event can be disastrous.)

The Center for Chemical Process Safety provides guidance as to what constitutes a PSM event.

• It must involve a chemical or have chemical process involvement;

• It must be above a minimum reporting threshold;

• It must occur at a process location; and

• The release must be acute, i.e., it must occur over a short period of time.

The third word is Management. A PSM program is to do with creating and implementing management systems that prevent and control major incidents. It is not fundamentally about meeting prescriptive rules or engineering standards. In this context a manager is taken to be anyone who has some degree of control over the process, including operators, engineers and maintenance workers.

Elements of PSM

Process safety programs are built up of management elements. The OSHA regulation is somewhat dated, but is still widely used. It contains the following fourteen elements.

1. Employee Participation

2. Process Safety Information

3. Process Hazards Analysis

4. Operating Procedures

5. Training

6. Contractors

7. Prestartup Safety Review

8. Mechanical Integrity

9. Hot Work

10. Management of Change

11. Incident Investigation

12. Emergency Planning and Response

13. Compliance Audits

14. Trade Secrets

(As already noted, OSHA plans to update this list. Information is provided in our book The OSHA Process Safety Standard: The 30-Year Update.)

Other organizations, such as the American Petroleum Institute and the American Chemistry Council,  have developed their own lists. The one developed by the Center for Chemical Process Safety (CCPS) is shown below; it is the one we use most in our publications and at this site.

1. Process Safety Culture

2. Compliance

3. Competence

4. Workforce Involvement

5. Stakeholder Outreach

6. Knowledge Management

7. Hazard Identification and Risk Management

8. Operating Procedures

9. Safe Work Practices

10. Asset Integrity / Reliability

11. Contractor Management

12. Training / Performance

13. Management of Change

14. Operational Readiness

15. Conduct of Operations

16. Emergency Management

17. Incident Investigation

18. Measurement and Metrics

19. Auditing

20. Management Review

Some large energy and chemical companies develop their own management elements. The following structure is used by Exxon Mobil.

1. Management leadership, commitment and accountability

2. Risk assessment and management

3. Facilities design and construction

4. Information/ documentation

5. Personnel and training

6. Operations and maintenance

7. Management of change

8. Third-party services

9. Incident investigation and analysis

10. Community awareness and emergency preparedness

11. Operations integrity assessment and improvement

In spite of the differences in detail, these programs are generally similar to one another and have the same goals. Rather than being different languages, they are more like dialects of the same language.

The terminology used by different standards can vary. For example, OSHA uses the term ‘Prestartup Safety Review’ whereas the CCPS uses ‘Operational Readiness’. Both terms strive for the same goal: ensure that a facility is safe to start after it has been modified.

Definition of Process Safety Management

Given the above background it is possible to develop definitions for the term Process Safety Management. The definition provided by the Center for Chemical Process Safety is:

The application of management systems to the identification, understanding, and control of process hazards to prevent process-related injuries and incidents.

The following alternative definition is provided here.

Process Safety Management is an on-going process, involving all managers, employees and contract workers, that aims to minimize uncontrolled change from design and/or operating intent, and to keep process conditions within their safe limits.

Safe Limits

The definition in the previous section used the term ‘safe limits’. It is crucial that those responsible for designing and operating process facilities know what those limits for each process variable, and that the limits are defined quantitatively. For example, the safe temperature range for a certain reaction may be 125-150ºC. If the operating temperature deviates outside of that range, then that reaction is — by definition — out of control and potentially unsafe; action must be taken to bring the temperature back into the correct range.

The fact that the process variable has deviated outside the safe range does not mean that an emergency situation exists — management and the operators may have plenty of time to react. But they must do something because the facility must always be operated within its safe limits. The option of doing nothing is not an option.

The Table below illustrates the concept of safe limit values. It is for a system consisting of Tank, T-100; Pumps, P-101 A/B; and Pressure Vessel, V-101.

Credit: Ian Sutton

​Once the safe range has been defined management must determine how to operate their facility so that it stays within that range. In the case of the reaction temperature example, instrument set points must be adjusted and operators trained so as to achieve the 125-150ºC range for the example just provided. All the people involved in running or maintaining the unit must know how to identify an out-of-control situation, what its consequences might be, and how they should respond. If it is management's intention to operate outside the prescribed range then the Management of Change program should be implemented in order to ensure that the new conditions are safe, that new limits have been set, or that new safeguards have been installed.

When a facility is new, the safe limits are defined by its designers. As operating experience is accumulated new safe limit values will be implemented — often through use of the hazards analysis and management of change processes.

Operating, Safe and Emergency Limits 

The concept of safe limits can be extended to include operating and emergency limits, as illustrated in the sketch below, which shows values for a process variable such as pressure, temperature, level or flow rate.

Credit: Ian Sutton

In this example, the operating range is 235-245. If conditions deviate outside that range the operation may be less than optimal, but it is safe.

The safe range is 210-275. If conditions go outside that range then the system is, by definition, unsafe, and action must be taken. This does not mean, however, that the technicians face an emergency situation. They may have plenty of time to take corrective action.

If the upper value goes above 310 then an emergency condition exists ― urgent action must be taken. There is no lower emergency limit in this example.

Managing a PSM Program

The following issues need to be considered when developing and managing a PSM program.

Measurement

"What gets measured gets done". No management program can be effective unless progress against defined, quantitative goals is measured. Process safety management is no different. The catch is that it can be difficult to measure process safety progress because there are relatively few catastrophic events. Also, many of the management elements are quite subjective and difficult to measure.

Involvement 

A Process Safety Management system is not something that is created and then handed down by management to their employees and contract workers; it is a program that involves everyone: designers, operators, maintenance technicians, managers and senior executives. The key word is involvement — which is much more than just communication. All managers, employees and contract workers are responsible for the successful implementation of the program. Management must provide determined and committed leadership, and needs to organize and lead the initial effort. But the employees ― regardless of their formal status ― must be fully involved in the program's implementation and improvement because they are the people who know the most about how a process really operates, and they are the ones who have to execute recommendations and changes. Specialist groups, such as staff organizations and consultants can provide help in specific areas, but process safety is fundamentally a line responsibility.

Thoroughness

The implementation of a PSM program must be thorough. For example, a company may have a good training program, but one person may have missed part of it because he or she was on vacation. Management will have to make sure that this person is trained and that his or her personnel files are updated appropriately.

Holistic

The elements of process safety have strong interaction with one another — it is not possible to meet the requirements of one of the elements without considering its effect on the others.

The connections between the elements can be illustrated by considering the development of an Emergency Response Plan, in which the following sequence of actions — involving seven of the CCPS elements listed above — may occur.

• The writing of the Emergency Response Plan (element 16) requires a knowledge of which hazards have to be addressed.

• Consequently, a Hazards Analysis (element 7) is required to identify the hazards.

• In order to be able to carry out the hazards analysis, information from sources such as P&IDs and Safety Data Sheets is needed. Much of this information is Included in the Knowledge Management program (element 6).

• Once the Emergency Response Plan has been developed, it will be necessary to Train everyone in its use (element 12).

• The Emergency Response Plan has to be Audited on a regular basis (element 19).

• During the training process, those being trained will come up with ideas that will improve the quality of the emergency response plan. This is Workforce Involvement (element 4).

• After going through the Management of Change step (element 13), these ideas can be used to upgrade the emergency manual.

The ‘Most Important’ Elements

When considered in isolation, many of the elements appear to be the ‘most important’. For example, Workforce Involvement is the ‘most important’ because, if the employees do not participate, the process safety program will not function properly. But Management of Change could be considered the ‘most important’ because the root cause of all incidents is uncontrolled change. On the other hand, all of the elements require a solid base of up-to-date, comprehensive information. Therefore Knowledge Management is the ‘most important’. But then it could be argued that Incident Investigation and Root Cause Analysis is what really matters because incidents reveal what is really going on in the organization. The real point, of course, is that they are all important and necessary, and that they all rely on one another to be effective.

​