ASP Exam – Process Safety Management & Risk Analysis Methods
Process Safety Management
Process Safety Management (PSM) is a standard developed by OSHA which provides an analytical tool focused on preventing the release of highly hazardous chemicals (HHCs) as defined by OSHA and the Environmental Protection Agency (EPA). A process is any activity including the use, storage, manufacturing, handling, or on-site movement of HHCs.
In 29 CFR 1910.119 Appendix A, OSHA provides a list of the chemicals and threshold amounts (in pounds) above which they consider a chemical an HHC. Similarly, the EPA maintains a list of chemicals and threshold quantities in their Risk Management Program (RMP). Also included in the OSHA PSM standard are processes which contain 10,000 lbs or more of a Category 1 flammable gas or a flammable liquid with a flashpoint of less than 100 degrees F on site in a sole location and flammable liquids with a flashpoint below 100 degrees F stored in atmospheric tanks that are kept below their normal boiling point without refrigeration.
Retail facilities, oil and gas well drilling and servicing, and remote, unmanned facilities are specifically excluded from the process safety management standard.
Requirements of the Process Safety Management Standard
The Process Safety Management standard is divided into 14 elements, with each element containing relevant requirements. The 14 elements are:
- Process Safety Information
- Process Hazard Analysis
- Operating Procedures
- Mechanical Integrity
- Hot Work
- Management of Change
- Incident Investigation
- Compliance Audits
- Trade Secrets
- Employee Participation
- Pre-Startup Safety Reviews
- Emergency Planning and Response
Process Safety Information
Process safety information is the cornerstone of the PSM standard, and is the information that tells you what chemical you are working with / preventing the release of and what hazards are associated with the chemical. Potenital considerations include:
- Toxicity Information
- Permissible Exposure Limits
- Physical Data
- Reactivity Data
- Corrosive Data
- Thermal and Chemical Stability
- Hazardous effects of inadvertent mixing
In addition to data regarding the chemical, the process should be well defined, and likely includes:
- Flow process or block diagrams
- Process chemistry and reaction data
- Maximum inventory levels
- Safe upper and lower limits, including pressures, temperatures, compositions, and flow rates
- Evaluations of the hazards imposed by process deviations, including the effects on employees
The equipment in the process must also be well defined, including information on:
- Construction materials
- Piping and Instrumentation Diagrams (P&IDs)
- Electrical classifications
- Relief systems
- Ventilation Designs
- Design codes and standards used
- Material and en energy balances
- Safety systems, such as interlocks, fire suppression systems, etc.
Process Hazard Analysis
PSM requires that each process have a hazard analysis performed prior to construction, consisting of at least one of the following:
- What-If Analysis
- Checklist Analysis
- Hazard and Operability Study (HazOp)
- Failure-Mode Effects Analysis (FMEA)
- Fault Tree Analysis (FTA)
- Some other equivalent method
The hazard analysis must address the hazards of the process, engineering / administrative controls in use, consequences of failure of controls, facility siting, human factors, and an analysis of the effects of a failure of protective measures on the employees of a facility. The analysis must be performed by a team with knowledge of engineering and the process with at least one member well versed in the process under analysis. One member of the team must be knowledgeable about the hazard analysis technique in use.
Hazard analysis dictated by PSM must be retained for the life of the process and updated as needed or every 5 years.
Employers must develop and make available operating procedures that provide clear instructions for operating the process safely. Procedures must be re-certified annually. The procedures must cover the following at minimum:
- Initial startup
- Normal operations
- Emergency shutdown conditions and procedures
- Emergency operations
- Normal shutdown
- Startup following shutdowns and turnaround
- Operating limits
- Consequences of deviation
- Properties of and hazards presented by the process
- Precautions to prevent exposure
- Control measures to be taken in a release
- Quality control measures
- Information on special hazards
- Safety systems and their functions
Also, employees must develop and implement safe working practices including all applicable safety measures to be taken during operations and maintenance activities.
Employees must undergo initial training for each process they will be working with. Employers are required to provide refresher training at least every 3 years, and more often if needed. Appropriate records must be maintained for each employee trained, including names, dates of training, and the method used to verify the employee understood the training.
When selecting a contractor for work on a PSM process, such as for maintenance or turnaround, the employer must evaluate the contractors safety record and programs, inform the contractor of known hazards, and explain applicable emergency provisions. Additionally, employers must periodically evaluate contractor performance and maintain an injury and illness log related to the contractor’s work around the process.
Contract employers must ensure their employees are knowledgeable of all of the above and ensure their employees follow all applicable safety rules. Contractors also must notify the employer of any hazards found during their work.
Pre-Startup Safety Review
Prior to introducing HHCs into new or modified process equipment, employers are required to perform a pre-startup safety review that confirms the equipment meets specifications, that all proper training has been performed, that the risk analysis is complete and accurate, and that safety, operating, and emergency procedures are in place.
Mechanical Integrity / Quality Assurance
Employers are required to maintain the mechanical integrity of their equipment by performing inspections and tests on the equipment in accordance with manufacturer’s specifications. Deficiencies should be repaired before the equipment is used further or in a safe and timely manner as dictated by the process. Maintenance equipment and parts must be suitable for the process.
During construction, it is the employer’s responsibility to ensure the equipment is constructed and fabricated appropriately for use in the process.
Hot work permits must be used for performing hot work on or around the process covered by PSM.
Management of Change
For any proposed changes to the process or it’s components (”replacements in kind” are excluded), the employer must ensure the change is properly managed, evaluated, and documented. The following must be addressed prior to any change:
- The technical basis for the change
- Impacts of the change on safety and health
- Modifications to operating procedures
- Necessary time periods for the change
- Authorization requirements for the change
- Affected employees must be informed of and trained on the change prior to start-up
- Changes to the process safety information must be made as needed
An incident investigation must be initiated within 48 hours of any incident that resulted in, or could reasonably have resulted in a release of HHCs. The investigation must be documented in a report and corrective actions should be initiated quickly and documented. All affected employees must review the report.
Emergency Planning and Response
Emergency plans must be in place for the affected facility and include procedures for handling small releases.
Employers must certify they are in compliance after an audit at least every three years. A report of the audit findings must be developed, and the last two audits must be retained. Responses to audit findings must be documented.
All relevant information regarding the process must be made available to employees compiling data required to comply with PSM. Non-disclosure agreements are acceptable in these circumstances.
Job Safety Analysis
A job safety analysis (JSA) or job hazard analysis (JHA) is a procedure that integrates accepted HES principles into a job or specific job task. Often the words “job” and “task” are used interchangeably, although often a “task” may be a specific step in the overall “job”. There are 4 basic steps in completing a JSA:
- Select the job to be analyzed
- Break the job down into individual tasks or steps
- Identify potential hazards that may be encountered in each step
- Determine preventive measures or corrective actions to be taken prior to performing the task
Hazard and Operability Analysis (HAZOP)
Although the HAZOP was originally developed to identify hazard and operability problems in chemical processing plants, it’s applicability extends to any process oriented environment. Typically, an interdisciplinary team is formed to conduct the analysis, with representatives from a variety of backgrounds and departments. In the analysis, an operation is systematically reviewed for potential deviations from the process and potential effects of the deviation. Process drawings are often used to guide the analysis, and the team records each potential deviation and consequences. HAZOPs are completed using guide words and pre-defined examples of potential deviations. A template for completing a HAZOP is below (note the guide words and deviations):
Failure Mode and Effects Analysis
Failure Mode and Effects Analysis has become a standard risk assessment technique in many industries due to its abilities to systematically identify risks caused by various types of equipment failures. FMEAs are completed by a cross-functional team of subject matter experts within an organization. FMEAs are most often used early in a design process, but they can be useful throughout the life cycle of equipment. Ultimately, an FMEA will produce a qualitative list that evaluates potential failure modes, effects of failures, safeguards that already exist, and corrective actions that can be taken to provide additional guarding. General steps in the FMEA process are:
- Identify the target of the analysis
- Define and record failure modes
- Define and record potential failure causes
- Determine probable effects of the failures
- Define potential severity and probability of failures
- Record an overall risk code
- Define and record corrective actions taken to reduce overall risks
A complete FMEA requires that risk codes be entered to assess and prioritize risks. Here is an example of a chart that may be used to determine risk based on potential severity and likely probability:
Fault Tree Analysis
Fault tree analysis (FTA) is another risk assessment method commonly used within the HES profession, although it’s uses extend far beyond. FTA is a boolean logic concept that evaluates events. The FTA process relies upon building a tree with some undesirable event at the top. Underneath the tree begins to expand as contributing factors are documented and then further divided into causal factors. “Cut sets” are any sequence of events, as read from the bottom of the tree to the top, that allow the top level event to occur.
Typically, FTAs rely on the other analysis techniques provided above to identify potential events and contributing factors. The fault tree analysis is then used to map out these events. Eventually, qualitative or quantitative analysis are used with the FTA to assign potential probabilities to each potential event cause.
Unfortunately, the FTA is susceptible to many limitations. The most prominent limitation is that each FTA is limited solely to the ability to identify events and contributing factors. Events and causal factors may be overlooked or left out completely, leaving an inaccurate depiction of likely causes for a top level event. Assigning realistic probabilities to event causes also poses a significant problem.
The FTA consists of a set of graphics which represent the top level event, contributing events, and logic gates (the “and” and “or” gates). Below is an example of the most common shapes used in a fault tree analysis:
Change analysis, often referred to as “Management of Change” seeks to evaluate all aspects of changes within an organization or process in an attempt to foresee potential impacts that result from the change, ensure the change is communicated to affected employees, and that job tasks are updated appropriately. Change analysis can help an organization identify the need to :
- Update policies, procedures, and job descriptions
- Update or identify new regulatory permits
- Perform additional risk analysis
- Communicate changes to internal and external parties
- Evaluate environmental impacts
- Evaluate production impacts
- Evaluate temporary impacts caused by change implementation