Are You Safeguarding Personnel and Processes Before Updates?
The Occupational Safety and Health Administration (OSHA) implemented the Process Safety Management (PSM) program in 1992. One of the more critical elements of OSHA PSM program in 29 CFR (Code of Federal Regulations) 1910.119, under subpart (i) is Pre-Startup Safety Reviews (PSSR). This critical element according to OSHA PSM states:
1910.119(i) | Pre-startup safety review |
1910.119(i)(1) | The employer shall perform a pre-startup safety review for new facilities and for modified facilities when the modification is significant enough to require a change in the process safety information |
1910.119(i)(2) | The pre- startup safety review shall confirm that prior to the introduction of highly hazardous chemicals to a process |
1910.119(i)(2)(i) | Construction and equipment is in accordance with design specifications |
1910.119.(i)(2)(ii) | Safety, operating, maintenance, and emergency procedures are in place and are adequate |
1910.119(i)(2)(iii) | For new facilities, a process hazard analysis has been performed and recommendations have been resolved or implemented before startup; and modified facilities meet the requirements contained in management of change, paragraph (l) |
1910.119(i)(2)(iv) | Training of each employee involved in operating a process has been completed |
The PSSR process is the last line of defense before bringing an updated or new process online to ensure that it has been properly designed, all the equipment and process information is complete and available, the equipment is installed per the design specifications, a PHA has been conducted and all recommendations are completed (for new or changed processes) all safety, operating, maintenance and emergency procedures are adequate and complete, and all training of operation personnel is completed. The one item that is not specifically spelled out in this regulation, but is probably included in the equipment is the digital control system (DCS) and/or safety instrumented system (SIS). This system assists the operators in running and controlling parameters such as the material flow, temperatures, pressures, and levels within the process. It also provides alarms to alert operators if the process is starting to get out of control and interlocks to take certain actions, intervene or even stop the process, if necessary. Too often, taking the time to ensure all the automated valves, associated process instrumentation, and alarms and interlocks are active and functioning properly before starting a new or updated process or restarting the process after a major shutdown is ignored or overlooked.
In the BP incident on March 5th, 2005, which killed 15 and injured 170+ others, safety critical checks were not properly conducted, as the incident investigation found that an inoperative pressure control valve, a defective high level alarm, and a defective sight tower-level transmitter had not been calibrated and portable trailers with non-essential personnel were located too close to the process. In two other incidents, where improperly conducted PSSRs of the process controls settings and systems settings caused no deaths or injuries, but still damaged process and equipment and had a financial and business impact were: (1) Equipment which was manufactured in Europe and shipped to the US, a 50 Hz motor setting remaining from preliminary testing overseas (should have been changed and set to 60 Hz for US operations) caused a motor to run slower and resulted in a process shut down due to high temperature. While cooling the process, other operational steps were taken and the end result was a propagating fireball explosion which caused extensive damaged to the outdoor process equipment and some siding on the building. (2) Another incident in a manufacturing operation involved the replacement of a circuit board, supposedly like in kind, but actually the updated newer version. No PSSR was conducted and several critical interlocks were not operational due to the board replacement. End result was damaged shaft, repair and replacement cost, and the associated lost production time (8-10 weeks).
In all of these incidents properly conduct PSSRs with checks of the DCS/SIS system and operation of the automated valves, instrumentation, alarms, and interlocks before commissioning/starting the equipment, bringing the equipment back online after an outage or replacement of parts would have probably prevented these incidents. It takes both trained and qualified employees and knowledgeable and informed safety-minded management to ensure that PSSRs are thoroughly conducted and approved before allowing processes to be brought online or restarted to avoid these incidents.