Is Your Safety Information System Good Enough?
In every industry, regulatory climates are shaped by successive responses to serious incidents. Recent episodes are likely to lead to new levels of regulation, imposing increased burdens on operational safety management. In fact, successive safety incidents have shaped our current regulations and have drivenprocess hazard assessment techniques and technology.
Table 1 highlights the outcomes from some high-profile incidents in the petrochemical and power industries. Mining incidents can be equally serious but, perhaps because they are often confused in the public mind with natural disasters, have tended not to generate the same level of political pressure. However,change is on its way.
The recent spate of headline-grabbing incidents such as the coal mine disaster in West Virginia, theChilean deep-mine collapse and the severity of the Gulf of Mexico disaster have created irresistible pressures to legislate and to impose more extensive accountability and severe penalties on company executives. The precedent has already been set; in response to corporate accounting scandals in 2002, the Sarbanes OxleyAct (SOX) imposed on senior executives individual responsibility for the accuracy and completeness of their corporation’s financial information. If this act were to be revised to embrace process safety andenvironmental information, would your current systems be up to the challenge?
Identifying the Requirements
Unlike in the financial sector, the implications for the process and mining industries would be of an order of magnitude more complex and costly. The engineering, operations and maintenance environment is characterized by many disparate applications, many incompatible data sources and formats and continualchange.
Information within an effective Process Safety Information Management system must be:
• Valid, authentic and verifiable;
• Accurate, complete and of high integrity;
• Readily available, on demand, in an immediately usable form, wherever required across theenterprise;
• Secure from corruption, loss or unauthorized change, and
• Updatable only by means of a robust and auditable change control process.
Fundamental to process safety management is the ability to manage change, conduct impact assessments and produce actionable management reports. If the Safety Information System can reliably demonstrate compliance with current regulations and can show where changes in regulation have been applied in terms of operating systems, processes and procedures, then it will be well on its way to meeting current and future regulatory challenges. If not, it should be reviewed as a matter of priority.
It is, of course, easy to regard regulatory compliance as a pure cost burden, but this need not , and indeed should not, be the case. Safe operations arise through doing things correctly at every stage: achieving this will also save unnecessary costs and maximize productivity. "Doing it right" embraces "doing it safely," so the interests of both regulators and operators are in fact compatible.
Meeting the Need
There are two elements to an effective Process Safety Information Management system: the information content itself and a technology platform that can handle a massively complex, disparate and highly interdependent information asset. Almost invariably, an existing information asset will be deficient in some ways; individual documents may be out of date, missing, or not correctly associated with other information items and workflows. Not all technology platforms are created equal and a prudent purchaser should ascertain not only how well a candidate system can locate specific information, but how well it canidentify inconsistencies between related information items of widely different types. And note that information management is not the same as document management – a single document may contain many different individual items of information.
The first step in updating the compliance process is to create a consolidated list of the applicable Codes of Practice (COPs), similar to that shown in Table 2. For example, this might include corporate requirements, Process Safety Management (PSM) 29CFR1910, COMAH, ISO 14000, ISO 9001, ISO 9002, and so on. This list is then used to “post” the appropriate codes of practice to the company’s business systems, process and related procedures, see Figure 1. Do not be surprised if some COPs cannot be posted. This is a clear indication that there may be gaps in the Safety Information Management system that need to be addressed.
The next step in the process is probably the most time consuming as it involves updating or revising the systems, processes and procedures to explicitly embody the posted COPs. (Figure 2).
Once revised, all changes should be put through the Management of Change (MOC) process to ensure thatappropriate reviews are conducted by the relevant subject matter experts, and formal approvals obtained. Approved documents are then published into the Safety Information Management system, which must be able to automatically find and maintain the associations and links between the COPs and their related systems, processes and procedures. This now represents the base line for compliance against which all future changes or revisions will be evaluated. New or additional COPs must be processed in the manner outlined above and illustrated in Table 2, Figures 1 and 2. Changes or revisions to COPs can impose considerable workload in maintaining compliance, but this can be reduced to a manageable level where the Safety Information Management system automatically maintains all the crossreferences.
With this capability, simply specifying the COP that is to be changed will generate a complete impact assessment of affected systems, processes and procedures. Once the change has been reviewed and approved through the MOC process, the consolidated COP register must be updated and the changes published back to the Safety Information Management system system — basically a repetition of the process shown in Figure 2.
Passing the Physical
With a well-configured Safety Information Management system populated with comprehensive, ‘clean’ information and used correctly, one can operate a healthy business. But it is still necessary to pass the physical – to demonstrate regulatory compliance, whether on a scheduled or spot-audit basis. Audit reports are, however, only one particular class of management information; an effective system should be able to generate a wide variety of configurable reports and alerts for both day-to-day operations management and formal reporting purposes. Configurability of workflow processes and reports enables future regulatory requirements to be readily accommodated, so this should also be a key criterion for system selection.
Just Good Business
Arguably, the single most important characteristic of an effective Safety Information Management system is the provision of impact assessments based on its ability to maintain the associations and links between COPs, systems, processes and procedures. But while this will be important in fending off the big stick of more draconian regulation, it actually offers the carrot of more efficient operations and a real return on investment.
Businesses that have already adopted Information Management technologies have frequently found that improved compliance is only one among many measurable benefits; reductions in maintenance costs, downtime, staff training, project handover costs and so on can make a surprisingly large impact on profitability. Now is the time to begin compiling the business case for an Information Management System; you will find that it makes good economic sense and can help you keep compliant in a changing regulatory climate.
Clive Wilby is a Registered European and Chartered Engineer, a Fellow of the Institute of Measurement & Control and a Member of the Institution of Engineering Technology. He has 35 years of international experience in project management, engineering, operations and maintenance of plants in the oil and gas, petrochemical, chemical and pharmaceutical industries. At AVEVA, Clive is Global Principal Consultant, Operations Solutions, specializing in the integration of the disparate “silos of information” across anenterprise.
Links and References
Click here for full list of links: