6.1 Introduction

Pipeline integrity management systems (PIMS) were a relatively new concept when the first edition of this book was published in 2015. Now, 9 years later, many pipeline operators have developed, implemented (either fully or partially), and potentially optimized their PIMS after incorporating internal or external audit feedback or through other continuous improvement initiatives.

The authors have enhanced this chapter for a variety of reasons. One is due to critical changes in the industry, including new risks/threats (like cyberattacks, political challenges, or investment limitations that threaten new pipeline development projects). In addition, there have been relevant changes in standards and publications, including

• Replacement of the British Standards Institute Publicly Available Specification PAS 55 by ISO 55001 Asset Management [1]
  
• Publication of American Petroleum Institute (API) Recommended Practice 1173—Pipeline Safety Management Systems [2] in 2015
  
• Updates to Section 3.0 (safety and loss management system) of 2019 Canadian Standards Association (CSA) Z662—Oil and Gas Pipeline Systems [3] that reflect the transition to safety management system (SMS) principles. Content on key performance indicators (KPIs) and knowledge sharing was also added to expand on key areas of a PIMS that were omitted in the first edition.

We are facing interesting times in history. Climate change is influencing the types of pipelines built, including the materials they are built from, and more often there are new projects underway to repurpose existing infrastructure to new product containment via pipeline conversion (e.g., natural gas to hydrogen).

With difficulty in obtaining pipeline licenses for new construction, combined with investment limitations for new pipelines, the requirement to maintain existing infrastructure and aging assets is increasingly important to ensure sustainability throughout the entire pipeline lifecycle.

Effective management of pipeline system integrity is essential for safe and reliable pipeline operation. PIMS provide the overarching, integrated framework for effective pipeline asset management.

PIMS elements address several types of threats. External corrosion can be controlled by proper design, construction, and mitigation programs such as cathodic protection (CP) and inline inspection (ILI). In both Canada and the USA, operator error is a significant contributor to pipeline incidents. This threat can be addressed through processes, procedures, and training and competency.

PIMS can also help address threats such as cybersecurity and sabotage. Colonial Pipeline was subject to a ransomware attack that resulted in Colonial Pipeline proactively shutting down its pipeline system for 6 days [4].

While pipeline failures have direct cost for repairs and cleanup, the longer-term impact to a company’s reputation and share price can be even more significant. Environmental, Social, and Governance (ESG) now has a prominent role in how companies are evaluated. An effectively implemented and maintained PIMS is an essential part of a company’s ESG program.

Pipeline integrity management requirements and expectations have been continuously evolving and will continue to change in the future. There is no single correct “formula” for developing an integrity management system; however, this chapter outlines the fundamental basics of an effective management system that have been successfully integrated in companies across the world. Industry groups such as International Association of Oil and Gas Producers [5] and API have developed guidance documents that can be used as additional references for developing management systems. This chapter covers downstream, midstream, and upstream oil and gas pipelines. Although pipelines have different operating practices and different consequences of failure, the fundamental principles of an effective integrity management system apply to all pipeline operations.

This chapter maintains focus on the PIMS, although as stated in the first edition, the pipeline industry is shifting, and has already shifted, toward more encompassing safety management systems (SMS). The reader is encouraged to review and understand the latest industry and regulatory documents pertaining to both SMS and PIMS.

6.2 Lessons Learned and the Evolution of Pipeline Integrity

Significant failures in both gas and liquid pipelines have made global headlines. Although pipelines are statistically very safe and dependable, pipeline failures have resulted in fatalities, environmental damage, and an erosion of public confidence in the pipeline industry. Catastrophic pipeline failures that resulted in fatalities include the gasoline pipeline failure in Bellingham, Washington, in 1999; the Carlsbad, New Mexico, sweet gas line rupture in 2000; and the 2010 gas line rupture in San Bruno, California. Failures in the oil and gas industry, such as the Kalamazoo River oil spill in 2010; Deepwater Horizon oil spill off the Gulf of Mexico in 2010; the Red Deer River spill in 2012; the Mayflower, Arkansas, spill in 2013; and the Husky Energy spill in the North Saskatchewan River in 2016, also generated significant public concern regarding environmental impacts. Failure investigations have identified that the significant contributing factors to the cause and the size of pipeline releases are directly related to flaws in the company’s management systems. As such, an effective PIMS is critical to prevent failures. Additional information on pipeline failures and causes is publicly available on websites such as Pipeline and Hazardous Materials Administration (PHMSA) [6]; the U.S. National Transportation Safety Board (NTSB); Canadian Energy Regulator (CER, formerly the National Energy Board or NEB) [7]; and Alberta Energy Regulator (AER) [8].

Regulators such as PMHSA, CER, and AER maintain public databases of pipeline incidents. In both Canada and the USA, the number of pipeline incidents has been decreasing. For example, the AER reported [8] that the total length of AER-regulated pipelines increased by 9% from 2012 to 2021, yet there were 41% fewer incidents in 2021 than in 2012. The AER report states: “This improvement is attributable to industry development and adoption of better pipeline practices and our continuous improvement of pipeline requirements and inspections by placing a greater focus on educating industry about pipeline safety.” [8].

In the early days of the oil and gas pipeline industry, integrity-related activities such as coating application, CP, corrosion inhibition, and weld inspection were implemented in response to pipeline failures and incidents. As the pipelines have aged and the size and complexity of pipeline networks have grown, the impact of pipeline failures has increased. More specifically, there is more public awareness and concern regarding pipeline failures. In response, the industry improved prevention, mitigation, monitoring, and inspection technologies for pipeline hazards. For example, coatings have improved, ILI was developed (and has since evolved dramatically), corrosion inhibitors have become much more effective, and alternative materials to carbon steels, such as spoolable composites, were developed.

It is interesting to note that time-dependent threats such as corrosion and cracking have declined on major transmission lines, while time-independent threats such as third-party damage and operator error are now a major cause of pipeline incidents. The increased use and accuracy of tools for inline inspection are a likely contributing factor to the decline in time-dependent failures as these tools can detect and allow repairs of damage, such as corrosion, before failures occur. Time-independent failures, on the other hand, need to be addressed using processes, procedures, and controls.

In addition to improving technology, companies started utilizing risk assessments to focus and prioritize integrity management-related activities. Risk assessments provide a more structured and analytical approach to identify and address pipeline integrity issues.

As a result of the combined efforts of technology improvements and risk assessment application, the number of failures in the North American pipeline industry declined significantly. For example, the upstream pipeline failure rate in Alberta declined from 5.0 failures per 1000 km of pipelines in 1990 to 0.78 failures per 1000 km by 2021 [8].

The regulators and the oil and gas industry agree that technological improvements and risk management are positive changes that are reducing the number of failures; however, they also understand that these advancements alone are not sufficient to address all pipeline hazards. Integrity management systems provide a more encompassing and integrated approach to addressing pipeline risks.

Pipeline failure incident investigations provide important insights into why an effective management system is necessary. The examples below are summarized from pipeline investigations published on regulatory or industry websites describing contributing factors to major pipeline failures:

• Lack of training and competency: examples include operator error that led to over-pressurization of a system, inadequate inspector training that led to construction-related failures, and incorrect ILI analysis that misinterpreted a defect signal.
  
• Lack of effective change management: examples include production changes that altered corrosion rates, staffing changes that resulted in critical tasks being incomplete or communicated improperly, and material substitution that resulted in an unsuitable material being used incorrectly in the wrong environment.
  
• Lack of records: improper or missing/lost documentation.
  
• Lack of understanding hazards: a lack of understanding of potential hazards, resulting in a corrosion mechanism that was unaccounted for and that resulted in pipeline failure, and an incorrect assumption of pipeline condition (the pipeline was assumed to be “dry,” but, in fact, the pipeline catastrophically ruptured due to internal corrosion).

As explained above, pipeline failures are commonly linked to management system failures. Developing and implementing an effective PIMS requires significant, albeit critical, work to prevent pipeline failures due to ineffective management systems. The success of PIMS requires the integration of a company vision, a well-developed structure, and a company safety culture supported by process management. The following sections will define and outline the core structure of an effective PIMS.

6.3 Regulatory Requirements

The codes, standards, and regulations that govern the pipeline industry continue to change in response to lessons learned from industry failures. These regulatory documents provide a defined basis that is used by the industry to determine pipeline integrity requirements. It is important to realize that regulatory changes take time and typically lag in public expectations and industry practices of progressive companies.

Companies often fall into the trap of building their integrity management systems to meet, but not exceed, regulatory requirements. Regulatory requirements often change because of major incidents, or fatalities, in our industry, and as such, regulatory requirements are a lagging indicator. Investigation into major incidents often reveals significant deficiencies in the company’s management systems and practices. Proactive and initiative-taking companies need to exceed regulatory requirements, not just “meet” them, to be industry-leading and to prevent serious incidents.

Regulatory requirements fall into two distinct categories. The specific and prescriptive “shall and must” aspects of regulations provide clearly defined minimum requirements. For example, the AER Pipeline Rule that “the licensee of a pipeline that crosses water or unstable ground shall at least once annually inspect the pipeline right of way” is easy to understand and apply. The minimum compliance is, therefore, one right of way (ROW) inspection a year; however, an effective and comprehensive approach to risk management suggests that companies conduct ROW inspections at an appropriate frequency for their operating conditions. The “appropriate frequency” can be quarterly or monthly, and in some cases, operators perform daily aerial surveillance to mitigate risk.

The second category of regulatory requirements is more general and requires interpretation. Regulations regarding management systems require each company to interpret the intent and incorporation of the stated requirement. For example, the management systems requirement for management of change (MOC) is only prescriptive in the sense that MOC is required. Each company must determine what specifically is required to ensure MOC exists in their organization, including documenting, communicating, and archiving MOC documentation such as the MOC process or completed MOC forms. Logically, MOC for a small upstream company may be simpler than MOC for a major transmission pipeline company.

Regulations for management systems, on the other hand, are more general and require each company to interpret how to meet the intent of the stated requirement. For example, a regulatory audit investigates a company’s document and records management system. The audit may determine that “yes, there is a document and records management system, and it meets the audit requirements.” However, this conclusion does not mean that the company has an effective system that ensures all critical records, documents, and information are verified and are readily accessible for use in supporting risk assessment, fitness for service, MOC, and other important processes. From a process maturity perspective, an adequate system is a long way from a more mature “competent” or “excellent” system.

A maturity grid approach can be used to determine a system’s relative state. A maturity grid is a description of the characteristics/criteria of the company operating at various levels of maturity; for example, maturity levels may include innocence, awareness, understanding, competence, and excellence. This is a qualitative assessment technique that can provide an effective way of communicating and illustrating the current state of the management system as well as the future state that the management system aims to achieve. This approach has been used in many industries, and a good example can be found in the book “Uptime: Strategies for Excellence in Maintenance Management” [9]. There can be a staged approach to achieving the desired level. For example, a company may wish to first achieve understanding and then implement a plan to progress to competence or excellence.

It is important for each company to evaluate major incidents and review their own programs for weaknesses and deficiencies. Canadian and U.S. regulatory and industry bodies (such as the NTSB, AER, CER, and PHMSA) will include interim directives, current incident investigation reports, and other communications on industry lessons learned. It may also be beneficial to consider regulations and industry practices that are not mandatory in the regulatory regime in which your company operates. Other pipeline or industry regulations and practices may be in a more advanced state or may contain useful approaches to more comprehensive integrity management systems. As previously mentioned, the API Recommended Practice 1173 addresses process safety management and safety culture in more detail than provided in this chapter, and the reader is encouraged to review this document for additional information.

6.4 What is a PIMS?

The principles of asset integrity management apply to a wide range of industries, including power generation, aircraft, nuclear, pharmaceutical, transportation, and defense. Common asset management system principles apply to any system with physical assets that are core to achieving the company’s business objectives.

There are many industry documents, standards, and recommended practices that describe asset integrity management systems. ISO 55000 Asset Management series of standards are often used as guideline documents for asset management [1].

Figure 6.1 demonstrates the interdependencies of the company vision/strategic plan, management system structure, and company culture. All three elements are required for optimal performance.

In the oil and gas industry, assets can include pipelines, pressure equipment, piping, and tanks. Integrity management systems can be developed for the conventional oil and gas assets mentioned and can also extend to rotating equipment and electrical and structural systems.

The purpose of pipeline integrity management is effective execution, documentation, and communication of the technical work throughout the pipeline life cycle, and the PIMS provides the framework (structured and integrated system elements) to execute effective pipeline integrity management. The technical programs can include, but are not limited to, quality control and inspection, cathodic protection, ILI, chemical inhibition, coating selection, excavation (dig) programs, corrosion monitoring, and river block valve maintenance. These are the activities that require plans, programs, processes, and procedures to be managed, scheduled, executed, tracked, documented, communicated, and reported.

There are multiple interdependencies within the many functions of an organization. Effective pipeline integrity management requires the cultural aspects of understanding, communication, and collaboration between operations, engineering, management, finance, and safety—in fact, almost every function within an organization through business unit integration. A great technical program may fail for one of the following reasons: people are not trained and competent; change is not effectively managed; key information, records, and documents cannot be found; and roles and responsibilities are not clearly defined.

Excellence in any management system is the result of addressing the following three requirements in an integrated manner: people, processes and technology, and assets and systems.

Various safety and process safety management models have successfully addressed this integration within the following frameworks:

• API 1173 RP Pipeline Safety Management Systems [2]
  
• Occupational Health and Safety Administration (OSHA) 1910.119–14 Integrated Elements [10]
  
• Comparison of Process Safety Management System (CCPS) Risk-based PSM Model—20 Integrated Elements built on four integrated foundational blocks (Commitment to Process safety; Understanding of Hazards and Risks; Management of Risk; and Learning from Experience) [11]
  
• Dupont PSM Model—14 Integrated Elements categorized under Personnel, Facilities, and Technology.

In all these models, safe and reliable operation can only be achieved from the defined and sustainable relationships among elements that focus on the following:

• People: Focus on ensuring personnel are trained, competent, fit for duty, safe, and able to respond to events
  
• Processes and technology: Focus on ensuring processes are available to operate efficiently and sustain safe and reliable operations. Processes may include incident management process (computerized incident management database—CIMD), how we manage change (management of change—technical, engineering, and people), how we manage maintenance (computerized maintenance management system—CMMS), and information management (process safety information—PSI access to information as and when required)
  
• Assets and Systems: Asset reliability and integrity management is the front and center of this focus. Emphasis is placed on operating systems that generally comprise a series of equipment and machinery designed to sustain process operations. The bulk of PIMS activities occur within systems management.

An analysis of the various integrated management systems mentioned above focused on people, processes, and systems elements provided in Table 6.1. It is important to note that each management system has the same essential core elements, expressed in slightly different terminology, but fundamentally echoing the same principles.

The summary provided in Table 6.1 shows the ways these models integrate the various people, process and technology, and assets and systems elements of the management system.

The historical siloed approaches to managing quality and pipeline integrity focused primarily on the physical and tangible side of the asset and only subtly included the people and processes aspects of the PIMS. This outdated approach has benefitted from focused attention and integration of safe and reliable operations of pipelines and associated infrastructure. Furthermore, with the advent of ESG in recent years, there are now crippling business consequences for loss of primary containment (LOPCs). The Enbridge Kalamazoo incident in 2010 has an estimated $1.4 billion cost, and the 2010 Deepwater Horizon BP spill has an approximate price tag of $40 billion.

Simply put, the PIMS is designed to generate safe and reliable operations of pipeline and associated assets, which is generally the outcome of combining well-maintained assets (asset integrity and reliability), a trained and competent workforce (human reliability) fit for purpose approaches for caring for and operating the asset (processes). The glue that holds it all together is leadership and commitment. Figure 6.2 provides an overview of the integrated nature of people, processes, and systems working together to generate safe and reliable operations.

An integrated approach to PIMS is essential to deliver safe, reliable performance and operational excellence, even if the PIMS is structured differently by each organization.

6.5 Core Structure and PIMS Elements

All pipeline companies have some degree of a PIMS in place; however, the PIMS elements typically are not fully integrated between business units and/or not effectively executed. So what does a fully integrated and effectively executed PIMS look like? As mentioned in Section 6.1, there is no single “right” PIMS; however, the purpose of this chapter is to introduce a method to effectively structure and develop a PIMS.

A complex, interdependent system such as a PIMS can be difficult to describe and illustrate. One common way to represent a dynamic PIMS is using a Plan–Do–Check–Act (PDCA) cycle. The PDCA cycle can be drawn and interpreted in many ways, and the reader is encouraged to customize the approach used here to meet their own needs. The PDCA cycle shown in Figure 6.3 includes strategic planning (Plan), program enable and execution (Do), assurance and verification (Check), and management reviews (Act). In this chapter, we will examine each of these sections in terms of what they mean and present ideas for development.

The center circle in Figure 6.3 represents the ongoing PDCA cycle that must be in place to keep the integrity management system functioning to mitigate both asset and business risks. For clarification purposes, the primary inputs into the ongoing integrity management cycle are illustrated as arrows feeding into the circle. The PDCA cycle inputs include the following:

• New asset design–fabrication–construction–commissioning that tie in the asset life cycle.
  
• Improvement opportunities from outside the company to illustrate adopting industry lessons, modern technology, and new concepts.
  
• Inputs that can impact asset integrity planning such as changes in company objectives, significant regulatory changes, or new acquisitions.

Figure 6.4 illustrates a more detailed approach to defining and selecting high value KPIs as part of the check step in the PDCA cycle [12]. There are important considerations when selecting KPIs, and an organization should consider having KPIs for each element: people, process and technology, and assets and systems.

6.6 PIMS Function Map

A function map, such as that shown in Figure 6.5, is another method that can illustrate the PIMS core elements. The intent of Figure 6.5 is to provide an overview of common elements; as such, it must be customized for each company. The same four elements of Figure 6.3 (Plan–Do–Check–Act) are incorporated into Figure 6.5. Function maps are particularly useful for structuring and organizing the systems a company uses to execute asset management activities.

6.7 Plan: Strategic and Operational

Figure 6.6 shows an expanded function map for the plan element. Operational planning for integrity programs includes both annual activities and longer-term strategic plans. In addition, operational planning often coincides with the annual budget cycle. An annual budget is created for ILI and excavations (digs), cathodic protection, risk assessments, scheduled training, facility programs, and line replacements.

Strategic planning is a more comprehensive exercise and must incorporate lessons learned from management reviews as well as changes in corporate objectives and plans for new major projects or acquisitions. Strategic planning includes considering new concepts and ideas, addressing long-term risk reduction, and ensuring new major initiatives are thoughtfully planned and resourced. Strategic planning is about stepping back and ensuring there is a long-term focus on sustaining and improving integrity programs.

Strategic planning should also include the assessment of recent technology, participating in joint industry projects, and funding research and development projects. In addition, technologies, ideas, and concepts from outside the oil and gas industry may provide a long-term benefit to the organization.

A strategic plan is more comprehensive than a 1-year annual budget cycle. Strategic plans often forecast multiple years in advance to plan the progressive advancement of key initiatives to improve pipeline integrity programs. For example, if a company’s goal is to move from innocence to excellence (using a process maturity perspective) for information management, strategic planning would outline a multiyear approach and achievable targets to progressively advance the information management system at a manageable pace. Another example of strategic planning is the divestiture of low-value but high-risk pipeline assets.

Weatherization is something that is not traditionally included in the strategic and operational plans for a pipeline operator. Extreme heat, extreme cold, major floods, and other uncontrollable weather conditions continue to adversely impact pipeline assets. The most notable and recent reminder is the 2021 winter storm Uri that unleashed tremendous damage to pipeline assets across the state of Texas and neighboring states. During February of 2021, Uri resulted in loss of gas supplies and power supplies to a large part of Texas, leading to over 210 fatalities, release of ~3.5 million pounds of additional pollution, and economic loss estimated around $200 billion [13]. Similarly, Hurricane Ida in 2021 also caused considerable damage and delays, where approximately 94% of natural gas production and 95% of oil production were knocked offline in the Gulf Coast of Mexico [14].

An example of an effective PIMS that was implemented and practiced was for Trans Mountain. Trans Mountain shut down their pipelines proactively due to flooding in British Columbia to proactively mitigate damage from extreme natural events.

With the increasing frequencies of such weatherization disasters (2011 and 2021 winter storms in Texas, as well as hurricanes and floods such as the 2022 Kentucky floods), it is imperative that the strategic and operational planning for weatherization is incorporated within PIMS. Strategic planning for weatherization should be considered in the design phase of PIMS, including things like isolation valves, flow monitoring in areas with expected turbulence, or volatile flow changes. Operational planning follows the same simplified PDCA model, as demonstrated in Figure 6.7 [12]. Figure 6.7 specifies operational activities and planning separately from the strategic planning activities in Figure 6.6.

6.8 Do: Execute

The Do cycle shown in Figure 6.8 has three main components, which are expanded in Figure 6.5. The Do section includes the core life cycle technical activities that address pipeline hazards, documentation, and communication.

Risk management is a key element of integrity management and determines how pipeline risks are assessed and controlled by the organization. Risk management is a comprehensive framework of principles, processes, and procedures to ensure the safety and integrity of pipelines and facilities.

The ISO 31000:2009 [15] standard for risk management provides principles, framework, and a process for managing risk that can be applied to pipeline integrity. Risk management is not a standalone activity that is separate from the main activities and processes of the organization; rather, risk management is a part of the management’s responsibilities and an integral part of all organizational processes, including strategic planning and all project and change management processes.

Risk management includes identifying threats, hazards, and/or degradation mechanisms that could lead to failure, characterizing risks, prioritizing actions, and executing risk control from design and construction through mitigation, monitoring, and inspection programs.

An effective risk management process will include the following:

• Process management to ensure effective execution and integration of the processes and supporting activities throughout the organization.
  
• A collective understanding and effective communication between operations, engineering, maintenance, asset integrity, and other groups regarding their respective roles, responsibilities, and contributions to achieving safe and reliable operations.
  
• Defined physical and operational threats that could result in product release that could potentially have serious safety, environmental, production, or regulatory impacts.
  
• Processes to assess risks and guarantee that the appropriate prioritized controls are in place to reduce the likelihood of a release and to limit the consequence if a release occurs.
  
• Defined requirements to assess and continuously improve the risk management process through internal reviews, incident investigations, and the use of key performance indicators (KPIs). This may include developing metrics and defining categories (bounds) to indicate performance levels.

Enable processes are those that provide the support structure for pipeline integrity work. They are the common management processes that are used to guide and support the work activities, and they are applicable to all aspects of the company’s business. Examples include MOC, training and competency programs, and information management.

The effective execution of these processes is essential for a successful PIMS. These processes need to be in place to ensure that the knowledge, skills, and tools are available to manage risk and support life cycle elements. As previously mentioned, failures still occur in companies that have corrosion controls and inspection programs in place; however, important hazards are still missed or are not properly addressed, so their risk management programs are ineffective for all relevant hazards. Examples of significant contributing factors to pipeline failures include a lack of training and knowledge, inadequate documentation and records management, and poorly applied MOC.

Life cycle processes of a management system include the technical processes and activities that are required to effectively execute integrity programs and activities. Life cycle processes are the technical core of pipeline integrity activities and include the technologies and activities that are directly applied to the pipeline to prevent failures. For pipeline integrity, the activities and tasks can be broadly grouped into design and construction, maintenance (mitigation, monitoring, and inspection activities), assessment, and abandonment.

The design and construction arrow includes material selection, life cycle design, fabrication inspection, construction quality control, and commissioning that must be completed before a pipeline (new and repaired) is transferred to operations. Integrity issues that are “built” into a pipeline (such as weld seam defects, poorly applied coatings, construction dents, and incapability with ILI tools) either create additional hazards to manage during operation or limit the ability of operations to manage hazards. A well-thought-out life cycle design and the elimination/reduction of fabrication and construction defects can significantly improve pipeline safety and reliability.

Maintenance life cycle processes include mitigation (cathodic protection and chemical inhibition), monitoring (corrosion coupons and slope stability), and inspection (ILI, direct assessment, and ROW surveillance). These are the primary operation activities to address and control potential pipeline hazards such as external and internal corrosion, geotechnical hazards, and cracks.

Assessment processes are in place to ensure all hazards are understood and addressed, fitness for service methodology is applied to pipeline defects, and sound engineering judgment is used to make good decisions based on operation, monitoring, and inspection data.

Discontinue and abandonment processes are required to ensure end-of-life programs are in place, and any residual hazards due to a pipeline are addressed.

6.9 Check: Assurance and Verification

The next element in the PDCA cycle is the Check (assurance and verification) step. This element includes external audits, internal reviews or assessments, incident investigation, and research and development. This also includes external inputs such as innovative technologies, industry lessons learned, involvement in joint industry projects (JIPs), and participating in industry task forces. Figure 6.9 outlines the expanded function map for the Check element.

The Check part of the PDCA cycle is critical, but often not well-executed. During a review of major incidents, the NEB (now CER) determines that capturing lessons learned and implementing learnings is an area often overlooked. The quote below is from NEB (now CER) Safety Forum 2013 paper titled “Emerging issues in oil and gas industry safety management”:

The assessment indicted that while most organizations involved in the accidents had management systems or programs developed, they were not effectively implemented or reviewed on a regular basis to ensure adequacy and effectiveness.

A well-thought-out internal review process can be a useful way to assess the internal process and program effectiveness. The internal review process should include both the traditional audit check (“are we doing what we say we are doing”) and a way of measuring or quantifying effectiveness. The highest value obtained from an internal assessment will be a measure of program effectiveness and recommendations for improvements. A maturity grid or other assessment models can be used to support the assessment of effectiveness.

6.10 Act: Management Review

The “Act” portion of the Plan–Do–Check–Act cycle is shown in Figure 6.10. The management review is an assessment of the outcomes of pipeline integrity work, including performance measures, audit and review results, reviews of major projects, outcomes from participation in industry task groups, and evaluation of important company and industry lessons learned. Management reviews can be conducted annually or as a more frequent, less formal, assessment.

Many companies have a dashboard summary report for senior management. The objective of a dashboard is to succinctly communicate a few key metrics that represent the ongoing performance of the pipeline integrity program and represent a “status or progress gauge.” The metrics or performance measures incorporated in a dashboard are often tied to a company’s specific safety, reliability, and production targets.

Management reviews often include high-level assessments such as a summary of the “top 5 risks.” This allows the most significant risks to the company to be understood and addressed at senior level in the organization. Addressing these risks can become part of the company’s strategic plan.

Management reviews and assessments provide directions for future activities and strategic actions. This direction can be expectations for process changes, audit improvements, and training requirements. The outcomes of the management reviews can be used to determine changes required or additional resources to support integrity programs or as inputs into longer-term strategic plans.

6.11 Culture

The processes, procedures, skills, knowledge, and technologies required for pipeline integrity management are only one part of an effective PIMS; the other critical aspect is a process safety culture. Safety can be considered in two ways: occupational safety that addresses personal safety issues such as “slips, trips, and falls” and process safety that addresses preventing releases of any substance (ruptures and leaks) that could lead to injury/fatality and/or environmental damage. Process safety started in the chemical process industry after a series of serious equipment-related failures that resulted in numerous fatalities such as the Bhopal, India, gas leak disaster. Process safety includes both the mechanical integrity of the equipment and the safety culture required to ensure that the structure and company culture are aligned.

The importance of a safety culture is emphasized in API Recommended Practice 1173 [2] and CSA Z662 Safety Loss Management [3]. As detailed in Section 6.2, the pipeline industry has had far too many major failures, resulting in public fatalities (Carlsbad, San Bruno) and environmental damage (Kalamazoo and Red Deer Rivers). Pipeline operators have been adopting process safety and cultural change into their overall approach to pipeline integrity management, with the goal to minimize, and ultimately eliminate, pipeline failures.

This overview of the PIMS provides the framework and ties together the supporting processes and procedures to provide the overall structure to ensure pipelines are designed, built, operated, and maintained in a way that achieves pipeline safety and reliability. The functions described in the PIMS include the roles, responsibilities, and accountabilities that, when fully understood and implemented, can drive culture change.

Maintain a healthy sense of vulnerability so that high-consequence low-probability/frequency events still get addressed rather than ignored. Emphasize the benefit of sharing lessons learned in a collaborative and vulnerable setting to encourage internal, as well as industry-wide, improvements/learnings.

6.12 Summary

To be effective, a PIMS must be fully integrated within a company’s core business functions. The multiple interdependencies within an organization regarding integrity management must be defined and understood. Operations, engineering, asset integrity, and many other stakeholder groups have essential roles in achieving safe and reliable operations. Stakeholder responsibilities and accountabilities must be clearly assigned and communicated and work together in a cohesive manner.

In addition to role clarity between departments, the PIMS elements must be applied consistently across all operational departments, facilities, and geographic regions. The risks associated with lower-value assets need to be understood and managed with the same diligence as high-value assets. The requirements of integrity management should have the same and, in some cases, even greater focus and attention as the company’s commitment to personal safety (since catastrophic failures may lead to major personal incidents) and production targets.

The PIMS of an organization should be a comprehensive, continually improving, and evolving system that is essential to achieve safe and reliable operations. The PIMS does not need to be overly complex or heavily dependent on processes—it is fundamentally a simple system intended to effectively manage risks and assets. If companies create too much structure and implement complex controls, the system can become bogged down and rendered ineffective. PIMS can be successful if the interdependencies and relationships of the elements shown in Figure 1.3 are understood, the processes are in place to support these elements, and the roles and responsibilities are defined. The system requires regular reviews, assessments, and improvements to ensure it will continue to be effective and, as a result, both the company and the pipeline industry will change for the better.

References

1. 1 ISO (2014) ISO 55000 Standards for Asset Management. ISO 55000 Asset management—Overview, principles, and terminology. ISO 55001 Asset management—Management systems—Requirements. ISO 55002 Asset management—Management systems— Guidelines for the application of ISO 55001.
   
2. 2 American Petroleum Institute (2015) Recommended Practice 1173: Pipeline Safety Management System Requirements.
   
3. 3 Canadian Standards Association (CSA) Z662 (2019) Oil and Gas Pipeline Systems; see also Z662:2023, published June 2023.
   
4. 4 Colonial Pipeline Cyber Incident (2022). Available at https://www.energy.gov/ceser/colonial-pipeline-cyber-incident. (last accessed July 11, 2024).
   
5. 5 International Association of Oil and Gas Producers (2008) Asset Integrity: The Key to Managing Major Accident Risks. Report No. 415. Available at https://www.iogp.org/bookstore/product/asset-integrity-the-key-to-managing-major-incident-risks/. (last accessed July 11, 2024).
   
6. 6 Pipeline Mileage and Facilities (2022), 1970–2022. Available at https://www.phmsa.dot.gov/data-and-statistics/pipeline/pipeline-incident-20-year-trends. (last accessed July 11, 2024).
   
7. 7 Incidents at CER-Regulated Pipelines and Facilities (2022) Available at https://apps2.cer-rec.gc.ca/pipeline-incidents/. (last accessed July 11, 2024).
   
8. 8 Pipeline Performance (2022) Available at https://www.aer.ca/protecting-what-matters/holding-industry-accountable/industry-performance/pipeline-performance. (last accessed July 11, 2024).
   
9. 9 Campbell, J.D. and Reyes-Picknell, J.V. (2006) Uptime: Strategies for Excellence in Maintenance Management, 2nd ed., Productivity Press (Figure 1-8: Maintenance maturity grid).
   
10. 10 Occupational Safety and Health Administration—OSHA (2022) Process safety management. Available at https://www.osha.gov/process-safety-management/sbrefa. (last accessed July 11, 2024).
    
11. 11 Safety and Engineering network (2022). Comparison of Process Safety Management System (CCPS) Risk-Based & OSHA PSM. Available at https://senwork.com/news/sen-articles/comparision-of-process-safety-management-system-ccps-risk-based-osha-psm/. (last accessed July 11, 2024).
    
12. 12 Safety Erudite Inc. (2022). Operations Excellence Management Systems.
    
13. 13 Krishnamoorti, R., Edwards, V.H., Rehm, T.E. and White, J.D., (2021). Impact of Winter Storm Uri on Texas’ Petrochemical Industry. CEP, AIChE.
    
14. 14 How Natural Disasters Affect Oil & Gas Pipelines (2021) Available at https://blog.geocorr.com/hurricane-ida-illustrates-how-natural-disasters-affect-o-g-pipelines. (last accessed July 11, 2024).
    
15. 15 ISO (2009) ISO Standards for Risk Management. ISO 31000:2009, Risk management—Principles and guidelines. ISO Guide 73:2009, Risk management—Vocabulary. ISO/IEC 31010:2009, Risk management—Risk assessment techniques.