69.1 Introduction

Businesses own physical operating assets, whereas operations divisions are in charge of using, operating, and maintaining them. Extraneous, but critical, essential activities, such as maintenance, superimposed on operational processes, may increase complexity, manageability, and risk. When well-managed support processes and systems are in place, operations management improves, leading to excellent operating performance. This is affected by putting controls in place to ensure safety, efficiency, and conformance to production and operational standards. Intrusions into pipeline operations to help ensure excellence include Process Safety Management (PSM), work management, emergency and incident management, competence management, change management, management of change, risk management, and information technology. Of all the intrusion processes in pipeline operations, work management and risk management are the key focus areas of this chapter. The critical and integrated roles of corrosion and integrity management are also discussed.

The approach described in this chapter brings the efficiency and safety personnel together and provides a step-by-step approach to achieving work objectives. This approach supports HSE managers, operations managers, and others by providing a framework for implementing changes to make a positive difference in their organizations. By implementing operational intrusions, situational risks are managed, and organizations benefit from improvement in safety and efficiencies, thereby improving productivity, visibility, and reputation.

69.2 Operations Management and Risk

Operations management seeks to convert inputs into desirable outputs in the most efficient manner possible. The operational emphasis is on physical goods in pipelines or pipeline physical processes. Several processes act in support of this or may impact (intrude on) operations management. When these support processes and systems are well-managed, operations management improves, leading to significantly improved operations and reduced costs.

In general, even without intrusions, operational processes still need to minimize risks and improve their efficiencies to improve operations and lower costs. This has led some to consider risk management as an opportunity cost, whereby valuable resources could be re-allocated to other activities. However, this is done at the peril of the organization, is ill-advised, and does not lead to appropriate management of operations. There are standards from ASME (ASME B31.4) and ISO (ISO 13623:2017) to help companies design, operate, and maintain their facilities for lower risks.

Risks need to be identified and communicated. Risk is managed by using controls to mitigate hazards; e.g., by elimination, substitution, engineering, administration, and protection. Risk management leads to safer operations, a safer workplace, greater efficiencies, and reduced costs as well as environmental protection [1]. That, in effect, is operational excellence.

When risks are not adequately considered, there may, and likely will, be accidents or incidents. Major disasters have occurred in industry due to a failure to recognize and/or identify risks and/or remove or mitigate hazards. Some of the major disasters have been

• Piper Alpha platform disaster of 1988,
  
• Texas City refinery disaster of 2005,
  
• Longford gas plant disaster of 1998,
  
• Alaska Valdez disaster of 1989,
  
• Pasadena Texas refinery disaster of 1989,
  
• Macondo platform disaster of 2010.

These have all had a major detrimental impact on employees (contract and proprietary), the facilities themselves, the companies’ reputations and bottom lines, the environment, and society at large.

Asset integrity management (AIM) is based on managing material integrity, which includes corrosion management. Corrosion can be particularly damaging as it may not be directly visible [2].

Risk is calculated as the product of the probability that a specific event will occur multiplied by the consequence of that event. For example, the risk of a pipeline rupture is calculated by multiplying the probability that a pipeline will rupture multiplied by the consequence of the rupture. Consequence is estimated in financial terms and includes all direct and indirect costs, such as cost of cleanup, repair, downtime (non-delivery of energy), legal costs, reparations for damage to life and property, and increased regulation.

The US Government, through the Pipeline and Hazardous Materials Safety Administration (PHMSA), contributes to pipeline safety by implementing and enforcing regulations designed to educate employers and employees in responsible work activity. In the larger picture, a study of these regulations through the PHMSA-sponsored courses has directly and indirectly heightened awareness regarding the need for managing risk effectively.

69.3 Risk Assessment

Non-intrusional risk assessment may take the form of Front-End Engineering Design (FEED), Pre-Startup Safety Reviews (PSSR), and Process Hazard Analysis (PHA).

Further risk assessment constitutes a critical component of operational intrusions and should be required. Risk is assessed by either a quantitative or a qualitative analysis of risk relative to well-defined work or other situation against all identified hazards associated with performing the work. Although qualitative risk assessments can be used for all hazards, a more comprehensive quantitative assessment may be recommended for work and projects involving hazards of greater risk and presumed dangerous to people, property, or the environment, such as when major accident hazards (MAHs) are involved.

Three types of risk assessments are

• lower level like a simple job safety analysis (JSA);
  
• general level or medium level and general risk assessment; and
  
• higher-level risk assessment.

69.3.5 Risk Matrix

A risk matrix presents a visual approach to increase visibility of risks and assist with management decision-making. There are several examples of a risk matrix available online, and the type selected should be best-suited to the site preference and easily modified.

The risk matrix defines the level of risk by estimating the likelihood or probability and the consequence. A risk matrix is a practical tool that is considered necessary and useful to establish a quantitative level of risk for each identified hazard.

An example of a risk assessment matrix is shown in Figure 69.1. On the y-axis, it is shown the probability of an event (how likely or how often an event occurred or can occur) from very unlikely to occur to very likely. The x-axis displays the result in the event that such a probability does occur from mild to severe. Where the two connect on the graph represents a value. An event that is very unlikely to occur (a blowout preventer failure) would be evaluated on the graph as a disastrous result. The two points would meet along the graph at a much higher number for the quantitative score. Note that high likelihood and high consequences lead to a very high risk value. Risk assessments may be periodically reappraised over the life cycle, as operating data are accrued. Typically, this is done via multidisciplined peer review every 1, 3, or 5 years depending on owner company risk aversion and any requirements of asset insurance policies.

For more information on risk assessments, please refer to Chapters 67 and 68 in this Handbook and Ref. [3].

69.4 Operations Management

The intended goal of efficient pipeline production is to ensure all lines/stations and/or service equipment function consistently and as designed to support the production and operational processes at all times.

69.5 Process Safety Management

The overall objective of PSM is to protect life and property. Chemical, petrochemical, and refining operations have adopted PSM, whereas oil and gas producers have more recently moved in that direction after several incidents, including the Macondo disaster on April 20, 2010.

The Center for Chemical Process Safety (CCPS) has, for three decades, been a leading process safety organization sharing best practices. The US Occupational Safety and Health Administration (OSHA) 1910.119 define 14 elements of their PSM plan.

These 14 elements are interlinked and interdependent. The additional CCPS elements are process safety culture, process safety competency, stakeholder outreach, conduct of operations, measurement and metrics, and management review and continuous improvement.

69.6 Work Management

Work is done by craft personnel (maintenance) and must be managed and controlled. This intrusion into operations is called work permitting. Work permits are control documents authorizing extraneous workers to enter a space to work. This is the essence of work management, also referred to as control of work (CoW). Work management deals with getting work done safely and efficiently. In the past, this was often labelled as “work study” and in the future should have great possibilities for improvement via pipeline artificial intelligence and machine learning) (AI and ML) as applied to both design and operations.

69.6.8 Lessons Learned

A key consideration in any activity is the capture, consideration, and application of lessons learned. Reviewing lessons learned from work experience leads to improved quality of work tasks and permit/activity content, enhanced safety performance, and better efficiency. Lessons could be on the documents, the activity, the equipment, etc. When later used, lessons show up as the first thing seen when a permit/activity document is copied if using an electronic (digital) system. Future engineering and testing standards appear to be trending to include lessons learned as nonmandatory addenda.

69.7 Emergency and Incident Management

A wide range of causes lead to and prove the source of accidents and incidents in the course of day-to-day operations. All incidents require managing and response. It is essential for pipeline oversight to be adequately prepared for all emergencies. Incident management is a dynamic and evolving application of input and experiences derived largely from real-life events.

In accordance with requirements of the Occupational Safety and Health Administration (OSHA), management must develop and implement an emergency action plan (EAP). The EAP must include procedures for handling releases of materials and energy and the effect on people, the operation, and the greater community. As a secondary goal, it should position the company to recover from any disaster.

An emergency plan must be regularly maintained in a structured and methodical manner to ensure it is up-to-date in the event of an emergency. Furthermore, there should be regular drills to ensure that personnel have practiced the response. Employees should have access to these plans so they know what to do in an emergency.

By recording incidents in a digital database, lessons can be learned to help make better decisions in the future. A web-based and/or cloud-based system can be accessed anywhere a connection is available and provides for transparency, visibility, and control for authorized users. This significantly improves safety and efficiency by allowing all within an organization to not only collectively contribute but also to have easy access to relevant information.

For more information on Emergency and Incident Management, see Ref. [3].

69.8 Competence Management

If competence exists, then the ability to deliver is set, subject to errors. Humans make errors, and organizations have to live with them and guard against them. However, organizations do not have to live with incompetence.

One cannot just rely on humans to deliver without knowing their competence. Competence and definitely incompetence must be known and be well-managed and certifications assist with this. OSHA defines a competent person as someone who “by way of training or experience, is knowledgeable of applicable standards, is capable of identifying workplace hazards relating to the specific operation and has the authority to correct them.”

• Note: More recently, the move has been to ensure training and experience are a combination effect coming under the auspices of ongoing career skills training—usually as a professional development or continuing education item.

69.9 Management of Change

Under the OSHA PSM standard, performing MOC is required when making changes that could affect the safety of a facility. It manages equipment, personnel, and operational changes to decrease any negative impact.

Typically, equipment changes can be divided into two parts:

1. Replacement in kind – when the equipment that was in use is removed and is replaced by an almost identical piece of equipment.
   
2. Changes to a different kind of equipment.

OSHA 1910.119(l)(1) sets the requirements for MOC as: “The employer shall establish and implement written procedures to manage changes (except for ‘replacements in kind’) to process chemicals, technology, equipment, and procedures; and, changes to facilities that affect a covered process.”

Effective MOC involves review of all significant changes to ensure that an acceptable level of safety will be maintained after the change has been implemented. After this review, the proposed change can be authorized for implementation or amended to make it safer.

While MOC is generally used to examine the effects of a proposed permanent change to a facility, it should consider all changes, regardless of the time horizon. Of all of the uncontrolled changes that occur, “temporary” changes are the most frequent cause of accidents and incidents. OSHA 3133 in a clarification says: “MOC procedure should ensure that equipment and procedures are returned to their original conditions at the end of a temporary change.” The “temporary” changes should be managed as “permanent” with special attention to the MOC procedure because they present the highest risk to your business. Eccles [3] has more information on Management of Change.

Management of change is a risk assessment appropriate for the change. The basic steps to follow include

• Recognize the proposed change(s).
  
• Evaluate the hazards and risks.
  
• Determine if the hazards and risks can be mitigated (reduced, controlled, or eliminated).
  
• Determine if the change(s) can or should be made.
  
• Implement change(s) if determined safe to do so.
  
• Conduct Pre-Startup Safety Review (PSSR).
  
• Train workers on the implemented changes.
  
• Follow procedures and continue to evaluate changes.
  
• MOC must look ahead at life extension, decommissioning (environmental impact, safe accessibility, dismantling, storage, reuse, redundancy, and recalibration).

With Management of Change software, users are able to standardize and streamline the process. Using prebuilt checklists and workflows, steps being missed are unlikely. Instead, the right questions can be asked and all necessary data gathered.

A software-based MOC system increases the overall effectiveness of a MOC program. KPIs may include types of changes; number of changes made per month, year, etc. changes made per month, year, etc.; how long the MOC process typically takes to complete. Automated notifications ensure all users are following through with their responsibilities. Centralized access allows workers to hold each other accountable and stay up-to-date on the MOC program. Data reuse is facilitated by the digital database.

69.10 Risk Management

69.10.2 Cumulative Risk

Cumulative risk is the accumulation of risks. Cumulative risk includes all known and reasonable risks from operations and intrusions as shown in Figure 69.6.

Using the contribution of all known risks, the total risk is expressed as the sum of all known risks, expressed by the following equation:

(69.1)

Practically, this means that it includes all the contributions of permits and types, safety critical device overrides, process hazards, changes, maintenance backlog, emergency preparation, competence position, asset integrity, etc. Each of the contributions can be weighted depending on its importance. The organization should weight them and base them on the practical use of the risks for their environment. The contributions may not be linear but rather could be synergistic (and theoretically contribute to the reduction of risks, through isolations, etc.). If synergistic, the representation becomes

(69.2)

Numbers have to be assigned to maintenance backlogs, emergency preparedness, operations management, MOC, asset integrity, etc. and rated relative to each other. The calculation gives a number or an index that can be normalized to suit the organization.

The normalized number gives what the organization considers relatively safe, elevated risks, and high risks. Colors can then be assigned to the normalized numbers as shown in the following example:

• 1–3 relatively safe—green.
  
• 4–6 elevated risk—yellow.
  
• 7–9 high risk—red.
  
• 10 risk much too high STOP.

If under regular operations, it is normally 1–3, then the weightings have been properly set. If it is 1–3 even when there are several hot work permits active in a given operating sphere, then the normalization is not adequate, as it will not give a reasonable account of the risks. If, on the other hand, it is 7–9 (red) under regular operations, then it shows high risks all the time. Note that the proper authority can override the risk by accepting it. If this happens on a frequent basis, the design is incorrect. A balance is reached in the design to properly fit the organization. For more on risk management, see Ref. [3] as well as Chapters 67 and 68 in this Handbook.

69.10.5 Example of Risks

Referring to Figures 69.2 and 69.7, let us assume that in MA1-0-700 KM Area 1-GL, there is a volatile hydrocarbon, one hot work permit planned, two spark potential permits planned, a confined space entry permit (welding in a skirted facility), one breaking containment permit, the fire water pump is down and hence overridden, a critical controller is out and is not yet on the maintenance priority, and there is a new operator. If all these are active simultaneously for the date and time they were initially planned for, then the area should be a dark color (red, index greater than 6) to show that the risk is very high as shown in Figure 69.7. It would then be prudent to remove most of the activities from that day or shift, until the dark color disappears. In this way, responsible management that is away from the facility can see what is happening at the facility and make better decisions. This is important as catastrophic failures, such as the Piper Alpha disaster, have been attributed to the lack of such near immediate input.

69.11 Information Technology

Intrusions into operations are best supported by systems that are IT-based and combined with the Internet of Things (IoT), increasing safety and efficiency, reuse of information, ability to interact with the supporting software, data mining for KPI, reporting, etc. The IT component should contain the following nonexhaustive components, regardless of the application:

The software must be as simple as possible for ease of use and adaptability.

Because the platform for any software is ever changing, the platform that is used should be easily changed and updated. In any case, at this point, it is web-based and is best sequel server-based and cloud-based until a better technology appears. The platform should allow the IT department of the client (user company) to ask for relatively small tweaks to fit their business. Future modifications are likely to include AI and ML.

69.11.5 Reporting

Reporting provides for key periodic sharing of KPIs and other value-added data and have data recorded and evaluated to provide for continuous improvement. A transparent electronic system facilitates reporting processes by making shared information readily accessible by any authorized user throughout the network. In addition, information may be pulled out to make special reports on the success of the system and have this report presented to upper management.

When an action needs to be taken to update a document, the system can be designed to prompt the required persons with an email or text, alerting them an action is awaiting their response. The system design can show when the email or text was sent and if/when, it was read. The action itself can then trigger an email or text to confirm that the action has been taken and another action can now be undertaken, if necessary.

69.12 Summary

Various support processes intrude on operations, which seek to convert inputs into outputs in the most efficient manner possible. The operations are managed by putting controls in place to ensure safety, efficiency, and conformance to production and great operational standards even when impacted by these processes.

PSM deals with the safe management of processes by keeping materials where they belong to meet the law and requirements of properly run businesses. PSM was instituted by the authorities to appropriately manage process safety to curtail the loss of life and property.

Breakdowns, or anticipated breakdowns, are managed through routine maintenance and other maintenance. The work leads to added risks for operations and maintenance and nearby activities, and must be managed and controlled. This is work management. Graphical display is important in not only work management but also other intrusions, as it shows where the intrusions are and hence the locations of greater risks. Emergency and incident management deals with planning to prevent disasters, planning for disasters, and treating the disasters as soon as they occur. Competence management works to decrease ignorance and the likelihood of people being the reason for accidents and incidents as well as efficiency loss. Management of change involves review of all significant changes to ensure that an acceptable level of safety will be maintained during and after the change has been implemented. Risk management is knowing the risks that are being carried and managing them so that the assets are safe (along with the people and the environment) by using prudent management of data. These are the areas discussed in this chapter, with a view of alerting as many as possible to the consequences and reducing the likelihood of incidents occurring while removing inefficiencies.

The process of assessing overall (cumulative) risk can be difficult but should be done. Cumulative risk is determined by considering contributions from all risks to provide an index. A relative measurement of various risks can be developed to provide the index. Such measurement is best done and communicated using an electronic system.

Intrusions are best supported by systems that are IT-based. This significantly increases the safety and efficiency, the reuse of information, the ability to interact with the supporting software, and the synergies thereof.

Terms and Definitions

A

Action Page:

A user interface page presenting actions that could/should be taken.

ACTIVITY COMPLETED State:

The state where a decision is made on an activity has achieved its desired purpose.

ALARP:

As low as reasonably practicable (ALARP).

Alerts:

Prompts to strongly communicate risks by elevating and highlighting problem areas needing urgent attention to lead to prioritize action-taking.

AMEND State:

The state where decisions are made regarding an activity that needs to have its scope or risk assessment adjusted without completely changing scope.

Area:

Subsets of locations. The location may be subdivided into areas.

Atmospheric Testing:

Examination of atmospheric conditions by competent authority for fitness are human respiration.

AUTHORIZED State:

The state where a decision is made the person responsible for operating the area that an activity meets all the safety and supported conditions to proceed in the area.

B

Back-up:

The system to allow continuity in case of a breakdown or upset.

Bar Code:

A machine-readable optical label that contains information about the item to which it is attached.

Barrier Management:

A risk mitigation system that uses knowledge of the risks being carried to make decisions to mitigate risk using safeguards.

Breaking Containment Work:

When normal operation is halted and energy containing equipment (piped equipment or vessel or powerlines) is intentionally opened leading to exposure to material or power.

Break-In work:

Work done on the same day it was authorized when it was not in the plan of the day.

C

Car seals:

A single-use tamper-proof device used to secure a seal.

Checklist:

A comprehensive list of important or relevant actions or steps to be taken in a specific order.

Coaching:

A one-to-one process that usually follows training that aims to improve performance by equipping people with the tools, knowledge, and opportunities to fully develop themselves to be effective in their work.

Competence:

The quality of possession of required skill, knowledge, qualification, or capacity to provide safe and reliable performance on a consistent basis with minimal supervision.

Competence Management:

Decreasing ignorance and the likelihood of people being the reason for these accidents and incidents as well as efficiency loss.

Compliance Audits:

A process to verify that the procedures and practices developed under the standard are adequate and are being followed.

Confined Space:

An area that is large enough and configured such that a person can bodily enter and perform some type of work; has limited or restricted means for entry or egress; and is not designed for continuous occupancy.

Conflicting Work:

Simultaneous work activities that are so adverse to each other that they are not allowed to occur concurrently.

Contributory Risk:

Consideration of components of all known and reasonable risks that relate to an overall risk.

Controls:

Measures put in place to mitigate hazards.

Critical Devices Override:

Managing the temporary removal of critical protective devices or systems such as a firewater pumps.

Critical Work:

Activities such as lifting over Live equipment, working at heights, excavations and shoring, overside work, diving operations, and low voltage electrical.

Cumulative Risk:

The accumulation of the risks that are usually thought of. It will consider all known and reasonable risks. It will be the total of all the subtotal risks.

D

Data Management:

The mining and management or data resulting use in warehousing and KPI reporting.

Data Migration:

The controlled movement of data from one place or system to another.

Deisolated State:

The position of the device to be achieved in the deisolation plan for each point.

Downside Risk:

A hazard that may result in the loss of loss or injury or peril.

DOCUMENTATION COMPLETED state:

The state where decision is made for an activity may be closed out.

Document Upload:

The ability to incorporate external documents such as drawings, isolations designs, risk assessments, SDS, P&IDs, and any other pertinent documents in several formats.

E

Ease of Change:

Ability to change components for development or enhancement without adversely affecting the software.

Emergency and Incident Management:

Planning to prevent disasters, planning for disasters, and treating the disasters as soon as they occur.

Emergency Plans:

EAP is a written document required by some OSHA standards to help facilitate and organize employer and employee actions during workplace emergencies.

Emergency Response:

A series of appropriate actions and precautions in the event of a disaster.

Enterprise:

An example of an enterprise could be all the oil production facilities of a company. An enterprise is broken down into sites.

F

FPSO:

Floating, production, storage, and offloading facility.

G

Graphics:

A graphical representation of the facility that shows exactly where the work, certification, critical device override, and isolations are occurring to determine the impact, if any, on other work, other certifications, and other operations, etc.

H

Hazards:

A potential source of harm or adverse condition on a person, process or equipment.

HazOp:

A structured and systematic examination of a planned or existing process or operation.

Higher-Level Risk Assessments:

A quantitative risk assessment for higher level risks hazards associated with very critical work activities when consequences the risk of life, health, and damage to environment and/or equipment are very critical.

History—Authorization:

An indication of what was done, when the action transpired (date and time), the user taking the action, and under what authority the action was taken—an electronic footprint.

Hot Work:

The use of a naked (open) flame in the performance of a task or the presence of an energy source that can cause ignition (including autoignition).

I

ICC:

An Isolation Confirmation Certificate (ICC) is an authorized document used to confirm an isolation to be IN PLACE, including demonstrating that the envelope is energy-free.

Icons:

Figures and shapes used to depict a condition or state or stages of approval of activity.

Installation:

Subsets of sites. Then a site is broken down into installation(s) like a plant, a platform, and transfer pipelines, an FPSO, etc.

IN PLACE State:

The state where the area operator confirms that isolation points are safely in the position desired in the plan.

Isolation:

The separation of equipment from all sources of energy in such a way that the separation is secure and safe for work/activity to proceed.

Isolated State:

The position of the device to be achieved in the isolation plan for each point. There is zero energy in this state.

Isolation Tags:

Tags used to easily display isolation information including a name and number for the point, defining how the point is secured and labelled and determine the method of determine zero energy.

Isolation Types:

Nonpositive or positive.

ISSUED state:

The state where decision is made that conditions and authorizations are sufficient to go to work.

J

Jobs:

The full embodiment of the tasks, functions, and responsibilities. A job may be consisting of several tasks.

Job Safety Analysis (JSA):

A risk assessment performed by a single competent person.

JSA:

A risk assessment or a low-risk activity being implemented and the location.

JSAT:

A referenced document that has been authorized for a particular type of low-risk activity.

L

Lessons Learned:

Organizational experiences captured to assist in reuse for improved safety and efficiency.

Lifecycles:

Workflows that take documents through stages of authorizations based on one’s role. Isolations, critical device override, confined space entry, and JSAs may also have icons and lifecycles.

Location:

Subsets of installations. This installation is broken down into locations.

Lower Level Risk Assessments:

A risk assessment for lower-level risks like a JHA when consequences are not very critical.

M

Management of Change:

Review of all significant changes to ensure that an acceptable level of safety will be maintained during and after a significant change has been implemented.

Medium Level Risk Assessments:

A risk assessment for medium level risks that is less rigorous than a HLRA but more rigorous than a LLRA. This may be quantitative or qualitative.

Mechanical Integrity:

Written procedures to ensure that materials must be kept in piping and equipment where they belong by certifying that designed and installed correctly equipment and operates properly and continues to operate properly.

Mechanical Isolation:

Isolation that uses physical mechanical devices such as blinds.

Mobility:

The use of small devices that can assist in the use of a software.

N

Non-Positive Isolation:

An isolation is secure but not as secure as it could possibly be such as a valve or HOA switch.

O

Operating Procedures:

Written documents with a set of step-by-step instructions designed to start up, operate, and shut down simple and complex production and operational equipment in exactly the same sequence for each occurrence.

Operational Risk Assessment (ORA):

A risk assessment performed by a team with a risk assessment leader and pertinent leaders of knowledge in the target areas for any nonstandard operation.

P

Performance:

The work, job or task-related activities expected of a person and how well those activities are executed.

Permit:

A control document authorizing extraneous workers to come in a space to do work.

Positive Isolation:

A secure method of isolation where a physical barrier exists that cannot normally be penetrated exists.

Privileges:

Defined responsibility of users with commensurate authority that does not affect lifecycles.

Process:

Any activity involving a highly hazardous chemical or similar conditions including using, storing, manufacturing, handling, or moving such chemicals at the site, or any combination of these activities.

Process Hazard Analysis:

A careful review of what could go wrong (hazard) and what safeguards (controls) must be implemented to prevent releases of hazardous chemicals. This is a risk assessment of the process.

Process Safety Management:

Management of process by keeping materials where they belong to meet the law and properly run businesses. PSM was instituted by the authorities to appropriately manage process safety to curtail the loss of life and property.

R

Requested Changes:

Desired changes from clients that are approved and sent to vendors or internal change personnel for consideration.

REQUESTED State:

The state where a decision is made for an activity to be reviewed after being scoped.

Residual Risk:

The risk remaining after controls have been put in place to mitigate initial risks.

Resource Center:

A knowledge system to help users when they need clarifying information or if they forgot something.

REVIEWED State:

The state where a decision is made for an activity to be to determine fitness for purpose for the proper area.

Risk:

The lack of certainty about the outcome of making a particular choice; or, expressed quantitatively, risk = probability of an event × consequence of that event.

Risk Assessment:

Determination of the risk associated with an activity by determining hazards and controls to mitigate the hazards.

Risk Assessment Facilitator:

Person to arrange and assemble the assessment team and lead a quantitative risk assessment.

Risk Management:

Knowing the risk that is being carried and putting in control to mitigate the hazards by way of elimination, substitution, engineering, administration, and protection by using prudent use of data.

Risk Matrix:

A matrix that is used during risk assessment/analysis to define the level of risk by considering the category of likelihood or probability against the category of consequence severity.

Risk Measurement:

Determination of risk by assigning severity and weightings.

Risk Mitigation:

Steps taken to manage risks to provide safer operating envelopes.

Roles:

Defined positions of responsibility of users with commensurate authority that affect lifecycles.

S

SCOPED state:

The state where a decision is made regarding what activity or work is anticipated to be performed and manage the activity going forward and what will support it.

Searchability:

The ability to query and locate documents such as permits, JSAs, certificates, critical devices override documents, isolations, lessons, risk assessments, equipment, and users.

Search Feature:

Location of any single document or group pack based on various queries.

Security:

The protection of the integrity of the software.

Servers:

Application and database systems.

Scheduling:

Defining the timing of work and associated activities.

Shift Handover:

A key communication tool for continuity and the transfer of information to be consistent for proper management of operations and hazards.

Shift Log:

The primary written communication tool at shift handover preserving information from being lost if the handover were limited solely to verbal exchanges.

Site:

Subsets of enterprises. Operating unit may be all the oil production facilities in a certain geographical area. A site is broken down into Installation(s).

SIMOPs Matrix:

Simultaneous operations work matrix is useful in managing conflicting and concurrent work as well as determining which activities can be done concurrently and which should never be done concurrently.

Simultaneous Operations (SIMOPS):

Any situation wherein two (or more) different activities are occurring close enough to each and potentially escalating risk or creating a safety conflict.

Standalone Risk Assessment:

A risk assessment for any presumed activity in the operational space where risk of incident is present, even if work is not being done.

Subtotal Risk:

A collection of contributory risks that may not be the total risk.

SUSPENDED State:

The state where a decision is made for an activity to be temporarily discontinued.

System Auditing:

A process to determine and ensure that the use meets the targeted standard.

T

Tasks:

The routine portions one performs as part of a job. Tasks are components of jobs.

Training:

The process of teaching, or developing in oneself or others, any skills and knowledge that relate to specific useful competencies.

Training Certification:

The system whereby people are tested by a competent person to determine and found to have sufficient skills to perform a specific job.

U

User Management:

The ability to manage users and their authority and access.

UTI:

Unable to isolate or unable to implement an isolation.

V

VERIFIED:

The state where the area authority determines that an activity or isolation design is fit for purpose for the proper area.

W

WCC:

Acronym for a work control certificate, which is a document authorizing extraneous workers to come in a space to do work or certifying spaces or overrides. Permits, CSE, and CDO are all WCCs.

Work:

An activity that involves jobs and tasks performed by humans as opposed to work produced by machinery—operation and production.

Work Management:

Any safely and efficiently managed intrusion into operations based on the work. Direct work is just one of the activities to be managed.

Work Matrix:

A matrix that indicates various types of work to determine which an organization believes can be conducted simultaneously and which cannot.

Acknowledgements

Writing this chapter would not have been possible without help from many sources. We thank all who assisted in any way including those whose names we have had to leave out for brevity without directly acknowledging them and those we have inadvertently left out.

Errol started in this intrusive space with Petrotechnics in 2007. He particularly thanks Richard Hoover as a friend and subject matter expert. Thanks also to William Munro, Randy Brooks, Dorothy Spence, Peter Cowie, Michael Neill, and Simon Jones. Thank you also to Errol’s ExxonMobil colleagues particularly Kieran O’Brien, Nedra Kelly, Tahari Thomas, Rachell Cobb-Valion, Siti Mahmod, and others who helped to sharpen his knowledge. There are many others as well in designing, testing, support, etc. who were outstanding and helpful to him.

Throughout the years in this space, the support of friends and family of both of us have been comforting and inspiring, and at times had tangible assistance.

We are grateful to Winston Revie for accepting this chapter for this Handbook. We also thank Wiley for their help throughout the publication process.

Finally, we would like to thank our family. We love them always.

References

1. 1 Kaley, L.C. Risk Management of Pipelines, This Handbook, Chapter 67.
   
2. 2 Singh, B. and Poblete, B. Offshore Pipeline Risk, Corrosion, and Integrity Management with Lessons Learned, This Handbook, Chapter 68.
   
3. 3 Eccles, E.R.A. (2022) Operational Intrusions: Increased Safety and Efficiency through Risk Management. Global Book Publishing.