Insights on Environmental Health & Safety (EHS), Operational Risk and Product Stewardship

California’s Closing in on Hierarchy of Hazard Controls for Refineries

May 31st, 2017
John Crosman
Share on:

Tags: , ,

Risk management is about to get much more complicated for oil refineries in California.

For years, Cal-OSHA’s standards were more or less in lockstep with the U.S. Occupational Safety and Health Administration’s 14-point Process Safety Management requirements. That’s likely going to change.

The proposed new requirements, which were approved on May 18, 2017, by the state’s Occupational Safety and Health Standards Board, must be approved by California’s Administrative Law Office within 30 days of that initial approval date—and we have no reason to believe they won’t.

Among the changes, activities that refiners have undertaken, in one form or another, for many years will become mandatory. Damage mechanism reviews, or DMRs, and Safeguard Protection Analysis, or SPAs, which are similar to Layers of Protection Analysis, or LOPAs, would be two of the major ones. Others requirements, however, will have refiners scratching their heads. And among these, one of the biggest changes lies with the requirement to complete a Hierarchy of Hazard Controls Analysis for each facility.

The concept of the hierarchy of controls is not new.

There are many ways to manage hazards, and not all ways are created equally. Ideally, industry strives to eliminate hazards in the first place, so they don’t need to be managed at all. However, that isn’t always practical or realistic, and so other approaches can be taken. Substituting one hazard for another that is less harmful may be the next approach. And for those hazards that cannot be eliminated or substituted, then various types of controls can be put into place to reduce the likelihood of harmful scenarios playing out in industrial facilities. A common depiction of this concept is shown above from the National Institute for Occupational Safety.

Modern approaches to design and engineering for new projects involve multiple levels of design review and value engineering in which as many inherently safe design features as possible can be incorporated into the project at the earliest stages. This provides a good foundation for the overall process safety moving forward. But, for older facilities, working backward to understand and justify design decisions can be much more complicated. And of course, once a facility is built, changing even the smallest element of the design can produce headaches and complications that can be seemingly out of proportion.

The problem facing California refiners is that, while there will be a requirement to perform a Hierarchy of Hazard Controls Analysis, there is no one go-to methodology or best practice that we can point to for guidance, and the analysis would also have to be done independently from the regular facility Hazard and Operability Study, or HAZOP, or Process Hazard Analysis, or PHA.

Industry will be wringing its hands over how to best meet the new legal requirements, while at the same time, working to ensure that the effort involved in completing an HCA becomes more than just a checkbox activity. When activities are undertaken purely for compliance purposes, the value that can be extracted from the time and energy invested in the activity is minimized, and stakeholder buy-in can be elusive. Without a well-known, well-understood best-practice methodology to follow, it will prove difficult to make the HCA exercise valuable.

Sphera’s team of PHA facilitators have been working with clients across a broad spectrum of industries and regulatory regimes for decades, and we have seen an evolution in the PHA/HAZOP process that we think might be able to help California’s refiners meet the new HCA requirements while, at the same time, engaging stakeholders in a valuable and meaningful process that can produce effective results.

From the perspective of safeguards and controls, HAZOPs today typically tend to focus on the engineering controls and administrative activities in place to help reduce the likelihood of a hazardous scenario from reaching its ultimate, undesired consequence. That hasn’t changed much over the years, though methodologies such as LOPA seem to have placed additional emphasis on these types of controls.

What has changed over the years, however, is the type of consequences we actually analyze in the HAZOP itself. In the earlier days, we usually focused on the “worst case” consequence. All well and good, but that often ended up with a much longer lists of controls to manage that were not always manageable, and much longer lists of recommended actions to close risk gaps that often seemed “unbelievable.”

Over the years, industry has done a great job of considering design features when formulating its consequences, and has now moved more into the area where it is analyzing not the “worst case” but the “worst credible case” consequence. While this reduces the number of controls we need to manage, gives us more realistic risk rankings, and makes our lists of study recommendations more succinct and relevant, there is a gap.

And, closing this gap is, we believe, the spirit of the HCA requirements in the proposed Cal-OSHA amendment.

By reviewing both the worst-case and worst-credible case consequences, formal understanding and documentation of the design features, operating practices, material selections, etc., allows us to show what we have done to get from “the ultimate worst thing” to the “actual worst expected thing.”

Formally documenting these features allows us to manage them in the same way we manage our engineering and administrative controls. We can ensure that appropriate training, inspections and audits for these are in place, and we can quantify, to some extent, the impact these are having on our overall risk. They essentially capture many of the elimination and substitution controls that may not always be apparent in a simple PHA.

We’re not saying that this is a best practice that everyone should follow—not yet anyway—but we do think it’s a great place to get the conversation started. Understanding how we’ve gotten to the point we’re at today might help us quickly adapt to new rules and regulations without as much additional effort, and with much more value than we originally thought.

Please contact us to learn more about our risk assessment services and products, and as always we’ll continue to monitor the situation in California for all of our refinery customers.

John Crosman

John Crosman has been a process safety consultant with Sphera for 10 years and leads a team of process safety consultants. An accomplished facilitator, Crosman has led PHA teams to complete many large-scale risk assessments covering hundreds of P&IDs across many key industries, and in most parts of the world. His experience also covers the broader risk management framework with understanding of such important activities as incident management, management of change, and tracking of risk assessment actions. Prior to joining Sphera, Crosman spent nearly 10 years working in the process controls industry, working with SCADA systems and PLCs, process instrumentation, pressure regulators and control valves. He holds both a bachelor’s and a master’s degree in Chemical Engineering from McGill University, is bilingual in English and French and is a senior member of the AIChE.

Back to