Back to Basics A CEP Preprint

© 2010 AIChE

Understanding Process
Safety Management
A structured risk-based approach
defines the pathways to successful
implementation of process safety
management objectives

Adrian L. Sepeda
A. L. Sepeda Consulting Inc.

P
rocess safety and process safety management systems that can be compared to constructing a building. The first
touch almost every aspect of designing, construct- step in erecting a building is to lay a foundation. Similarly,
ing, operating, maintaining, modifying, and closing risk-based PSM systems are built on a foundation of four
a manufacturing site. With requirements and regulatory key components (Figure 1):
obligations that are often difficult to understand and hard to 1. Commit to Process Safety
implement, this field may seem extremely complex to the 2. Understand Hazards and Risk
inexperienced engineer. 3. Manage Risks
Process safety management (PSM) has a variety of 4. Learn from Experience
meanings and purposes. AIChE’s Center for Chemical These four foundation blocks support 20 process-safety-
Process Safety (CCPS) defines PSM as “a management related tools and areas of expertise that form a structurally
system that is focused on prevention of, preparedness for, sound, risk-based PSM program.
mitigation of, response to, and restoration from catastrophic
releases of chemicals or energy from a process associated Commit to process safety
with a facility” (1). History has shown that a lack of, an This foundation block involves words, actions, demon-
ignorance of, or an improper or inadequate implementation stration, and support. It starts with developing and sustaining
of a suitable PSM program can be disastrous. The events a culture that encourages, embraces, and supports process
that occurred in Flixborough, England, and Bhopal, India, safety. The commitment exists at all levels of an organiza-
exemplify this point. tion and in every individual at every facility. It permeates the
This article outlines the concepts and tools that are attitude and work ethic of every employee. Commitment to
needed to develop, implement, audit, and manage a risk- process safety includes understanding, implementing, and
based PSM system. It does so using a structured approach complying with applicable laws, regulations, standards, and

UNDERSTAND
COMMIT TO LEARN FROM
HAZARDS MANAGE RISK
PROCESS SAFETY EXPERIENCE
AND RISK

p Figure 1. An effective risk-based PSM program is built on a strong foundation consisting of a commitment to process safety, an understanding of hazards
and risk, appropriate risk management measures, and continual learning from experience.

26  www.aiche.org/cep  August 2010  CEP

accepted codes of recommended practices. u Figure 2. The Commit to
Process Safety foundation block
As shown in Figure 2, the Commit to Process Safety supports five pillars related to
foundation block supports five pillars. company culture, practices and
1. Process Safety Culture is the combination of group behaviors.
values and behaviors that determine the manner in which

Process Safety Competency

Compliance with Standards
process safety is managed. The culture can range from • develop and imple-

Workforce Involvement
Process Safety Culture

Stakeholder Outreach
undesirable, with uncontrolled and unknown risk-taking, to ment an appropriate
desirable, where risks are identified and managed. Culture management system
starts at the top of the organization and requires support, that ensures compliance
understanding, and adaptation at every level. Culture must actions remain effective
constantly be reviewed, reinforced, and enhanced to ensure • install an audit
it is consistent. This is done by: system and distribute audit
• constantly maintaining a sense of vulnerability and reports to the appropriate
avoiding complacency individuals to ensure they
• empowering individuals to successfully fulfill their are notified of the actions
process safety responsibilities required for continuous
• maintaining a sufficient level of expertise compliance.
• establishing and maintaining an open and effective 3. Process Safety Com-
communication system petency encompasses three
COMMIT TO
• establishing and fostering a questioning and learning related actions: PROCESS SAFETY
environment • continuously
• gaining and maintaining trust throughout the improving knowledge and
organization proficiency
• ensuring prompt and timely responses to process safety • ensuring that appropriate information is available to
issues and concerns. people who need it when they need it
2. Compliance with Standards. This pillar involves • consistently applying what has been learned.
identifying the standards that apply to your operation, under- This often requires assessing the availability of informa-
standing and implementing those standards, and auditing tion, gathering knowledge and lessons learned from external
against the standards to ensure adherence, effectiveness, and sources, customizing and disseminating that information
continuous improvement. Standards come in many forms, for use throughout your organization, updating documenta-
including voluntary industry standards, such as American tion as needed, implementing document control procedures,
Petroleum Institute Recommended Practices (e.g., API and conducting periodic training to institutionalize the new
RP 752, which relates to the siting and protection of people information.
in buildings), and consensus codes, such as those developed Process safety competency is achieved when every
by the National Fire Protection Association (e.g., NFPA 921: person in the organization knows his or her process safety
Guide for Fire and Explosion Investigations). Other stan- responsibilities and is empowered to assume them.
dards are mandatory, such as U.S. federal, state, and/or local 4. Workforce Involvement. The fourth pillar recognizes
laws and regulations (e.g., 29 CFR 1910.119, the Occupa- that PSM must span from the lowest job level up to the top
tional Safety and Health Administration’s [OSHA] standard of the corporate ladder. Every level between must be edu-
for the management of process safety), and international cated, involved, and empowered.
laws and regulations, such as the European Commission
Seveso II Directive, which involves the control of major
accident hazards involving dangerous substances. The Center for Chemical
Standards-compliance activities may be managed by Process Safety
various groups within an organization, which must: Formed in 1985 after the Bhopal
• ensure that a consistent and appropriate understanding tragedy, AIChE’s Center for Chemical Process Safety
of the standard exists and that a matching implementation (CCPS) has provided leadership and technical support
strategy is developed and is followed in an effort to eliminate process-safety-related incidents.
CCPS’s most advanced approach is embodied in its
• implement a methodology for determining which stan-
book, “Guidelines for Risk Based Process Safety” (1).
dard requires compliance and by when This article is based on the risk-based approach to
• involve the right people with the needed competencies process safety.
at the right time

CEP  August 2010  www.aiche.org/cep  27

Back to Basics

The people who operate and maintain the equipment of three attributes: what can go wrong, how bad it could be,
are the front line of defense and the first layer of protection and how often it might happen” (1).
against catastrophic events. If these people are not educated The Understand Hazards and Risk foundation block sup-
in PSM, this level of protection is lost. Likewise, those who ports two pillars (Figure 3).
make resource decisions must also be educated to under- 1. Process Knowledge Management. This pillar requires
stand what needs must be met to maintain an effective PSM one or more of the following types of information:
system. Workforce involvement includes not only employ- • Chemical Hazard Information. Each chemical has
ees, but contractors as well. hazards that must be identified, understood, and managed.
A written action plan should be developed that summa- Hazard information is often supplied in Material Safety Data
rizes the PSM requirements and captures the knowledge of Sheets (MSDS). Care should be taken to ensure the MSDSs
those responsible for implementing PSM on the front lines. are current and accurate.
Such plans often become stagnant and ignored. Therefore, • Process Technology Information. Each process is built
involving the front-line workforce in addressing process- around a specific technology, which must be characterized,
safety-related problems capitalizes on their expertise — they understood, and managed. Process technology information is
often have valuable insight into how problems can be solved usually contained in the original design documentation, but
with the resources available. the design may change over time. An effective management
5. Stakeholder Outreach is comprised of three activities: of change (MOC) program should be in place to keep the
• seeking out individuals or organizations that can be process technology information current and accurate.
affected by company operations and engaging them in a • Process Equipment Information. Each piece of equip-
dialogue about process safety ment in the facility has defined specifications, safe operating
• establishing a relationship with community organiza- limitations, and approved uses. For example, the specifica-
tions, other companies, professional groups, and local, state, tions for a centrifugal pump include impeller size, inlet and
and federal authorities outlet piping connections, size and pressure ratings of the
• providing accurate information about the company and flanges, materials of construction, etc. These data must be
the facility’s products, processes, plans, hazards, risks, and updated when equipment is modified or replaced.
how they are managed. All of this information must be shared with those who
A company should use stakeholder outreach to secure need it to do their job safely. In addition to ensuring that
and continuously renew its political license to operate in the these data exist, the facility must have a validated method­
community. Effective outreach can move the community ology to ensure that those who need to know actually have
from merely tolerating the presence of the facility to appreci- the information when needed.
ating its presence as a trusted and valuable 2. Hazard Identification and Risk Analysis. This pillar
contributor. is also referred to as process hazards analysis (PHA). The
Outreach is not solely the responsibility most common PHA methodologies are scenario-based, and
of management or the corporate public rela- include (2):
Hazard Identification and Risk Analysis

tions staff. In fact, members of the commu- • What-if Analysis. In this free-form brainstorming
Process Knowledge Management

nity may find representatives of the local, approach, a group of experienced participants repeatedly
operational work force — their neighbors asks the question “What if…?” and then discusses the haz-
— more believable. In some situations, ards that might be uncovered in the answers to the question.
when management talks, people listen, but • What-if/Checklist Analysis. This structured brainstorm-
when the front-line workers talk, people ing approach combines the creative features of “What if?”
believe. with a checklist to make sure the questioning is pertinent to
the potential hazards.
Understand hazards and risk • Hazard and Operability (HAZOP) Analysis. This sys-
There is an important difference tematic technique identifies potential hazards and operational
between a hazard and a risk. A hazard is problems that could result from deviations from the process
defined as “chemical or physical conditions design intent. A specific section (or node) of the process flow
that have the potential for causing harm diagram is selected for analysis. Scenarios are constructed by
to people, property, or the environment,” combining specific guide words (e.g., no, less, more, reverse,
whereas risk is defined as “the combination UNDERSTAND
etc.) with various process parameters (e.g., flow, temperature,
u Figure 3. The Understand Hazards and Risk HAZARDS pressure, level, etc.) to form the basis for exploring hypo-
foundation element serves as a basis for two pillars AND RISK thetical conditions such as “more pressure” or “reverse flow.”
involving process knowledge and hazard identification. When a hazard is identified, the group generates one or more

28  www.aiche.org/cep  August 2010  CEP

recommendations to address the issue. Then it moves on to a high level of precision, so semi-quantitative values are
another question. After all meaningful questions associated sometimes used instead.
with that node are asked and answered, the team repeats the Many companies use a two-dimensional risk matrix
procedure for the next node, and so on until the entire flow (Figure 4) to characterize risk. One axis represents the
diagram has been analyzed. probability that a certain event will occur and the other axis
• Failure Modes and Effects Analysis (FMEA). This represents the expected consequences. Each level on the
approach determines the ways that each piece of equipment probability and consequence axes must be defined, which is
in the process could fail and the most likely consequences if often done semi-quantitatively using a scale of 1 = very low
that were to happen. If the consequences are unacceptable, to 5 = very high. Each cell within the risk matrix captures
then risk-reduction plans are developed. These plans could the probability and consequence of a specific event — i.e.,
reduce the probability of failure, its likely consequences, or the risk. The risk of one event can then be compared to pre-
both. FMEA is similar to HAZOP in that questions relating established levels of tolerability for risk, and the appropriate
to deviations are asked and answered. Instead of moving risk-reduction measures taken.
from one process node to another node, however, the team
moves from one piece of equipment to another. Manage risk
• Fault Tree Analysis. This deductive technique focuses Risks can be managed only after hazards have been
on one particular incident or failure at a time and backtracks identified and translated into risks and the potential impacts
through all the events leading to that failure to determine the on the safety and viability of the facility characterized. Once
potential causes. A fault tree is a graphical model that uses the range of impacts is known, the risks can be compared
standard symbols to display the combinations of failures and and prioritized and the available risk-management resources
failure pathways that could result in a significant event of allocated accordingly.
concern — called the top event. Since this technique starts The Manage Risk foundation block supports nine
with a failure, it is often used for incident investigations. pillars (Figure 5).
• Event Tree Analysis. This graphical technique starts 1. Operating Procedures are (usually written) instruc-
with an initiating cause, and then determines all of the pos- tions that list the steps for a given task and describe the
sible outcomes that could result from the success or failure manner and order in which those steps are to be performed.
of protective systems. It is typically used to identify inci- Written and enforced procedures are necessary to manage
dents that might occur in more-complex processes. the risks associated with operating a manufacturing process.
• Cause-Consequence Analysis. This method combines the Good operating procedures also describe the process,
inductive reasoning used in event tree analysis with the deduc- the hazards, the tools needed, the protective equipment
tive reasoning of fault tree analysis. A cause-consequence
analysis generates a diagram that describes incident sequences t Figure 4. An example
and descriptions of possible outcomes of those incidents. C D D E E 5 of a risk matrix, in which
These techniques identify and analyze hazards. The the x axis represents
consequence severity
hazards must then be translated into risks before a risk- B C D D E 4
(1 = very low to 5 = most
management program can be implemented.
Probability

severe), and the y axis

Risk is an expression of the probability that an event will B B C D D 3 represents probability
(1 = very low to 5 = very
occur combined with the consequences if it does. Normally, high). The letter in each
these elements are independent for process-related risks. A B B C D 2 cell indicates the level
However, if the risk relates to security, probability and of risk and defines the
consequence are not independent — because the higher the A A B B C 1
appropriate risk-manage-
ment strategy.
consequence, the more attractive the event is to someone
1 2 3 4 5
intent on causing harm and the higher its probability (3).
Risks need to be clearly and accurately characterized so that Consequence

they can be properly prioritized. Risk Level and Response

Risks may be expressed qualitatively or quantitatively. A = Tolerable risk; no action required
Quantitative risk assessment is more accurate than qualita- B = Low risk, but watch closely
tive risk assessment, but it requires more expertise, takes C = Questionable risk; look into inexpensive risk-reduction measures; watch
closely for changes
more time, and is more expensive. A quantitative risk assess- D = Intolerable risk; consider risk-reduction measures; report status to safety
ment requires numerical values for both the probability that officers
a certain event may occur and the consequences that would E = Very intolerable risk; Immediate action required to reduce risk at least one
result if it did. It is often difficult to obtain these values with level; report to safety officers until permanently lowered at least one level

CEP  August 2010  www.aiche.org/cep  29

Back to Basics

demand. Reliability usually follows or is a result of proper

asset integrity. Each company should have an asset integrity
and reliability policy, and each operating facility should have
a matching procedure.

Training and Performance Assurance

4. Contractor Management. Contractors, i.e., non-
Asset Integrity and Reliability

company employees with specific skills who perform

Emergency Management
Contractor Management

Management of Change

Conduct of Operations
Operational Readiness
Operating Procedures

Safe Work Practices

specific targeted assignments, need to be educated and man-

aged so that they are fully aware of the hazards the facility
presents to them in their jobs and that they do not present
new unaddressed hazards to the facility.
Contractors must be educated about the facility, how
it works, what it does, and the hazards it presents to them
while doing their work. Conversely, the contractor must
educate the facility personnel about the hazards they may be
bringing onto the site and how their jobs might change the
existing hazards and established risk-management system.
Contract personnel should be held to the same safety
standard as company employees. Furthermore, the facility
and contracting companies should participate in annual per-
MANAGE RISK formance and safety reviews to exchange information and
ideas and resolve ongoing issues.
5. Training and Performance Assurance. This pillar is
p Figure 5. The Manage Risk foundation block supports nine pillars, the tool that gives employees and contractors the under-
encompassing a range of critical management and operational practices. standing they need to do their jobs safely. Training can be
general, such as what to do when the emergency alarm
required, and the control system employed to manage the sounds, or it can be specific, defining exactly how to operate
process and the risks (1). or repair a particular piece of equipment.
Operating procedures are usually more accurate, gener- Unlike some undergraduate classes, where an exam score
ally accepted, and followed more closely when they are of 80% is often considered passing, safety training requires
developed jointly by operators and process engineers who mastery of all of the course content. Anything less than
have a high degree of involvement and knowledge of pro- 100% is unacceptable and indicates a need for retraining.
cess operations. Changes to operating procedures should be Front-line operations personnel often make the best
closely monitored and approved through a management of trainers, because they can blend their expertise with their
change (MOC) process, just as any physical equipment or real-world experiences.
process change would be (1). 6. Management of Change. MOC may be the most impor-
2. Safe Work Practices are the documents, actions, and tant tool for keeping a facility safe. In the absence of change,
routines that fill the void between operating procedures and even unsafe operations eventually improve, simply because
maintenance procedures (1). Safe work practices are usually the unsafe conditions manifest themselves and are addressed.
established for repeatable tasks, such as hot work, electrical However, when changes are made, it may be virtually impos-
lockouts, confined-space entry, and elevated work requiring sible for such a natural reduction in risk to occur, because the
fall protection. Some of these tasks are performed regularly, hazards are changing and they may be compounding.
whereas others may done intermittently. They are not part of To manage change, it must be recognized, then analyzed
the manufacturing process, and usually require a permit issued and characterized to determine its impact on risk.
by the safety and/or the manufacturing department because Change is defined as any addition, process modifica-
they are not fully described in an operating procedure. Safe tion, or substitute person or object that is not a replace-
work practices are important because such tasks may present ment-in-kind, i.e., that does not meet the design specifica-
new hazards not encountered during normal operations. tion (4). However, identifying change is not always easy,
3. Asset Integrity and Reliability. This pillar involves the because change can creep into daily practice unnoticed
use of procedures, work orders, and management oversight — until something goes wrong. Be alert for signs of such
to ensure that equipment is properly designed, installed, changes. For example, if a member of the operations staff
and maintained to remain fit for service until removed begins a sentence with “On my shift …,” this usually indi-
and/or retired. Reliability is performance as expected on cates that all shifts do not operate the same way and that a

30  www.aiche.org/cep  August 2010  CEP

change has occurred somewhere. knows what to do if something goes wrong. It also ensures
Engineers sometimes need to evaluate the impact of that all stakeholders are knowledgeable in what they are to
change under stressful, hurried conditions. For instance, the do and when to do it.
facility may have shut down because a key component failed
and an exact replacement will not arrive for four days, so the Learn from experience
production department suggests substituting a similar part in Retired Pittsburgh Pirates pitcher Vernon Law said,
order to get the plant back up and running sooner. Before the “Experience is a hard teacher because she gives the test first,
substitution is approved, the impacts of the change must be the lesson afterwards.” Learning from our own experience is
thoroughly evaluated to ensure the safety of the employees sometimes painful and slow. We must capture and apply the
and the facility. lessons learned from our own experiences. This requires an
An effective MOC program involves five key steps (1): infrastructure to identify, document and disseminate learnings.
1. Design, implement and maintain a dependable MOC A less-painful way to learn is by observing and gather-
practice that is suitable for your facility ing information and learnings from others. Networks for
2. Identify potential change situations sharing safety lessons, both formally and informally, are
3. Evaluate possible impacts if a change is made very important. CCPS facilitates such sharing through
4. Determine whether the requested change should be its publications, conferences, and courses, as well as its
approved, modified, or rejected Process Safety Incident Database (PSID) (5), in which it
5. Complete the necessary follow-up activities, including collects data about incidents and shares that information
documentation, training, etc. with participating companies.
It is important to complete the appropriate paperwork The Learn from Experience foundation supports four
once a change has been approved. Take this opportunity to pillars (Figure 6).
determine whether this change will always be acceptable or 1. Incident Investigation (6) involves tracking and ana-
if this is just a one-time approval. If it will always be accept- lyzing safety incidents to discover their causes, both primary
able, perhaps the design specification should be changed. and contributing. This includes:
7. Operational Readiness. Any process that has been • a formal process for investigating incidents, including
shut down must undergo comprehensive inspection and test- staffing, performing, documenting, and tracking of process
ing before it is restarted to ensure that the process is able to safety incidents
handle hazardous materials and that it can resume manu- • implementing corrective measures so that identical or
facturing safely. This readiness inspection should review similar incidents do not recur
the physical condition of the equipment, the training and • studying trends to identify recurring incidents.
understanding of the operations personnel, the preparation For each incident, the inves-
and readiness of the maintenance staff, and the integration of tigation should discover:

Management Review and Continuous Improvement

all of these elements into the facility’s emergency response • what happened — the
plan. It should also verify that all permits are in place incident itself and contributing
and that the facility is in compliance with all applicable events and conditions
regulations. • how it happened — the
Measurement and Metrics

8. Conduct of Operations refers to the execution of oper- critical events and conditions in
Incident Investigation

ational and management tasks in a deliberate and structured the incident sequence
Auditing

manner (e.g., per operating procedures, standards, codes, • why it happened — the
etc.) by qualified personnel. Conduct of operations applies management and organizational
to all work activities and includes all workers — employees factors that allowed the critical
and contractors. A clear chain of command, specific authori- events and conditions to occur.
ties and responsibilities, and performance metrics in accor- The fault tree analysis
dance with approved procedures and work practices should technique described earlier can
also be established (1). be applied to incident investiga-
9. Emergency Management includes: reviewing the tion with the safety incident as
facility’s risks and developing possible scenarios that might the top event. The investigators
lead to an emergency situation; developing a structured
response plan and securing the resources needed to carry it u Figure 6. The fourth foundation block
— Learn from Experience — deals with LEARN FROM
out; and conducting training and practice drills involving all gathering and disseminating information EXPERIENCE
stakeholders. Effective emergency management ensures that and lessons learned from yourself and
everyone at the facility is constantly aware of the risks and from others.

CEP  August 2010  www.aiche.org/cep  31

Back to Basics

repeatedly ask why, then catalog the answers and depict indicators of less-severe incidents (those below a thresh-
them graphically. old of severity), or unsafe conditions that triggered one or
A fault tree diagram is developed from the top down. more layers of protection.
At each step in the analysis — i.e., for each fault — a set of Each company or facility should establish the parameters
necessary and sufficient lower-order conditions or events is to be measured and tracked, the process for doing so, and the
identified. Moving from one level to the next requires pass- means for reporting and responding to the data.
ing through a gate. This gate can be either an “and” gate, if 3. Auditing. It is essential that every facility looks for
both events or conditions had to occur to cause the fault, or and identifies weaknesses in its PSM systems. Safety audits
an “or” gate, if either event or condition could have caused should be systematic and conducted by people who are not
the fault (7). The result is a graphical representation of the involved with the process or employed by the organization
sequence of events leading up to the incident. being audited.
2. Measurement and Metrics. This pillar deals with The goal of an audit is to verify conformance to pre-
keeping score. Metrics provide the information needed to scribed standards. The auditing process starts with an
determine when and by how much mid-course corrections examination of the management systems in place, as well
need to be made. Measurements and metrics can be real- as policies, procedures, and support resources. The audi-
time, lagging, or leading (8–10): tors then go out into the manufacturing areas to examine the
• lagging metrics — retrospective measures based on the process and facility.
number of incidents that meet a threshold of severity Weakness in management systems will typically
• leading metrics — forward-looking indicators of the manifest themselves in the processing areas. Therefore,
performance of key work processes, operating disciplines, or corrective measures should be introduced to the manage-
layers of protection that prevent incidents ment system, since a facility may have multiple deficien-
• near-miss and other internal lagging metrics — cies that are all caused by a single failure in a management

PROCESS SAFETY
MANAGEMENT SYSTEM

Management Review and Continuous Improvement

Hazard Identification and Risk Analysis

Training and Performance Assurance

Process Knowledge Management

Asset Integrity and Reliability

Process Safety Competency
Compliance with Standards

Measurement and Metrics

Emergency Management
Contractor Management

Management of Change
Workforce Involvement
Process Safety Culture

Conduct of Operations
Operational Readiness
Operating Procedures
Stakeholder Outreach

Incident Investigation
Safe Work Practices

Auditing

UNDERSTAND
COMMIT TO LEARN FROM
HAZARDS MANAGE RISK
PROCESS SAFETY EXPERIENCE
AND RISK

p Figure 7. Taken together, the process safety management foundation blocks, along with the programs, tools, and practices built upon them, provide the
infrastructure for supporting a comprehensive and sturdy process safety management system.

32  www.aiche.org/cep  August 2010  CEP

 system (11). When deficiencies are identified, action plans
Literature Cited to eliminate the deficiencies should be implemented and
1. Center for Chemical Process Safety, “Guidelines for Risk tracked to completion. OSHA’s PSM audit guidelines (12)
Based Process Safety,” American Institute of Chemical Engi- explain how to do this.
neers, New York, NY (2007).
4. Management Review and Continuous Improvement.
2. Center for Chemical Process Safety, “Guidelines for Hazard This final pillar involves routine evaluation of existing PSM
Evaluation Procedures — Third Edition,” American Institute of
Chemical Engineers, New York, NY (2007). systems to determine their effectiveness and/or improv-
3 Abrahamson, D., and A. L. Sepeda, “Managing Security
ing effective systems even further. What was good enough
Risks,” Chem. Eng. Progress, 105 (7), pp. 41–47 (Sept. 2009). or even leading-edge last year may now be obsolete. The
4. Center for Chemical Process Safety, “Guidelines for Manage- management review and continuous improvement process
ment of Change for Process Safety,” American Institute of ensures that all systems are up to date and in harmony with
Chemical Engineers, New York, NY (2008). current needs and expectations.
5. Center for Chemical Process Safety, Process Safety Incident
Database, www.psidnet.com. Closing thoughts
6. Dyke, F. T., “Conduct an Effective Incident Investigation,” When all four foundation blocks are in place — commit-
Chem. Eng. Progress, 100 (9), pp. 33–37 (Sept. 2004). ment to process safety, understanding of hazards and risks,
7. Center for Chemical Process Safety, “Guidelines for Investigat- management of risk, and learning from experience — they
ing Chemical Process Incidents — Second Edition,” American firmly support the 20 programs, tools, and areas of exper-
Institute of Chemical Engineers, New York, NY (2003).
tise that, in turn, support the roof — an all-encompassing,
8. Overton, T. and S. Berger, “Process Safety: How Are You
coordinated, risk-based process safety management system
Doing?,” Chem. Eng. Progress, 104 (5), pp. 40–43 (May 2008).
(Figure 7). CEP
9. Center for Chemical Process Safety, “Process Safety Leading
and Lagging Metrics — You Don’t Improve What You Don’t
Measure,” www.aiche.org/ccps/publications/psmetrics.aspx and
www/aiche.org/uploadedfiles/ccps/metrics/ccps_metrics%20
5.16.08.pdf, American Institute of Chemical Engineers, New
York, NY (2008).
10. Center for Chemical Process Safety, “Guidelines for Process
Safety Metrics,” American Institute of Chemical Engineers, New
York, NY (2009).
11. Sepeda, A. L., “Auditing Process Safety Management in Four
Levels,” Process Safety Progress, 28 (4), pp. 343–346 (Dec. 2009).
12. U.S. Occupational Health and Safety Administration,
“Standard for Hazardous Materials — Process Safety Manage-
ment of Highly Hazardous Chemicals,” 29 CFR 1910.119,
OSHA Instruction CPL 2-2.45A, Appendix A, “PSM
Audit Guidelines” www.osha.gov/pls/oshaweb/owadisp.
show_document?p_table=DIRECTIVES&p_id=1558.

Further Reading
1. Center for Chemical Process Safety, “Layer of Protection
Analysis — Simplified Process Risk Assessment,” AIChE, New
York, NY (2001).

adrian L. Sepeda, P. E., is president and owner of A. L. Sepeda Consulting

Inc. (Plano, TX; E-mail: [email protected]). He started his consulting
firm after 33 years of service with Occidental Chemical Corp., where
he was director of risk management. His background includes design,
construction, utilities specialist, manufacturing, energy conservation,
and a variety of process-safety-related activities and assignments. His
firm specializes in hazard identification and risk management, process
safety, and incident investigations. He provides consulting services
to AIChE’s CCPS. He also teaches process safety courses for AIChE,
the American Society of Mechanical Engineers, Texas A&M’s Mary
Kay O’Connor Process Safety Center, and private clients. An Emeritus
Member and Fellow of CCPS, he holds a BS in mechanical engineering
from Lamar Univ. and a P.E. license in Texas.

CEP  August 2010  www.aiche.org/cep  33