You are on page 1of 43


2 Plant Integrity and Reliability

• Introduction
• Interdependence of engineering,
engineering operation
and maintenance
• Management of Change (MOC)

Key Business Objective

• We are in business to make money
• Our objective is to run our plants effectively
– with the absolute minimum downtime, both planned
and unplanned,
– producing quality products at the lowest possible life
cycle cost (LCC).
• To produce with an absolute minimum downtime,
plant availability and reliability must be as high as
• Equipment which is not running will not make

Nabil Al-Khirdaji, M.Eng, P.Eng. 1

In-Service Degradation
• General types of degradation mechanisms that can
cause failure of pressure equipment and piping:
– General and localized corrosion and erosion
– Environmentally caused cracking
– Metallurgical aging and degradation
– High temperature degradation and brittle fracture
– Mechanical cracking and damage
– Welding and fabrication flaws
• Anything that will cause materials of construction
to degrade and possibly cause failure of pressure
equipment in service

LPG Storage Sphere Failure

LP Gas storage sphere collapsed while being filled for a hydrostatic
pressure test killing a worker underneath. Support legs had corroded
due to water trapped between insulation and support column.

Nabil Al-Khirdaji, M.Eng, P.Eng. 2

Pressurized Systems
Failures Continue to Occur
• However
However, the reality is that failures,
failures sometimes
catastrophic, continue to occur with significant
• Failures are costly, particularly when they involve
consequential damage and when they reduce
operating times.
– IIn recentt studies
t di off fracture
f i the
in th USA and
dEEurope, the
total loss to the gross economic product of advanced
nations has been estimated to be 4% of GNP.
– They also place at risk operating personnel and
surrounding populations.

All Failures Have Causes

• Failures are not random chance events

events. All failures
have causes, and remedies. We should continue to
identify gaps in our process design, engineering,
fabrication, installation, operation, and maintenance
activities in a timely manner and to take appropriate
measures to prevent failures.
• Failure of an engineering component or structure can
be regarded as arising from incomplete, inaccurate,
or inappropriate information on, or consideration /
handling of, one or more stages of the design.

Nabil Al-Khirdaji, M.Eng, P.Eng. 3

Brittle Fracture of Pressure Vessel
This is an example of brittle fracture caused by using cold water
for a hydrostatic pressure test and then pressurizing vessel.
The temperature of the water caused the metal to become brittle.

Pressure Equipment Integrity and

• Integrity of the process unit means avoiding breaches
of containment
containment, and
• Reliability means avoiding malfunctions of the
pressure equipment that might impact the
performance of the process unit.
• Integrity is a part of the larger issue of pressure
equipment reliability,
reliability since most breaches of
containment will impact reliability.

Nabil Al-Khirdaji, M.Eng, P.Eng. 4

Pressure Equipment Integrity and
• API Committee on Refinery Equipment have
produced a variety of codes and standards to guide
the various stakeholders in maintaining pressure
equipment integrity and reliability, including:
– API 510 Pressure Vessel Inspection Code
– API 570 Piping Inspection Code
– API RP 571 Damage Mechanisms Affecting Fixed Equipment in the
R fi i Industry
Refining I d t
– API RP 572 Inspection Practices for Pressure Vessels
– API RP 573 Inspection of Fired Heaters and Boilers
– API RP 574 Inspection Practices for Piping System Components

Pressure Equipment Integrity and

• API RP 575 Methods for Inspection of Atmospheric and Low Pressure
Storage Tanks
• API RP 576 Inspection of Pressure Relieving Devices
• API RP 577 Welding Inspection and Metallurgy
• API RP 578 Material Verification Program for New and Existing Alloy
Piping Systems
• API RP 579 Fitness for Service
• API RP 580 Risk-Based Inspection
• API RP 581 Risk-Based
Ri k B d IInspection
ti Technology
T h l
• API RP 582 Welding Guidelines for the Chemical, Oil and Gas Industries
• API RP 583 Corrosion Under Insulation (in progress)
• API RP 584 Integrity Operating Windows (in progress)
• API RP 585 Pressure Equipment Failure Investigation (in progress)

Nabil Al-Khirdaji, M.Eng, P.Eng. 5

Technical Integrity - Definition
• "The technical integrity of a facility is
hi d when,h under d specified
ifi d operating
conditions, there is no foreseeable risk of
failure endangering safety of personnel,
environment or asset value".
• The expectation of "nono foreseeable risk"
risk is
realistic considering the following aspects:

Technical Integrity - Definition

– It is under specified operating conditions usually
within the design intent and the operating envelope,
e.g. the maximum allowable operating pressure
(MAWP), not the maximum operating pressure.
– It excludes normal mechanical failures which may
have an effect on "availability" but do not endanger
safety of personnel, environment or asset value.
– It is a system state that should be achieved when
everybody does his or her business right, and that can
be verified by audit

Nabil Al-Khirdaji, M.Eng, P.Eng. 6

Technical Integrity
• Technical integrity not only refers to hardware
h i l andd structural)
t t l) andd software
ft i
issues, but
b t
also to human issues - sound people management.
• Human factor is one of the most critical components
necessary to achieve technical integrity, and integrate
successfully technologies into the human environment.
• Human issues more specifically refer to the intersection
of knowledge, skill and desire.
– Knowledge is the theoretical paradigm: what to do and why.
– Skill is the how to do.
– Desire is the motivation: want to do.

Technical Integrity - Key

Key premises of mechanical integrity include:
– Facilities are designed, operated, and maintained
by qualified competent people,
– Identification and/or validation of the current
condition of critical equipment,
– Identifying
y g and understandingg the degradation
processes and their impacts on the remaining life
of specific equipment/components/systems,
– Using Risk-based decision making to prioritize
equipment inspection and maintenance.

Nabil Al-Khirdaji, M.Eng, P.Eng. 7

Technical Integrity - Responsibility
• T
h i l integrity
i t it isi a common responsibility
ibilit off
Engineering, Operations and Maintenance
notwithstanding the difference in emphasis:
– Engineering is responsible for defining what
constitutes technical integrity (design intent)
while Operations and Maintenance are
responsible for safeguarding technical integrity.
– The ongoing link between the three disciplines is
the design envelope and the application of an
effective management of change (MOC) program.

Technical Integrity – Potential

• The potential threats to mechanical integrity
are in
i the
th area off methodology
th d l andd controls
t l
– The application of inappropriate standards,
– Inappropriate condition assessment,
– Deferred or uncontrolled maintenance and
– Inadequate quality of workmanship

Nabil Al-Khirdaji, M.Eng, P.Eng. 8

Pressure Equipment and Piping
Integrity in Context

Risk Integrity
Management Management
Cost Reliability
St k h ld

• Safetyof the Public, Employees and the Environment

• Reliability for Customers and Suppliers
• Cost Minimization While Maintaining Safety and Reliability
Ref: Pipeline Research Council International, Inc (PRCI)

Engineered Safety - 1
• Engineered safety is a core technology and is a
corner stone of technical integrity.
It includes the following major components:
1. Safety in Design
- Quality Control in Design
- Inherent Safety
2. Safeguarding
3. Technical Safety Audits and Reviews
4. Pre-Startup Audits and Reviews
5. Procedures And Controls

Nabil Al-Khirdaji, M.Eng, P.Eng. 9

Engineered Safety - 2
6. Management Systems
7. Risk Assessment
8. Due Diligence
9. Fitness-For-Service Assessment (Engineering
Critical Assessment)
10. Technology Management
– Regulatory/industrial interface
– Training/staff development
– Gate-keeping and Networking

Mechanical (Structural) Integrity

• Every engineering component, when put in
service, is designed to last a specified period
f d to as Design
D i LifeLif off the
h component.
• Many factors adversely affect the defined life and
lead to failure/premature retirement of the
component from service. Such factors include:
– Unanticipated stresses (residual, services),
– Operation outside designed limit (excessive
t pressure, load
l d cycling),
li )
– Changes in properties/characteristics of process
– Inappropriate repairs/alterations
– Human errors,, etc.

Nabil Al-Khirdaji, M.Eng, P.Eng. 10

Mechanical (Structural) Integrity
On the other hand, some factors may result in
lesser degradation of the component than
premised in its design life, resulting in
component life extension. Such factors
– use of minimum value of mechanical properties
in design (e.g.
(e g actual thickness > nominal)
– conservative operation of unit,
– inaccuracy in data extrapolation,
– overestimation of corrosion effects etc

Mechanical Integrity
• The mechanical integrity of pressure equipment
and piping systems can only be achieved when the
following three inter-dependent criteria are
– The pressure vessels/piping systems are designed
correctly for the specified service conditions,
– They are operated within the design envelope
– They are maintained within the design envelope,
• The degradation processes the pressure system is
subject to are understood, monitored, and trended
and the piping system is fit for continued service

Nabil Al-Khirdaji, M.Eng, P.Eng. 11

Mechanical Integrity



i M i

Operation Mechanical Integrity
Mechanical Integrity

Elements of Technical Integrity

The three main elements of technical integrity
must be considered in every design:
(a) Fitness-for-service. Encompasses not only
suitability for use as specified, but also fitness for other
likely applications – if this cannot be achieved,
measures must be taken to prevent inappropriate use.
(b) Safety. Must be considered in relation to all likely
uses, not only those specified. Risk analyses and
mitigation procedures are required.
(c) Environmental compliance. Production, operation,
maintenance and disposal should all be included in
requirements for environmental compliance

Nabil Al-Khirdaji, M.Eng, P.Eng. 12

Integrity Management (IM)

The application of Qualified Standards,

by Competent People,
using appropriate Processes and Procedures
throughout the plant Life Cycle - from design
through to decommissioning.

Operational Risk
The most effective way
to reduce operational
risk is by identifying
specific areas that need
improvement based on
their contributions to
the overall risk
Equipment Production

Optimization of operational costs requires the “operational risk

profile” of a plant, unit or system to be determined, through
assessing equipment risk, product risk and people risk.

Nabil Al-Khirdaji, M.Eng, P.Eng. 13

Business Management Risk Process
An effective business management risk process will:
• Identify high level hazards and exposures;
• Determine business threats and vulnerabilities;
• Assist in developing strategies and alternatives for
addressing problems identified;
• Enable strategies to be analyzed for cost effectiveness
and degree of risk reduction achievable; and
• Satisfy corporate and due diligence requirements.

Business Management Risk Process

• A structured approach to business management

risk, integrated into the normal corporate planning
and operating processes of a company offers
significant benefits.
• Business management risk should be concerned
with the recognition and management of the
potential for a major loss and the rational
management of that potential.
• Expenditure on risk control over the life of the
facility should be identified as part of the overall
cost of operating a facility.

Nabil Al-Khirdaji, M.Eng, P.Eng. 14

Pressure Systems Risk

Probability of failure consequence of failure

Susceptibility Severity
factor factor

Internal corrosion
Risk to life
External corrosion
Damage to asset
Loss of production
Stress Corrosion Cracking
Cost of failure
Third party damage
Environmental effects
Public image
Loss of ground support

Probability of Failure (POF)

Degradation Loads vs.
Damage Failure Mode
Mechanism Strength

• Corrosion • Pitting • Geometry • Pinhole leak

• Fatigue • Cracks • Material type • Brittle fracture
• Erosion • Wall loss • Stress intensity • Burst
• Creep • Embrittlement • Remaining wall • …..

i POF Consequences

Knowledge of materials and service conditions tells us what failure
mode to expect

Nabil Al-Khirdaji, M.Eng, P.Eng. 15

Containment Losses in a Typical
Refinery/Process Plant

About half of the containment losses can be influenced by inspection activities

Large property losses in the HC-Chemical Industries, 30 year review, M&M Protection Consultants 1992

Root Causes of Plant Catastrophes

• Fail
il to detect
d problems
bl in
reams of data
• Are required to make
hasty interventions
• May be unable to make
consistent responses
• May be unable to
communicate well

When the root causes of the categories “Equipment” and “Process”

are considered, 80% of all incidents are due to human error!

Nabil Al-Khirdaji, M.Eng, P.Eng. 16

Some Relevant Definitions
Strategy of Accident Prevention
Loss Prevention
Prevention of accidents which result in injury to
humans, damage to the environment, loss of
production, damage to equipment, or loss of
An inherent physical or chemical characteristic of
a material, system, process or plant that has the
potential for causing harm.

Some Relevant Definitions

For episodic events
events, risk is a function of probability
and consequence.
Risk Analysis
Qualitative or Quantitative estimate of risk
Risk Assessment
Results of risk analysis are used to make decisions

Nabil Al-Khirdaji, M.Eng, P.Eng. 17

What is Risk?
• Risks have three components:
1 A ffuture
1. t roott cause (yet
( t to
t happen),
h ) which,
hi h if
eliminated or corrected, would prevent a potential
consequence from occurring,
2. A probability (or likelihood) assessed at the present
time of that future root cause occurring, and
3 The consequence (or effect) of that future
• A future root cause is the most basic reason for the
presence of a risk. Accordingly, risks should be tied
to future root causes and their effects.

Risk Management Process

The risk management process is continuously accomplished
throughout the life cycle of a system.

What can Risk

go wrong? Identification

How big is Risk Risk How are

the risk? Analysis Tracking things going?

How to Risk Risk How to

mitigate Mitigation Mitigation Plan implement risk
the risk? Planning Implementation mitigation plan

Nabil Al-Khirdaji, M.Eng, P.Eng. 18

Loss Prevention
ORGANIZATION – Policies, Standards, Systems, Culture

Safety Management

Acceptable Risk

Risk Management

Safety in Design

Reliable Operation

Risk-Based Maintenance

Typical Plant High-Risk Items - 1

• Inherent design or materials shortfalls (avoidable)
– IInadequate
d t or no postt weld
ld stress
t relief
li f
– Material not suitable for service
– Material’s aged properties differs from manufacturers data
– Design incorporates localized highly strained area
– Incorrect heat treatment
– Formation of crevices inherent in the design
– Inability to clean equipment effectively, e.g. heat
– Dissimilar metal welds in critical areas of unit

Nabil Al-Khirdaji, M.Eng, P.Eng. 19

Typical Plant High-Risk Items - 2
• Inability to effectively inspect equipment (no
access for inspection).
• Inappropriate corrosion protection, passivation,
• Inspection tasks were often not aligned with
degradation mechanism
• Inadequate plant change control
• Improper maintenance/repair practices
• The root cause of failures was frequently not well
understood & remedial actions tended to address
symptom rather than cause

Know the Condition of the Facilities

Knowing the details is the essence of being thorough

Nabil Al-Khirdaji, M.Eng, P.Eng. 20

Causes of Premature Fracture Influenced
by Corrosion of a Pressure Component
Tensile stress at metal surface
Service - Heat treatment
L di - Fabrication and assembly Environment
Pre-existing flaws
Protective systems
Pressure component
Localized General
corrosion corrosion

Stress-corrosion cracking Hydrogen

Corrosion fatigue (metallurgical susceptibility, stress cracking Tensile
(cyclic loading) static tensile loading) (static tensile overload


Brittle Fracture Triangle


Low Toughness material

Nabil Al-Khirdaji, M.Eng, P.Eng. 21

Crack Crack-like Defects
• If the material toughness is known … there is
a relation
l ti between
b t crackk length
l th (a)
( ) andd tensile
t il
stress (σ).
• For example, KI = Stress intensity…

KI = σ Y√(π
Y√( a))

Y is a geometry factor

Typical S-N Diagram For

Medium Strength Steel

Nabil Al-Khirdaji, M.Eng, P.Eng. 22

Maintenance Schedule Based on Crack
Length vs. Fatigue Life Curves
Maintenance schedules can be developed from crack length vs.
(a N) curves.
fatigue life (a-N) curves
Critical crack length acr is determined based on KIc and maximum
design stress

acr Catastrophic failure

The time till repair is determined
consideringg an appropriate
pp p factor
of safety i.e., ar = acr/(FS). Repair needed
Remaining loading cycles before Inspection
repair are determined from ai and ai
Loading cycles, N

Asset Utilization
We make money only when the equipment is running

Planned Unscheduled
fully functional
Maintenance Maintenance
Making $

Scheduled Repairs Unscheduled Repairs

Maintenance is an integral component of optimum asset performance.

The question is not IF but WHEN we will do the appropriate (what and
how) maintenance.

Nabil Al-Khirdaji, M.Eng, P.Eng. 23

Elements of Mechanical Integrity
The four main elements of mechanical integrity
must be considered in every design:
( ) Fitness-for-service.
(a) Fit f i E
Encompasses not only
suitability for use as specified, but also fitness for other
likely applications – if this cannot be achieved,
measures must be taken to prevent inappropriate use.
(b) Safety. Must be considered in relation to all likely
uses, not only those specified. Risk analyses and
mitigation procedures are required.
(c) Regulatory compliance
compliance. Full compliance with
applicable Regulations, Codes and Standards is the
minimum requirement
(d) Environmental compliance. Production, operation,
maintenance and disposal should all be included in
requirements for environmental compliance

Process Safety Management

OSHA Standard 29 CFR 1910.119
1. Employee Participation 8. Mechanical Integrity
2. Process Safety 9. Hot Work Program
Information (PSI)
10. Management of Change
3. Process Hazard Analysis (MOC)
4. Operating Procedures 11. Incident Investigation
5. Training
i i 12 Emergency Planning and
6. Contractor Safety Response
7. Pre-Startup Safety 13. Compliance Audits
Review 14. Trade Secrets

Nabil Al-Khirdaji, M.Eng, P.Eng. 24

Mechanical Integrity - OSHA
29 CFR 1910.119(j)
What is Mechanical Integrity?
Activities to provide assurance that mechanical
equipment is designed, fabricated, procured,
installed, and maintained in a manner
appropriate for its intended application.

Mechanical Integrity - Paragraph (j)

Regulatory Intent
• Replace the “breakdown” maintenance philosophy
with an on-going equipment integrity philosophy
that ensures that process equipment and
instrumentation are designed, constructed,
installed, and maintained to minimize the risk of
hazardous releases.
• A strong mechanical integrity program and proper
operations form the first line of defense against
accidental releases from process equipment


Nabil Al-Khirdaji, M.Eng, P.Eng. 25

Key Activities to Cover in a
Mechanical Integrity Program
• Construction/installation
• Inspection and testing
• Contractor management
• Material acquisition, stores, and issue
• E i
i (design)
(d i )
• Fabrication
• Repair

Equipment Failures
Equipment Equipment Failure Failure Detection
Category Types Mode Cause Method
Pumps, Premature Excessive Force Vibration and Lube
Bearing Loss Analysis
Rotating Motors,
Machinery Compressors, Over/Under or Spectrographic &
Blowers Lubrication Improper Lube. Ferrographic
Failure Heat & Moisture analysis
Motors, Time/Resistance
Insulation Failure Heat, Moisture Tests, I/R Scans,
Electrical Cable,
Oil Analysis
Equipment Starters,
Corona Discharge
g Moisture, Splice
p Ultrasound
Transformers Methods
Heat Transfer Exchangers, Sediment/ Heat Transfer
Equipment Condensers Fouling Material Buildup Calculations

Containment Tanks, Corrosion Meters,

and Transfer Corrosion Chemical attack Thickness Checks
Equipment Reactors Stress Cracks Metal Fatigue Acoustic Emission

Nabil Al-Khirdaji, M.Eng, P.Eng. 26

Analysis of Equipment Failures
Cause Hum Mech Inst Elec Des Cor Eros Cold Oth U/K Tot %

Column 0 2 0 0 0 0 0 0 0 0 2 0
Compr 1 1 1 0 0 0 1 0 0 0 4 1
Heater 29 20 8 0 4 2 0 0 0 16 79 1
H.Exch 8 22 0 0 0 5 0 0 0 0 35
Pipeline 12 5 0 0 1 5 0 0 0 0 26 4
Piping 102 67 5 0 26 26 1 1 0 7 235 36
Pump 3 477 1 0 1 1 0 0 0 3 56 9
Tank 32 9 6 0 2 4 0 9 0 12 74 11
Transp 12 1 0 0 0 1 0 0 0 1 15 2
Vessel 47 16 6 2 11 4 0 0 0 5 91 14
Other 12 3 0 2 4 0 0 1 0 4 26 4
U/K 0 0 0 0 0 0 0 0 0 10 10 2
TOTAL 258 193 27 4 49 48 2 11 1 60 653
PERCENT 39 30 4 1 8 7 0 2 0 9

Pressure Vessels & Piping Failure

Pressure vessels and

piping failures occur
in plants around the
world, resulting at
times in catastrophic
q and
loss of life.

The origin of the initiating defect (115mm long crack at the fillet weld)
was thought to be hydrogen cracking in the HAZ of the fillet weld.

Nabil Al-Khirdaji, M.Eng, P.Eng. 27

Over/Under Pressure Relief
Required for System Safety
This incident demonstrates the need for ensuring that
s stems are adequately
systems adeq atel designed and that their press
res are
controlled within design parameters.
The general-purpose tank car
was being steam cleaned in
preparation for maintenance.
The jjob was still in progress
p g at
the end of the shift so the
employee cleaning the car
decided to block in the steam.
The railcar had no vacuum relief so as it cooled, the steam
condensed and the car imploded.

Piping Support Failure

Why Did it Happen?

Nabil Al-Khirdaji, M.Eng, P.Eng. 28

Piping Support Failure
Why Did it Happen?

Governing Regulations, Codes

And Standards
• All aspects of plant design,
design construction and
operation are subject to regulations that must be
complied with.
• Full compliance with regulatory requirements is
the minimum level of compliance.
• Codes and regulations cannot cover every detail
d aspect off plant
l design
d i andd operationi even
though these codes and regulations are continually
updated and clarified with interpretations and

Nabil Al-Khirdaji, M.Eng, P.Eng. 29

Plant Safety and Reliability
• Inherent safety and operational reliability are
intimately related and closely linked,
linked and are largely
determined during the early design phase.
• Work processes used to deal with process hazard
analysis are similar to those for reliability analysis.
Synergistically merging these two analyses leads to a
safer and more
reliable plant design than would be
likely by performing them separately.

Risk-Based Inspection
Rigorous system for managing pressure equipment risks
- Anticipate future problems -
Identify Future risks and opportunities
Knowledge & Understanding
• Design (& Change) envelope
• Service conditions
• Damage mechanisms of Failure
• Inspection / maintenance history RISK
• Failure mechanisms / rates Consequence
• Defects types & characteristics
of Failure
• Criticality
• Probability of Detection Optimum Inspection
• Impacts of failure

Design & Operations


Nabil Al-Khirdaji, M.Eng, P.Eng. 30

RBI Methodology
Data HAZOP Risk
Collection Studyy Matrix

Preparation High-Risk
RISK Scenarios
Mechanism Consequence
Assessment Assessment Inspection

-Thinning Software Inspection

- Creep Program
- Fatigue
- Embrittlement Decision-

Risk Tolerability – ALARP*

Run/Repair/Replace Decision

Not Replace
Risk Levels Economic
asing risk

Tolerable if it can Repair/

be demonstrated that Rerate
the risk is ALARP (i.e. not
bl tot lower
l it ffurther)
th ) Technical

Generally Tolerable to
or Run
Negligible Risk

*ALARP = As Low As Reasonably Practicable

Nabil Al-Khirdaji, M.Eng, P.Eng. 31

NDT Reliability
• Non-destructive Testing (NDT) reliability may be
defined as 'the probability of detecting a crack in a
given size group under the inspection conditions
and procedures specified'
• The underlying statistical parameter is the Probability
of Detection (PoD), which has become the accepted
formal measure of quantifying NDT reliability.
• The PoD is usually expressed as a function of flaw
size ((i.e. length
g or depth),
p ), although
g in realityy it is a
function of many other physical and operational
parameters, such as, the material, the geometry, the
flaw type, the NDT method, the testing conditions
and the NDT personnel (e.g. their certification,
education and experience).

NDT Reliability
• Repeat inspections of the same flaw size or the same
yp will not necessarily
flaw type y result in consistent hit
or miss indications. Hence there is a spread of
detection results for each flaw size and flaw type and
this is precisely why the detection capability is
expressed in statistical terms such as the PoD.
• In order to ensure the structural integrity of critical
components it was becoming more evident that
instead of asking the question ‘…what
what is the smallest
flaw that can be detected by an NDT method?’ it was
more appropriate, from a fracture mechanics point of
view, to ask ‘…what is the largest flaw that can be

Nabil Al-Khirdaji, M.Eng, P.Eng. 32

Management of Change
• In industry, as elsewhere, change often brings
progress But if not properly managed
progress. managed, it can increase
risks that may lead to:
– injuries,
– property damage,
– even death.
• “Managing Change” is essential to safe plant

Management of Change
• Continued plant integrity needs to be upheld by
adequate maintenance,
maintenance inspection and avoidance of
unauthorised design or operational changes.
• To avoid hazards caused by modifications, any
proposal for change must be identified, technically
investigated by competent personnel, and formally
• Modifications
difi i should
h ld be b designed,
d i d constructed, d
inspected, tested to verify compliance with design
intent and should be maintained at least to the standard
of the design criteria required by the process.

Nabil Al-Khirdaji, M.Eng, P.Eng. 33

Management of Change – A Key
Component of Technical Integrity
• Technical integrity is a common responsibility
of Engineering
Engineering, Operations and Maintenance
notwithstanding the difference in emphasis:
– Engineering is responsible for defining what
constitutes technical integrity (design intent)
– Operations and Maintenance are responsible for
safeguarding technical integrity.
• The ongoing link between the three disciplines
is the application of an effective management
of change (MOC) program.

Definition of Change
Change may be defined as:
– A modification
difi ti made d tot an existing
i ti unit
it off plant,
l t
system, organization or entity from its current
design or state.
– A change may be permanent or temporary, cost
nothing or cost millions.
– It would normally exclude normal repairs or other
ti iti to
t restore
t the
th original
i i l functionality
f ti lit andd
the replacement of like with like. In some cases,
however, repair in kind may constitute a change, or
it may result in the loss of an opportunity for

Nabil Al-Khirdaji, M.Eng, P.Eng. 34

What Constitutes a Change?
A change in any of the following aspects of a
plant constitutes a change:
– Physical facilities
– Procedures and resource materials
– Maintenance activities and methodologies
– Operating conditions
– P
Process controll methodologies
h d l i
– Staffing and personnel

Basics of Management of Change

• Provide written procedures to manage change

to process chemicals,
chemicals technology,
technology equipment,
and procedures, and changes to facilities that
affect a covered process
• Verify that employees in operations and
maintenance are trained accordingly
• Provide
P id evidence
id that
h changes
h are documented
d d

Nabil Al-Khirdaji, M.Eng, P.Eng. 35

Management of Change Workflow
P&IDs Plant Safety database
d HAZOP study
t d

Compare and HAZOP

Proposed Modify Identify new cause-
modification P&IDs Hazards consequences

Engineering Safety
approval approval

Final approval
Permit to work

Process Safety Management

(OSHA Appendix C, 1910.119)

1. Introduction 2. Employee
p y 3. Process 4. Process
to PSM involvement Safety Hazard
in PSM Information Analysis
5. Operating 6. Employee 7. Contractors 8. Pre-startup
procedures training Safety
and practices
9. Mechanical 10. Non-routine 11. Managing 12. Investigation
integrity work Change of incidents
13. Emergency 14. Compliance
preparedness audits

Nabil Al-Khirdaji, M.Eng, P.Eng. 36

Process Safety Management
OSHA 1910.119, “Process Safety Management of
Highly Hazardous Chemicals
The regulation was established to cover a number of
industries for processes involving flammables (>5
tons) and ≈ 140 toxic and reactive chemicals.
Requirements include:
1. Conducting g process
p hazard analyses
y in the work
place to identify and control hazards and
minimize consequences of major accidents and
catastrophic releases.

Process Safety Management (PSM)

Regulation 29 CFR 1910.119
Appendix l Management of Change (MOC). (MOC)
1. The employer shall establish and
implement written procedures to manage
changes (except for "replacements in kind")
to process chemicals, technology,
equipment and procedures; and changes to
facilities that affect a covered process

Nabil Al-Khirdaji, M.Eng, P.Eng. 37

Process Safety Management (PSM)
Regulation 29 CFR 1910.119
2. The procedures shall assure that the following
considerations are addressed prior to any change:
(i) The technical basis for the proposed change;
(ii) Impact of change on safety and health;
(iii)Modifications to operating procedures;
(iv)Necessary time period for the change; and,
(v) Authorization requirements for proposed change.

Process Safety Management (PSM)

Regulation 29 CFR 1910.119
5. If a change covered by this paragraph results in
a change
h i the
in th operating
ti procedures
d or
practices required by paragraph (f), such
procedures or practices shall be updated

Nabil Al-Khirdaji, M.Eng, P.Eng. 38

Examples of Changes to Facilities
Requiring MOC - 1
• Changes to pressure relief devices such as adjusting
valve settings or relieving capacity;
• Non-routine changes to instrumentation, control loops
or computer programs like changing the range of
transmitters or control-valve failure positions;
• Structural changes to a unit or facility including
h in
i access roads,
d manways, ladders
l dd or stairs;
• Changes to fire protection, emergency response or
other safety systems;

Examples of Changes to Facilities

Requiring MOC - 2
• Any replacement of equipment or components,
piping, instruments or electrical components that's
not an "in kind" replacement;
• All temporary facilities and connections including
pipe clamps, temporary pipe, hoses, temporary
utility connections and temporary electrical
equipment or connections;
• Any change in safety alarm settings, interlocks,
process or equipment trips, or in the testing or
calibration frequency or standards of those devices.

Nabil Al-Khirdaji, M.Eng, P.Eng. 39

OSHA PSM Citations

MOC Requirements (EPA)

MOC p procedures Employees

p y Update
p Update
p operating
p g
must address: affected by the process safety procedures if:
change must: information if:
• Impact on safety and • Be informed of • A change • A change
health the change before covered by MOC covered by MOC
• Modifications to startup procedures results procedures results
operating procedures • Trained in the in a change in and in a change in any
• Necessary time change before PSI required under operating
i d for
f the
th change
h startup EPA’ss rule (see
EPA procedure required
#67.65) under EPA’s rule
• Authorization (see #67.69)
requirements for
proposed change
• Technical basis for
the change

Nabil Al-Khirdaji, M.Eng, P.Eng. 40

MOC – Is Your Plant on the Right Path?
• Do you have procedures in place to handle change?
Do they define what “change”
change is?
• Do you use hazard analysis techniques, such as
HAZOP or What-If/Checklist to evaluate changes?
• How will change affect the other areas of your
process safety management program, such as:
– Mechanical Integrity
g y ((MI),
– Process Safety Information (PSI), and
– Hot Work Permit (HWP)?
• Do your employees comprehend and follow MOC

Management of Change Audit

(Ref: API 581 Annex A)
Possible Actual
Score Score
1 Does the facility have a written Management of Change procedure that 9
must be followed whenever new facilities are added or changes are
made to a process?
Are authorization procedures clearly stated and at an appropriate level? 5
2 Do the following types of “changes” invoke the Management of Change
a. Physical
y changes
g to the facility,
y, other than replacement
p in kind 4
(expansions, equipment modifications, instrument or alarm system
revisions, etc.).
b. Changes in process chemicals (feedstocks, catalysts, solvents, etc.). 4
c. Changes in process conditions (operating temperatures, pressures, 4
production rates, etc.).
d. Significant changes in operating procedures (startup or shutdown 4
sequences, unit staffing level or assignments, etc.).

Nabil Al-Khirdaji, M.Eng, P.Eng. 41

Possible Actual
Score Score
3 Is there a clear understanding at the facility of what constitutes a 5
“temporary change?”
a. Does Management of Change handle temporary changes as well as 4
permanent changes?
b. Are items that are installed as “temporary” tracked to ensure that they 5
are either removed after a reasonable period of time or reclassified as
4 Do the Management of Change procedures specifically require the
following actions whenever a change is made to a process?
a. Require an appropriate Process Hazard Analysis for the unit. 3
b. Update all affected operating procedures. 3
c. Update all affected maintenance programs and inspection schedules. 3
d Modify P&IDs
d. P&IDs, statement of operating limits
limits, Material Safety Data 3
Sheets, and any other process safety information affected.
e. Notify all process and maintenance employees who work in the area 3
of the change, and provide training as required.
f. Notify all contractors affected by the change. 3
g. Review the effect of the proposed change on all separate but 3
interrelated upstream and downstream facilities.

Management of Change Audit

(Ref: API 581 Annex A)


When changes are made in the process or operating procedures,

are there written procedures requiring that the impact of these
changes on the equipment and materials of construction be
5 10
reviewed to determine whether they will cause any increased rate
of deterioration or failure, or will result in different failure
mechanisms in the process equipment?
When the equipment or materials of construction are changed
through replacement or maintenance items, is there a system in
6 5
place to formally review any metallurgical change to ensure that
the new material is suitable for the process?

Total Points 80

Nabil Al-Khirdaji, M.Eng, P.Eng. 42

Safety and Reliability
• A Safe Facility is Inherently More Reliable

• A Reliable Facility is Inherently More Safe

• Safety is Good Business

Nabil Al-Khirdaji, M.Eng, P.Eng. 43