A CEP Preprint

2010 AIChE

Back to Basics

Understanding Process
Safety Management
A structured risk-based approach
defines the pathways to successful
implementation of process safety
management objectives
Adrian L. Sepeda
A. L. Sepeda Consulting Inc.

rocess safety and process safety management systems

touch almost every aspect of designing, constructing, operating, maintaining, modifying, and closing
a manufacturing site. With requirements and regulatory
obligations that are often difficult to understand and hard to
implement, this field may seem extremely complex to the
inexperienced engineer.
Process safety management (PSM) has a variety of
meanings and purposes. AIChEs Center for Chemical
Process Safety (CCPS) defines PSM as a management
system that is focused on prevention of, preparedness for,
mitigation of, response to, and restoration from catastrophic
releases of chemicals or energy from a process associated
with a facility (1). History has shown that a lack of, an
ignorance of, or an improper or inadequate implementation
of a suitable PSM program can be disastrous. The events
that occurred in Flixborough, England, and Bhopal, India,
exemplify this point.
This article outlines the concepts and tools that are
needed to develop, implement, audit, and manage a riskbased PSM system. It does so using a structured approach

COMMIT TO
PROCESS SAFETY

UNDERSTAND
HAZARDS
AND RISK

that can be compared to constructing a building. The first

step in erecting a building is to lay a foundation. Similarly,
risk-based PSM systems are built on a foundation of four
key components (Figure 1):
1. Commit to Process Safety
2. Understand Hazards and Risk
3. Manage Risks
4. Learn from Experience
These four foundation blocks support 20 process-safetyrelated tools and areas of expertise that form a structurally
sound, risk-based PSM program.

Commit to process safety

This foundation block involves words, actions, demonstration, and support. It starts with developing and sustaining
a culture that encourages, embraces, and supports process
safety. The commitment exists at all levels of an organization and in every individual at every facility. It permeates the
attitude and work ethic of every employee. Commitment to
process safety includes understanding, implementing, and
complying with applicable laws, regulations, standards, and

MANAGE RISK

LEARN FROM
EXPERIENCE

p Figure 1. An effective risk-based PSM program is built on a strong foundation consisting of a commitment to process safety, an understanding of hazards
and risk, appropriate risk management measures, and continual learning from experience.

26

www.aiche.org/cep August 2010 CEP

Process Safety Competency

Compliance with Standards

u Figure 2. The Commit to

Process Safety foundation block
supports five pillars related to
company culture, practices and
behaviors.

Stakeholder Outreach

Workforce Involvement

develop and implement an appropriate

management system
that ensures compliance
actions remain effective
install an audit
system and distribute audit
reports to the appropriate
individuals to ensure they
are notified of the actions
required for continuous
compliance.
3. Process Safety Competency encompasses three
COMMIT TO
related actions:
PROCESS SAFETY
continuously
improving knowledge and
proficiency
ensuring that appropriate information is available to
people who need it when they need it
consistently applying what has been learned.
This often requires assessing the availability of information, gathering knowledge and lessons learned from external
sources, customizing and disseminating that information
for use throughout your organization, updating documentation as needed, implementing document control procedures,
and conducting periodic training to institutionalize the new
information.
Process safety competency is achieved when every
person in the organization knows his or her process safety
responsibilities and is empowered to assume them.
4. Workforce Involvement. The fourth pillar recognizes
that PSM must span from the lowest job level up to the top
of the corporate ladder. Every level between must be educated, involved, and empowered.
Process Safety Culture

accepted codes of recommended practices.

As shown in Figure 2, the Commit to Process Safety
foundation block supports five pillars.
1. Process Safety Culture is the combination of group
values and behaviors that determine the manner in which
process safety is managed. The culture can range from
undesirable, with uncontrolled and unknown risk-taking, to
desirable, where risks are identified and managed. Culture
starts at the top of the organization and requires support,
understanding, and adaptation at every level. Culture must
constantly be reviewed, reinforced, and enhanced to ensure
it is consistent. This is done by:
constantly maintaining a sense of vulnerability and
avoiding complacency
empowering individuals to successfully fulfill their
process safety responsibilities
maintaining a sufficient level of expertise
establishing and maintaining an open and effective
communication system
establishing and fostering a questioning and learning
environment
gaining and maintaining trust throughout the
organization
ensuring prompt and timely responses to process safety
issues and concerns.
2. Compliance with Standards. This pillar involves
identifying the standards that apply to your operation, understanding and implementing those standards, and auditing
against the standards to ensure adherence, effectiveness, and
continuous improvement. Standards come in many forms,
including voluntary industry standards, such as American
Petroleum Institute Recommended Practices (e.g., API
RP 752, which relates to the siting and protection of people
in buildings), and consensus codes, such as those developed
by the National Fire Protection Association (e.g., NFPA 921:
Guide for Fire and Explosion Investigations). Other standards are mandatory, such as U.S. federal, state, and/or local
laws and regulations (e.g., 29 CFR 1910.119, the Occupational Safety and Health Administrations [OSHA] standard
for the management of process safety), and international
laws and regulations, such as the European Commission
Seveso II Directive, which involves the control of major
accident hazards involving dangerous substances.
Standards-compliance activities may be managed by
various groups within an organization, which must:
ensure that a consistent and appropriate understanding
of the standard exists and that a matching implementation
strategy is developed and is followed
implement a methodology for determining which standard requires compliance and by when
involve the right people with the needed competencies
at the right time

The Center for Chemical

Process Safety
Formed in 1985 after the Bhopal
tragedy, AIChEs Center for Chemical Process Safety
(CCPS) has provided leadership and technical support
in an effort to eliminate process-safety-related incidents.
CCPSs most advanced approach is embodied in its
book, Guidelines for Risk Based Process Safety (1).
This article is based on the risk-based approach to
process safety.

CEP August 2010 www.aiche.org/cep

27

Back to Basics

u Figure 3. The Understand Hazards and Risk

foundation element serves as a basis for two pillars
involving process knowledge and hazard identification.

28

www.aiche.org/cep August 2010 CEP

Hazard Identification and Risk Analysis

Understand hazards and risk

There is an important difference
between a hazard and a risk. A hazard is
defined as chemical or physical conditions
that have the potential for causing harm
to people, property, or the environment,
whereas risk is defined as the combination

Process Knowledge Management

The people who operate and maintain the equipment

are the front line of defense and the first layer of protection
against catastrophic events. If these people are not educated
in PSM, this level of protection is lost. Likewise, those who
make resource decisions must also be educated to understand what needs must be met to maintain an effective PSM
system. Workforce involvement includes not only employees, but contractors as well.
A written action plan should be developed that summarizes the PSM requirements and captures the knowledge of
those responsible for implementing PSM on the front lines.
Such plans often become stagnant and ignored. Therefore,
involving the front-line workforce in addressing processsafety-related problems capitalizes on their expertise they
often have valuable insight into how problems can be solved
with the resources available.
5. Stakeholder Outreach is comprised of three activities:
seeking out individuals or organizations that can be
affected by company operations and engaging them in a
dialogue about process safety
establishing a relationship with community organizations, other companies, professional groups, and local, state,
and federal authorities
providing accurate information about the company and
the facilitys products, processes, plans, hazards, risks, and
how they are managed.
A company should use stakeholder outreach to secure
and continuously renew its political license to operate in the
community. Effective outreach can move the community
from merely tolerating the presence of the facility to appreciating its presence as a trusted and valuable
contributor.
Outreach is not solely the responsibility
of management or the corporate public relations staff. In fact, members of the community may find representatives of the local,
operational work force their neighbors
more believable. In some situations,
when management talks, people listen, but
when the front-line workers talk, people
believe.

UNDERSTAND
HAZARDS
AND RISK

of three attributes: what can go wrong, how bad it could be,

and how often it might happen (1).
The Understand Hazards and Risk foundation block supports two pillars (Figure 3).
1. Process Knowledge Management. This pillar requires
one or more of the following types of information:
Chemical Hazard Information. Each chemical has
hazards that must be identified, understood, and managed.
Hazard information is often supplied in Material Safety Data
Sheets (MSDS). Care should be taken to ensure the MSDSs
are current and accurate.
Process Technology Information. Each process is built
around a specific technology, which must be characterized,
understood, and managed. Process technology information is
usually contained in the original design documentation, but
the design may change over time. An effective management
of change (MOC) program should be in place to keep the
process technology information current and accurate.
Process Equipment Information. Each piece of equipment in the facility has defined specifications, safe operating
limitations, and approved uses. For example, the specifications for a centrifugal pump include impeller size, inlet and
outlet piping connections, size and pressure ratings of the
flanges, materials of construction, etc. These data must be
updated when equipment is modified or replaced.
All of this information must be shared with those who
need it to do their job safely. In addition to ensuring that
these data exist, the facility must have a validated method
ology to ensure that those who need to know actually have
the information when needed.
2. Hazard Identification and Risk Analysis. This pillar
is also referred to as process hazards analysis (PHA). The
most common PHA methodologies are scenario-based, and
include (2):
What-if Analysis. In this free-form brainstorming
approach, a group of experienced participants repeatedly
asks the question What if? and then discusses the hazards that might be uncovered in the answers to the question.
What-if/Checklist Analysis. This structured brainstorming approach combines the creative features of What if?
with a checklist to make sure the questioning is pertinent to
the potential hazards.
Hazard and Operability (HAZOP) Analysis. This systematic technique identifies potential hazards and operational
problems that could result from deviations from the process
design intent. A specific section (or node) of the process flow
diagram is selected for analysis. Scenarios are constructed by
combining specific guide words (e.g., no, less, more, reverse,
etc.) with various process parameters (e.g., flow, temperature,
pressure, level, etc.) to form the basis for exploring hypothetical conditions such as more pressure or reverse flow.
When a hazard is identified, the group generates one or more

a high level of precision, so semi-quantitative values are

sometimes used instead.
Many companies use a two-dimensional risk matrix
(Figure 4) to characterize risk. One axis represents the
probability that a certain event will occur and the other axis
represents the expected consequences. Each level on the
probability and consequence axes must be defined, which is
often done semi-quantitatively using a scale of 1 = very low
to 5 = very high. Each cell within the risk matrix captures
the probability and consequence of a specific event i.e.,
the risk. The risk of one event can then be compared to preestablished levels of tolerability for risk, and the appropriate
risk-reduction measures taken.

Manage risk
Risks can be managed only after hazards have been
identified and translated into risks and the potential impacts
on the safety and viability of the facility characterized. Once
the range of impacts is known, the risks can be compared
and prioritized and the available risk-management resources
allocated accordingly.

The Manage Risk foundation block supports nine
pillars (Figure 5).

1. Operating Procedures are (usually written) instructions that list the steps for a given task and describe the
manner and order in which those steps are to be performed.
Written and enforced procedures are necessary to manage
the risks associated with operating a manufacturing process.
Good operating procedures also describe the process,
the hazards, the tools needed, the protective equipment
C

Probability

recommendations to address the issue. Then it moves on to

another question. After all meaningful questions associated
with that node are asked and answered, the team repeats the
procedure for the next node, and so on until the entire flow
diagram has been analyzed.
Failure Modes and Effects Analysis (FMEA). This
approach determines the ways that each piece of equipment
in the process could fail and the most likely consequences if
that were to happen. If the consequences are unacceptable,
then risk-reduction plans are developed. These plans could
reduce the probability of failure, its likely consequences, or
both. FMEA is similar to HAZOP in that questions relating
to deviations are asked and answered. Instead of moving
from one process node to another node, however, the team
moves from one piece of equipment to another.
Fault Tree Analysis. This deductive technique focuses
on one particular incident or failure at a time and backtracks
through all the events leading to that failure to determine the
potential causes. A fault tree is a graphical model that uses
standard symbols to display the combinations of failures and
failure pathways that could result in a significant event of
concern called the top event. Since this technique starts
with a failure, it is often used for incident investigations.
Event Tree Analysis. This graphical technique starts
with an initiating cause, and then determines all of the possible outcomes that could result from the success or failure
of protective systems. It is typically used to identify incidents that might occur in more-complex processes.
Cause-Consequence Analysis. This method combines the
inductive reasoning used in event tree analysis with the deductive reasoning of fault tree analysis. A cause-consequence
analysis generates a diagram that describes incident sequences
and descriptions of possible outcomes of those incidents.
These techniques identify and analyze hazards. The
hazards must then be translated into risks before a riskmanagement program can be implemented.
Risk is an expression of the probability that an event will
occur combined with the consequences if it does. Normally,
these elements are independent for process-related risks.
However, if the risk relates to security, probability and
consequence are not independent because the higher the
consequence, the more attractive the event is to someone
intent on causing harm and the higher its probability (3).
Risks need to be clearly and accurately characterized so that
they can be properly prioritized.
Risks may be expressed qualitatively or quantitatively.
Quantitative risk assessment is more accurate than qualitative risk assessment, but it requires more expertise, takes
more time, and is more expensive. A quantitative risk assessment requires numerical values for both the probability that
a certain event may occur and the consequences that would
result if it did. It is often difficult to obtain these values with

t Figure 4. An example
of a risk matrix, in which
the x axis represents
consequence severity
(1 = very low to 5 = most
severe), and the y axis
represents probability
(1 = very low to 5 = very
high). The letter in each
cell indicates the level
of risk and defines the
appropriate risk-management strategy.

Consequence

Risk Level and Response

A = Tolerable risk; no action required
B = Low risk, but watch closely
C = Questionable risk; look into inexpensive risk-reduction measures; watch
closely for changes
D = Intolerable risk; consider risk-reduction measures; report status to safety
officers
E = Very intolerable risk; Immediate action required to reduce risk at least one
level; report to safety officers until permanently lowered at least one level

CEP August 2010 www.aiche.org/cep

29

Emergency Management

Conduct of Operations

Operational Readiness

Management of Change

Training and Performance Assurance

Contractor Management

Asset Integrity and Reliability

Safe Work Practices

Operating Procedures

Back to Basics

MANAGE RISK

p Figure 5. The Manage Risk foundation block supports nine pillars,

encompassing a range of critical management and operational practices.

required, and the control system employed to manage the

process and the risks (1).
Operating procedures are usually more accurate, generally accepted, and followed more closely when they are
developed jointly by operators and process engineers who
have a high degree of involvement and knowledge of process operations. Changes to operating procedures should be
closely monitored and approved through a management of
change (MOC) process, just as any physical equipment or
process change would be (1).
2. Safe Work Practices are the documents, actions, and
routines that fill the void between operating procedures and
maintenance procedures (1). Safe work practices are usually
established for repeatable tasks, such as hot work, electrical
lockouts, confined-space entry, and elevated work requiring
fall protection. Some of these tasks are performed regularly,
whereas others may done intermittently. They are not part of
the manufacturing process, and usually require a permit issued
by the safety and/or the manufacturing department because
they are not fully described in an operating procedure. Safe
work practices are important because such tasks may present
new hazards not encountered during normal operations.
3. Asset Integrity and Reliability. This pillar involves the
use of procedures, work orders, and management oversight
to ensure that equipment is properly designed, installed,
and maintained to remain fit for service until removed
and/or retired. Reliability is performance as expected on
30

www.aiche.org/cep August 2010 CEP

demand. Reliability usually follows or is a result of proper

asset integrity. Each company should have an asset integrity
and reliability policy, and each operating facility should have
a matching procedure.
4. Contractor Management. Contractors, i.e., noncompany employees with specific skills who perform
specific targeted assignments, need to be educated and managed so that they are fully aware of the hazards the facility
presents to them in their jobs and that they do not present
new unaddressed hazards to the facility.
Contractors must be educated about the facility, how
it works, what it does, and the hazards it presents to them
while doing their work. Conversely, the contractor must
educate the facility personnel about the hazards they may be
bringing onto the site and how their jobs might change the
existing hazards and established risk-management system.
Contract personnel should be held to the same safety
standard as company employees. Furthermore, the facility
and contracting companies should participate in annual performance and safety reviews to exchange information and
ideas and resolve ongoing issues.
5. Training and Performance Assurance. This pillar is
the tool that gives employees and contractors the understanding they need to do their jobs safely. Training can be
general, such as what to do when the emergency alarm
sounds, or it can be specific, defining exactly how to operate
or repair a particular piece of equipment.
Unlike some undergraduate classes, where an exam score
of 80% is often considered passing, safety training requires
mastery of all of the course content. Anything less than
100% is unacceptable and indicates a need for retraining.
Front-line operations personnel often make the best
trainers, because they can blend their expertise with their
real-world experiences.
6. Management of Change. MOC may be the most important tool for keeping a facility safe. In the absence of change,
even unsafe operations eventually improve, simply because
the unsafe conditions manifest themselves and are addressed.
However, when changes are made, it may be virtually impossible for such a natural reduction in risk to occur, because the
hazards are changing and they may be compounding.
To manage change, it must be recognized, then analyzed
and characterized to determine its impact on risk.
Change is defined as any addition, process modification, or substitute person or object that is not a replacement-in-kind, i.e., that does not meet the design specification (4). However, identifying change is not always easy,
because change can creep into daily practice unnoticed
until something goes wrong. Be alert for signs of such
changes. For example, if a member of the operations staff
begins a sentence with On my shift , this usually indicates that all shifts do not operate the same way and that a

knows what to do if something goes wrong. It also ensures

that all stakeholders are knowledgeable in what they are to
do and when to do it.

u Figure 6. The fourth foundation block

Learn from Experience deals with
gathering and disseminating information
and lessons learned from yourself and
from others.

Management Review and Continuous Improvement

Auditing

Measurement and Metrics

Learn from experience

Retired Pittsburgh Pirates pitcher Vernon Law said,
Experience is a hard teacher because she gives the test first,
the lesson afterwards. Learning from our own experience is
sometimes painful and slow. We must capture and apply the
lessons learned from our own experiences. This requires an
infrastructure to identify, document and disseminate learnings.
A less-painful way to learn is by observing and gathering information and learnings from others. Networks for
sharing safety lessons, both formally and informally, are
very important. CCPS facilitates such sharing through
its publications, conferences, and courses, as well as its
Process Safety Incident Database (PSID) (5), in which it
collects data about incidents and shares that information
with participating companies.
The Learn from Experience foundation supports four
pillars (Figure 6).
1. Incident Investigation (6) involves tracking and analyzing safety incidents to discover their causes, both primary
and contributing. This includes:
a formal process for investigating incidents, including
staffing, performing, documenting, and tracking of process
safety incidents
implementing corrective measures so that identical or
similar incidents do not recur
studying trends to identify recurring incidents.
For each incident, the investigation should discover:
what happened the
incident itself and contributing
events and conditions
how it happened the
critical events and conditions in
the incident sequence
why it happened the
management and organizational
factors that allowed the critical
events and conditions to occur.
The fault tree analysis
technique described earlier can
be applied to incident investigation with the safety incident as
the top event. The investigators
Incident Investigation

change has occurred somewhere.

Engineers sometimes need to evaluate the impact of
change under stressful, hurried conditions. For instance, the
facility may have shut down because a key component failed
and an exact replacement will not arrive for four days, so the
production department suggests substituting a similar part in
order to get the plant back up and running sooner. Before the
substitution is approved, the impacts of the change must be
thoroughly evaluated to ensure the safety of the employees
and the facility.
An effective MOC program involves five key steps (1):
1. Design, implement and maintain a dependable MOC
practice that is suitable for your facility
2. Identify potential change situations
3. Evaluate possible impacts if a change is made
4. Determine whether the requested change should be
approved, modified, or rejected
5. Complete the necessary follow-up activities, including
documentation, training, etc.
It is important to complete the appropriate paperwork
once a change has been approved. Take this opportunity to
determine whether this change will always be acceptable or
if this is just a one-time approval. If it will always be acceptable, perhaps the design specification should be changed.
7. Operational Readiness. Any process that has been
shut down must undergo comprehensive inspection and testing before it is restarted to ensure that the process is able to
handle hazardous materials and that it can resume manufacturing safely. This readiness inspection should review
the physical condition of the equipment, the training and
understanding of the operations personnel, the preparation
and readiness of the maintenance staff, and the integration of
all of these elements into the facilitys emergency response
plan. It should also verify that all permits are in place
and that the facility is in compliance with all applicable
regulations.
8. Conduct of Operations refers to the execution of operational and management tasks in a deliberate and structured
manner (e.g., per operating procedures, standards, codes,
etc.) by qualified personnel. Conduct of operations applies
to all work activities and includes all workers employees
and contractors. A clear chain of command, specific authorities and responsibilities, and performance metrics in accordance with approved procedures and work practices should
also be established (1).
9. Emergency Management includes: reviewing the
facilitys risks and developing possible scenarios that might
lead to an emergency situation; developing a structured
response plan and securing the resources needed to carry it
out; and conducting training and practice drills involving all
stakeholders. Effective emergency management ensures that
everyone at the facility is constantly aware of the risks and

LEARN FROM
EXPERIENCE

CEP August 2010 www.aiche.org/cep

31

Back to Basics

repeatedly ask why, then catalog the answers and depict

them graphically.
A fault tree diagram is developed from the top down.
At each step in the analysis i.e., for each fault a set of
necessary and sufficient lower-order conditions or events is
identified. Moving from one level to the next requires passing through a gate. This gate can be either an and gate, if
both events or conditions had to occur to cause the fault, or
an or gate, if either event or condition could have caused
the fault (7). The result is a graphical representation of the
sequence of events leading up to the incident.
2. Measurement and Metrics. This pillar deals with
keeping score. Metrics provide the information needed to
determine when and by how much mid-course corrections
need to be made. Measurements and metrics can be realtime, lagging, or leading (810):
lagging metrics retrospective measures based on the
number of incidents that meet a threshold of severity
leading metrics forward-looking indicators of the
performance of key work processes, operating disciplines, or
layers of protection that prevent incidents
near-miss and other internal lagging metrics

indicators of less-severe incidents (those below a threshold of severity), or unsafe conditions that triggered one or
more layers of protection.
Each company or facility should establish the parameters
to be measured and tracked, the process for doing so, and the
means for reporting and responding to the data.
3. Auditing. It is essential that every facility looks for
and identifies weaknesses in its PSM systems. Safety audits
should be systematic and conducted by people who are not
involved with the process or employed by the organization
being audited.
The goal of an audit is to verify conformance to prescribed standards. The auditing process starts with an
examination of the management systems in place, as well
as policies, procedures, and support resources. The auditors then go out into the manufacturing areas to examine the
process and facility.
Weakness in management systems will typically
manifest themselves in the processing areas. Therefore,
corrective measures should be introduced to the management system, since a facility may have multiple deficiencies that are all caused by a single failure in a management

COMMIT TO
PROCESS SAFETY

UNDERSTAND
HAZARDS
AND RISK

MANAGE RISK

Management Review and Continuous Improvement

Auditing

Measurement and Metrics

Incident Investigation

Emergency Management

Conduct of Operations

Operational Readiness

Management of Change

Training and Performance Assurance

Contractor Management

Asset Integrity and Reliability

Safe Work Practices

Operating Procedures

Hazard Identification and Risk Analysis

Process Knowledge Management

Stakeholder Outreach

Workforce Involvement

Process Safety Competency

Compliance with Standards

Process Safety Culture

PROCESS SAFETY
MANAGEMENT SYSTEM

LEARN FROM
EXPERIENCE

p Figure 7. Taken together, the process safety management foundation blocks, along with the programs, tools, and practices built upon them, provide the
infrastructure for supporting a comprehensive and sturdy process safety management system.

32

www.aiche.org/cep August 2010 CEP

Literature Cited
1. Center for Chemical Process Safety, Guidelines for Risk
Based Process Safety, American Institute of Chemical Engineers, New York, NY (2007).
2. Center for Chemical Process Safety, Guidelines for Hazard
Evaluation Procedures Third Edition, American Institute of
Chemical Engineers, New York, NY (2007).
3

Abrahamson, D., and A. L. Sepeda, Managing Security

Risks, Chem. Eng. Progress, 105 (7), pp. 4147 (Sept. 2009).

4. Center for Chemical Process Safety, Guidelines for Management of Change for Process Safety, American Institute of
Chemical Engineers, New York, NY (2008).
5. Center for Chemical Process Safety, Process Safety Incident
Database, www.psidnet.com.
6. Dyke, F. T., Conduct an Effective Incident Investigation,
Chem. Eng. Progress, 100 (9), pp. 3337 (Sept. 2004).
7. Center for Chemical Process Safety, Guidelines for Investigating Chemical Process Incidents Second Edition, American
Institute of Chemical Engineers, New York, NY (2003).
8. Overton, T. and S. Berger, Process Safety: How Are You
Doing?, Chem. Eng. Progress, 104 (5), pp. 4043 (May 2008).
9. Center for Chemical Process Safety, Process Safety Leading
and Lagging Metrics You Dont Improve What You Dont
Measure, www.aiche.org/ccps/publications/psmetrics.aspx and
www/aiche.org/uploadedfiles/ccps/metrics/ccps_metrics%20
5.16.08.pdf, American Institute of Chemical Engineers, New
York, NY (2008).

system (11). When deficiencies are identified, action plans

to eliminate the deficiencies should be implemented and
tracked to completion. OSHAs PSM audit guidelines (12)
explain how to do this.
4. Management Review and Continuous Improvement.
This final pillar involves routine evaluation of existing PSM
systems to determine their effectiveness and/or improving effective systems even further. What was good enough
or even leading-edge last year may now be obsolete. The
management review and continuous improvement process
ensures that all systems are up to date and in harmony with
current needs and expectations.

Closing thoughts
When all four foundation blocks are in place commitment to process safety, understanding of hazards and risks,
management of risk, and learning from experience they
firmly support the 20 programs, tools, and areas of expertise that, in turn, support the roof an all-encompassing,
coordinated, risk-based process safety management system
(Figure 7).
CEP

10. Center for Chemical Process Safety, Guidelines for Process

Safety Metrics, American Institute of Chemical Engineers, New
York, NY (2009).
11. Sepeda, A. L., Auditing Process Safety Management in Four
Levels, Process Safety Progress, 28 (4), pp. 343346 (Dec. 2009).
12. U.S. Occupational Health and Safety Administration,
Standard for Hazardous Materials Process Safety Management of Highly Hazardous Chemicals, 29 CFR 1910.119,
OSHA Instruction CPL 2-2.45A, Appendix A, PSM
Audit Guidelines www.osha.gov/pls/oshaweb/owadisp.
show_document?p_table=DIRECTIVES&p_id=1558.

Further Reading
1. Center for Chemical Process Safety, Layer of Protection
Analysis Simplified Process Risk Assessment, AIChE, New
York, NY (2001).

adrian L. Sepeda, P. E., is president and owner of A. L. Sepeda Consulting

Inc. (Plano, TX; E-mail: adrian_l@swbell.net). He started his consulting
firm after 33 years of service with Occidental Chemical Corp., where
he was director of risk management. His background includes design,
construction, utilities specialist, manufacturing, energy conservation,
and a variety of process-safety-related activities and assignments. His
firm specializes in hazard identification and risk management, process
safety, and incident investigations. He provides consulting services
to AIChEs CCPS. He also teaches process safety courses for AIChE,
the American Society of Mechanical Engineers, Texas A&Ms Mary
Kay OConnor Process Safety Center, and private clients. An Emeritus
Member and Fellow of CCPS, he holds a BS in mechanical engineering
from Lamar Univ. and a P.E. license in Texas.

CEP August 2010 www.aiche.org/cep

33