A hypothetical pipeline is operating at 1,200 pounds per square inch, a leak is detected and valves are shut in to minimize the release.

However, one of the valves fails due to the increased pressure and additional damage is encountered until a secondary valve is activated. Product is spilled, neighboring communities and customers are impacted and emergency response teams arrive onsite to mitigate the physical damage. The pipeline organization’s operations, including engineering, environmental, health and safety (EH&S) and public relations teams, mobilize to determine mitigation and repair plans, root causes and responses to questioning media, government and regulatory bodies.

A company’s response preparation and capabilities will directly impact business reputation, continuity of operations and relationships with employees, customers and shareholders.

Following an inadvertent release or safety incident, a sequence of events will make an organization’s management of the incident more visible to the public and regulators. In particular, navigating the changing regulatory landscape as it relates to incident response requirements, especially in times of crisis, has become more difficult. Furthermore, midstream businesses are obligated to a host of regulatory bodies and evolving industry standards in the areas of asset integrity, and environmental and human safety.

The recent addition of API Recommended Practice (RP) 1173-Pipeline Safety Management Systems places midstream operators in an increasingly stringent environment—which refiners and producers find all too familiar—with the end goal of reducing and preventing both personal and operational incidents. This article discusses how this recommended practice may change an organization’s response criteria and identify fundamental improvements an organization can make to bolster its response capabilities.

Timely, accurate response

Regardless of the regulatory body, government entity or industry standard, when an incident occurs, responses to external parties must be timely and accurate. Response preparedness begins well before an incident occurs and involves a sequence of internal steps before issuing a required or voluntary statement, as illustrated in the nearby graphic.

• Readily accessible, relevant and accurate information for the organization’s response personnel, such as operating parameters and conditions, points of contact, asset history, etc.;

• Pre-established and communicated response team roles, responsibilities and processes for both onsite and offsite activities, including interactions with federal, state and local responders; and

• In-place and well understood processes for responding to requests for information from the multitude of parties involved.

Types of response

The ability to respond effectively to incidents directly impacts both internal and external reputation. Response activities to regulators and the public can separate into two parts: initial response and short-term (days to weeks), up to potentially long-term (months to years) communications and activities. Initial responses should occur almost immediately and information made available to the internal incident response team to provide the information shown in the diagram.

Ongoing response in the weeks to years following often depends upon the severity of the incident, which includes the extent of damage to people, wildlife, the environment, damage to assets and impact to customers and communities, among other factors.

How 1173 plays into a response

Most significantly though, identifying management system failures—while new conceptually and in practice for some midstream companies—stems from the new requirements in RP 1173. API’s protocol addresses how critical it is that safety programs and processes are viewed as holistically and inherently connected, rather than planned and managed as discrete activities. It says:

“Managing processes requires different techniques than managing individual activities. Pipeline safety management includes determining needs throughout the pipeline life cycle, provisioning sufficient qualified human and financial resources, identifying the proper sequence of a series of activities, monitoring and measuring the effectiveness of the activities performed and applying changes or corrections to those activities as needed.”

When an incident arises, regulators, government bodies and the public will likely question the validity and maturity of the organization’s safety management system, how it may have or have not contributed to the incident and what actions will prevent recurrence. Some specific programs that play a large role in managing and connecting safety critical information include management of change, risk management, operational controls, data management and stakeholder engagement. RP 1173 has a foundation based upon its Plan-Do-Check-Act cycle, and responses may decompose into these segments as well.

Plan

All midstream businesses have, to varying degrees of maturity, programs and governance structures already in place to establish and protect the integrity of assets, operating parameters, emergency response approaches and safety training—areas of particular note in RP 1173. Organizational leadership should discuss, define and document the following regarding this high-priority critical information, particularly for high-consequence areas or equipment:

• The person or persons responsible for keeping and maintaining this information; and

• The update frequency and process for this critical information.

The key to successful incident response comes from alignment and detailed documentation of your compliance processes and programs with your operating practices. While individual program documentation may exist, RP 1173 requires businesses to take a more comprehensive look at how these programs will talk to one another. Thus, preparedness for a response hinges not just on documentation of programs, but communication between programs and alignment with current operations.

This provides the successful foundation not only for weathering the official and public scrutiny that accompanies any incident, but also for practically addressing, mitigating and perhaps even preventing incidents in the first place, all of which result in either significant cost savings or avoidance.

Do

This step in the cycle addresses the execution of the plans. Governance structures represent a critical component for ensuring comprehension in the field and corporate offices, by both employees and contractors. In the event of an incident, questions arise asking about capabilities or training to perform clean-up and the interdependent programs that protect the safety and integrity of a midstream system.

The management system and supporting infrastructure breakdowns may occur due to insufficient accountability, lack of funding or still-in-progress initiatives. For example, operators should consider additional scrutiny with new acquisitions where asset data, operating procedures and training may not yet be considered adequate or in alignment with an organization’s expectations.

Check

RP 1173 provides guidelines for assessments and audits where deviations in plan implementation or opportunities for improvement exist. In addition, it places emphasis on proactive, systematic thinking about potential incident scenarios.

In the wake of an incident, operating data, actions taken, inspection reports and training/qualification verification for any point in the asset’s life cycle represent a sampling of the expected information surrounding an incident that the operator will need to produce from its management system(s). In addition to evaluation of those activities, regulators may ask if asset or management system failures were known, or even evaluated, under an assessment or formal audit.

Act

Ongoing implementation plans, continuous improvement activities and specific corrective actions previously identified in the check cycle fall under this category. Thus, organizations should have timely access to the following:

• Logs/audits ensuring that periodic review and edits are in fact undertaken;

• Findings from regularly scheduled assurance audits;

• Curative actions planned in response to audit findings; and

• Plans, points-of-contact and time lines for all recommended curative actions.

The key takeaway from these recommendations is that current and evolving regulations require not just near real-time provision of compliance data to appropriate authorities and regulatory bodies, but also a high degree of transparency regarding how that data was obtained and the governance structures to ensure its accuracy.

Authorities and regulatory bodies will, as previously noted, expect timely responses to why an incident occurred and why the safety management system did not prevent it from occurring. In our example of the pipeline leak, the cause of the rupture was due to the operating pressure exceeding the physical limit and further damage was a result of the valve not being properly maintained.

Safety management systems should provide the information necessary to warn of an impending failure, indicate why a failure occurred and determine how to prevent future reoccurrence.

Incident risks, contributors or causes could occur sequentially or independent of one another. Example factors that may relate to one another to potentially cause an incident, include:

• Inaccurate operations and maintenance manuals and records;

• Outdated asset information between asset integrity, operations and EH&S;

• Lack of operator knowledge of changed conditions;

• Gaps in training or knowledge; and

• Breakdown in contractor communication.

Beyond compliance

While this discussion focuses on response preparedness to regulators with emphasis on adherence to RP 1173 guidelines, three components need consideration to maintain a sustainable safety management system. In an organization, a symbiotic relationship exists among three key drivers: improving safety and reducing risk, increasing business value and demonstrating compliance.

All three components relate to one another with give-and-take among them. For example, on one side, a company may demonstrate compliance by producing manuals and procedures for regulators. However, if these manuals and procedures are not reflective of current operating practices and information, the capability to improve safety and reduce risk is compromised. If attention to safety and risk lessens, business value suffers from decreased asset and personnel performance.

These detailed standards may seem onerous, but consider the potential costs of failing to plan in advance for them or to have them in place. The 2010 Enbridge Inc. oil spill in the Kalamazoo River near Marshall, Mich., was a catalyst for the industry’s development of RP 1173. The spill will total anywhere from $22 million to $86 million for violations of the Clean Water Act alone. This is in addition to millions more in multiyear cleanup costs, monitoring, remediation, litigation and organizational, process and infrastructure improvements that bring the total actual cost closer to $1 billion. Regulatory penalties and requirements—costly monitoring and remediation in the wake of an incident, for example—will only climb with the maturation and advent of additional standards from regulatory bodies.

A comparatively modest investment of time and resources in building a regulator and response-friendly compliance and communications program will introduce a level of rigor into your business that will not only save your organization multiple millions of dollars, but can also measurably improve your operations, customer allegiance and brand value and affinity.