2022 PHMSA Enforcement Actions: Insights and Solutions from Section A and Section B

Alarms

• Several operators failed to perform alarm setpoint and descriptor reviews when associated field instruments were calibrated or changed.
• Several operators failed to define the process and criteria by which alarms were determined to be safety-related, and by which alarm setpoints were defined

Shift Handover

• One operator failed to account for instances in which the oncoming controller was unable to claim their scheduled shift.

Inadequate Definition

• One operator’s definition of “Controller” did not account for their ability to perform indirect control actions (initiating corrective action by e.g. making a phone call and giving instructions to field personnel)
• One operator had a proper definition of a control room, they did not account for how that procedure would be used to assess current or new facilities.
• One controller, using a primary and secondary controller, did not provide sufficient definition for roles and responsibilities between the two. Specifically, “the procedure did not disallow anyone outside the Primary Controller to operate, monitor, and take action on the system. “
• Another operator failed to account for the fact that personnel at PLCs or RTUs on their system could perform control actions to manage the flow of gas outside the fence and how this would meet the criteria for that PLC/RTU as being a control room. Furthermore, the operator did not define how the person performing the control action would be qualified as a controller.
• One controller had ambiguity around when a shift handover or temporary relief needed to be performed when the console was to be left unattended. It was noted their use of terms like “reasonable” and “appropriate” provided insufficient direction.
• Several operators were noted as having ambiguity in their procedures. One of which noted that the responsibility to perform certain calls in the event of a control room evacuation was not assigned and that the information to communicate was not adequately defined.

Other Insights

• One operator failed to require its SCADA and field personnel to contact the control center when making field changes that affect control room operations.
• Several operators had issues with their Internal Communication Plans (for manual control). One inspection finding, associated with a significant financial penalty, indicated the ICP testing did not account for full system failures and how some assets would be shut down while others would be manually controlled.
• One operator identified their use of redundant servers, but did not test them in accordance with Backup SCADA System Testing requirements.
• Several operators had multiple findings in this section. One had as many as 11 findings.
• Multiple operators failed to provide adequate policies and procedures for monthly and annual reviews
• Multiple operators failed to document activity that was defined in their CRMP (e.g. shift handovers, monthly and annual reviews, point-to-point verifications, etc.)
• A new audit trend pertained to several operators’ use of 3rd Party Control Rooms and the gaps in policy and implementation between the two organizations (Note: the findings were not related to the use of 3rd Party Control Rooms as a practice.)
• Multiple operators failed to adequately reference policies and procedures from their CRMP that were to be used in implementing CRM activity.

CRM Applicability Assessment

If you’re having trouble determining whether or not the CRM Rule applies to you, we can perform an applicability assessment. This assessment is designed to determine whether you meet the definition of a Control Room as defined in the CRM Rule, taking your pipeline facilities and operating setup into consideration.

CRM Compliance Review

We can also perform CRM Compliance Review using our software module, ComplyMgr,  to measure your plan’s level of policy compliance compared to the PHMSA regulations. Our team will make observations, perform interviews, and review records to evaluate proper 192.631 and 195.446 control room management implementation. 

CRM Program Development

Our team has the knowledge and tools to design and implement a Control Room Management Plan specific to your operation. If necessary, we can also rewrite your CRMP to address all PHMSA requirements. In addition to meeting regulations, this is used as a framework for continuous improvement moving forward.

Controller Assignments, Qualifications, and Permissions

• One operator utilizing a 3rd Party Control Room did provide context as to which pipeline facilities the same controller was responsible for in addition to their own. Furthermore, there were not sufficient controls in place to ensure only the qualified controller could perform control actions (and other relevant functions e.g. receive 811 calls) for the operator’s assets. The same operator lacked clarity as to who could take temporary relief for their assets given the fact there were other controllers in the room with various qualifications.
• One operator had multiple controllers with qualifications for only specific asset groups pertinent to their assigned console. However, the same controllers could access all asset areas when logging into the SCADA system. Here, policy was not enough for disallow access beyond the assigned area.
• Another operator allowed two controllers to log in to a SCADA system and control the same operating area. This behavior could lead to conflicting control actions. PHMSA noted the operator should limit the number of logins to each pipeline system and assign SCADA permissions accordingly.
• Similarly, one operator has primary and secondary controllers assigned to the same operating area. Both control the same assets from different consoles, and both can issue commands and acknowledge alarms simultaneously. The same operator failed to define the amount of time the primary controller could be away from the console before the secondary controller must take over the role of the primary controller.

Training

• Another operator had a controller training two other controllers at the same time, all three of whom were responsible for an individual console. As such, the trainer’s span of control was across all three consoles.
• The same operator rotated each trainer and trainee every 3 to 4 days. Lacking training program structure and documentation meant a new trainer was never able to fully grasp what competencies the trainee had or had not mastered.

Shift Handover

• One operator allowed controllers to be away from the console for 90 minutes before a shift handover would be required. 
• Numerous operators lacked sufficient process and/or recordkeeping around shift handover

Other Insights

• One operator utilized sampling when completing point-to-points. They also failed to test setpoints during point-to-points. Nor did they define which screens were to be assessed when a point was present on multiple screens.
• Multiple operators failed to define roles and responsibilities for various operating conditions (some failed to define the nature of and difference between operating conditions) such that operators were unclear on how to respond to abnormal/emergency operating conditions, etc.
• Multiple operators failed to account for roles and responsibilities of “others” who have the authority to direct or supersede the specific technical actions of a controller.
• For those who do allow “others” to direct or supersede, these operators failed to define the training required, the way the list of “others” is maintained, or the process following the act of superseding.

Key Benefits of CRMgr

• Dedicated Tools to View, Update, and Review your CRMP Policy
• ComplyMgr software module allows for document development to ensure roles and responsibilities are adequately defined for all operating conditions
• Unique Dashboards for Controllers and Control Room Managers
• Tools and Permissions Built to Accommodate Roles & Responsibilities Based on Operating Conditions
• Assigned Reading with Confirmation Reporting to Communicate Important Information, Documents, and Changes to Controllers
• Record of Changing Rolls and Responsibilities via emailed SHO Reports