Compliance Verification Activity Report: CV1819-283 - Trans-Northern Pipelines Inc.

Overview

Compliance verification activity type: Field Inspection

Activity #: CV1819-283

Start date: 2019-03-28

End date: 2019-03-28

Team:

Inspector 2480
Inspector In Training 2653T

Regulated company: Trans-Northern Pipelines Inc.

Operating company: Trans-Northern Pipelines Inc.

Province(s) / Territory(s):

Ontario

Discipline(s):

Integrity Management

Rationale and scope:

Field Inspection of Control Room

Compliance tool(s) used:

Information Request (IR) (1)

Facility details

Facilities:

Facility Types

Pipeline

Other

Life-cycle Phases

Operations

Regulatory requirements

Regulatory requirements that apply to this activity:

National Energy Board Act (NEBA)

Onshore Pipeline Regulations (OPR)
National Energy Board Act (NEBA) 2016-06-19

Standards

CSA Z662-15 - Oil and Gas Pipeline Systems

Regulatory instrument number(s):

AO-002-SO-T217-03-2010
AO-003-SO-T217-03-2010

Additional Project-specific requirements or conditions:

Observations (no outstanding follow-up required)

Observation 1 - Control Room

Date & time of visit: 2019-03-28 08:30

Discipline: Integrity Management

Categories:

Control Room

Training
Procedures
Human/Machine Interface
Alarm Management
Data Logging
Aesthetics
SCADA

Documentation

Record Retention
Updating

Facility:

Observations:

Control Room Management Program
- TNPI has a Control Room Management Plan (CRMP) in place to control TNPI's operation on its pipeline system. It was presented to inspectors in an electronic format.
- The CRMP is part of the TNPI Operational Excellence Management System (OEMS) Element 6 - Operations and Maintenance Programs.
- The CRMP includes requirements for personnel, processes and procedures to follow and management responsibilities for the control room operations. It addresses the roles and responsibilities, fatigue mitigation, shift change, alarm management, training, incidents review, emergency response, SCADA support, etc.
- The CRMP requires a review every 15 months. The last review was performed on 18 April 2017, therefore overdue. TNPI representatives confirmed that CRMP is in the process of reviewing and updating along with the process of onboarding of the new Control Room Manager.

Action item 1 was identified for TNPI to confirm the completion time for reviewing and updating the CRMP, and provide an electronic copy of the Table of Content of the current CRMP.

Legal Requirements
- OEMS Element 3 - Legal Requirements and Compliance outlines the requirements for identifying and applying all legal and compliance requirements that are applicable to the TNPI Control Room Management Plan.
- The TNPI CRMP maintains a list of legal requirements applicable to the TNPI Control Room operations.
- The TNPI OEMS Section 2.0 states that TNPI Operation Manager is directly responsible for ensuring legal and regulatory compliance statutes, permits, codes of practice, work place standards and best practices are identified, interpreted and communicated to the appropriate departments and personnel. The Regulatory Compliance Lead is responsible for monitoring and maintaining TNPI's legal registry, and monitoring for changes in legal and other requirements.
- TNPI representatives confirmed that communication goes through the Management of Change (MOC) process, and mentioned that the communication of the CRMP is not documented. A documented process for identifying, managing, and communicating changes of the CRMP and legal requirements for CRMP was not provided.

Action item 2 was identified for TNPI to provide an example of how 2017 CRMP has been communicated to TNPI organization through the MOC and provide TNPI's established and implemented process for identifying, managing and communicating changes to the CRMP and Legal Requirements.

Shift Change and Shift Schedule
- TNPI has 13 line controllers on a 24/7 basis with 12-hours rotating shifts and two controllers on each shift.
- The shift change (at 6:15 hrs.) is a face-to-face turnover and takes approximately 15 min.
- A shift change form was presented. This includes the specific tasks for controllers such as: review calls and issues, on-going field activities, alarm reviews, changes, daily operation information, emergency situations, etc.
- Emergency situations that potentially may involve an unattended situation of the control room was discussed. Section 3.6.4 of the CRMP addresses these situations.
- The alarms record of the day was presented to inspectors.
- The information regarding operations of the day were presented to inspectors these included the status of activities, pigging information, maintenance, field activities and changes to the schedule.
- The on-going controllers' shift schedule was presented to inspectors. All activities on TNPI's pipeline system were included in the calendar. It was confirmed that these are updated and managed as needed by pipeline schedulers.
- A pipeline order including information about deliveries and the calendar for the maintenance program was presented to inspectors.
- TNPI representatives confirmed that any shift exchange request requires management approval.

Fatigue Mitigation
- TNPI has periodic training and a course on fatigue every 3 years.
- TNPI representatives confirmed that a Human Factors assessment was performed twice in recent years. The assessment triggered improvements to the control room for controllers including new consoles, displays and seating.
- The number of controllers, their schedules and shift lengths were discussed.
- Explanation of situations regarding controller breaks when the console may remain unattended was provided to inspectors.
- TNPI representatives confirmed that the fatigue component of the shift schedule is reviewed and confirmed by the manager.

Alarm Management
- An electronic alarm management philosophy was in place and presented to inspectors.
- Explanation regarding emergency situations, such as leak and ruptures, and the communication process with engineering group and field services was provided to inspectors.
- Explanation regarding alarm evaluation and how controllers distinguish between real and false alarms and reaction time to shutdown were presented to inspectors.
- The alarm evaluation is embedded in SCADA and provides the cause, effect and action for controllers. The control room operating procedure also provides information about the alarms and the response to the alarms.
- The NEB inspectors noted that the alarm philosophy document referenced in the CRMP is overdue. The TNPI representatives confirmed that the document is in the process of review and update and it is done by the engineering group.

Action item 3 was identified for TNPI to confirm the completion time for the review and update of the alarm philosophy.

Operations & Maintenance
- TNPI representatives confirmed and explained the communication protocol in place between the control room, engineering, and field services for overpressure situations, excavations, or other O&M activities including safe working pressures, change in filed activities that require pressure changes, in-line inspection (ILI) runs or station maintenance activities. It was confirmed that communication regarding updates on operating conditions is done through the company's newsletter and periodic communication with the team with details on the project, operational changes, incidents that have occurred or any specific issue.

Action item 4 was identified for TNPI to provide the process for coordinating, controlling and communicating TNPI's operational activities between the control room, engineering and field services personnel in order to perform duties in a safe manner to ensure workers and pipeline safety and environmental protection.

Incidents Review
- TNPI has a process for reporting and recording incidents and near misses included in the CRMP.
- The incidents and near misses are reviewed and the description, findings and corrective action implemented are recorded in the binder of required reading for controllers. This is required to be signed off for acknowledgement.
- Records from the last reported near miss were presented to inspectors.

Training
- TNPI has a program for controllers training included in the CRMP. This is performed on-site periodically on a 3 yrs cycle and does not include simulator-based training.
- The initial controllers training program is performed on all processes and procedures and includes demonstration of skills and training on each task through the INTELEX program. It also includes general information regarding the pipeline operating conditions. The frequency of the continuous training is defined. Controller’s qualification to operate all lines is done during the initial training. The controller’s evaluation is done by the supervisor. The requirements to perform the required tasks are defined in the job description and training matrix.
- TNPI does not have a standardized qualification process including testing and re-examination for controllers.
- TNPI's controllers training program addresses the situations of recognizing and responding to abnormal conditions as defined in the operational and emergency manuals.
- Knowledge regarding the pipeline system and elevated consequence areas are communicated to controllers verbally and through the company's letters.
- A check list used for response to an overpressure event was presented to inspectors.

Action item 5 was identified for TNPI to provide the competency standard for controllers training.

Control Room Operating Procedures and Standards
- These procedures refer to normal and abnormal operating conditions and the emergency response including work instructions and related tasks.
- An example of set-points adjustment for a pipeline at the reduced operating pressure (ROP) as per the Amending Safety Order requirements was presented to inspectors. These included the pressure control valve (PCV) and pressure relief valve (PRV) set-points and the pump station set-points.
- The Nanticoke to Oakville discharge pressures were presented including the case piping pressure threshold and the alarm limits including the "safe mode" operating pressures.
- The NEB inspectors inquired with TNPI regarding situations when devices such as pressure sensors, instrumentation, valves or logic fail. TNPI personnel confirmed that alarms would be received and individually analyzed and responded accordingly with option for decision on continual operating, bypass or potential shutdown depending on the alarm investigation results. The interval for decision on shut down the system in the event of a leak detection is 8 min (investigation time) as per Lead Detection Manual. Controllers have the authority to make a decision to shut down the system without further approval.
- Parameters for pipeline system operations are specified in the procedures and address transient situations (i.e. pump start-up, shut down). Pipeline system start-up procedure was presented.
- It was confirmed that the time to shut down the pipeline system and to reduce the pressure below the ROP in the event of an overpressure is appropriately quick.

Backup Control Room
- The backup control room is used at least once a year for training purposes or when maintenance activities are conducted at the primary control room building.
- Procedures for moving the control room operations are in place.
- The process for transfer to the backup control room was presented. This process is part of the procedure manuals (course) for controllers.

SCADA Support
- TNPI personnel confirmed that if SCADA communication is lost, an infrastructure redundancy system is in place and uses different servers.
- The standards used for the control room operations are: API 1165 for SCADA displays, API 1167 for pipeline alarm management, API 1168 for control room management and API 755 for fatigue risk management.

Leak detection
- TNPI representatives confirmed that the leak detection system is integrated with the SCADA interface.
- The Pipeline Monitoring (PLM) system for leak detection is based on material balance with consideration to the flow, temperature and the line pack.
- The SCADA system was last updated in 2016.

Past control room inspection recommendations
- The NEB inspectors reviewed the implementation of the 2012 control room inspection recommendations and concluded the following:
           - The CRMP is included in OMS.
           - The Emergency Response Manual was last updated in 2017 (i.e. Control Emergency Response Manual) and includes immediate
             shut down situations.
           - The shift change information exists and was presented to inspectors.
           - The line controller training program has been addressed. It was developed based on TNPI practices and follows Enbridge-based
             training developed specifically for TNPI.
           - The human factors fatigue management exists and was presented to inspectors.
           - Drills utilizing the backup control room are conducted periodically and the process was explained.
           - The dig sheet template including the safe pressures is currently in use.
           - TNPI was recently audited by the NEB with respect to Cyber Security.

Controller interview
- At the time of inspection there were two active controllers in the control room and one new controller in training. Each controller operated a console containing one PC and eight monitors for Control and one monitor and one overhead display for corporate PC.
- The control room doors were secured.
- Upgrades were made to the control room including new consoles, displays and chairs. The NEB inspectors noted that improvements could also include a relaxation/resting area which is currently missing.
- The backup control room had also been upgraded.
- An example of alarms display and how they are addressed was presented to inspectors.
- Emergency situations - i.e. leak vs rupture and true vs false alarms were presented and explained to inspectors.
- The signed off reading binder was in place and reviewed by inspectors (i.e. MOC 398).
- Controller's reaction to an overpressure event and the steps to reduce the transient pressure spike was presented to inspectors.
- The decision time for shutting down the system by going through all procedures in the event of a failure was confirmed to be under 2 min.
- Controller confirmed that he accessed the backup control room five times in the last five years.
- The procedures to transfer to the backup control room, including overlapping supervision, and shutting down of the primary control room were explained.
- As an example of daily activities, a job execution plan for an upcoming ILI tool run was in place, reviewed by the controller, and presented to inspectors.

Key Performance Indicators (KPIs)
- TNPI representatives confirmed that the TNPI OEMS Element 14 - Goals, Objectives and Targets outlines the requirements for setting goals and targets for the TNPI organization.
- TNPI representatives confirmed that TNPI has a KPI program for its business and alarms for the CRMP and it is based on the TNPI OEMS.
- Additionally, Canadian Energy Pipeline Association (CEPA) conducted an Audit for the Control Room and outlined a Corrective Action Plan (CAP) for continuous improvement.

Action item 6 was identified for TNPI to provide specific examples of the KPI carried out related to SCADA, alarms, and other equipment to measure events/incidents that occurred (i.e. lagging indicators) consistent with the Control Room goals and targets.
Action item 7 was identified for TNPI to provide specific examples of the KPI carried out related to the effectiveness of the CRMP to prevent possible events/incidents (i.e. leading indicators).

Compliance tool used: Information Request (IR)

Regulatory requirement:

Onshore Pipeline Regulations (OPR)

Relevant section(s):

- 6.5 Management System Processes
  - (1) A company shall, as part of its management system and the programs referred to in section 55,
    - (a) establish and implement a process for setting the objectives and specific targets that are required to achieve the goals established under subsection 6.3(1) and for ensuring their annual review;
    - (b) develop performance measures for assessing the company’s success in achieving its goals, objectives and targets;
    - (g) establish and implement a process for identifying, and monitoring compliance with, all legal requirements that are applicable to the company in matters of safety, security and protection of the environment;
    - (i) establish and implement a process for identifying and managing any change that could affect safety, security or the protection of the environment, including any new hazard or risk, any change in a design, specification, standard or procedure and any change in the company’s organizational structure or the legal requirements applicable to the company;
    - (j) establish and implement a process for developing competency requirements and training programs that provide employees and other persons working with or on behalf of the company with the training that will enable them to perform their duties in a manner that is safe, ensures the security of the pipeline and protects the environment;
    - (q) establish and implement a process for coordinating and controlling the operational activities of employees and other people working with or on behalf of the company so that each person is aware of the activities of others and has the information that will enable them to perform their duties in a manner that is safe, ensures the security of the pipeline and protects the environment;
- 27. A company shall develop, regularly review and update as required, operation and maintenance manuals that provide information and procedures to promote safety, environmental protection and efficiency in the operation of the pipeline and shall submit them to the Board when required to do so.

Company action required:

1. Confirm the completion time for reviewing and updating the Control Room Management Plan (CRMP), and provide an electronic copy of the Table of Content of the current CRMP.
2. Confirm the completion time for reviewing and updating the alarm philosophy.
Provide an example of how the 2017 Control Room Management Plan (CRMP) has been communicated to TNPI organization through the Management of Change (MOC) and provide TNPI's established and implemented process for identifying, managing and communicating changes to the CRMP and Legal Requirements. Provide the process for coordinating, controlling and communicating TNPI's operational activities between the control room, engineering and field services personnel in order to perform duties in a safe manner to ensure workers and pipeline safety and environmental protection. Provide the competency standard for controllers training. 1. Provide specific examples of the key performance indicators (KPI) carried out related to SCADA, alarms and other equipment to measure events/incidents that occurred (i.e. lagging indicators) consistent with the control room goals and targets.
2. Provide specific examples of the KPI carried out related to the effectiveness of the CRMP to prevent possible events/incidents (i.e. leading indicators). The response to IR1.1 (Action Item 1) of 24 April 2019 states that the current revision of the Control Room Management Plan (CRMP) dated 18 April 2017 has been reviewed as per TNPI's 3 year document review cycle. The response also states that updates to CRMP document will occur over next 12-24 months.

1. Clarify the inconsistency regarding the CRMP review period between the 15 months stated in the document and 3 years stated in the response to IR1.1 and confirm the appropriate timeline.
2. Explain why updates to the CRMP document (including the appropriate review period clarified in the request above) will be made over the next 12-24 months and therefore going beyond the review period of either 15 months or 3 years (i.e. up to four years since the last revision in April 2017)?
3.Similar to the request 2 above, explain why updates to the Alarm Philosophy will be made within the next 12-24 months?

Due date: 2019-05-31

Date closed: 2019-05-31
Note: the date closed is the date that the inspector completed their review of the company corrective actions for adequacy and determined that no further actions are required.

Reason closed: Requirement met

Compliance achieved: Yes

Observations (company follow-up required)

Identified non-compliances to company plans or procedures are non-compliances either to:

- the condition of an authorization document that requires the implementation of that plan or procedure; or

- the relevant section of the regulations that requires implementation of that plan or procedure including those sections that require implementation of plans or procedures as a part of a Program

Language selection

Search

Menu