Pipeline Safety: Establishing Maximum Allowable Operating Pressure or Maximum Operating Pressure Using Record Evidence, and Integrity Management Risk Identification, Assessment, Prevention, and Mitigation

AGENCY:

Pipeline and Hazardous Materials Safety Administration (PHMSA); DOT.

ACTION:

Notice; issuance of Advisory Bulletin.

SUMMARY:

PHMSA is issuing an Advisory Bulletin to remind operators of gas and hazardous liquid pipeline facilities of their responsibilities, under Federal integrity management (IM) regulations, to perform detailed threat and risk analyses that integrate accurate data and information from their entire pipeline system, especially when calculating Maximum Allowable Operating Pressure (MAOP) or Maximum Operating Pressure (MOP), and to utilize these risk analyses in the identification of appropriate assessment methods, and preventive and mitigative measures.

FOR FURTHER INFORMATION CONTACT:

Alan Mayberry by phone at 202-366-5124 or by e-mail at alan.mayberry@dot.gov. All materials in this docket may be accessed electronically at http://www.regulations.gov. General information about the PHMSA Office of Pipeline Safety (OPS) can be obtained by accessing OPS's Internet home page at http://www.phmsa.dot.gov/pipeline.

SUPPLEMENTARY INFORMATION:

Background

PHMSA's goal is to improve the overall integrity of pipeline systems and reduce risks. To adequately evaluate risk, it is necessary to identify and evaluate the physical and operational characteristics of each individual pipeline system. To that end, the Hazardous Liquid and Gas Transmission Pipeline Integrity Management (IM) Programs were created with the following objectives:

• Ensuring the quality of pipeline integrity in areas with a higher potential for adverse consequences (high consequence areas or HCAs);
• Promoting a more rigorous and systematic management of pipeline integrity and risk by operators;
• Maintaining the government's prominent role in the oversight of pipeline operator integrity plans and programs; and
• Increasing the public's confidence in the safe operation of the nation's pipeline network.

The IM regulations supplement PHMSA's prescriptive safety regulations with requirements that are intelligent, performance based and process-oriented. One of the fundamental tenets of the IM program is that pipeline operators must be aware of the physical attributes of their pipeline as well as the physical environment that it transverses. These programs reflect the recognition that each pipeline is unique and has its own specific risk profile that is dependent upon the pipelines attributes, its geographical location, design, operating environment, the commodity being transported, and many other factors. This information is a vital component in an operator's ability to identify and evaluate the risks to its pipeline and identify the appropriate assessment tools, set the schedule for assessments of the integrity of the pipeline segments and identify the need for additional preventive and mitigative measures such as lowering operating pressures. If this information is unknown, or unknowable, a more conservative approach to operations is dictated.

An IM program must go beyond simply assessing pipeline segments and repairing defects. Improving operator IM programs, the analytical processes involved in identifying and responding to risk, and the application of assessment and development of preventive and mitigative measures is also a critical objective. In addition, the ability to integrate and analyze threat and integrity related data from many sources is essential for enhanced safety and proactive integrity management. However, some operators are not sufficiently aware of their pipeline attributes nor are they adequately or consistently assessing threats and risks as a part of their IM programs.

Over the past several years, PHMSA inspections and investigations have revealed deficiencies in individual operators' risk analysis approaches, the integration of data into these risk assessments, the abilities to adequately support the selection of assessment methods, identification and implementation of preventive and mitigative measures, and maintenance of up-to-date risk information and findings about their pipeline segments. In particular, operators' programs fail to adequately address stress corrosion cracking, seam failure, or internal corrosion in their threat identification and risk assessments. The actual use of threat and risk information to determine assessment methods, to evaluate other preventive and mitigative measures, and to use those measures during periodic evaluation have been found to be deficient. Inspections and investigations have revealed examples where assessment methods, specific tools, and schedules were not based on a rigorous assessment of the type of threats posed by the pipeline segment, including consideration of the age, design, pipe material including seam type, coating, welding technique, cathodic protection, soil type, surrounding environment, operational history, or other relevant factors. Finally, inspections and investigations indicate that efforts to collect and integrate risk information can be inappropriately narrow, lack verification and fail to take into account relevant risk information and lessons learned from other parts of their system.

In recent pipeline accident investigations, NTSB and PHMSA have discovered indications that operator oversight of IM programs has been lacking and thereby failed to detect flaws and deficiencies in their programs. The level of self-evaluation and oversight currently being exercised by some pipeline operators is not uniformly applied. The NTSB is also concerned that pipeline operators throughout the United States may have discrepancies in their records that could potentially compromise the safe operation of their pipelines. NTSB has recommended that operators diligently and objectively scrutinize the effectiveness of their programs, identify areas for improvement, and implement corrective measures.

On January 3, 2011, NTSB recommended that PHMSA inform the pipeline industry of the circumstances leading up to and the consequences of the September 9, 2010, pipeline rupture in San Bruno, California, to ensure that both PHMSA and NTSB findings and recommendations with respect to the verification of records used to establish or adjust MAOP or MOP are expeditiously incorporated into the IM programs for pipeline operators. The pipeline rupture in San Bruno, CA involved a 30-inch-diameter natural gas transmission pipeline owned and operated by Pacific Gas and Electric Company (PG&E). The rupture occurred in a residential area killing eight people, injuring many more, and causing substantial property damage. The rupture created a crater about 72 feet long by 26 feet wide. A ruptured pipe segment about 28 feet long was found about 100 feet away from the crater. The resulting fire destroyed 37 homes and damaged 18. NTSB's preliminary findings indicate that the pipeline operator did not have an accurate basis for the MAOP calculation.

There are several methods available for establishing MAOP or MOP. A hydrostatic pressure test that stresses the pipe to a designated percent of the desired MAOP or MOP, without failure, is generally the most effective method. Hydrostatic testing requirements and restrictions for natural gas pipelines are specified in Title 49 CFR Part 192, Subpart J. Similar requirements for hazardous liquid pipelines are found in 49 CFR Part 195, Subpart E. Although hydrostatic testing is recognized to be the most direct and effective methodology for validating a MAOP or MOP, its implementation requires that operating lines be shut down, which may adversely affect customers dependent on the natural gas supplied by the pipeline, particularly if the pipe fails during the test, which could necessitate a protracted shutdown. Consequently, operators prefer to use available design, construction, inspection, testing, and other related records to calculate the valid MAOP or MOP. However, this method is susceptible to error if pipeline records are inaccurate. With respect to the portion of the pipeline that failed in the September 9, 2010, San Bruno incident, PG&E used available design, construction, inspection, testing, and other related records to calculate the MAOP. The NTSB's examination of the ruptured pipe segment and review of PG&E records revealed that although the as-built drawings and alignment sheets mark the pipe as seamless API 5L Grade X42 pipe, the pipeline in the area of the rupture was constructed with longitudinal seam-welded pipe. The ruptured pipe segment was constructed of five sections of pipe, some of which were short pieces measuring about four feet long, containing different longitudinal seam welds of various types, including single- and double-sided welds. Consequently, the short pieces of pipe of unknown specifications in the ruptured pipe segment may not have been as strong as the seamless API 5L Grade X42 steel pipe listed in PG&E's records. PG&E's records also identify Consolidated Western Steel Corporation as the manufacturer of the accident segment of Line 132. However, after physical inspection of the ruptured section, investigators were unable to confirm the manufacturing source of some of the pieces of ruptured pipe.

Integrity Management Regulatory Provisions

For hazardous liquid pipelines, § 195.452 establishes requirements for IM programs in HCAs. Section 195.452(b)(1) requires that each operator of a hazardous liquid pipeline “develop a written IM program that addresses the risks on each segment of pipeline.” Section 195.452(e) defines the minimum list of risk factors that must be included in the risk assessments used to schedule segment assessments. Appendix C provides additional guidance on these risk factors. Section 195.452(f) defines the required elements of an IM program. These elements include an analysis that integrates all available information about the integrity of the entire pipeline and the consequences of a failure, including data gathered during previous integrity assessments and data gathered in conjunction with other maintenance inspections and investigations. These elements also include an identification of additional preventive and mitigative measures to protect the HCAs (§ 195.452(i)), including conducting a risk analysis in which an operator must evaluate the likelihood of a pipeline release and how it could affect the HCAs. Preventive and mitigative measures to be evaluated based on risk factors include, but are not limited to, leak detection system modifications and installation of additional Emergency Flow Restricting Devices.

For natural gas pipelines, Subpart O of 49 CFR Part 192 establishes the requirements for IM programs in HCAs. Section 192.911(c) requires that IM programs include “[a]n identification of threats to each covered pipeline segment, which must include data integration and a risk assessment.” This section further requires “[a]n operator must use the threat identification and risk assessment to prioritize covered segments for assessment (§ 192.917) and to evaluate the merits of additional preventive and mitigative measures (§ 192.935) for each covered segment.” Section 192.917(b) requires an operator to integrate existing data and information on the entire pipeline that could be relevant to a covered segment. In performing this data gathering and integration, an operator must follow the requirements in ASME/ANSI B31.8S, section 4. At a minimum, an operator must gather and evaluate the set of data specified in Appendix A to ASME/ANSI B31.8S, and consider both on the covered segment and similar non-covered segments, past incident history, corrosion control records, continuing surveillance records, patrolling records, maintenance history, internal inspection records, operating stress levels, past pressure test information, soil characteristics, and all other conditions specific to each pipeline. Section 192.917(c) states that an operator must conduct a risk assessment that follows ASME/ANSI B31.8S, section 5, and considers the identified threats for each covered segment. An operator must use the risk assessment to prioritize the covered segments for the baseline and periodic reassessments, and to determine what additional preventive and mitigative measures are needed for the covered segment. Sections 192.919 and 192.921(a) further require that the operator explain why the particular assessment method for each segment was selected to address the identified threats to each covered segment. Specifically, § 192.921(a) requires the operator to select the method or methods best suited to address the identified threats to the covered segment (pipeline), which include internal inspection tool[s], pressure test, direct assessment, or other technology that an operator demonstrates can provide an equivalent understanding of the condition of the pipeline. More than one assessment method may be required to address all the threats to the covered pipeline segment. Section 192.935 requires that an operator take additional measures beyond those already required by Part 192 to prevent a pipeline failure and to mitigate the consequences of a pipeline failure in a HCA. An operator must base the additional measures on the threats the operator has identified to each pipeline segment. This section requires that an operator conduct, in accordance with one of the risk assessment approaches in ASME/ANSI B31.8S, section 5, a risk analysis of its pipeline to identify additional measures to protect the HCA and enhance public safety.

Advisory Bulletin (ADB-11-01)

To: Owners and Operators of Hazardous Liquid and Gas Pipeline Systems.

Subject: Establishing Maximum Allowable Operating Pressure or Maximum Operating Pressure Using Record Evidence, and Integrity Management Risk Identification, Assessment, Prevention, and Mitigation.

Advisory: To further enhance the Department's safety efforts and implement the NTSB's January 3, 2011, recommendation to PHMSA [P-10-1], PHMSA is issuing this Advisory Bulletin concerning establishing MAOP and MOP using record evidence and integrity management; threat and risk identification; risk assessment; risk information collection, accuracy and integration, and identification and implementation of preventive and mitigative measures.

I. Establishing MAOP or MOP Using Record Evidence

As PHMSA and NTSB recommended, operators relying on the review of design, construction, inspection, testing and other related data to calculate MAOP or MOP must assure that the records used are reliable. An operator must diligently search, review and scrutinize documents and records, including but not limited to, all as-built drawings, alignment sheets, and specifications, and all design, construction, inspection, testing, maintenance, manufacturer, and other related records. These records shall be traceable, verifiable, and complete. If such a document and records search, review, and verification cannot be satisfactorily completed, the operator cannot rely on this method for calculating MAOP or MOP. Copies of the recommendations issued by NTSB to PHMSA, PG&E, and the California Public Utilities Commission, are available in the public docket and at PHMSA's Web site: http://www.phmsa.dot.gov/pipeline/regs/ntsb.

II. Performing Risk Identification, Assessment, Data Accuracy, Prevention, and Mitigation

Pipeline operators are reminded of their responsibilities to identify pipeline integrity threats, perform rigorous risk analyses, integrate information, and identify, evaluate, and implement preventive and mitigative measures as required by the Federal pipeline safety regulations. Operators should thoroughly review their current IM programs and make any changes necessary to become fully compliant with the Federal pipeline safety regulations. Future, PHMSA inspections will place emphasis on the areas noted in this Advisory Bulletin.

Operators are also advised that PHMSA and its State partners intend to sponsor a public workshop on threat and risk identification, risk assessment, risk information collection and integration, and identification of preventive and mitigative measures. The purpose of the workshop will be to expand the industry's knowledge base about effective IM programs. At this workshop, PHMSA will discuss the progress it has seen and the challenges remaining. Operators with demonstrably effective programs will be invited to share information. Public participation will be encouraged.

A. Risk and Threat Identification

PHMSA emphasizes the need for operators to be fully cognizant of the physical and operational characteristics of their systems, understand the threats to their systems, and the risks posed by their systems. Each operator is ultimately responsible for identifying all risk factors and cannot rely solely on the factors in § 195.452(e) and Appendix C of Part 195 or § 192.917. Any operator of a hazardous liquid or gas transmission pipeline that is not fully cognizant of the location, pipe material and seam type, coating, cathodic protection history, repair history, previous pressure testing, or operational pressure history, and other assessment information, incident data, soil type and environment, operational history, or other key risk factors of a pipeline operating at or above 30% SMYS should (1) institute an aggressive program as soon as possible to obtain this information, (2) assess the risks, and (3) take the proper mitigative measures based upon the operator's IM program risk findings. In addition, if these operators do not have verified information on key risk factors, an immediate and interim mitigation measure that should be strongly considered is a pressure reduction to 80 percent of the operating pressure for the previous month, hydro testing the pipeline or creating a remediation program to identify threat risks. Operators of transmission pipelines operating below 30% SMYS should also conduct an integrity threat and risk review of these pipelines to ensure safety in HCAs. PHMSA will require an operator that has not adequately identified all threats to take mitigative measures.

B. Risk Assessment

Operators are advised to re-examine the basis for their IM assessment, as well as their MAOP or MOP calculations and documentation to meet Federal regulations in 49 CFR Parts 192 and 195. Operators must consider all significant risk factors in their risk assessments; conduct risk assessments capable of supporting identification of preventive and mitigative measures; integrate into their threat and risk assessments all relevant risk information from prior integrity assessments, inspections, investigations, and incidents with design, construction, operational and maintenance data; to critically analyze the integrated data and incorporate the analysis into their risk assessments and integrity-related decision making; update and maintain their risk information; and to ensure that the risk information is made available throughout the organization in a form that can effectively support decisions on integrity assessment methods, tools, process and procedure changes, and schedule during the required periodic evaluations of pipeline integrity. PHMSA and its State partners intend to verify that operators have taken these actions during the course of future pipeline safety inspections and investigations.

C. Data Accuracy

Operators must review and scrutinize pipeline infrastructure documents and records, including but not limited to, all as-built drawings, alignment sheets, specifications, and all design, construction, inspection, testing, material manufacturer, operational maintenance data, and other related records, to ensure company records accurately reflect the pipeline's physical and operational characteristics. These records should be traceable, verifiable, and complete to meet §§ 192.619 and 195.302. Incomplete or partial records are not an adequate basis for establishing MAOP or MOP using this method. If such a document and records search, review, and verification cannot be satisfactorily completed, the operator may need to conduct other activities such as in-situ examination, pressure testing, and nondestructive testing or otherwise verify the characteristics of the pipeline when identifying and assessing threats or risks.

D. Risk Mitigation and Prevention

PHMSA advises operators to implement a robust IM process that includes methods best suited to address the threats and risks identified (§ 192.921(a) and § 195.452(f)). Operators must use post assessment and continuing evaluation processes to evaluate program effectiveness in identifying threats, addressing threat preventative and mitigative measures, and providing internal IM program feedback of assessment findings so the assessment process can be updated based upon threat findings.