This week’s Pipeliners Podcast episode features Mallory Gill discussing program management and its common challenges, what ComplyMgr is, its benefits, and where the industry is headed as far as control room auditing.
In this episode, you will learn about the challenging aspects of fitting into compliance, why it is important to be careful when doing PHMSA inspection protocol research, and how there is always a way to simplify and streamline a process.
Streamlining Compliance and Safety Program Management Show Notes, Links, & Insider Terms:
- Mallory Gill is a Sr. Regulatory Analyst with EnerSys Corporation. Over the past two and a half years, Mallory has developed subject matter expertise in Control Room Management. She manages a CRM Support program for control room operators who want to strengthen their compliance state and maintain audit readiness year-round. Mallory is also the product manager for ComplyMgr, a document revision tool which streamlines audit prep, enables operators to self-assess their compliance state, and improves revision control practices. Connect with Mallory on LinkedIn.
- EnerSys Corporation is a frequent sponsor of the Pipeliners Podcast. Find out more about how EnerSys supports the pipeline control room through compliance, audit readiness, and control room management through the POEMS Control Room Management (CRM Suite) software suite.
- Schedule a control room compliance audit preparation consultation with EnerSys.
- ComplyMgr is a software module from EnerSys that simplifies PHMSA compliance and streamlines the PHMSA audit process for pipeline operators.
- The CRM Rule (Control Room Management Rule as defined by 49 CFR Parts 192 and 195) introduced by PHMSA provides regulations and guidelines for control room managers to safely operate a pipeline. PHMSA’s pipeline safety regulations prescribe safety requirements for controllers, control rooms, and SCADA systems used to remotely monitor and control pipeline operations.
- PHMSA (Pipeline and Hazardous Materials Safety Administration) ensures the safe transportation of energy and hazardous materials.
- Control Room Management is regulated by PHMSA under 49 CFR Parts 192 and 195 for the transport of gas and hazardous liquid pipelines, respectively. PHMSA’s pipeline safety regulations prescribe safety requirements for controllers, control rooms, and SCADA systems used to remotely monitor and control pipeline operations.
- MOC (Management Of Change) focuses on planning the processes in a system, the type and quality of changes required, the risks associated with the plan for change, and the people that will be impacted by the change so that it is clearly communicated to stakeholders.
- Gap Analysis is the means by which a company can recognize its current state—by measuring time, money, and labor—and compare it to its target state. By defining and analyzing these gaps, the management team can create an action plan to move the organization forward and fill in the performance gaps.
- 49 CFR governs the domestic transportation of hazardous materials for all forms of transportation to, from, and within the United States. Title 49 includes nine volumes.
- O&M (Operation & Maintenance) is a comprehensive approach to performing pipeline tasks related to the operation and maintenance of gas and liquid pipeline systems. A robust O&M program provides personnel with the knowledge and understanding of each situation to enable them to correctly assess the situation and take corrective action.
- CRMP (Control Room Management Plan) captures the policies and procedures that are to be followed in the control room to ensure the safe operations of pipeline assets. Operators that are subject to the PHMSA CRM Rule are required to have a CRMP.
- SCADA (Supervisory Control and Data Acquisition) is a system of software and technology that allows pipeliners to control processes locally or at remote locations.
- Alarm management is the process of managing the alarming system in a pipeline operation by documenting the alarm rationalization process, assisting controller alarm response, and generating alarm reports that comply with the CRM Rule for control room management.
- Valve and Rupture Rule is a newly updated PHMSA regulation. This rule establishes requirements for rupture-mitigation valves, such as spacing, maintenance and inspection, and risk analysis. The final rule also requires operators of gas and hazardous liquid pipelines to contact 9-1-1 emergency call centers immediately upon notification of a potential rupture and conduct post-rupture investigations and reviews.
- Pipeline SMS (Pipeline Safety Management Systems) or PSMS is an industry-wide focus to improve pipeline safety, driving toward zero incidents.
- AGA (American Gas Association) represents companies delivering natural gas safely, reliably, and in an environmentally responsible way to help improve the quality of life for their customers every day. AGA’s mission is to provide clear value to its membership and serve as the indispensable, leading voice and facilitator on its behalf in promoting the safe, reliable, and efficient delivery of natural gas to homes and businesses across the nation.
- The annual AGA Operations Conference is the natural gas industry’s largest gathering of natural gas utility and transmission company operations management from across North America and the world. During the conference, participants share technical knowledge, ideas, and practices to promote the safe, reliable, and cost-effective delivery of natural gas to the end-user.
- KPI (key performance indicator) is a measurable value that is intended to show how well a business is adhering to its business model and strategies.
Streamlining Compliance and Safety Program Management Full Episode Transcript:
Russel Treat: Welcome to the “Pipeliners Podcast,” Episode 262, sponsored by Gas Certification Institute, providing standard operating procedures, training, and software tools for custody transfer measurement and field operations professionals. Find out more about GCI at GasCertification.com.
[background music]
Announcer: The Pipeliners Podcast, where professionals, Bubba geeks, and industry insiders share their knowledge and experience about technology, projects, and pipeline operations.
Now your host, Russel Treat.
Russel: Thanks for listening to the Pipeliners Podcast. I appreciate you taking the time. To show that appreciation, we give away a customized YETI tumbler to one listener every episode. This week, our winner is Jon Russell with the Clearwater Gas System. Congratulations, Jon. Your YETI is on its way. To learn how you can win this signature prize, stick around till the end of the episode.
This week, Mallory Gill with EnerSys Corporation is joining us to talk about streamlining compliance and safety program management. Hey, Mallory. Welcome to the Pipeliners Podcast.
Mallory Gill: Thanks for having me, Russel.
Russel: You were strongly recruited. I’ll just say it that way.
Mallory: [laughs]
Russel: Oh goodness. For the listeners that don’t know, Mallory and I work together. This is one of those situations where she was volun-told, I guess that she gets to be on the…
Mallory: It was an email. You’re going to be on the podcast.
Russel: That’s right. There wasn’t much of a negotiation. Before we get too much further, why don’t you tell us a little bit about your background and what you do, and how you got involved with pipelining?
Mallory: I have been with EnerSys for two years and some change now, recruited right out of Texas A&M. Gig ’em.
Russel: Whoop.
Mallory: Very grateful. You guys have basically built a foundation for me in this industry, and taught me everything that I know about oil and gas and compliance. My official title with EnerSys is Senior Regulatory Analyst.
I do a lot of work with control room management, control rooms, and control room managers, to help them implement all of the 11 tenets of the CRM program. Started out in an administrative role and, over time, have been developing my subject matter expertise in that space.
Russel: You worked with us as an intern one summer and then for quite a while as you were completing your degree. You’ve actually been with us longer than just the time you’ve been a full-time employee.
Mallory: For sure. That’s ideal. It makes it so much easier, coming out of college, to get into the working world and especially with EnerSys.
Russel: It’s OK. What I would say, Mallory, is that you came out. You have just demonstrated a real ability to learn and lean in. You’ve got a communications background in education.
There’s a lot about what we do in regulatory compliance that’s very communication centric. It’s really about helping people get written down and communicate to the team what it is we’re supposed to do.
We’re very fortunate, in that Mallory, runs point with our product called ComplyMgr. ComplyMgr was recently selected as a finalist for the 2022 Pipeline & Gas Journal Awards. It’s a product we built to streamline and automate – maybe it’s not a great word – streamline and automate safety program management.
Maybe a good place to start is just to talk a little bit about what is program management and what are the challenges of program management in the pipeline space. How would you answer that question? What is program management?
Mallory: There are a few ways to approach program management. There’s the obvious, which is getting your policies and procedures in order and getting those in line with federal and/or state regulations. That’s your foundation for building your program.
It’s the best place to start for anyone who’s looking to build a new program or who maybe has an existing program and wants to update or clean-house a bit. Coming back to what’s written in the rule and developing policy and procedure against that is the best place to start.
Russel: Yeah, that’s pretty fundamental. I guess my definition and just simply stated is it’s all the policy and procedure, the writing work that you do to find your program. That’s never as easy as it sounds, at least in my experience. There are lots of challenges.
As you’ve been learning this business, what would you say some of the biggest challenges you’ve found in doing this kind of work are?
Mallory: What you just said, it sounds so simple to say build your CRM, build your control room management plan. Anyone who spent some time out there who works in compliance is familiar with the PHMSA site will tell you that there are lots of different interpretations of the rule.
Rules are written in one context. There’s typically an event that will spur the passing of a law, which leads to a new rule or regulation. That’s just one context, but it may not be a “one size fits all” for all the different operators who are trying to comply with that rule.
They have to find a way to make that rule fit for them and to make their policy and procedure reflect what’s written in that rule in the context of their own operations. That tends to be pretty challenging for a lot of operators.
Russel: Why do you think that’s so challenging? Because I agree with you. I think that’s a lot more challenging than somebody who wasn’t doing it would realize that it actually is. Why do you think that’s the case?
Mallory: It’s a great question. It can be difficult to figure out where to start. It just feels like a mountain of information to digest, and it can be super overwhelming. That’s the easiest answer is just that it’s a lot to wade through to make sense of without maybe someone who has the experience to lead you through that.
Russel: Yeah, something as simple as just trying to find the regulation and the supporting information behind it. Just trying to navigate through the PHMSA site. PHMSA has got a lot of great information on the site, but boy, I’ve gone down deep, dark rabbit holes trying to find stuff from time to time.
I know others who’ll get on PHMSA just immediately go right to what they’re looking for. I don’t know how they do that.
Mallory: Yeah, it’s funny actually. Anyone who works in compliance will say the exact same thing. Anyone who has to do any work with PHMSA knows – I’m not bashing PHMSA at all here, don’t get mad at me – the website is certainly difficult to navigate.
There is a ton of helpful information out there if you know how to find it. Then even still, when I started out and I was learning and trying to compile all of this information, I would have 30 tabs open at a time. Actually, Ross Adams, who’s been on this podcast before, he’s my direct supervisor.
I’ve called him in a panic on more than one occasion because I navigated to the wrong PHMSA link and was using outdated versions of the inspection protocols. To me, I’m an intern with very little “big picture” at this time. I’m like, “Oh my gosh, this is the end of the world.”
In my case, not the end of the world, but for operators who are trying to develop their program and have so much to deal with already, and all of this work piling up and just the fact that you could so easily navigate to the wrong link is just…
Russel: Problematic.
Mallory: …problematic for sure, yeah, and discouraging. It can be a little disheartening when you’re like, “Ugh, I’m trying to do everything right. I’m trying.”
Russel: That’s very well said, Mallory. I have certainly had that experience too. Probably didn’t have as visceral a reaction as maybe you have, but I’ve certainly gone and spent much time and, “Oh, here it is.” and started working and then find out, “Nope, I’m not working with the right thing.” It’s very frustrating.
Mallory: Then you have to close your laptop and walk away for a little bit. It’s just how it goes.
Russel: I know. That’s so true. I want to talk a little bit about the history because a lot of this happened even before you joined our company. We started in 2009 trying to understand control room management. It’s my first real detailed exposure to pipeline safety and PHMSA rules and all that kind of stuff.
We were trying to learn. Between 2010 when the rule was first published and probably 2014, we had a bunch of CRM assessments. Go to a control room, talk to them about what they’re doing, and we’re doing it all on spreadsheets.
That seemed easy. Man, that broke down in a hurry. You go through it, then you get it all the way you want it, and then you do the things you need to do, and then six or nine months later you’re like, “OK, I need to go back.” and I’m like, “I can’t find the spreadsheet.”
Or I find the spreadsheet and I’m not sure I have the most recent fully commented version. It just seemed like there was a lot of thrash.
Mallory: Then even if you do have the spreadsheet, what are you doing with it? How are you analyzing it? What metrics are you using to gauge over time how you might be improving? That comes back to your point there, depending on how you’ve built your program, part of that effort is just tracking down all of the documents that you may have in various locations.
If you’re really good, maybe you have one file in a file share and SharePoint, and that’s where everything related to your program is housed. That’s where you’re going to go in an audit, and that’s where you’re going to find all the information that the auditor’s going to ask about.
That’s not the case with all of the operators that I’ve found. It’s in various locations. Historical data may not be in the same place as where you’re currently housing revisions. I think that’s a challenge as well. Having a firm governing document and clear references to these other procedures and forms that you may be using during an inspection.
Then also relating all of that back to the rule in determining, “Do I really need all of this information? Is it helpful? Is it getting me closer to being in compliance, closer to operating safely? Is it clear?” All of that can be challenging too.
Russel: I think too, when you start talking, you said something you skipped over, but you talked about understanding how you’re getting better over time. That’s extraordinarily hard to do. Just using the spreadsheet approach to do analysis.
You can do a pretty good job of understanding where you are at a point in time. Seeing that progression over time starts to get really challenging, I think. Then the other thing is managing change. When a rule change comes out, understanding where are all the places in your program that you’ve got to review and assess to determine if you need to make changes. That’s a big deal.
Mallory: Oh yeah.
Russel: Maybe we ought to talk a little bit about ComplyMgr, what it is and what it does. What is ComplyMgr and what are some of its features? What does it do? How does it address all these challenges?
Mallory: At a very high level, ComplyMgr is a tool for performing self-assessments. We call them compliance reviews. Some people call them gap analyses, or mock audits. It’s a tool for performing self-assessments, assessing the state of your program against the official PHMSA inspection sets, against 49 CFR, against the governing documentation, the FAQs, and then it’s also a tool for document control.
Those in compliance, you know how important it is to abide by certain processes when you’re updating your program documents. Most of you will probably be using management of change – MOC – processes. It’s a tool that helps to capture changes in your program documents over time.
Doing so enables you to show the places where you’re improving in direct response to maybe a finding and a compliance review. As you’re doing these self-assessments in the tool, how are you responding as you update your program documents?
When you do your annual program review, can you see evidence that you are closing gaps based on an assessment that you may have performed on your program against what PHMSA is looking for?
Russel: It’s interesting. As we started, we were focusing on control room management, and it was not uncommon we’d come to certain parts of the requirements for control room management, and they would be addressed in multiple program documents.
There might be a part in emergency response, there might be a part in O&M, there might be a part in the control room management piece. Just getting a handle on where the answers existed was a challenge.
Then once we got through the part where we started identifying corrective actions, whether that was just changes in wording or modifications to what we were doing or whatever that was. Being able to track that and stay on top of it, it ate our lunch, to be frank. It was just really challenging.
As we began to get it into a software tool, it’s like, “Oh, not only does that get easier, but the other thing I could see is here was my snapshot two years ago. Here’s my snapshot this year. Here’s where compliance-wise, I’m getting better, here’s where I’m falling off. It just gave you a whole different perspective on how you’re doing.
Mallory: It’s not uncommon for maybe different safety programs and operator’s documentation to answer bits and pieces of other safety programs. That’s not uncommon, but what you really need to know is each of my safety programs, can they stand alone and holistically address all of the requirements of that safety program.
Russel: That’s a really great point. I want to unpack that a little bit. I’m sorry I interrupted you. Go ahead.
Mallory: No. Yeah, it is very important because you have documents scattered all over the place, and it may be answered here and there. If you’re in an inspection and the auditor says, “I want to look at your – I want to see where you’re answering this question. Where are you addressing this requirement?”
Typically, they want to see that in some form of a governing document like a CRMP for the control room management safety program. That’s the one I’m most familiar with, so that’s the one I’m probably going to reference throughout this.
It’s the same thing for all the other safety programs too, from what I’ve seen. There’s typically one governing document with supplemental documentation that addresses other requirements.
Russel: It might be helpful for the listeners if we talked about a specific. Whenever we start getting into this conversation, I like to talk about alarm management because it’s one of those things that cuts across multiple departments within a pipeline operator.
It’s going to touch field people. It’s going to touch SCADA. It might touch IT. It’s going to touch control room. It might touch process safety. It wouldn’t be uncommon for some of the questions and the protocol, if you’re looking for the answers, to exist in policies and procedures for multiple departments. Procedures are where people are doing the work.
Mallory: I was going to say, I don’t think we have enough time to fully unpack alarm management. That one’s kind of a beast. That one is a pretty unique tenet of CRM. There will probably be parallels in all other safety programs. It requires coordination between multiple departments.
Part of the issue there is having that governing documentation, reconciling that with all of the different departments that need to be involved in that, and then buy-in, having everyone say, “Yeah, this is how we’re going to approach it.” It’s way easier said than done.
Russel: One of the ways that ComplyMgr addresses that is it allows you to go from the audit protocol, link back to the rule and the frequently asked questions and any standards that might apply, and then, from there, to the policies and procedures that address the requirement of the rule.
When those requirements are scattered around, it allows you to put them where it makes sense to get the work done and yet still maintain visibility from a single point. That’s a pretty powerful capability, I think.
Mallory: I agree. I think that what we find most often is that, specifically for alarm management, there may be procedures and policies all over the place. Then when you see them side by side the way that ComplyMgr allows you to, it forces you to ask the question, “Does it make sense to have this in all of these different locations, or can we simplify?”
Most often, the answer is we can simplify, and we can do it pretty easily. It’s really just a matter of having the capability to look at everything side by side and then bringing it back to the rule itself and the inspection question and what is the point of this question.
Russel: How does this relate to the management of change? One of the things that we’re certainly getting a lot of questions about right now is the whole rupture mitigation and valve rule, where that particular change is actually impacting multiple pieces. It’s one rule change, but it’s actually in multiple different safety programs.
It lands in a lot of places in the code. Doing the analysis to determine what needs to change in my program, how does a tool like ComplyMgr facilitate that?
Mallory: That’s a great question and a great point. In ComplyMgr, we have what we call change sets, which is really just a sophisticated method for tracking individual changes to your program documents.
I think the most valuable part of that is – I touched on it earlier – first, being able to evidence where you’re changing your program documents, what types of changes were made, and historical data. Auditors love looking at historical data and records, so the change sets capture all of that.
To your point about having multiple departments having to weigh in on changes, the change set process does speak to that. We have a review process whereby you can group sets of documents, and as you make changes to them, you can require that individuals sign off on those changes.
Lately, with my CRM support clients I’ve been having them include tying it all in together, including the MOC number associated with these changes within the change set as well.
I think of it as a checkpoint that documents don’t get published and put into circulation without all of the necessary people saying, “Yes, I approve this change.” It basically comes back to that conversation of buy-in.
That everybody who needs to weigh in on it does. Then in doing so, it creates the record too. You can show that as evidence of compliance too, that you’re soliciting input from – I can’t speak to the rupture and valve as much – but for alarm management for sure, you can evidence that you solicited input from your SCADA team, from engineering, from field ops.
Russel: Because all of that is existing in the tool and is stored for posterity, including all of the comments and the reconciliation of those comments and all that type of thing.
Mallory: Exactly.
Russel: Auditors just love that stuff. They just absolutely love that stuff.
Mallory: Yeah, I love it too. It makes me very excited when I can show those kinds of records to an auditor. We have a little moment where we geek out about it and I’m like, “I think I’m in the right job.”
Russel: Definitely. What do you think is next for ComplyMgr? Where do you think that’s going in the future and what kind of things are customers asking for, and how do you think that the value proposition can be improved?
Mallory: We do have an offering for PSMS. We would like to, as that safety program matures and develops in the industry, we too would like to improve our offering around that. PSMS was a pretty big topic of conversation at the last AGA conference.
People are really starting to take PSMS pretty seriously, and I’m excited to see how ComplyMgr can move into that space and help operators mature their program. Again, that progress over time, continuous improvements, is the name of the game with every safety program.
I feel, especially with PSMS, I’m excited to see how ComplyMgr can evidence that certain metrics and KPIs are being met, and basically just mature that offering.
Russel: Yeah, I think you’re saying a mouthful there, Mallory. Because I agree with you. There are a lot of opportunities. I’ve been working on a safety manifesto that is maybe how I would frame it, but the idea is simply that I want to try and define what good safety looks like for a pipeline operator, and then use that as a mechanism for building and maturing our tools.
One of the things that comes up for me is I think compliance is a predicate for safety. I can’t really improve if I’m not doing a good job of compliance. I need to start there. I need to get that under control, that I need to get that to the point that I’m doing what I think I need to do in that domain.
That’s not necessarily that easy, really. A lot of us still have a ways to go, but the point – I’m babbling and I apologize – but I think that the point of this whole conversation is that there’s a lot of opportunity for, if you can really get good at compliance, then that creates capacity to focus on safety.
Then you start asking questions that are more, “Am I doing the right thing?” versus, “Am I doing what the rule says I need to do?” That is a different level of questioning. If I’m starting to make changes to my program, I need to make sure I capture why I think that’s the right thing, and I need to document in my management of change, the change I’m making and the rationale.
Then I’m actually advancing to that next level, which is quality management of my program, which is basically what pipeline safety is. I’m looking to get intentionally better and sometimes beyond just incremental change, looking at some fundamental questions.
Mallory: Yeah, that’s an excellent point.
Russel: I’m excited about what the future might be around all those things. What would you want pipeline operators to take away from this conversation we’re having?
Mallory: First of all, you’re not alone. A lot of what we see operators struggle with are not isolated incidents. It’s not isolated to one operator. The difficulties in maintaining a program and being in compliance tend to replicate themselves and in many different operations.
I think that we have a pretty good handle on how to streamline some of that. Ultimately, at the end of the day, I just want to make operators’ jobs and lives easier because the less time that they’re spending, figuring out how to get into compliance.
I say this, sometimes compliance is a bit of just checking the box. I believe very fundamentally in safety and operating safely. I think if we can simplify the being in compliance part, it gives operators more bandwidth to figure out how to operate safely, and actually implement those processes in a way that is meaningful within the industry.
As far as a takeaway for operators, we hope that we can help. It doesn’t have to be so difficult and painful. Yeah, I don’t know. Russel, what do you think? What would be your takeaway for anyone listening to this?
Russel: You make a bunch of great points. One takeaway is regardless of what you’re doing as a process, there’s always a way to simplify it, improve it, and streamline it. The other thing I’d say is people who have a knowledge of the problem that you’re trying to solve versus just having a toolset and they know how to use it.
It’s one thing to know everything there is to know about a hammer, it’s another thing to know how to build a house, or frame a wall. I think that beyond looking for a toolset, look for a toolset that does the job that you’re trying to do.
Anybody who’s a bit of a gearhead or a tool guy, and I would certainly say I’m that kind of nerd, knows there are all kinds of tools and there’s nothing like having the right tool. When you have the right tool, everything gets easy for sure. I think that’s how I’d probably frame it.
Look, thanks for coming on board. Thanks for being here, your first time on the Pipeliners Podcast. I think you did great and look forward to having you back.
Mallory: Thanks, Russel. Thanks for having me, and I look forward to being back soon.
Russel: I hope you enjoyed this week’s episode of the Pipeliners Podcast and our conversation with Mallory. Just a reminder, before you go, you should register to win our customized Pipeliners Podcast Yeti Tumbler. Simply visit PipelinePodcastNetwork.com/Win and enter yourself in the drawing.
If you’d like to support the podcast, the best way to do that is to leave us a review, and the best place to do that is on Apple Podcasts. You can find instructions at PipelinePodcastNetwork.com.
If you have ideas, questions, or topics you’d be interested in hearing about, please let me know either on the Contact Us page at PipelinePodcastNetwork.com or reach out to me on LinkedIn. Thanks for listening. I’ll talk to you next week.
Transcription by CastingWords