Current through Register Vol. 47, No. 12, March 26, 2025
(a)
General.
(1) This section applies to each
operator of a pipeline facility with a controller working in a control room who
monitors and controls all or part of a pipeline facility through a SCADA
system. Each operator must have and follow written control room management
procedures that implement the requirements of this section, except that for
each control room where an operator's activities are limited to either or both
of:
(i) distribution with less than 250,000
services; or
(ii) transmission
without a compressor station, the operator must have and follow written
procedures that implement only subdivisions (d) (regarding fatigue) and (i)
(regarding compliance and deviations) of this section.
(2) The procedures required by this section
must be integrated, as appropriate, with operating and emergency procedures
required by sections 255.605 and
255.615 of this Part. An operator
must develop the procedures no later than August 1, 2011 and must implement the
procedures according to the following schedule. The procedures required by
subdivision (b), paragraphs (c)(5), (d)(2) and (d)(3), and subdivisions (f) and
(g) of this section must be implemented no later than October 1, 2011. The
procedures required by paragraphs (c)(1) through (4), (d)(1), (4), and
subdivision (e) of this section must be implemented no later than August 1,
2012. The training procedures required by subdivision (h) of this section must
be implemented no later than August 1, 2012, except that any training required
by another subdivision of this section must be implemented no later than the
deadline for that subdivision.
(b) Roles and responsibilities. Each operator
must define the roles and responsibilities of a controller during normal,
abnormal, and emergency operating conditions. To provide for a controller's
prompt and appropriate response to operating conditions, an operator must
define each of the following:
(1) a
controller's authority and responsibility to make decisions and take actions
during normal operations;
(2) a
controller's role when an abnormal operating condition is detected, even if the
controller is not the first to detect the condition, including the controller's
responsibility to take specific actions and to communicate with
others;
(3) a controller's role
during an emergency, even if the controller is not the first to detect the
emergency, including the controller's responsibility to take specific actions
and to communicate with others; and
(4) a method of recording controller
shift-changes and any hand- over of responsibility between
controllers.
(c) Provide
adequate information. Each operator must provide its controllers with the
information, tools, processes and procedures necessary for the controllers to
carry out the roles and responsibilities the operator has defined by performing
each of the following:
(1) implement sections
1, 4, 8, 9, 11.1, and 11.3 of API RP 1165 (as described in section
10.3 of this Title), whenever a
SCADA system is added, expanded or replaced, unless the operator demonstrates
that certain provisions of sections 1, 4, 8, 9, 11.1, and 11.3 of API RP 1165
are not practical for the SCADA system used;
(2) conduct a point-to-point verification
between SCADA displays and related field equipment when field equipment is
added or moved and when other changes that affect pipeline safety are made to
field equipment or SCADA displays;
(3) test and verify an internal communication
plan to provide adequate means for manual operation of the pipeline safely, at
least once each calendar year, but at intervals not to exceed 15
months;
(4) test any backup SCADA
systems at least once each calendar year, but at intervals not to exceed 15
months; and
(5) establish and
implement procedures for when a different controller assumes responsibility,
including the content of information to be exchanged.
(d) Fatigue mitigation. Each operator must
implement the following methods to reduce the risk associated with controller
fatigue that could inhibit a controller's ability to carry out the roles and
responsibilities the operator has defined:
(1)
establish shift lengths and schedule rotations that provide controllers
off-duty time sufficient to achieve eight hours of continuous sleep;
(2) educate controllers and supervisors in
fatigue mitigation strategies and how off-duty activities contribute to
fatigue;
(3) train controllers and
supervisors to recognize the effects of fatigue; and
(4) establish a maximum limit on controller
hours-of-service, which may provide for an emergency deviation from the maximum
limit if necessary for the safe operation of a pipeline facility.
(e) Alarm management. Each
operator using a SCADA system must have a written alarm management plan to
provide for effective controller response to alarms. An operator's plan must
include provisions to:
(1) review SCADA
safety-related alarm operations using a process that ensures alarms are
accurate and support safe pipeline operations;
(2) identify at least once each calendar
month points affecting safety that have been taken off scan in the SCADA host,
have had alarms inhibited, generated false alarms, or that have had forced or
manual values for periods of time exceeding that required for associated
maintenance or operating activities;
(3) verify the correct safety-related alarm
set-point values and alarm descriptions at least once each calendar year, but
at intervals not to exceed 15 months;
(4) review the alarm management plan required
by this paragraph at least once each calendar year, but at intervals not
exceeding 15 months, to determine the effectiveness of the plan;
(5) monitor the content and volume of general
activity being directed to and required of each controller at least once each
calendar year, but at intervals not to exceed 15 months, that will assure
controllers have sufficient time to analyze and react to incoming alarms;
and
(6) address deficiencies
identified through the implementation of paragraphs (1) through (5) of this
subdivision.
(f) Change
management. Each operator must assure that changes that could affect control
room operations are coordinated with the control room personnel by performing
each of the following:
(1) establish
communications between control room representatives, operator's management, and
associated field personnel when planning and implementing physical changes to
pipeline equipment or configuration;
(2) require its field personnel to contact
the control room when emergency conditions exist and when making field changes
that affect control room operations; and
(3) seek control room or control room
management participation in planning prior to implementation of significant
pipeline hydraulic or configuration changes.
(g) Operating experience. Each operator must
assure that lessons learned from its operating experience are incorporated, as
appropriate, into its control room management procedures by performing each of
the following:
(1) Review incidents that must
be reported pursuant to 49 CFR part 191 to determine if control room actions
contributed to the event and, if so, correct, where necessary, deficiencies
related to:
(iii) the operation of any relief
device;
(v) SCADA system configuration; and
(vi) SCADA system performance.
(2) Include lessons learned from
the operator's experience in the training program required by this
section.
(h) Training.
Each operator must establish a controller training program and review the
training program content to identify potential improvements at least once each
calendar year, but at intervals not to exceed 15 months. An operator's program
must provide for training each controller to carry out the roles and
responsibilities defined by the operator. In addition, the training program
must include the following elements:
(1)
responding to abnormal operating conditions likely to occur simultaneously or
in sequence;
(2) use of a
computerized simulator or non-computerized (tabletop) method for training
controllers to recognize abnormal operating conditions;
(3) training controllers on their
responsibilities for communication under the operator's emergency response
procedures;
(4) training that will
provide a controller a working knowledge of the pipeline system, especially
during the development of abnormal operating conditions; and
(5) for pipeline operating setups that are
periodically, but infrequently used, providing an opportunity for controllers
to review relevant procedures in advance of their application.
(i) Compliance and deviations. An
operator must maintain for review during inspection:
(1) records that demonstrate compliance with
the requirements of this section; and
(2) documentation to demonstrate that any
deviation from the procedures required by this section was necessary for the
safe operation of a pipeline facility.
