Change Recognition

In the petrol-chemical industry, SHE programs evolved from multiple sources, such as the American Institute of Chemical

Engineer's Center for Chemical Process Safety. In ExxonMobil, SHE programs are managed through the Operational Integrity

Management System (OIMS), which draws upon those chemical industry bestpractices. OIMS is comprised of eleven key elements

that define aspects of sound SHE operations. OIMS provides for definitions ofwhat is expected as well as providing specific best practices.

Specific OIMS elements are:

  • *

    Management Leadership, Commitment, and Accountability

  • *

    Risk Assessment and Management

  • *

    Facilities Design and Construction

  • *


  • *

    Personnel and Training

  • *

    Operations and Maintenance

  • *

    Management of Change

  • *

    Third Party Services

  • *

    Incident Investigation and Analysis

  • *

    Community Awareness and Emergency Preparedness

  • *

    Operations Integrity Assessment and Improvement

Unfortunately, the petrol-chemical industry—unlike some industries such ascommercial nuclear power where clear SHE-security relationships are mandated—has typically not addressed security matters indevelopment of best practices. For example,

Nuclear Regulatory Commission (NRC) requirement NUREG/CR-1345 is entitledNuclear Power Plant Design for the Reduction of

Vulnerability to Industrial Sabotage and requires facilities to considersabotage scenarios in design. No such recommended practice exists in the AICHE Center for Chemical Process Safetydocumentation.

Even in cases where SHE incidents were derived from security system failures, few industry wide security practices have evolved. The Union Carbide incident at Bohpol, India, is a case in point. Eventhough third party analyses—in over 70,000 pages of incident evaluation data—demonstrated that the incident was driven by a disgruntled insider who sabotaged a process by water injection, few, if any, security best practices have evolved. Instead, the focus shifted to hardware and process

analyses (e.g. what flaws existed in system design that allowed for water injection?).

In ExxonMobil, security best practices were developed in parallel with OIMS programs. Unlike OIMS, many security decisions were derived from a "checklist" approach rather than the OIMS risk-based approach. These separate decision tracks resulted in gaps.

Change Management

In 1995, the Exxon Mobil Security program implemented a qualitative risk assessment process that essentially mirrors the OIMS risk assessment process. That process, known as Safeguards and Security Qualitative Risk Assessment through Risk Scenario

Analysis, is derived from the Los Alamos National Laboratory (United States Department of Energy) developed Military Standard 882c. That standard, first completed in 1982, utilizes a four-tier risk matrix in conjunction with probability and severity tables. It requires a multi disciplined team of five to eight, with a minority of security staff representation, to develop scenarios based on the results of threat analysis, asset identification, interviews and data reviews.

This content is only available via PDF.
You can access this article if you purchase or spend a download.