Process Safety Management (PSM) – OSHA 1910.119

This topic is part of the SG Systems Global regulatory & operations glossary.

Updated October 2025 • Highly Hazardous Chemicals, Mechanical Integrity, MOC/PSSR, PHAs • EHS, Manufacturing, Engineering, QA/RA

Process Safety Management (PSM) is the U.S. OSHA 29 CFR 1910.119 framework for preventing catastrophic releases of highly hazardous chemicals (HHCs). It is not a paperwork exercise, nor is it “just EHS.” PSM is an operating system that ties engineering design, operational discipline, and organizational learning into a single control loop. If you handle threshold quantities of listed toxics or >10,000 lb of flammables, PSM is law. Even if you sit below thresholds, the practices are common sense: design for safety, operate within known limits, manage change, maintain the hardware, train the people, and learn from near‑misses before they become tragedies. Modern PSM lives inside governed SOPs and digital systems—MES, SCADA/HMI, computerized maintenance—backed by Document Control, audit trails, and disciplined Management of Change (MOC).

“PSM isn’t optional. You either build discipline into design, operations, and change—or you import chaos in the form of incidents, downtime, and regulatory pain.”

1) What PSM Covers—and What It Does Not

Covers: processes involving HHCs at or above threshold quantities; design and operation within documented limits; formal hazard analysis; governed procedures; competency; contractor control; pre‑startup checks; mechanical integrity of vessels, piping, reliefs, instruments; safe work (hot work); rigorous MOC; incident learning; emergency planning; audits. Does not cover: everything safety‑related everywhere. OSHA has separate standards for lockout/tagout, confined space, PPE, etc. PSM complements—but doesn’t replace—sector GMPs (cGMP), ISO 22716, or food safety (HACCP). Treat PSM as your catastrophic‑risk spine; tie other programs into it.

2) Legal, System, and Data Integrity Anchors

OSHA 1910.119 is prescriptive about elements and rigorous about evidence. If it’s not current, controlled, and attributable, you’ll struggle to defend it. Anchor PSM content in governed repositories under Document Control; bind execution to identity and time using audit trails. Calibrated devices and proof‑tested protection layers show status at the HMI. Training is role‑based via a Training Matrix; exceptions and learnings route through CAPA. For regulated industries, PSM records often co‑reside with eBMR and retention rules. Bottom line: uncontrolled files and tribal memory don’t survive incidents—or inspections.

3) The PSM Evidence Pack

A defendable program shows: Employee Participation plan; Process Safety Information (chemistry, P&IDs, design basis, relief calcs, materials of construction, safe limits); Process Hazard Analysis with risk ranking and closure tracking; Operating Procedures (start‑up, normal, temporary, shutdown, emergency, and abnormal response); Training records tied to roles; Contractor vetting and oversight; Pre‑Startup Safety Reviews (PSSR); Mechanical Integrity scope and schedules (vessels, piping, relief systems, instrumentation, controls, emergency shutdowns); Hot Work permits and fire watch evidence; MOC workflow with hazard review and approvals; Incident Investigation with RCA and CAPA; Emergency Planning and drills; Compliance Audits every three years with corrective actions; and a Trade Secrets policy ensuring safety‑critical info is accessible to those who need it. Tie it all with IDs, effective dates, and status so you can prove currency at a glance.

4) From Design to Operations—A Standard PSM Path

1) Define & Collect PSI. Assemble design data, PFDs/P&IDs, relief sizing, SDSs, safe limits, and materials of construction under versioned control.
2) Analyze Hazards. Run PHAs using HAZOP or what‑if/checklists; capture causes, consequences, safeguards, and recommendations with owners/dates.
3) Author Procedures & Train. Create governed SOPs for normal/abnormal/emergency states; train and qualify via the Training Matrix.
4) Build MI Program. Define critical equipment, inspection frequencies, and proof tests. Link work orders to calibration status and alarms.
5) Enforce MOC & PSSR. Any change to chemistry, technology, equipment, procedures, or people runs through MOC with PSSR before startup.
6) Operate, Investigate, Improve. Record deviations/near misses; execute RCA and CAPA; audit triennially; keep PHAs current (≤5 years).

No shortcuts. If a prerequisite is missing—uncertain relief sizing, expired proof test, untrained operator—stop. Make the system block unsafe work rather than rely on heroics after the fact.

5) Process Hazard Analysis—Where Real Risk Is Exposed

PHAs are the engine room of PSM. Use structured methods: HAZOP for node‑by‑node deviations; what‑if/checklists for simpler units; JHA/JSA at the task level. Bring credible SMEs: process engineers, operators, maintenance, EHS. Document initiating causes (e.g., valve failure, control loop drift), consequences (loss of containment, reaction runaway), existing safeguards (relief devices, alarms, interlocks, procedures), and risk ranks. Don’t hand‑wave instrumented protection: prove design basis, proof‑test intervals, and bypass management in the record. Tie PHA recommendations to owners and due dates, and drive closure through CAPA. Revalidate at least every five years, or faster if the process or incident history demands.

6) Operating Procedures & Safe Work Practices

Procedures define safe limits, consequences of deviation, and corrective actions for each state: start‑up (including after turnaround), normal operation, temporary operations, emergency shutdown, and normal shutdown. Keep them concise and job‑usable; embed checks at the HMI; require acknowledgment for critical steps. Link to safe‑work practices such as hot work permitting, line break, confined space, and electrical isolation. Pull chemical hazards and PPE directly from SDS so the procedure, label, and signage match. Govern under Document Control with version/effective dates and training triggers when content changes.

7) Mechanical Integrity—Hardware That Actually Works

Mechanical Integrity (MI) keeps your physical safeguards real. Scope includes vessels, columns, heat exchangers, piping, relief devices, emergency shutdown systems, and instrumentation that makes or breaks containment. Define inspection and test plans by criticality; tie to calibration status for transmitters, switches, and load‑bearing sensors like load cells in storage or feed systems. Evidence must show who performed the work, method, acceptance criteria, results, and next due date. Overdue MI isn’t an administrative detail—it is a risk exposure. If proof tests reveal latent failure, perform RCA, fix the fleet, and update PHAs.

8) Training & Competency—People Who Know the Limits

Competency beats credentials. Build role‑based curricula in a Training Matrix that covers procedures, hazards, emergency response, and change impacts. Track initial qualification, on‑the‑job sign‑offs, and periodic refreshers. For critical tasks (e.g., inhibitor dosing, inerting, relief valve lift checks), require observed demonstrations and dual verification. Contractors need equivalent training on hazards and procedures, and you need proof before they start work. Training without retention and practice is theater—tie refresh to incident patterns and PHA findings.

9) MOC & PSSR—No Silent Changes

Most disasters are “surprises” only to paper programs. Any change to chemicals, technology (including control logic), equipment, procedures, or organization triggers MOC. Classify risk, assess hazards, update PSI/P&IDs and procedures, retrain affected roles, and require approvals before implementation. After physical changes, conduct a Pre‑Startup Safety Review (PSSR) to verify that construction matches design, procedures are current, safeguards are functional, and training is done. Block startup in your digital systems until PSSR is complete. “Temporary change” is the favorite loophole—govern it with explicit duration, controls, and escalation.

10) Contractors, Hot Work & Construction Control

Third parties can amplify risk fast. Vet contractor safety programs; brief them on site‑specific hazards; control access; monitor performance. Hot work in or near processes demands permits, gas testing, isolation, and fire watch. Tie permits to location, scope, and time; embed photos and sign‑offs in the record. For construction and turnarounds, integrate permits with job scheduling and lock status to prevent hazardous overlaps (e.g., welding next to purging). If live change is unavoidable, elevate controls and supervision—document the why, not just the what.

11) Controls, Alarms & Interlocks—From HMI to SIS

Control systems fail silently if you let them. Keep business logic out of PLC safety; put device‑protective interlocks in equipment modules (ISA‑88 phases/modules) and treat safety instrumented functions as design‑level safeguards with proof tests and bypass management. Rationalize alarms; suppress the noise; require acknowledgment for high‑severity; and tie trip setpoints to PSI limits. Display safe limits and consequences on the HMI; don’t make operators guess. When control loops and instruments affect containment or reaction stability, capture their trends in the eBMR or process historian and review them during PHAs and CPV.

12) Incident Investigation & Learning

Zero incidents is a goal; zero learning is a warning sign. Investigate releases, fires, explosions, and near misses promptly. Freeze evidence; build a timeline; collect physical and digital data; and run a structured RCA. Translate causes into actionable CAPA; assign owners and due dates; verify effectiveness. Feed systemic findings back into PHA, procedures, training, and MI. Track repeat findings; repeated deviations are management problems, not operator problems.

13) Metrics That Demonstrate Control

• PHA Action Closure (% closed on time; average age of open actions).
• MOC/PSSR Discipline (on‑time completion; temporary changes expired or extended with justification).
• Mechanical Integrity Overdue (% overdue by class; proof‑test pass rate; bad‑actor list).
• Training Currency (% of critical roles in date; average days beyond due).
• Alarm Health (standing alarms; high‑priority rate; shelved alarm governance).
• Incident Learning Velocity (time from event to RCA/CAPA; repeat cause rate).

These KPIs connect catastrophic‑risk control to operational reality. If they trend the wrong way, you are running on luck. Luck runs out.

14) Common Pitfalls & How to Avoid Them

• Stale PHAs. Revalidate at least every five years and after material changes; close actions, don’t park them.
• “Temporary” bypasses that become permanent. Govern under MOC with strict expiry and monitoring.
• Paper MI. A signed sheet isn’t a proof test—record results, criteria, and next due; block startup if overdue.
• Contractor free‑for‑all. Vet, brief, permit, and supervise. Their risks are your risks.
• Alarm floods. Rationalize; prioritize; test trips; remove nuisance at the root.
• Shadow changes. Tie drawing updates, logic edits, and procedure tweaks to a single MOC number with evidence and training.

15) What Belongs in the PSM Record

Include PSI (chemistry, safe limits, P&IDs, reliefs, design basis), PHA reports and action tracker, current SOPs and safe‑work practices, training matrix and completion, contractor vetting and permits, MI program with schedules/results, MOC dossiers and PSSRs, incident investigations with RCA/CAPA, emergency plans/drills, compliance audits and follow‑ups, and the trade‑secret policy indicating how safety‑critical info is shared. Govern all of it under Document Control and retention rules.

16) How This Fits with V5 by SG Systems Global

Governed PSM Content. The V5 platform manages PSI and procedures under Document Control with IDs, versions, and effective dates. Operators see current limits and consequences at the point of use through HMI/work instructions.

Hard‑Wired Discipline. V5 enforces MOC gates, binds calibration status to execution, and blocks steps when prerequisites fail. Hot‑work and line‑break permits capture photos, gas tests, and signatures inside the lot history.

Integrated Evidence. PHAs, actions, and CAPA live alongside eBMR trends and exceptions; MI schedules and results feed dashboards; training currency is visible by role and cell. EPCIS events connect upstream and downstream impacts for emergency response.

Bottom line: V5 operationalizes PSM—design limits, procedures, interlocks, permits, training, and action tracking are synchronized so catastrophic risk drops while runtime discipline increases.

17) FAQ

Q1. Does PSM apply to my site?
If you handle listed toxics or ≥10,000 lb of flammables in a covered process, yes. Even below thresholds, applying PSM practices to high‑energy/high‑toxicity operations is pragmatic risk control.

Q2. How often must PHAs be revalidated?
At least every five years, sooner if you make significant changes or if incidents/near‑misses signal new hazards or degraded safeguards.

Q3. What’s the difference between MOC and Change Control?
MOC is safety‑focused and required for changes impacting hazards or safeguards; Change Control is broader quality governance. Use one workflow that satisfies both so nothing slips through.

Q4. What does Mechanical Integrity include?
Pressure vessels, piping, relief systems, emergency shutdowns, controls/instrumentation tied to containment or reaction safety, and their proof tests/inspections with criteria and due dates.

Q5. How is PSSR different from PHA?
PHA identifies hazards and safeguards conceptually; PSSR is a field‑level verification before startup that the design is built, documents/training are current, and safeguards function as intended.

Q6. How do I connect PSM with MES/SCADA?
Surface safe limits and procedures in the HMI, bind devices to status, enforce permits and MOC as execution prerequisites, and capture trends/alarms into the batch history for investigation and PHAs.

Related Reading
• Risk & Analysis: HAZOP | JHA/JSA | Risk Management (QRM) | RCA
• Governance & Discipline: MOC | Document Control | Approval Workflow | Training Matrix | CAPA
• Systems & Execution: MES | SCADA | HMI | ISA‑88 Phases & Modules | ISA‑95
• Safety Information & Labels: GHS/SDS | Label Verification | Calibration Status