Operations Integrity Management System

The objectives of this element are to ensure:

• Leadership behaviors and actions required to drive effective application of the Operations Integrity Management System (OIMS) and Operations Integrity Objectives are defined.
• Each business unit has effective management systems and processes to consistently meet Operations Integrity Objectives.
• Management and supervisor accountability is clarified throughout the organization. 

1.1  Leadership behaviors to drive OIMS – Managers and supervisors demonstrate passionate, proactive OIMS leadership behaviors conveying a deep commitment to the well-being of people, communities, the environment, and our facilities.

1.2  Engaged and open environment – Managers and supervisors create an open and trusting learning environment and ensure the workforce is actively engaged and committed to Operations Integrity processes and objectives.

1.3  Risk management behaviors and performance – Managers and supervisors recognize and reward positive risk-management behaviors and confront and correct risk-management performance issues.

1.4  Risk prioritization – Senior managers and business unit managers prioritize and document the depth and breadth of each OIMS system application consistent with their business risk profile. Priority is given to the prevention of fatalities, life-altering injuries and illnesses and serious community or environmental impacts. Business unit prioritization will inform the focus of assessment activities

1.5  Layered risk management - Senior managers and business unit managers ensure there is a systematic, layered approach to effectively manage high consequence risks. For the highest consequence risks, this includes periodic senior management review of risk-reduction opportunities and ongoing safeguard health.

1.6  Critical safeguard health – Managers and supervisors take responsibility for the ongoing effectiveness and verification of critical safeguards and actively utilize leading and lagging indicators to verify and steward the ongoing health of critical safeguards.

• Safeguard health checks are part of routine supervisor responsibilities.
• Safeguards warranting additional layered verification by managers or subject-matter experts because of their potential consequence or complexity are documented and stewarded.

1.7  System and process competency – Senior managers and business unit managers ensure managers and supervisors have the knowledge and skills needed to effectively apply OIMS systems and processes

1.8  Oversight of third-party providers – Managers ensure third-party providers selected to execute high-risk work apply a risk-management system which includes proactive management oversight, visible field leadership, compliance with standards, workforce competency, performance management and proactive verification of critical safeguard health. Where gaps exist, the provider’s system is supplemented to effectively manage risks.

1.9  Human performance – Managers and supervisors consider Human Performance capabilities in facility and work process design and in safeguard development and application. Where the effectiveness of these safeguards is dependent on Human Performance, behaviors are instilled to ensure effective execution. These behaviors include:

• Identifying high-consequence activities.
• Automating or simplifying work processes and tasks to reduce the potential for error.
• Instilling a culture where team members proactively seek help to precisely complete tasks.
• Requiring independent verification for critical tasks.

1.10  Incident and near-miss investigations –Incident and near-miss investigations are designed to determine if managers and supervisors were proactively identifying and correcting performance weaknesses before the incident occurred. This includes the degree to which management understood their risks and addressed the health of associated safeguards, including risk-management performance.

1.11  Evaluations and assessments – Managers evaluate performance relative to Operations Integrity Objectives using a combination of leading and lagging indicators, as well as periodic internal and external assessments. Real-time corrections are made based on insights gained from ongoing indicators. Managers also ensure organizations embrace assessments as learning opportunities, and avoid preparations made solely to improve the assessment score / outcome.

1.12   Oversight of businesses operated by others – Managers responsible for businesses operated by others (OBO) must communicate OIMS principles and promote the use of OIMS or equivalent systems to achieve Operations Integrity Objectives.

The objectives of this element are to ensure:

• Operations Integrity hazards inherent to the business are identified, including hazards to people, communities, the environment, and our facilities.
• The risk(s) associated with these hazards is assessed, communicated, prioritized and mitigated to an acceptable level. 
• Risk management safeguards are identified and mapped to systems to ensure there is a mechanism to maintain the safeguards’ health.
• Decision making associated with risk mitigation and acceptance are made at the right level within the organization and based on thorough analysis

2.1  Risk identification and assessment – Hazards and risks associated with operations are identified and assessed. 

• Risk assessments are conducted for ongoing and transient operations, idled facilities, projects and products to identify and address potential hazards to personnel, communities, facilities, the public and the environment.
• Risk assessments are performed by qualified personnel, including experts from outside the immediate unit as appropriate.
• Major hazards and associated scenarios and safeguards are identified and communicated to the operating organization.
• Risk assessments are updated at specified intervals and as changes occur.

2.2  Risk decision making – Assessed risks are documented and eliminated or mitigated to a safe operating level. 

• Acceptances of mitigated risks are made at the specified level within the organization. 
• The associated scenarios and safeguards are communicated and mapped to the system that will maintain their health over time. 

2.3  Mitigation and management – Risk management decisions and mitigations are implemented and the associated safeguards are sustained.

• The ongoing effectiveness of interconnected safeguards are regularly verified.
• For major hazards, higher consequence potential scenarios and associated critical safeguards are defined and the effectiveness of these safeguards is verified over time.

The objectives of this element are to ensure:

• Risks are identified, assessed, mitigated and communicated during facility design, construction and startup.
• Design and construction meet approved standards, and deviations are approved at the appropriate level within the organization.
• Quality assurance processes are in place during construction to ensure facilities and materials are consistent with design specifications. 
• Readiness to operate is confirmed through execution of a pre-startup review

3.1  Project management system – A project management system is in place to effectively manage all aspects of design, construction and startup of assets. For projects of limited scope and risk, a management of change process can be used to meet this requirement.

3.2  Risk assessments – Project design, construction and startup risks are assessed and mitigated.

3.3  Design and construction practices and standards – The design and construction of new or modified facilities use approved design practices and standards to:

• Meet applicable regulatory requirements.
• Incorporate appropriate requirements where regulations are not adequately protective.
• Consider Human Performance capabilities with an emphasis on recognizing and mitigating error-prone designs and standards.  

3.4  Deviations – Deviations from approved design practices and standards, or from the approved design, is permitted only after review and approval by the designated authority. The rationale for the decision to deviate is documented. 

3.5  Quality assurance – Quality assurance processes are in place to ensure facilities and materials meet design specifications and construction is in accordance with the applicable standards. 

3.6  Pre-startup review – A pre-startup review is performed and documented to confirm:

• Operations Integrity Objectives are met.
• Construction is in accordance with or exceeds specifications.
• Appropriate operations, maintenance and emergency procedures are in place.
• The Operations Integrity safeguards identified during the risk assessment and acceptance are in place and working. 
• Personnel are competent to operate and maintain the facility.
• Regulatory and permit requirements are met.

The objective of this element is to ensure:

• Information and documentation needed to meet Operating Integrity Objectives are accurate, accessible and appropriately retained

4.1  Drawings, records and documentation – Drawings, records and documentation necessary for sound design, operation, inspection and maintenance of assets are accurate, accessible and appropriately retained.

4.2  Inventories of major operations integrity hazards – Inventories of major Operations Integrity hazards and their associated scenarios, and the safeguards preventing them, are accurate, accessible and appropriately retained. 

4.3  Information on the potential hazards of materials – Information on the potential hazards of materials involved in operations is accurate, accessible and appropriately retained. 

4.4  Information on potential hazards associated with products – Information on the potential hazards associated with products, and guidance for their proper handling, use and disposal are documented and communicated.

4.5  Information on laws and requirements – Information on applicable laws and regulations, licenses, permits, codes, standards and practices is documented and kept current.

The objectives of this element are to ensure:

• People are selected and placed consistent with their abilities and job requirements.
• People are trained to achieve and maintain competency.
• Collective competency is maintained over time. 
• Human Performance principles are applied to enable people to successfully perform their work.

5.1  Selection and placement – People are effectively selected, screened (including alcohol and drug screening) and placed to meet specified job requirements.

5.2  Individual training and competence – Initial, ongoing and periodic refresher training is provided to ensure the necessary level of individual competency to meet Operations Integrity related job and legal requirements. Training is designed to ensure the safeguards to prevent or mitigate Operation Integrity risks are understood. In addition, work experience and specified demonstrated performance are considered in the assessment of individual competence. This includes:

• Appropriate training requirements for specific roles.
• Post-training assessment of worker knowledge and skills relative to requirements.
• Maintenance of training materials, documents and records.
• Assessment of training system effectiveness.

5.3  Collective competency – Assessments of the competency of work groups and supervisors are conducted on an appropriate frequency to ensure individual and collective competency to meet Operations Integrity Objectives. This includes ongoing review of team strength to meet daily, real-time Operating Integrity requirements.

5.4  Fitness for work – Ongoing fitness for work is managed. This considers impairment from alcohol and drugs, fatigue, or physical condition.

5.5  Human performance – Human Performance capabilities are considered in the design of work processes and protective measures to reduce the likelihood and impact of human error.

5.6  Operations integrity behaviors – Behavior-based processes are in place and effective in reducing the risk of process safety, personnel safety, health, security and environmental incidents; and is engaging people and influencing the way they think and behave regarding operating risk management. These processes require that individuals and teams:

• Utilize real-time risk assessment techniques to consistently recognize and proactively mitigate hazards.
• Proactively self-identify and eliminate at-risk conditions and behaviors.
• Proactively intervene to address at-risk behaviors of coworkers.
• Participate in a structured observation program. 
• Actively report unsafe conditions, incidents and near misses.
• Record, analyze and address observation findings, at-risk conditions, near misses and incidents.

The objectives of this element are to ensure:

• Procedures and work instructions effectively guide operations, maintenance and construction activities.
• Work to mitigate potential risks associated with operations, maintenance and construction activities is permitted and managed. 
• Interfaces to manage risk associated with simultaneous activities and operations are recognized, managed and operated.
• The mechanical integrity of facilities, equipment and wells is preserved.
• Risks associated with the defeat or degradation of safeguards are managed.
• Governmental and regulatory requirements, applicable laws, permits and external obligations are met.

6.1  Procedures and work instructions – Procedures and work instructions are current and used to ensure effective outcomes of work activities. Procedures consider:

• The level of Operations Integrity risk associated with the work activity and the level of detail and verification needed to meet Operations Integrity Objectives. 
• Operating envelopes.
• Transient operations, as applicable.
• Regulatory requirements.
• Human Performance capabilities, including automating or simplifying processes or tasks to reduce potential for error.

6.2  Management of work – Permitted and non-permitted work activities are managed to meet Operations Integrity Objectives. This includes work planning, communication and authorization at the appropriate level.

• For operations and maintenance work, permit requirements are defined and effectively applied based on the Operations Integrity risks involved.
• The temporary defeat of safeguards is managed to ensure interim safe operation and effective return of safeguards to service.
• Interfaces are managed among work groups performing operations and maintenance work whose interaction introduces potential Operations Integrity risks.

6.3  Interface management – Key interfaces are managed to avoid Operations Integrity incidents that may result from misunderstanding or lack of information. This includes: 

• Shift handover and shift-to-shift communication.
• Management of stacked work, co-located work activities and simultaneous operations.
• Communication and/or coordination within ExxonMobil or with third-parties whose operations impact or are connected to ExxonMobil operations. 

6.4  Mechanical integrity – The integrity of facilities, equipment, structures and wells is tested, inspected and maintained in a manner that meets Operations Integrity Objectives. This includes:

• Inspection and maintenance programs that are consistent with defined equipment strategies and guidelines.
• Quality assurance to ensure materials introduced during maintenance or repair are consistent with specifications and standards.
• Effective management of long-term shutdown or abandonment. 

6.5  Critical equipment – The continued effectiveness of Operations Integrity critical equipment is maintained and verified. This includes managing the temporary disarming, deactivation or other unavailability of critical equipment.

6.6  Safeguard management – Critical safeguards that help prevent or mitigate Operations Integrity scenarios are managed to ensure they remain in place and effective. This includes ensuring:

• Effective interim safeguards are in place when a critical safeguard is unavailable.
• The availability and health of interconnected safeguards when a critical safeguard is unavailable.
• Drills are conducted to reinforce the knowledge and capabilities of people whose actions are part of critical safeguards.

6.7  Operating and environmental obligations – Applicable laws, regulations, permits and other obligations are met. 

• Resulting operating requirements are documented and communicated to individuals and work groups.
• Activities, products or services that can interact with the environment are identified, assessed, and controlled consistent with policy and regulatory requirements.
• Compliance is periodically verified at the appropriate frequency.

The objective of this element is to ensure:

• Changes in operations, procedures, site standards, facilities or organizations are evaluated and managed to ensure Operations Integrity safeguards remain healthy and risks remain at an acceptable level. 

7.1  Management of change – Permanent, temporary and emergency changes are effectively managed and documented. The level of change management is consistent with the level of Operations Integrity risks involved. Managing changes considers:

• Authority for approval of changes.
• Analysis, management, documentation and communication of new Operations Integrity risks and required safeguards.
• Ensuring safeguards for other risks are not compromised by the change.
• Compliance with approved standards and applicable regulations, including permitting requirements.
• Controls and limitations on the scope and duration of temporary and emergency changes.
• Training requirements.

The objectives of this element are to ensure:

• Third-party providers’ performance expectations are established and third parties are selected (and supported, as required) in a manner to meet these expectations. 
• Third-party providers are monitored and held accountable to performance objectives. 

8.1  Evaluation and selection – Third-party providers are screened, evaluated and selected using criteria that includes an assessment of their capabilities to perform work in a manner consistent with Operations Integrity expectations. Gaps in risk-management processes identified during third-party selection are supplemented as necessary to effectively manage Operations Integrity risks.

8.2  Performance requirements – Third-party performance requirements are defined and communicated; and third-party management is held accountable to meet these requirements, including:

• Providing personnel who are appropriately screened, trained, qualified and competent to perform specified duties.
• Proactive management oversight, visible field leadership, enforcement of standards and verification of critical safeguard health.
• Effective application of risk-management processes that are appropriate for the service(s) being provided.
• Effective management of interfaces between ExxonMobil personnel and third-party service providers.

8.3  Performance assessment – Third-party providers are accountable for monitoring, assessing and improving their performance on an ongoing basis. ExxonMobil will monitor third-party performance, conduct observations and provide feedback on the adequacy of third parties’ monitoring and assessment activities.

The objectives of this element are to ensure:

• Higher consequence potential incidents, events and near misses are thoroughly investigated.
• Root causes including failed safeguards are identified. 
• Lessons learned are shared openly and implemented proactively across operating sites and organizations and from other companies.

9.1  Reporting – Operations Integrity incidents and near misses are identified and promptly reported. To ensure reporting is effective:

• Managers and supervisors create a learning environment which encourages reporting.
• People at all levels proactively identify and report incidents and near misses.

9.2  Severity determination – The severity of reported incidents and near misses is determined based on actual and potential consequence. This includes:

• Notifications to management and level of investigation are based on potential severity.
• Investigations that require involvement and direction from Law Department are identified and the Law Department is appropriately engaged.

9.3  Investigation – Incidents and higher severity near misses are investigated and documented in a timely manner. The level of investigation is determined based on potential severity. Investigations include:

• Identification of failed or degraded safeguards, root causes and contributing factors, including the impact of Human Performance principles.
• Determination of whether managers and supervisors were proactively monitoring the health of safeguards and correcting performance weaknesses before the event occurred.
• Development of interim and long-term corrective actions to prevent similar incidents from occurring, with a focus on the root cause of the incident and on the identification of high-impact risk reduction recommendations.
• Development of key learnings for sharing.

9.4  Implementation of actions – Agreed-upon corrective actions are prioritized, implemented and stewarded to closure. Backlogs are managed to ensure corrective action selection, prioritization and implementation processes are effective. A process is in place that ensures corrective actions remain effective. 

9.5  Communication and learning – Incidents and learnings are communicated to employees, contractors and other stakeholders based on risk. This includes sharing with other ExxonMobil organizations in a manner that promotes application of learnings beyond the impacted organization, where appropriate.

9.7  Trend analysis – Incidents and associated root causes are periodically analyzed for trends to develop broader, higher-level learnings and actions.

The objectives of this element are to ensure: 

• Equipment, facilities and personnel are prepared to respond to Operations Integrity emergencies.
• Communities are engaged proactively to build and maintain relationships and manage potential Operations Integrity risks.

10.1  Emergency preparedness – The organization effectively plans, prepares for and responds to Operations Integrity emergencies. 

• Emergency response plans – Plans and procedures are documented, accessible, current and clearly communicated to provide an effective response to incidents, including:
  • Response to incident scenarios.
  • Organizational structure, roles and responsibilities (including relevant external entities).
  • Internal and external communication and interface protocols.
  • Accessibility to personnel, equipment and essential Operations Integrity information.
• Emergency response capability – Equipment, facilities and trained personnel needed for emergency response are defined, readily available and deployable.
• Emergency response drills – Testing of response plans, competency and capability is periodically conducted via a combination of tabletop simulations and field drills, including relevant external entities, as appropriate. Drills periodically test a range of credible scenarios and associated safeguards, including high consequence potential scenarios.
• Learn from experience – Learnings from tabletop simulations, drills and actual incident response are identified, addressed.

10.2  Community risk management – Effective community relationships are developed.

• Community engagement – Relationships with the community are established and maintained to build confidence and demonstrate commitment to the environment and emergency 
  preparedness, including understanding and being responsive to the community’s expectations and concerns.
• Community hazard awareness – Communities and appropriate public authorities are aware of potential community exposures, emergency preparedness and notification systems, and 
  recommended response actions, including mutual aid, in the event of an incident.

The objective of this element is to ensure:

• Operations Integrity Objectives are met through the effective application of OIMS and gaps and their root causes are identified, corrected and remain closed.

11.1  Assessing operations – Operations are assessed to establish the degree to which Operations Integrity objectives and expectations are met.

• Assessments evaluate the effectiveness of leadership in ensuring Operations Integrity Objectives are met, the effectiveness of OIMS, and the corresponding results are delivered.
• External assessments are conducted at predetermined frequencies based on performance and business risk profile.
• Internal assessment are conducted at approximately the midpoint between external assessments.
• Assessment results are rated based on risk and performance.
• Findings from assessments are evaluated, resolved and documented.

11.2  Enhancing assessments - The effectiveness of the assessment process is reviewed regularly and findings are used to make improvements.