[Federal Register Volume 82, Number 50 (Thursday, March 16, 2017)]
[Notices]
[Pages 14106-14108]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-05262]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Pipeline and Hazardous Materials Safety Administration

[Docket No. PHMSA-2016-0131]


Pipeline Safety: Deactivation of Threats

AGENCY: Pipeline and Hazardous Materials Safety Administration (PHMSA), 
DOT.

ACTION: Notice; issuance of advisory bulletin.

-----------------------------------------------------------------------

SUMMARY: PHMSA is issuing this Advisory Bulletin to inform owners and 
operators of gas transmission pipelines that PHMSA has developed 
guidance on threat identification and the minimum criteria for 
deactivation of threats, as established by a previously issued rule. 
This Advisory Bulletin also provides guidance to gas transmission 
pipeline operators regarding documenting their rationale of analyses, 
justifications, determinations, and decisions related to threat 
deactivation.

FOR FURTHER INFORMATION CONTACT: Allan Beshore by phone at (816) 329-
3811 or email at [email protected]. All materials in this docket 
may be accessed electronically at http://www.regulations.gov. 
Information about PHMSA may be found at http://www.phmsa.dot.gov.

SUPPLEMENTARY INFORMATION: 

I. Background

    A critical element in an integrity management (IM) program is the 
identification of threats to pipeline integrity. As required by section 
192.911(c), an IM program must contain ``[a]n identification of threats 
to each covered pipeline segment, which must include data integration 
and a risk assessment. An operator must use the threat identification 
and risk assessment to prioritize covered segments for assessment 
(section 192.917) and to evaluate the merits of additional preventive 
measures and mitigative measures (section 192.935) for each covered 
segment.'' Further requirements detailed in section 192.921(a) state, 
``[a]n operator must select the [assessment] method or methods best 
suited to address the threats identified to the covered segment.'' The 
threats to a particular pipeline segment dictate the type of 
assessments the operator must perform to fulfill the requirements of 
section 192.921(a).
    According to the Standard established by the American Society of 
Mechanical Engineers (ASME), ASME B31.8S-2004, Section 2.2, an operator 
must consider nine individual threat categories as part of an IM 
program. As stated by ASME B31.8S-2004, Section 5.10, an IM program 
should provide criteria for eliminating a threat from consideration 
during a risk assessment; however, 49 CFR part 192--Subpart O does not 
include provisions for the permanent elimination of threats. An 
operator, therefore, must continually consider all threats in the 
evaluation of their IM program through periodic reviews and 
assessments, as required by section 192.937.
    PHMSA acknowledges that threats may be categorized as active, 
requiring an integrity assessment, or inactive, meaning that during a 
specific assessment cycle the threat does not trigger an integrity 
assessment, per section 192.921(a). Operators, however, must understand 
that threats to a pipeline are not static, but vary over time. Changes 
in threats can occur suddenly, as in the case of catastrophic outside 
forces like hurricanes, earthquakes, or down-slope land movements, or 
they can be gradual changes, such as the introduction of new wet-
production gas sources into a previously dry gas environment. Issues 
may also develop into active threats over time, such as coating 
degradation that allows stress corrosion cracking or external corrosion 
to develop. In other cases, threats may become inactive over time due 
to pipeline replacement programs, the implementation of effective 
preventative actions, or other improvements to systems.
    The periodic review required by section 192.937 for a mature IM 
plan must include the re-analysis of the nine threat categories to 
determine status changes for active or inactive threats. An operator 
must continually monitor operations and maintenance (O&M) and other 
activities, integrating relevant information during a threat analysis 
that might indicate a change in the status of a threat. Some operators 
inappropriately label threats as inactive after they are eliminated 
from consideration during prior reviews and assessments, ignoring the 
continuous supply of new information provided during routine O&M 
activities.
    Some operators have opted to eliminate threats from consideration 
based on a lack of data, including missing, incomplete, or 
unsubstantiated data. Using insufficient data to eliminate a threat is 
not technically justified and is contrary to the guidance in ASME 
B31.8S-2004, Appendices A1-A9. Each of these appendices includes 
language that states, ``[w]here the operator is missing data, 
conservative assumptions shall be used when performing the risk 
assessment or, alternatively, the segment shall be prioritized 
higher.'' Additionally, section 192.947(d) requires that operators 
maintain, ``[d]ocuments to support any decision, analysis and process 
developed and used to implement and evaluate each element of the 
baseline assessment plan and integrity management program.'' Section 
192.947(d) further states, ``[d]ocuments include those developed and 
used in support of any identification, calculation, amendment, 
modification, justification, deviation and determination made, and any 
action taken to implement and evaluate any of the program elements.''
    PHMSA provides the following guidance for determining the active or 
inactive status of the nine threat categories, with the understanding 
that the status of a threat will change over time:

Time-Dependent Threats

1. External Corrosion
    For steel pipelines, the threat of external corrosion may never be 
eliminated.
2. Internal Corrosion
    An operator should consider the past operational history of the 
pipeline, including, but not limited to: Upset conditions, gas 
monitoring (including partial-pressure analysis), bacterial culture 
tests, flow direction and rates, gas sources, solid and liquid 
analyses, critical angles and liquid holdup points, pigging and other 
cleaning history, the presence of internal coatings, chemical

[[Page 14107]]

treatments, and internal pipeline inspection reports.
    After consideration of operational history and supporting 
documentation, the threat of internal corrosion may be deemed inactive 
if:
    i. It can be demonstrated that a corrosive gas is not being 
transported, per section 192.475(a);
    ii. In-line inspection data confirms that a corrosive environment 
does not exist within the pipeline; or
    iii. Application of internal corrosion direct assessment (ICDA) 
demonstrates that there is no internal corrosion occurring at the most 
likely locations, and is accompanied by sufficient documentation to 
demonstrate the assumptions used with the ICDA model (normally dry gas 
with occasional upsets) are valid for the pipeline's entire operating 
history.
    The threat of internal corrosion should be considered active if:
    i. Production, storage, or non-pipeline-quality gas was transported 
at any time during the history of the pipeline;
    ii. The pipeline has been converted from another type of service 
that is susceptible to internal corrosion;
    iii. Unmonitored or inoperative drips, siphons, dead legs, or other 
liquid holdup points are present anywhere in the pipeline;
    iv. There is evidence that liquids from drips, siphons, dead legs, 
or other liquid holdup points are present anywhere in the pipeline;
    v. Pipe inspection reports, as required by section 192.475(b), 
indicate evidence of internal corrosion; or
    vi. The operator does not have a complete pipeline operating 
history.
3. Stress Corrosion Cracking
    The threat of stress corrosion cracking (SCC) should always be 
considered active. The operator must continually inspect the pipeline 
for the presence of SCC during pipeline examination, as required by 
section 192.459.

Static or Stable Threats

4. Manufacturing
    There is substantial guidance provided in the original Gas 
Transmission IM protocols (e.g. Protocol C.01 Threat Identification), 
part 192--subpart O, ASME B31.8S-2004, and the PHMSA Gas Transmission 
IM FAQs (e.g., 219, 220, 221, and 231) regarding the deactivation of 
manufacturing threats for a segment for any given assessment cycle. 
Some of this guidance includes FAQ 219 (manufacturing and construction 
(M&C) defects when subpart J tested), FAQ 220 (M&C defects when never 
subpart J tested), and FAQ 231 (5-year operating history).
    Additionally, section 192.917(e)(3) provides guidance for 
determining when a manufacturing threat is active. Section 
192.917(e)(3) states, ``[i]f any of the following changes occur in the 
covered segment, an operator must prioritize the covered segment as a 
high-risk segment for the baseline assessment or a subsequent 
reassessment.
    i. Operating pressure increases above the maximum operating 
pressure experienced during the preceding five years;
    ii. MAOP increases; or
    iii. The stresses leading to cyclic fatigue increase.''
5. Construction
    There is substantial guidance provided in the original Gas 
Transmission IM protocols, part 192--subpart O, ASME B31.8S-2004, and 
the PHMSA Gas Transmission IM FAQs regarding deactivation of 
construction threats for a segment for any given assessment cycle. Some 
of this guidance includes FAQ 219 (M&C defects when subpart J tested), 
FAQ 220 (M&C defects when never subpart J tested), and FAQ 231 (5-year 
operating history).
    Section 192.917(e)(3) provides guidance for determining when a 
construction threat is active, stating, ``[i]f any of the following 
changes occur in the covered segment, an operator must prioritize the 
covered segment as a high-risk segment for the baseline assessment or a 
subsequent reassessment:
    i. Operating pressure increases above the maximum operating 
pressure experienced during the preceding five years;
    ii. MAOP increases; or
    iii. The stresses leading to cyclic fatigue increase.''
6. Equipment
    An equipment threat is defined in ASME B31.8S-2004, Appendix A6.1, 
as pressure control equipment, relief equipment, gaskets, O-rings, 
seal/pump packing, or any equipment other than pipe and pipe 
components. The equipment threat may be inactive depending on an 
operator's history and review of the records, as required by sections 
192.613, 192.617, 192.603, 192.605, 192.739, and 192.743. Operating 
history, failures, and abnormal operations records should be evaluated 
by integrity personnel to assist in determining trends and issues that 
may not be recognized by local or other operations personnel.
    As identified in ASME B31.8S-2004, Appendix A6.4, assessments for 
equipment threats are normally conducted during maintenance activities, 
per the requirements of the O&M procedures. Monitoring the data from 
operating history and failures is essential for identifying trends 
related to this threat. Communication between O&M and integrity 
personnel is a key component to integrating this threat, as well as the 
potential increased risk that it poses to pipeline segments, into risk 
assessments.
    Preventative measures and mitigative measures are an important 
factor in maintaining the inactive status of equipment threats. For 
example, recognizing a system-wide problem with set point drift in a 
particular regulator may necessitate a shorter maintenance cycle or the 
replacement of the in-service regulators impacted by this problem.

Time Independent Threats

7. Third-Party Damage
    The third-party threat should never be considered inactive.
8. Incorrect Operations
    Incorrect operations are defined in ASME B31.8S-2004, Appendix 
A8.1, as incorrect operating procedures or failure to follow a 
procedure. This threat should always be considered active.
9. Weather-Related and Outside Forces
    Weather-related and outside forces are defined in ASME B31.8S-2004, 
Appendix A9.1, as earth movement, heavy rains or floods, cold weather 
and lightning, or events that may cause pipe to be susceptible to 
extreme loading. This threat should always be considered active.

Cyclic Fatigue

    In addition to the nine threats referenced in ASME B31.8S-2004, 
Sec.  192.917(e)(2) states, ``[a]n operator must evaluate whether 
cyclic fatigue or other loading condition (including ground movement, 
suspension bridge condition) could lead to a failure or a deformation, 
including a dent or gouge, or other defect in the covered segment. An 
evaluation must assume the presence of threats in the covered segment 
that could be exacerbated by cyclic fatigue. An operator must use the 
results from the evaluation together with the criteria used to evaluate 
the significance of this threat to the covered segment to prioritize 
the integrity baseline assessment or reassessment.''
    Cyclic fatigue is a concern because it is a threat that interacts 
with all other threats. Interactive threats are two or more threats 
acting on a pipeline or pipeline segment that increase the

[[Page 14108]]

probability of failure to a level significantly greater than the 
effects of the individual threats acting alone. In order to manage 
cyclic fatigue, therefore, operators must have system-specific data 
applicable to their unique operating environment to justify the 
inactive status of the cyclic fatigue threat. A system-wide or generic 
study of cyclic fatigue may be used by an operator as long as the 
operator documents why the study is applicable to the segment-specific 
conditions.

II. Advisory Bulletin (ADB-2017-01)

To: Owners and Operators of Natural Gas Transmission Pipelines
Subject: Deactivation of Threats

    Advisory: The threats identified in ASME B31.8S-2004 may be 
considered active or inactive, but are never permanently eliminated. 
ASME B31.8S-2004, Appendix A, identifies the information an operator 
must collect and analyze for threats, which must demonstrate an 
individual threat is not acting on the pipe before an operator can 
properly declare the threat inactive for each assessment period. A 
threat must be considered active if any data required by Appendix A is 
missing, as lack of data indicating the existence of a threat is not 
acceptable justification for considering the threat inactive. Documents 
to support the determination of an inactive threat status must be 
maintained, as per the requirements of Sec.  192.947(d). An operator 
does not need to assess a threat for the current assessment cycle if 
that threat is properly deemed inactive. When conditions warrant a 
review or new information becomes available during the required Sec.  
192.937 evaluation operators are required to examine each applicable 
threat to determine its active or inactive status.

    Issued in Washington, DC, on March 9, 2017, under authority 
delegated in 49 CFR 1.97.
Alan K. Mayberry,
Associate Administrator for Pipeline Safety.
[FR Doc. 2017-05262 Filed 3-15-17; 8:45 am]
 BILLING CODE 4910-60-P