Abstract Updated April 2026 — by aeSolutions Technical Team — Have you felt buried under six feet of safety study recommendations that must be closed? Does it feel impossible to follow Recognized and Generally Accepted Good Engineering Practices (RAGAGEPs) to convert recommendations into engineered design reality? You are not alone. To improve Process Safety, Capital Project and Operating teams must move recommendations from the hazard analysis stage through to a capital funding request, detailed design, construction execution, commissioning, startup, and operation. These steps are all part of the familiar Capital Projects process, but for Process Safety recommendations, they are also part of the Safety Life Cycle (SLC) journey based in ISA standards. Having an internal resource or external partner who is versed in both the Capital Projects process and the SLC process can alleviate recommendation closure challenges. This whitepaper discusses key lessons learned across multiple projects between an end-user and an SLC partner to ensure recommendations move to closure based on the intent of the risk assessment. It will also demonstrate how to go from being an owner-operator in a graveyard full of recommendations to living the high-life of PSM, Capital Projects, and SLC by identifying risk gaps and closing them in a timely, cost-effective, and safety-conscious framework. Read the complete whitepaper here

Greenville, SC – April 2025 – aeSolutions, a provider of integrated, end-to-end critical system solutions that empower resilient operations and safer communities, is proud to announce three strategic internal promotions, reflecting the company’s continued commitment to realizing employee potential through the achievement of client success. Roland Stock, PMP, a current member of our Senior Leadership Team, has been named Vice President of Projects, where he will lead our Project Management Office and cross-functional project teams in the development and execution of projects to achieve our clients’ goals. Roland brings deep experience in project leadership and a strong track record of delivering complex solutions across industries. Chris Powell, PE, CFSE, joins our Senior Leadership as the Director of Engineering where he will focus our Engineering Team’s development, collaboration and performance to drive our mission of improving industry by guiding our clients to increasingly resilient operations and safer communities. Chris will apply his leadership and expertise developed through the application of the Safety Lifecycle in his previous roles, including his most recent position as the Functional Safety Group Manager. “These promotions reflect the depth and breadth of talent and the strategic importance of developing our leaders’ potential,” said Chris Neff, COO at aeSolutions. “Roland, and Chris have each demonstrated dedication to our clients’ success through exceptional leadership, technical acumen, and progressive experience. We are thrilled to see them step into these new roles.” Visit aeSolutions for more information.

Process Safety Group Manager Don Connolley to Serve as International Chair of the CCPS Conference at the 2024 GCPS Greenville, SC – March 12th, 2024 – aeSolutions, a consulting, engineering, and systems integration company that provides industrial process safety and automation products and services, today announced that the company will be presenting and exhibiting at the AIChE 2024 Spring Meeting and 20th Global Congress on Process Safety (GCPS). The conference will be held at the Ernest N. Morial Convention Center in New Orleans, Louisiana, from March 24 - 28, 2024. The annual AIChE Spring Meeting and GCPS is the key technical conference for practicing chemical and process safety engineers and covers the industry's critical needs more broadly and in-depth than any other industry conference. In addition to serving as International Chair of the Center for Chemical Process Safety Conference (CCPS) at the 2024 GCPS, Process Safety Group Manager will lead the GCPS Welcoming Plenary Session on Monday, the 25th, at 9:30 a.m. Principal Specialist will co-chair a session titled, “What is Process Safety Culture and How Does it Apply to Me?” on Monday at 3:30 p.m. On Tuesday, the 26th, Project Development Engineer will present a session titled, “What is Lurking Under the Radar? Process Safety Essentials You Need to Know” at 3:30 p.m. WHAT: AIChE 2024 Spring Meeting and 20th GCPS WHERE: Ernest N. Morial Convention Center, New Orleans, Louisiana Booth # 228 WHEN: March 24 - 27, 2024 REGISTRATION: www.aiche.org/conferences/aiche-spring-meeting-and-global-congress-on-process-safety/2024/registration-info To arrange a meeting with a member of the aeSolutions team, contact info@aesolutions.com About aeSolutions In business since 1998, aeSolutions is a consulting, engineering, and systems integration company that provides industrial process safety and automation products and services. They specialize in helping industrial clients achieve their risk management and operational excellence goals through expertise in process safety, combustion control and safeguarding, safety instrumented systems, control system design and integration, alarm management, and related operations and integrity management systems. For more information, visit www.aesolutions.com. Media Contact RedIron Public Relations for aeSolutions kari@redironpr.com

Join some of the aeSolutions team as we hold a panel discussion on the New Engineering Business, held as part of Engineers Week 2021. Engineers Week is “dedicated to ensuring a diverse and well-educated future engineering workforce by increasing understanding of and interest in engineering and technology careers.” Moderated by Ben Burris. Founded by National Society of Professional Engineers in 1951, Engineers Week is dedicated to ensuring a diverse and well-educated future engineering workforce by increasing understanding of and interest in engineering and technology careers. Learn more from the NSPE At aeSolutions, we know that our success is a result of having talented, dedicated and passionate team members driving our projects. If working for a company that takes on complex challenges in nearly every capacity interests you, we would love to talk to you. We are proud to have over 50 certified engineers on staff.

Updated April 2026 — by aeSolutions Technical Team - As best stated in the IEC 61511-2 standard, “the purpose of adopting a systematic safety lifecycle approach towards a safety instrumented system (SIS) is to ensure that all the activities necessary to achieve functional safety are carried out and that it can be demonstrated to others that they have been carried out in an appropriate order.” Conforming to the ISA84/IEC 61511 design and management requirements for a SIS throughout a process safety project requires attention to detail every step of the lifecycle, and a well-established site or corporate SIS guideline can help set a company up for success. This blog describes key considerations to developing SIS guidelines, with the SIS lifecycle generalized into three main sections: Concept Through Startup, Operations and Maintenance, and Management of Functional Safety and Lifecycle Planning. Concept Through Startup Concept Through Startup encompasses Phases 1 through 4 of the IEC 61511 standard which includes hazard and risk assessments, allocation of safety functions to protection layers, Safety Requirements Specification (SRS), and design of an SIS. A hazard and risk assessment is the starting point since it sets the foundation of the overall hazard level at a site. The team should identify any significant hazards or concerns and establish the need for a SIS based on the plant design and operating system. The company’s risk tolerance is also a key consideration since a low hazard site with very tight risk tolerance may result in driving more need for a safety system than a high hazard site with a low risk tolerance. It is also important to understand what categories of risk drive the need for the safety system. There are two risk drivers sites must consider at a minimum – the Occupational Safety and Health Administration (OSHA) requiring both onsite and offsite personnel safety and the Environmental Protection Agency (EPA) requiring environmental protections. Other risk drivers a facility may be concerned about are financial and reputational drivers. Once hazards have been identified, the next step is to establish the safety system requirements. A conceptual specification can help provide an overall picture of the whole system before diving into the details of the individual protection layers involved. For example, a big picture concept is to differentiate between the basic control system and the safety system. Basic control systems are the first response to maintain continuous operation with the end goal of a profitable product; safety systems focus on operating the plant safely and are initiated if the control system does not return the process to a normal state, ideally without significantly impeding the operability or profitability of the site. The Safety Requirements Specification (SRS) dives into the detailed requirements; a well-honed SRS includes the requirements for all the SIS lifecycle stages described in IEC 61511. Further details may be incorporated on how the basic process control system (BPCS) and SIS communicate (e.g., gateway, hardwired connections, etc.) as well as how the SIS interfaces with other systems. SIS design can encompass fine-tuned details that are not readily meaningful to an audience at large and may only be truly meaningful to those performing safety verification calculations. For this reason, a corporate SIS program ideally provides well-grounded templates, document samples, and guidance for creation of new documents. It also clearly defines what should be covered in the site or corporate SRS. The details should be understandable and not buried in other documents to maximize consistency and minimize human factors error. Operations and Maintenance Operations and Maintenance encompasses Phases 5 through 8 of the IEC 61511 standard, which includes safety system installation, commissioning and validation, operation and maintenance, modification, and decommissioning. Once a process has been installed and commissioned, it needs to be actively operated and maintained. It takes a number of years of experience in operation of a safety system for a Functional Safety Assessment (FSA) to truly reveal trends of how the SIS responds to process deviations. If a SIS needs to be modified or decommissioned, a Management of Change (MOC) is essential to flag whether the modification is Process Safety Management (PSM) oriented and if a Process Hazard Analysis (PHA) for the change is required. MOCs are a key consideration to reducing human factors errors during SIS modification since they help control system access and provide a vendor management list and/or an approved critical devices list. This allows anyone replacing SIS devices or doing maintenance work to recognize which devices are approved for use in critical safety service. Critical device lists are most effective when they are orderly, easy to interpret, and easy to access. Properly managing all the pieces and parts during decommissioning must be addressed as well. Sometimes only a portion of a SIS – such as a single loop – may be decommissioned, while other times the entire SIS may be decommissioned to upgrade to a newer system. Management of Functional Safety and Lifecycle Planning Management of Functional Safety and Lifecycle Planning encompasses Phases 9 through 11 of the IEC 61511 standard. These phases cover safety system verification, management of functional safety, FSAs and audits, and safety lifecycle structure and planning. Clause 5.2.2 of Phase 10 describes the organizational structure necessary to ensure that roles dedicated throughout the SIS lifecycle are clearly defined and personnel have the skills for their respective responsibilities. It is key to know who will be involved in the safety system lifecycle including corporate leaders, site personnel, contractors, vendors, in addition to how they will be managed (e.g., training, extent of accountability, etc.). The SIS lifecycle management program should be defined in such a way that every person involved is aware of the importance of any decisions made around the SIS as well as their part within the process of making or implementing those decisions. Participants in safety lifecycle management must also understand what constitutes proper execution of duties to fulfill their lifecycle responsibility functions in a timely manner. The corporate or site SIS lifecycle management program should also minimize the possibility of a project team preference driving crucial safety decisions as opposed to IEC 61511 requirements. Clause 5.2.6.2 of Phase 10 describes the SIS auditing process. Audits are required to assess the SIS over time to ensure it continues to meet the requirements of the IEC 61511 standard. As a SIS continues through each phase of the lifecycle, independent audits check for any potential safety risks or human error and ensure the people involved are properly trained and capable of competently fulfilling their duties. Safety lifecycle structure and planning is covered in Phase 11. Some key planning considerations to prepare a SIS corporate or site standard are to define in advance an agreed upon safety lifecycle of the SIS which will be implemented, map out each phase and stage shown in Figure 8 of IEC 61511 with consideration to assumptions or information that may not be available until later phases, and identify the techniques needed in order to carry out each phase. After laying out a lifecycle roadmap, the agreed upon details – such as design parameter assumptions for SIL verification, failure rate data, effectiveness and approved type of proof test to be carried out – should be incorporated into the corporate or site SIS guidelines. When planning how to implement the SIS application program, consideration should be given to device degradation. For example, will devices have internal diagnostics available? Will they output a fault signal under specific conditions? Will any kind of deviation alarming be implemented between devices? Could device faults be tripled, assuming there could be a hazardous state that the process is not protected against? Or will the operator be allowed time to identify the fault, correct it, and continue to run the process safely? When these decisions are made, other safeguards should be acknowledged as well. Such as the idea that sites may desire to allow the SIS to “ride through” a received fault signal if there are redundant field devices installed (unless it is the last protected device), or sites may desire not to allow the system to “ride through” a received fault signal if there are no redundant safeguards available. Proper documentation control is absolutely critical to managing site or corporate SIS standards as well. The site or corporate SIS standards and any associated documents need to not only be easy to understand but also readily available and accessible to anyone who may need to reference them. Files should be saved in an intuitive and logical folder location and should not be stored exclusively on any vendor system. Finally, timeliness is a key consideration to establishing corporate or site SIS standards. Critical decisions made after the PHA and before detailed SIS design have significant impacts later in the lifecycle – such as financial risk due to late discoveries on capital projects. Simply put, the sooner a standard is agreed upon and implemented, the better. If you want a consistent and meaningful approach, consider developing your site or corporate SIS standard before design has been completed. One caveat is the corporate or site SIS standard should be established with a full understanding of the SIS in advance. If you are new to PSM or SIS, consider selecting a process safety consultancy with deep experience and expertise to assist you in navigating the IEC 61511 safety lifecycle from hazard and risk assessment through design, commissioning, and operations. SIS lifecycle decisions can be extremely costly and unnecessary if reviewed through too conservative a lens, while other lifecycle decisions can be dangerous if not reviewed through enough of a conservative lens. The key is to find the right balance and level of detail appropriate to your facility to avoid unnecessary costs or unmitigated safety risk. Keywords: ISA-61511 IEC 61511 SIS Corporate Standards Program Development Functional Safety Planning

Updated April 2026 — by aeSolutions Technical Team When your facility is tasked with industry safety standard compliance, where do you start? What do all those SIS acronyms mean? For OSHA PSM-covered facilities, adherence to a functional safety lifecycle can be a critical step in overall SIS performance assurance. What is hiding under the radar of a plant SIS? Risk assessments define hazard consequences with assumed initiating event frequencies. How do we prevent these consequences? By verifying the reliability and availability assumptions of SIL Verification design parameters. Without understanding the design parameters your SIS is based upon, or without proper maintenance of your SIS equipment, your risk assessment gap closure may be incomplete. What factors into the assumptions of an SIS design? Are your safety devices replaced at their specified asset life, tested at the interval, and tested with the necessary rigor to uncover dangerous failures as specified in your calculations? What does following the Functional Safety Lifecycle entail? Does your facility have a Functional Safety Management Plan, perform Functional Safety Assessments on your SIS Design, and keep records of device failures to evaluate field performance against assumed reliability? This paper illustrates the real consequences of failing to uphold SIS design assumptions or follow the Functional Safety Lifecycle. Click here to view the complete whitepaper Prepared for Presentation at American Institute of Chemical Engineers 2024 Spring Meeting and 20th Global Congress on Process Safety New Orleans, LA March 24-28, 2024

Introduction | Compliance in the Face of Limited Teams and Tight Funds Updated April 2026 — by aeSolutions Technical Team — Welcome to the first entry in our multipart blog series, designed as a guide for process safety, EHS, and facility managers who are in the process of resolving PHA recommendations. Each installment will address one of the most common practical, technical, or organizational challenges faced when closing the recommendation gaps of a PHA study. In part one, we will discuss one of the most frequent hurdles: resource constraints, particularly staff and budget limitations. PHA Primer A Process Hazard Analysis (PHA) serves as a mechanism for identifying and mitigating risks in industrial environments. OSHA mandates both initial PHAs and regular revalidations for facilities that handle hazardous chemicals or operate under process safety management (PSM) regulations. The recommendations that stem from these analyses are not optional — they are necessary actions required to close safety gaps and prevent incidents. Yet, the journey from recommendation to resolution is rarely straightforward. Among the most common early challenges are staff shortages and budget limitations, both of which can stall progress and jeopardize compliance. Staff and Budget Limitations: A Common Roadblock in Resolving PHA Recommendations Resource constraints, particularly in the form of personnel and budgetary limitations, present persistent barriers to the stewardship and closure of PHA recommendations. These constraints are rarely isolated issues. Instead, they tend to surface across departments and project phases, especially when expertise is scarce, or budgets are tight. In the industrial and manufacturing sectors, managers are often asked to do more with less, juggling compliance deadlines with daily operations. Delays in addressing PHA recommendations can result in increased exposure to safety or operational risks, missed regulatory deadlines, and a higher likelihood of enforcement actions. The cost is more than administrative; it can reverberate throughout the organization, increasing the potential for incidents and ultimately impacting the bottom line. Resolving PHA Recommendations with Limited Staff and Technical Expertise Staffing limitations can significantly hamper the PHA resolution process, especially when specialized technical skills are required. For facilities with high-severity hazards, recommendations often involve complex engineering assessments, equipment modifications, or the implementation of advanced safety protocols. These activities call for experienced professionals, typically engineers, safety specialists, or technicians with niche expertise. When internal teams lack the required personnel or technical depth, recommendation resolution will certainly lag. The risks are not hypothetical; delayed action can mean extended periods where known hazards lack the necessary layers of protection, increasing the possibility of an unmitigated hazard consequence occurring. Over time, this not only erodes safety culture, but can put the entire operation under scrutiny from regulators, insurers, or even the public. Dealing with Budgetary Restriction Headaches for PHA Recommendations Budget limitations can be equally as challenging as personnel constraints. Many PHA recommendations require upgrades or modifications to equipment or investments in new safety systems. When budgets are stretched, it’s tempting to defer or downsize these actions. However, the potential consequences of postponement are rarely minimal. Financially, the long-term risks can outweigh any short-term savings. Delaying investments in safety may lead to regulatory fines, incident-related expenses, or increased insurance premiums. Facilities that consistently operate with unresolved risks may also face reputational harm if non-compliance becomes public or results in an adverse event. Additionally, legal risks escalate if known issues are a contributing factor in an incident. Navigating Resource Constraints Internally Effective management of resource constraints begins with prioritization. Not all PHA recommendations carry the same weight or urgency. By ranking actions based on risk severity and regulatory impact, managers can ensure that the most critical items receive attention first. Tying implementation timelines to budget cycles also helps align resources with compliance needs. Another best practice involves communicating risk in clear, compelling terms to decision-makers. Presenting the business case for timely resolution — not only as a regulatory obligation but as a risk mitigation strategy — can help secure funding and staffing. In short, thorough planning and a clear understanding of the resources required can empower managers to justify funding requests and advocate for staff allocation in a focused, strategic way. The Support Advantage: Leveraging Third-Party Partners for PHA Resolution While many facilities strive to resolve recommendations internally, there are times when third-party expertise can be invaluable. Not all PHA providers offer the same level of post-study support; many simply deliver a report and move on, leaving your team with a daunting list to decipher and prioritize. Partnering with an experienced provider can offer several benefits. External experts often bring specialized credentials and the ability to mobilize skilled personnel quickly, ensuring that urgent PHA recommendations do not drag on unresolved. A knowledgeable partner can also help optimize budgets by identifying targeted, cost-effective options — often with strategic solutions that can resolve multiple recommendations with one move. Furthermore, partnering with an experienced company can support your team in developing practical resolution plans and provide tools, resources, and expert guidance tailored to your facility’s needs. This approach not only reduces the internal burden but positions you as a champion of compliance and safety within your organization — saving time, money, and stress. Planning Ahead: Proactive Strategies to Mitigate Staff and Budget Limitations Proactive resource planning can make a significant difference. Integrating anticipated PHA recommendations into annual budgets and resource allocation processes can help ensure that funds and personnel are available when needed. Establishing clear internal procedures for escalating and addressing urgent recommendations helps prevent bottlenecks. Investing in skill development and cross-training internal staff broadens your facility’s capabilities. These measures collectively strengthen the ability to resolve recommendations in a timely, efficient manner. Lean Teams, Big Gains: The Benefits of Overcoming Staff and Budget Barriers Successfully managing staff and budget limitations pays dividends beyond OSHA compliance. Facilities that close PHA recommendations efficiently will see a reduced regulatory risk, enhanced operational resilience, and ultimately, fewer incidents. Cost savings accrue through avoided penalties and proactive safety management, while the organization’s reputation is bolstered by a demonstrated commitment to safety and continuous improvement. The Takeaway | Limited Resources, Unlimited Potential Staff and budget limitations do not have to be the challenge that prevents your facility’s PHA recommendations from being resolved. With strategic planning, clear prioritization, and — when needed — the support of a capable external partner, facilities can bridge the gap between recommendations and resolution. For those facing persistent resource challenges, now is the time to review your internal capacity and consider the value of experienced collaboration. By doing so, you not only safeguard compliance and safety but also lead your organization with resilience and integrity, turning every challenge into an opportunity for growth. Be sure to keep an eye out for the next article in this series, where we will discuss strategies to prevent technical complexities from slowing your PHA recommendation resolution progress. In the meantime, check out this article on the five facets of an efficient process hazard analysis.

Introduction | When “Just Fix It” Isn’t That Simple Updated April 2026 — by aeSolutions Technical Team — This blog is the second installment in our PHA Recommendation Playbook series, which is intended to help Process Safety, EHS, and facility managers overcome the common challenges they face when trying to close Process Hazard Analysis recommendations. If you missed Part 1, we explored how staffing and budget limitations create obstacles that can stall even the most straightforward resolutions. In this article, we’re focusing on a challenge that doesn’t always get the attention it deserves: technical complexity. While some recommendations from a PHA might seem routine at first glance, others involve engineering considerations, system interdependencies, or implementation feasibility that turn them into long-haul capital project efforts. These complications can extend gap closure timelines, inflate costs, and even introduce new risks if not addressed with requisite knowledge and intentionality. Technical Challenges in PHA Recommendations | What Makes Them So Complex? Technical complexity refers to the engineering depth, system interdependencies, or feasibility issues that complicate the implementation of PHA recommendations. In industrial environments, this might include design changes that require coordination between multiple engineering disciplines, recommendations that call for feasibility studies, or changes to safety instrumented systems that necessitate revalidation. Sometimes, the complexity lies in hidden system dependencies, meaning that fixing one issue inadvertently introduces another. Compatibility concerns also surface, particularly when legacy systems aren’t designed to accommodate newer technology. Complicating matters further, many of these challenges aren’t fully apparent during the PHA session itself. A recommendation may seem simple on the surface — “install a relief valve” or “update control logic” — but as the team attempts to move forward with recommendation implementation, the depth of technical complexity becomes clear. The Compliance Cost of Complexity | What Are the Risks of Unresolved PHA Recommendations? Delays caused by technical complexity come with consequences. Regulatory expectations require timely closure of PHA recommendations or, at the very least, well-documented justifications for delays. Facilities that fail to address these recommendations in a structured way may face unexpected audit findings, regulatory scrutiny, or even fines. Beyond compliance, unresolved technical items can increase safety risks. A partially implemented fix or an unaddressed hazard can lead to new vulnerabilities or process weaknesses. From an operational standpoint, unresolved recommendations may lead to unplanned downtime, deferred maintenance, or extended outage windows. Over time, these delays can cause friction between departments and erode trust in the process. How Should You Navigate Complex Technical PHA Recommendations Internally? Handling complex recommendations starts with engaging the right people early. Engineering, operations, maintenance, and safety teams must be aligned on what’s practical, what’s required, and what constraints exist. Cross-functional collaboration is essential for identifying implementation barriers before a plan is set in motion. Conducting feasibility reviews internally can reveal potential problems with space, access, process compatibility, or cost. These reviews don’t have to be overly formal, but they should be consistent and thorough enough to inform the feasibility of implementation of the recommendation at a high level. Documenting known interdependencies also helps ensure one recommendation doesn’t inadvertently conflict with another. Instead of treating each recommendation as a siloed task, consider how they fit into the broader operational strategy. Iterative planning, where adjustments are made as new information surfaces, can help prevent bottlenecks and avoid over-committing resources. When Does Technical Complexity Require External Expertise? There are times when a PHA recommendation goes beyond internal capacity, whether due to staffing limitations or the depth of technical expertise required. Yet not all third-party support is created equal. Some firms deliver a report and walk away, leaving your team with a list of action items and little else in the form of background education. Working with an experienced third-party can change the dynamic. The right partner doesn’t just identify risks; they help you engineer prioritized solutions that are feasible, effective, and aligned with your facility’s operations. A third-party familiar with system interdependencies can offer practical mitigation strategies that don’t introduce new problems elsewhere. Execution also matters. A partner that provides project management oversight can track progress, maintain accountability, and deliver documentation that supports audit defensibility. By helping prioritize what matters most and sequencing efforts strategically, an experienced partner can support smarter capital planning and more efficient implementation. Collaboration with a third-party should never feel like you’re relinquishing control. Instead, it should feel like gaining clarity with a clear line of sight from risk to resolution, with results your team can stand behind. What Are Proactive Strategies to Minimize Technical Implementation Risks? Managing technical complexity isn’t only about reacting once a challenge appears. Many of the difficulties associated with implementation can be mitigated through proactive planning. Three core proactive strategies include: Integrating front-end engineering and risk assessment into your safety processes. This helps identify potentially complex recommendations earlier in the lifecycle. Flagging technically intensive items during the PHA itself or revalidation workshops, so that additional analysis can be scoped and scheduled. Allocating budget and time for follow-up studies, such as feasibility analyses, LOPA updates, or HAZOP reviews, when recommendations involve significant system changes. Maintaining clear documentation is also essential. It not only aids internal decision-making but strengthens your position during audits or external reviews. Finally, it helps to reframe these efforts not just as compliance tasks but as opportunities to improve long-term reliability and operational resilience of your facility. From Risk to Resilience | Technical PHA Resolution Isn’t Just a Fix—It’s a Foundation Facilities that manage technical complexity well don’t just avoid problems, they build stronger, safer operations. When engineering, safety, and operations teams work together to resolve complex PHA recommendations, the resulting improvements often go beyond the immediate fix. Systems become more reliable. Cross-team collaboration improves. Equipment failures and unplanned outages decrease. Moreover, facilities gain stronger footing in the face of audits or regulatory reviews. Well-documented resolutions with traceability to risk assessments show diligence and intent, both of which matter when follow-up questions are asked. When resolutions are handled with care, the outcome shouldn’t feel like a temporary workaround. It should feel like progress. The Takeaway | Moving from Technical Complexity to Technical Confidence Technical complexity is one of the more nuanced challenges in PHA recommendation resolution. It’s also one of the easiest to underestimate. The surface-level simplicity of a recommendation often belies the engineering coordination, feasibility analysis, and systems thinking required to see it through. By planning ahead, involving the right teams, and knowing when to seek experienced, third-party expertise, your facility can navigate even the most intricate recommendations without losing momentum. And when you do choose to bring in third-party support, working with a team that understands engineering, project delivery, and compliance can be the difference between checking a box and building something truly defensible. At its best, technical resolution doesn’t just close a gap, it builds a stronger foundation. From risk to resilience, the path is clearer when the process is collaborative, strategic, and informed.

Introduction | When Safety Meets Operational Reality Updated April 2026 — by aeSolutions Technical Team — This is the third installment in The PHA Recommendation Playbook, a series intended to help process safety managers, EHS leaders, and facility managers navigate the practical challenges of resolving PHA recommendations. In Part 1, we examined how resource constraints can stall progress. In Part 2, we explored how technical complexity can turn seemingly simple recommendations into multi-layered engineering efforts. In this article, we focus on a challenge that often emerges after solutions are identified and budgets are approved: scheduling and operational disruptions. Many PHA recommendations are fairly straightforward and are not technically difficult to implement. The challenge for implementation is typically timing. Commissioning equipment related to Safety recommendations often can require plant outages, temporary process changes, or reduced throughput. Production schedules, however, are rarely flexible. When commissioning equipment related to safety recommendations conflicts with operational demands, recommendations can remain open far longer than intended. This tension is not a sign of poor management. It is a structural reality in many regulated facilities. How organizations navigate it determines whether PHA recommendations become a source of frustration or a driver of long-term resilience. Scheduling and Operational Disruptions in PHA Recommendations | Why Timing Becomes the Constraint Scheduling and operational disruptions refer to the practical limitations that prevent PHA recommendations from being implemented without affecting production. Unlike administrative actions or procedural updates, many recommendations require physical changes to equipment, controls, or processes. These changes often cannot be completed while a unit is running. Implementation may require planned outages or partial shutdowns, temporary workarounds to maintain production, or coordination with existing maintenance and turnaround schedules. In facilities with continuous operations, even short interruptions can have downstream effects on supply commitments, staffing, and revenue. These challenges are especially common in environments where production peaks are seasonal or where outage windows are limited and planned years in advance. Safety recommendation implementation due dates may conflict with commercial commitments, customer demand, or contractual obligations. As a result, recommendation implementations are often deferred not because they are unimportant, but because there is no scheduled outage during which to complete the work. It is important to recognize that these challenges are structural. They cannot be resolved with documentation alone. A justification memo does not create an outage window. A tracking spreadsheet does not reduce production pressure. Addressing scheduling conflicts requires coordination, planning, and leadership alignment. The Cost of Deferral | When PHA Recommendations Stay Open Too Long When PHA recommendations are repeatedly deferred due to scheduling conflicts, risk compounds over time. OSHA expects recommendations to be resolved in a timely manner or to have clear documentation explaining why they remain open. While operational constraints may be valid, they are rarely sufficient on their own if delays persist without a plan for resolution. During audits, an insufficient deferral explanation for an incomplete recommendation action such as “open due to operations” would likely invite follow-up questions. Auditors want to understand what interim safeguards are in place to mitigate unresolved risk, whether the issue is being actively managed, and when resolution is expected. Without evidence of intent and resolution planning, deferrals can be interpreted as avoidance of addressing risk. From a safety perspective, prolonged deferral means operating with known unmitigated risks for extended periods. Over time, deferred recommendations can normalize the presence of known risk, particularly when scheduling constraints repeatedly delay implementation. Thus, the urgency of the recommendation basis fades due to stopgap measures seemingly serving a mitigative purpose even though the underlying risk remains. Operationally, deferring action items can create larger problems later. Work that could have been completed during a short outage may require a longer shutdown once conditions change. Deferred recommendations also increase maintenance burden and can contribute to fragile operations where unplanned events have outsized consequences. Avoiding disruption today often leads to greater disruption later. Balancing Production Demands and PHA Resolution Internally Facilities that manage scheduling challenges effectively tend to be more successful at integrating safety recommendation work into their process. Facilities that practice intentional schedule management often treat safety as part of their operational planning rather than a separate obligation. This starts with early coordination. When PHA recommendations are identified, they should be reviewed alongside maintenance plans and turnaround schedules as soon as possible. Understanding which recommendations require equipment during the downtime allows teams to align resolution efforts with existing outage windows rather than waiting until conflicts arise. Phased implementation can also reduce impact. In some cases, recommendations can be partially implemented during normal operations, with final steps completed during an outage. While it is not always possible, this approach can reduce downtime and spread work more evenly. Leadership alignment around closing PHA recommendations plays a critical role. Safety, operations, and production teams must share ownership of outcomes. Communication around PHA Risk gap closure requirements should focus on operational consequences, not just regulatory language. Framing recommendations in terms of reliability, uptime, and asset protection often resonates more effectively than compliance alone. Resolving PHA recommendations should not be treated as extra work layered on top of production. It serves as a pathway to resilience in operations in the long run. When Scheduling Conflicts Signal the Need for External Support Not every scheduling challenge requires outside help, but some situations benefit from additional perspective. Many PHA providers conclude their involvement once recommendations are issued. Internal teams are then left to reconcile safety needs with operational realities on their own. An experienced external partner can help when scheduling complexity escalates. They can assist with developing implementation plans that minimize downtime, sequencing work to align with production constraints, and identifying opportunities where a single outage can address multiple recommendations. Partners that offer project management oversight add another layer of value. Coordinated scheduling, clear milestones, and defined accountability help keep resolution efforts moving, even when timelines extend across months or years. This structure reduces the risk of recommendations being forgotten or deprioritized as operational pressures shift. The right partner does not add friction. They provide clarity. They help establish a clear path from identified risk to operational resilience, even when timing is constrained. Proactive Planning to Reduce Scheduling and Operational Disruption Many scheduling challenges can be reduced through proactive planning. During PHA sessions or revalidations, recommendations likely to require outages should be flagged early. This allows teams to assess feasibility and begin planning before production schedules are finalized. Including operations leadership in early discussions is essential. Their insight into outage availability and process constraints can shape more realistic implementation plans. Building safety-driven work into long-range maintenance planning also reduces the likelihood of last-minute conflicts. Documentation is equally important. Clearly recording why actions are deferred, what interim safeguards are in place, and how resolution will occur demonstrates intent and control. This documentation supports audit defensibility and helps maintain internal alignment. Scheduling challenges are not excuses for inaction. They are planning problems that can be addressed with foresight and coordination. From Risk to Resilience | When Smart Scheduling Strengthens Operations Facilities that address scheduling challenges deliberately often see benefits beyond compliance. Emergency shutdowns become less frequent. Outage scope and duration are better controlled. Confidence in the compliance posture improves because risks are actively managed rather than deferred indefinitely. Trust also improves across the organization. Operations teams trust that safety decisions consider production realities. Safety teams trust that execution timelines are realistic. Leadership trusts the results because progress is visible and defensible. Well-planned PHA recommendation resolution does not disrupt operations. It stabilizes them. The Takeaway | Safety Shouldn’t Be an Operational Surprise Scheduling and operational disruptions are among the most common and underestimated barriers to closing PHA recommendations. They sit at the intersection of safety and production, where priorities often compete. Treating safety work as an interruption makes resolution harder. Treating it as a planned investment in uptime and reliability changes the conversation. When scheduling is addressed strategically, PHA recommendations stop feeling like a cost of doing business and start delivering measurable value. Whether handled internally or with trusted external support, the objective remains the same: defensible improvements, reduced risk, and a facility that emerges stronger, not just compliant.

Updated April 2026 - It is commonly touted that once a plant rationalizes their alarms , they have completed the alarm management lifecycle. Nothing could be further from the truth. So what can an organization do to keep the alarm lifecycle alive and evergreen? Alarm management is the collection of processes and practices for determining, documenting, designing, operating, monitoring, and maintaining alarm systems. It is characterized by design principles including hardware and software design, good engineering practices, and human factors. Tying the alarm management lifecycle into process safety management and other work processes that already exist will help ensure it remains evergreen and delivers the intended benefits. While the integration of these activities will look different for each company, time has shown that success comes most easily when the management of change process, testing and training activities have been integrated into what is already being accomplished. The alarm management lifecycle is essentially a circle; there is no beginning or ending. There are different places an organization may choose to enter it, but the overall lifecycle process never really ends. An organization may have developed a philosophy , rationalized alarms , and implemented them , but that does not mean they have ‘completed’ alarm management. As processes and equipment evolve and change (e.g., removing or introducing equipment, changing flow rates, changing chemicals, etc.), different steps of the lifecycle come back into importance. The goal of alarm management should be to keep the lifecycle updated and evergreen. Integrating the alarm management, functional safety, and cybersecurity lifecycles is a key to success and will help avoid costly rework. There are similarities in all three lifecycles (e.g., asses, implement, operate & maintain phases, management of change, testing and training requirements, etc.). The process hazards analysis (PHA) feeds the other lifecycles. When assessing items in cybersecurity, one is considering scenarios first identified in PHAs. The same is true in alarm management when an alarm is used as a protection layer. A change in one lifecycle may, and most likely will, impact all three lifecycles. Something as minor as altering a chattering alarm (e.g., because its setpoint was too close to a shutdown value ) will impact the alarm, the master alarm database, the other lifecycles, and many different process safety information documents. If normalization of deviation is allowed (i.e., not tracking and reviewing the impact of what are believed to be minor changes), alarms will eventually become unrationalized, and things will revert back to their original, un-managed state. To learn more about the ISA 18.2 standard and how to keep the alarm management lifecycle evergreen, read the full paper “Breathing life into the alarm management lifecycle” .

Updated April 2026 — During my 24+ years in alarm management, I have collaborated with various companies on their distributed control systems (DCS)  across the United States and throughout 20 other countries.  Although every system is different, there are more commonalities than you might imagine. I am consistently asked what my favorite and least favorite control systems are to work on. My answer is always the same, “ my favorite system is the one I just finished for obvious reasons, and my least favorite is the one I’m working on right now .” This is because all alarm management systems have issues, but naturally, these issues  are different from system to system. That is why I felt it was important to discuss how to prevent the five most common industrial alarm management issues. Avoiding Unnecessary and Misused Alarms for Effective Industrial Alarm System Management One tenet of alarm management  is that alarms will only be used for abnormal situations. I cannot tell you the number of times that I have found alarms configured on systems for things that should never have an alarm. Some of these were obviously designed for convenience. A typical example of a convenience alarm is a low-temperature alarm on an ambient sensor located just outside the control room door. Although there are a few circumstances when this could be necessary ( e.g., an extremely low ambient temperature could adversely affect the viscosity of a process fluid ), most of the times that I have encountered this type of convenience alarm , it is simply to let the operator know if it is cold outside. Once, a senior operator in upstate New York actually told me that without the alarm, he wouldn’t know if he should put on a coat or not. The alarm was removed. Another relatively common misuse of industrial alarm systems occurs when a system timer alarm set up thirty (30) to sixty (60) minutes before the end of the shift in order to remind personnel to fill out shift changeover paperwork before going home. In situations where I have found these, the alarms have descriptions like “ Time for Turnover Paperwork”  or “ Call-in Reading to Foreman .” In one of these cases, the description was “ Wake Up and Pack Up to Go Home .” In this case, not only was the alarm removed from the system, but the tag was removed as well, and the person this applied to was told to buy an alarm clock. Ultimately, avoiding unnecessary or misused alarms will improve your industrial alarm system’s effectiveness.   Ensuring Operator Action — Proper Alarm Criteria and the Use of Alert Systems Another principle of alarm management  is that every alarm requires an operator action. When designing an alarm philosophy , one of the steps is to determine the time to respond ( how much time is available to take action to avoid the consequences ) vs. the severity of consequences matrix, as shown in Table 1 below. Table 1 - Alarm Priority Determination - aeSolutions As you can see in the table above, if there are no consequences or the time available is more than thirty (30) minutes, the parameter does not qualify to be an alarm. Although the operator may need to know that an instrument has reached a certain point, that does not mean that it should necessarily be an alarm. This condition can cause concern when these points support operations and do not meet the necessary qualifications of an alarm but still need to be viewed or accessed as part of operational efficiency. For those items that do not qualify as an alarm, there should be a separate mechanism to inform the operator (e.g., an alert system). I have encountered many types of alert systems, and there are numerous ways to implement them. One of the most common is to set up an alert as a separate “ priority ” on the DCS that has no visual or audible actions tied to it. This will result in the alerts going to a separate screen designated just for them. The operators will have to become accustomed to checking the screen multiple times during a shift, however these alerts should not be short-time critical ( e.g., <1 hour or the potential to be a HIGH priority ). If the alarm has the potential to be a HIGH priority, then it should be re-engineered to the point that the time available is 30 minutes or less.   Implementing Effective Single Alarms for Each Cause or Action | Industrial Alarm Management Creating a single alarm for each cause or corrective action is another doctrine of effective industrial alarm management . In other words, you should not have to be told more than once to do something. This issue most often occurs with multiple levels of alarming ( e.g., High (H) & High-High (HH) or Low (L) & Low-Low (LL) ). Below is an example of multiple level alarming being used correctly and incorrectly. Correct use of multiple levels of alarming example: A tank is ten feet in height and will overflow at that ten-foot level. There is a high-level alarm (H) set at nine feet with a HIGH priority to notify the operator to take action, stopping the level rise. There is a high-high level alarm (HH) at the do not exceed  height of 9.5 feet, with a LOW priority and a corresponding automated action that stops filling the tank. The alarm located at nine feet notifies the operator that action is needed. The alarm at 9.5 feet notifies the operator that the action taken was not effective and the DCS — or in some cases  — the safety instrumented system  (SIS), has shut the process down to avoid over-filling the tank. Incorrect use of multiple levels of alarming example: A client had a 40-foot naphtha tank with a high-high alarm set at 39 feet, designated with emergency priority, and a high alarm set at 38 feet, designated with high priority. There were no automated shutdown systems on this tank, and during operations, they overfilled the tank and had a loss of containment (LOC) incident. In an attempt to remedy this issue, the client contacted the DCS vendor and had a custom code written to add a high-high-high (HHH) alarm at 39 feet with an emergency priority, a high-high alarm at 38 feet with an emergency priority, and a high alarm at 37 feet with a high priority. Much to the chagrin of the client, this attempted resolution left their problem unresolved, and once again, they overfilled the tank and had a subsequent loss of containment (LOC) incident. This cycle repeated several times until they performed an alarm rationalization project . At the beginning of this project, the client’s setup was:                 High-High-High-High-High (HHHHH) Alarm at 39 ft with an EMERGENCY priority High-High-High-High (HHHH) Alarm at 38 ft with an EMERGENCY priority                 High-High-High (HHH) Alarm at 37 ft with an EMERGENCY priority                 High-High (HH) Alarm at 36 ft with an EMERGENCY priority                 High (H) Alarm at 35 ft with a HIGH priority Not only was this bad practice for industrial alarm system management, but the operators became so numb to the alarms that they were ignoring them and setting themselves up to run the tank over again. The results of their alarm rationalization study findings suggested reverting back to the original two (2) alarms and adding an automated shutdown at 39.5 feet with a LOW priority to notify the operator that control has been taken away from the operator and that an automated shutdown has occurred. Preventing DCS Alarm Floods with Advanced Suppression Techniques Another common issue in industrial alarm system management is the prevention of DCS alarm floods  ( e.g., having more than ten alarms in ten minutes ). A leading cause of alarm floods is the absence of the configuration of advanced alarming techniques such as suppression. Many of the newer DCS systems now have some form of suppression built into them; however, this feature is often underutilized. Automated suppression is when the DCS automatically disables (suppresses) an alarm’s audible and visual indicators and sends the alarm to an event log or journal instead. Suppression can be used to support alarm flooding in multiple ways; one way is that it allows a single indication of an issue to be alarmed while hiding all the similar alarms the issue causes. An example of this would be a compressor trip. When the compressor is running, it has numerous alarms configured and enabled, such as the run status, high & low suction pressure, high & low discharge pressure, bearing temperatures, and vibrations —  just to name a few. If the discharge pressure goes high while the compressor is running, it can be a big issue. You may have a plug downstream or someone may have accidentally closed a wrong valve. These things need to be taken care of quickly. However, if the compressor shuts down without suppression configured, the result each time will be a run status alarm along with alarms for the high suction pressure, low discharge pressure, all the bearing vibrations as it spools down, and potentially many other alarms. Typically, the only alarm needed is the run status alarm because if the compressor shuts down, a good operator knows that all of these secondary issues are due to the shutdown. If they are allowed to alarm, they become a distraction and hindrance to the mitigation of the issue.   Enhancing DCS Security — The Importance of Firewalls and Controlled Internet Access Lastly, the largest issue in industrial alarm system management — which thankfully is seen less and less these days  — is the lack of firewalls between the DCS and the outside world. Ideally, a control system would be “ air-gapped ” in order to minimize the possibility of introducing intrusions or viruses. However, this is not always possible. Typically, the DCS will be protected by firewalls, and often, those firewalls will be in their own layer between the control system and the rest of the company assets. The firewalls will only have a minimum number of obscure ports opened, and those ports will only allow one-way (outbound) traffic. This helps to minimize potential hijacking and infections. The most egregious example of not having firewalls that I have encountered was a few years ago on a project outside the US. One of the client’s complaints was how slow their DCS was running, and they were asking for suggestions on how to improve it. Upon entering the control room, my colleague and I were greeted by what is inarguably the nicest control room I’ve ever seen. The room was brightly lit and immaculately clean. The two (2) main operator stations were laid out in a huge arch in the middle of the room with sixteen (16) monitors each. Sitting perpendicular on the right end was the foreman’s station with four (4) monitors. In the back left corner was the utilities operator station with another twelve (12) monitors, and dead center of the front wall were eight (8) 55” monitors that networked together to make two (2) giant screens that were each two screens high by two screens wide. It was impressive, to say the least — until I realized that the giant screen on the right had more flashing red alarms than I have fingers to count . No one was paying attention to them because the operator on the left was using his giant screen to play an online video game. That’s right, the DCS had a direct connection to the internet. My first suggestion was to disable the internet connection and establish firewalls and the second was to delete all non-business required software from the system. Amazingly, within a week of implementing the suggestions, the system speed had more than doubled. While there are many more issues that could be discussed, these are the five most common issues that stand out in my career. Does your plant suffer from any of these issues or others not mentioned here? The Takeaway | Common Industrial Alarm Management Issues Addressing the most common industrial alarm management  issues is crucial for ensuring operational efficiency, safety, and system reliability. By avoiding unnecessary and misused alarms, setting proper alarm criteria, implementing single alarms for each cause or corrective action, preventing alarm floods through advanced suppression techniques, and securing the DCS with firewalls and controlled internet access, companies can significantly enhance their alarm management systems. These ISA-approved  best practices not only streamline operations but also empower operators to respond effectively to true emergencies, thereby minimizing risks and maintaining optimal system performance. Implementing these strategies will lead to a more robust and responsive alarm management framework, ultimately contributing to the overall success and safety of industrial operations. If your alarm system issues have you scratching your head, the experts at aeSolutions are always available to help identify and mitigate your industrial alarm system problems .   About the author: Burt Ward is a Senior Principal Specialist with a strong background in both operations and digital control systems. His experience includes over 24 years of Alarm Management projects conducted both remotely and onsite around the world.

Updated April 2026 - Written by aeSolutions Technical Team - There are many critical activities and decisions that take place prior to and during the Safety Integrity Level (SIL) Verification and other Conceptual Design phases of projects conforming to ISA84 & ISA/IEC 61511. These activities and decisions introduce either opportunities to optimize, or obstacles that impede project flow, depending when and how these decisions are managed. Implementing Safety Instrumented System (SIS) projects that support the long‐term viability of the Process Safety Lifecycle requires that SIS Engineering is in itself an engineering discipline that receives from, and feeds to, other engineering disciplines. This paper will examine lessons learned within the SIS Engineering discipline and between engineering disciplines that help or hinder SIS project execution in achieving the long‐term viability of the Safety Lifecycle. Avoiding these pitfalls can allow your projects to achieve the intended risk reduction and conformance to the ISA/IEC 61511 Safety Lifecycle, while avoiding the costs and delays of late‐stage design changes. Alternate execution strategies will be explored, as well as the risks of moving forward when limited information is available. Click here to view the complete whitepaper Topics Include: IEC 61511, ISA/IEC 61511 , Safety Instrumented Systems (SIS) , Independent Protection Layers (IPL) , Functional Safety Assessment (FSA) , Safety Requirement Specification (SRS) , Safety Lifecycle , Functional Safety Management Plan (FSMP ), Project Execution Plan (PEP), SIS Front‐End Loading (SIS FEL), Layer of Protection Analysis (LOPA ), SIL Verification ​