Risk Assessment: Integrity management system ensures reliable operations

Integrity management system ensures reliable operations

The integrity management system (IMS) comprises safety management, and analytical operations and maintenance processes that ensure the integrity of city gas distribution (CGD) networks at all times to guarantee their efficient operation and minimise business risks. The key functionalities of IMS include ensuring CGD network integrity in all areas which have the potential for adverse consequences; promoting systematic and planned management of the CGD network to mitigate risks; optimising the lifespan of the CGD network using an inbuilt integrity management plan and data collection; and increasing user confidence.

CGD infrastructure includes a network of pipelines transporting flammable gas under pressure which passes through densely populated areas. Besides exposing communities and the environment to risks in case of a failure, the network grid is also exposed to external risks that might result in network failure. IMS provides a comprehensive and structured framework to CGD utilities for assessing network condition, risks, mitigation techniques, and strategies required to ensure safe and incident-free operations.

There are five different elements of a comprehensive IMS:

  • Integrity management plan: This includes collection and validation of data, assessment of risks, risk ranking, risk mitigation strategies, and data updates.
  • Performance evaluation of integrity management plan: It is a mechanism to monitor the effectiveness of the integrity management plan, identify areas of limitations, and design improvement plans.
  • Communication plan: This involves designing a structured plan to regulate information and data exchange processes between the internal and external environment.
  • Management of change: This process incorporates system changes, including technical, physical and procedural changes at the organisation level, and includes them in the integrity management plan.
  • Quality control: This process establishes the quality requirements defined in the execution of processes in the integrity management plan.

The selection of an appropriate IMS depends on the stage of operation of a CGD utility. Performance-based IMS is more suitable for a mature CGD operator with sufficient experience whereas prescriptive IMS is apt for a utility with a developing network infrastructure. Prescriptive IMS is more rigorous as it considers the worst case scenario and robust mitigation techniques. It mandates the implementation of an established process to address risks and their consequences, and proven methods for mitigation. Considering the relatively nascent stage of the CGD industry, prescriptive IMS is more suitable for Indian CGD players.

There are five integrity assessment tools. These are direct assessment and evaluation, periodic thickness assessment and periodic review against baseline values, cathodic protection, and pressure testing. The direct assessment and evaluation tool is used to determine integrity for the external corrosion threat on the CGD network. The external corrosion direct assessment process has four key components: pre-assessment, inspections, examination and evaluation, and post-assessment. Periodic thickness assessment can be used to compare data related to CGD network skids and pressure vessels against a baseline data. The cathodic protection system must be implemented to cover the entire steel network to detect insufficient cathodic protection levels, and other irregularities and anomalies in the network. Pressure testing is appropriate for integrity assessment while addressing threats at the pre-commissioning stage.

A comprehensive CGD network integrity programme is based on the continuous exercise of extensive data collection, assimilation and analysis. In addition, an integrity management programme can be designed on the basis of specified methods, procedures, and time intervals for assessment and analysis. It may be important to adopt a prescriptive integrity management programme with regard to its efficacy, its result and mitigation efforts for operators implementing an integrity management plan in the absence of baseline and performance data.

The cycle of basic processes of an integrity management plan includes initial data gathering, review and integration, identification of threats, impact analysis, risk management and assessment  integrity assessment, response and mitigation.

  • Under the initial data gathering, review and integration cycle, four aspects need to be analysed: data alignment for the integration of different data sources with a common platform, creating data history for managing temporal aspects of any data, data normalisation for the integration of disparate data sources in order to distinctly analyse different attributes from different aspects, and data accuracy for arriving at correct inferences.
  • Gas pipeline incident data is analysed and classified by Pipeline Research Council International across 22 different parameters. Of the total, 21 risks have been clubbed under three groups and nine categories: time- dependent threats (external corrosion, internal corrosion and stress corrosion cracking); stable threats (manufacturing related, wielding/fabrication related and equipment related); time-independent threats (third-party related, incorrect operational procedure and weather related). The one remaining parameter is the unknown threat.
  • Once a hazardous event is identified, the next step is to estimate the magnitude of possible damage. These consequences may include leak, fire, explosion and gas cloud. Impact analysis includes the identification of high- consequence areas. These, in general, include high population density areas and difficult-to-evacuate facilities.
  • The data assembled is then used for conducting risk assessment of the CGD network. Risk assessment methods help CGD utilities prioritise and plan activities. In carrying out risk assessment, the probability of an occurrence and its consequences are determined for every threat. Risk rating is calculated by multiplying probability rating and consequence rating. While the probability rating is determined by assigning appropriate scalable values for the probability of an occurrence based on the industry experience and the CGD utility’s past operations, consequence rating is determined by assigning appropriate scalable values to impact people, environment, business, etc. in the event of materialisation of a threat.
  • For integrity assessment, a plan has to be developed to address the most significant threats in order to determine the appropriate integrity assessment methods. These methods include hydro testing prior to commissioning, at the test pressure as per T4S standard; external corrosion direct assessment; and cathodic protection survey.
  • Response and mitigation involves the preparation of a schedule of responses based on data points collected during inspection and repair activities. Mitigation options include actions for increasing the adequacy levels of cathodic protection by installing capacity, replacement/ repair of assets based on analysis, and active consultations with equipment suppliers.

CGD utilities can evaluate a system’s integrity management programme performance within their systems and also by comparing it with other systems on an industry-wide basis. These performance evaluation programmes must consider both threat-specific and aggregate improvements, and might include process measures, operational measures and direct integrity measures. A performance indicator can either be leading or lagging in nature. Leading measures are proactive and provide an indication of how the plan may perform. On the other hand, lagging measures are reactive in nature, and provide an indication of the past integrity management programme performance.


A risk assessment model is essential to understand the nature and possible locations of risks along a CGD network. However, risk assessment methods alone may not be completely relied upon to establish risk estimates and mitigate known risks. An integral part of the risk assessment process is the incorporation of data elements or changes to facility data. The risk ratings must be reviewed and the necessary changes must be made after a predefined interval.

To ensure correct updates, an effective process should be established for incorporating major system changes and modifications. As a part of risk assessment activities, a company needs to carry out the following activities: undertake a cathodic protection adequacy survey for distribution pipelines and classify the anomalies detected on the basis of risk levels; carry out periodic analyses to determine risks to assets as an input to asset replacement activity; and prepare, maintain and update a database of known risks to assets.