ISO/DIS 29501:2026(en)
ISO/TC 67
Secretariat: NEN
Date: 2025-11-25
Operating management systems — Requirements with guidance for use
© ISO 2026
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
Contents
4 Context of the organization 7
4.1 Understanding the organization and its context 7
4.2 Understanding the needs and expectations of interested parties 7
4.3 Determining the scope of the operating management system 8
4.4 Operating management system 8
5.1 Leadership and commitment 9
5.3 Roles, responsibilities and authorities 9
6.1 Actions to address risks and opportunities 10
6.2 Objectives and planning to achieve them 10
6.4 Planning for contingency, emergency, crisis and business continuity 11
7.1.3 Environment for the operation of processes 12
7.5.2 Creating and updating documented information 14
7.5.3 Control of documented information 14
7.6 Science, technology and engineering 14
7.7 Externally provided processes, products and services 15
7.7.3 Type and extent of control 16
8.1 Operational planning and control 17
8.2 Business opportunity realization (Development Phase) 17
8.4 Response to unplanned events and outcomes 19
9.1 Monitoring, measurement, analysis and evaluation 19
9.3.2 Management review inputs 20
9.3.3 Management review outputs 21
10.2 Nonconformity and Corrective action 22
10.3 Organizational knowledge 22
Annex A (informative) Guidance on the use of this document 23
A.4 Context of the organization 24
A.4.1 Understanding the organization and its context 24
A.4.2 Understanding the needs and expectations of interested parties 25
A.4.3 Determining the scope of the operating management system 26
A.4.4 Operating management system 27
A.5.1 Leadership and commitment 28
A.5.3 Roles, responsibilities and authorities 29
A.6.1 Actions to address risks and opportunities 30
A.6.2 Objectives and planning to achieve them 32
A.6.4 Planning for contingency, emergency, crisis and business continuity 33
A.7.1.3 Operating environment 34
A.7.5 Documented information 36
A.7.5.2 Creating and updating documented information 36
A.7.5.3 Control of documented information 36
A.7.6 Science, technology and engineering 37
A.7.7 Externally provided processes, products and services 38
A.7.7.2 Provider assessment 39
A.7.7.3 Type and extent of control 40
A.8.1 Operational planning and control 41
A.8.2 Business opportunity realization 41
A.8.4 Response to unplanned events and outcomes 43
A.9.1 Monitoring, measurement, analysis and evaluation 44
A.9.2.2 Internal audit programme 45
A.9.3.2 Management review input 46
A.9.3.3 Management review outputs 46
A.10.1 Continual Improvement 46
A.10.3 Organisational Knowledge 47
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a) patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent rights in respect thereof. As of the date of publication of this document, ISO [had/had not] received notice of (a) patent(s) which may be required to implement this document. However, implementers are cautioned that this may not represent the latest information, which may be obtained from the patent database available at www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 67 Oil and gas industries including lower carbon energy activities.
Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.
Introduction
The purpose of this document is to establish requirements and to provide guidance on operating management systems for the oil and gas industries including petrochemical and lower carbon energy activities to develop standardized and consistent operating processes to manage risks and opportunities and improve operating performance. In this context, “operating” applies to every type of activity throughout the value chain and lifecycle of an organization's activities, assets, products and services.
The aim of an operating management system:
— sets out the systematic processes, interdependencies and controls to be implemented at all levels of an organization: to plan, manage and carry out activities as intended, continually reducing risk, improving performance and delivering business goals;
— consolidates an organization’s knowledge and requirements to safely and responsibly manage its assets and activities in one place;
— aims to reduce the likelihood of adverse consequences, while providing opportunities to improve the integrity, reliability, efficiency and effectiveness of the organization’s operations.
Operating management systems should address five management principles: leadership, risk management, improvement, sustainability and implementation.
a) Leadership
Successful organizations have leaders who are committed advocates and owners of their operating management system, who don’t compromise on system implementation and execution and drive cultural and behavioural changes required to achieve business objectives.
Commitment, support and accountability must come from top management. The organization’s executive leaders give each level of the organization the necessary authority and resources to establish and implement the operating management system. Leaders establish roles, responsibilities and accountabilities which are cascaded throughout the organization, such that everyone involved in the operating management system understands their responsibilities for ensuring that the system is effective.
While everyone can be a leader by virtue of their role and influence on colleagues, an organization recognizes that leadership is essential for persons with specific accountabilities within the operating management system.
Leaders ensure that the operating management system meets business objectives by actively looking for insights into system suitability and effectiveness and using appropriate measures to understand and improve performance.
Executive leaders establish and effectively communicate priorities, objectives, requirements and accountabilities of an operating management system. Leaders at all levels are aware of how important their actions are in fostering a strong, positive culture, and in nurturing values such as the necessity to operate responsibly. Leaders clearly communicate operating management system expectations and responsibilities, empower individuals and teams to fulfil their responsibilities and then recognize and reward positive behaviour or intervene and address behaviour that does not meet expectations.
Consistent application of an operating management system provides a robust platform for leaders to improve the organization’s culture, sustainability and the behaviour of its employees.
b) Risk management
The oil and gas industries including lower carbon energy activities experience risks and opportunities that are inherent to the nature of their assets, activities, operational locations, products and obligations.
Implementing a standardized approach to risk and opportunity management and decision making, consistently across all types of operations considering the lifecycle of assets, reduces organizational risk from all sources and types including, but not limited to, market changes, environmental impacts, quality failures, security threats, community grievances and capability scarcity, as well as personal and process safety incidents.
This approach also helps identify and realize opportunities—for example, to benefit the environment or societal stakeholders by improving protection, conserving scarce resources or by enabling economic and social development.
c) Improvement
Improvement, learning and innovation are key, interdependent aspects that contribute to the sustained success of organizations.
Organizations constantly experience change in internal and external context and in the requirements and expectations of stakeholders. Improvement, learning and innovation support organizations’ ability to respond to changes in a manner that enables them to fulfil their mission and vision towards the achievement of sustained success.
Improvement activities can range from continual improvement or corrective actions through to significant breakthrough, innovation or organizational design changes. Improvement processes follow a structured approach, such as the plan-do-check-act (PDCA) cycle with tools and techniques selected to suit specific improvement objectives.
An organization establishes improvement as a fundamental part of the organization’s culture by empowering people to participate and contribute to the successful achievement of improvement initiatives, providing the necessary resources to achieve improvement objectives, celebrating success, and the visible involvement of top management in improvement activities.
d) Sustainability
Sustainability and climate change considerations and obligations inform the context of organisations and the risks and opportunities to be considered when framing and implementing operating management systems.
The United Nations Sustainable Development Goals provide a valuable framework for establishing and benchmarking an organisation’s objectives in respect to sustainability; https://www.iso.org/sdgs.html.
A number of ISO management system standards, notably ISO 14001 Envionmental management systems and ISO 37101:2016 Sustainable development in communities, can be considered when developing operating management systems; https://www.iso.org/developing-sustainably.html
The carbon footprint associated with an organisation’s operations and the products and services they supply can be considered in accordance with ISO Guide 84:2020 to inform lower carbon energy solutions.
Life cycle costing in accordance with ISO 15663:2021 should consider economic factors relating to sustainability and lower carbon technologies.
e) Implementation
Operating management system success is measured with effective and efficient implementation. The operating management system is typically established centrally and implemented organization-wide, whether for strategic planning or for day-to-day operations, so that individual risk controls are consistently applied.
Personal commitment and accountability is critical for successful implementation. Top management is the ultimate owner of the operating management system. They retain overall accountability, but can delegate clear responsibility and authority, so that every part of the system has an owner (process owner). Many parts of the system will be interrelated and have many different dependencies, so clarity of ownership is important.
Process owners require skills and competences as well as resources to perform their role and to regularly review the performance measures and control effectiveness of their part of the operating management system.
An organization that wishes to determine the implementation maturity of its operating management system in respect to the requirements of this document can do so by:
— making a self-assessment as the basis for determination and self-declaration, or
— seeking confirmation of its conformity by parties having an interest in the organization, such as partners, stakeholder’s and customers, or.
— seeking confirmation of its determination and self-declaration by a party external to the organization
ISO/DIS 29501 defines an assessment process and criteria which can be used to assess the conformity and implementation maturity of operating management systems in respect to the requirements of this document.
Operating Management system model
The basis of the operating management system approach as described in this document is applicable throughout the value chain and lifecycle of the business and its products, informed by the five principles. This document defines operating management system requirements to assist organizations to plan and establish operating management systems, including appropriate documented information of the practices and processes used, by the managers and the workforce at every level in the organization to plan, direct and execute operations and activities.
Figure 1 provides a schematic representation of the operating management system requirements.
Figure 1 — Operating management system model
Contents of this document
This document conforms to ISO’s requirements for management system standards. These requirements include a harmonized structure, identical core text and common terms with core definitions, designed to benefit users implementing management systems conforming with multiple ISO management system standards.
This document defines requirements and supporting guidance that can be used by an organization to implement an operating management system and to assess conformity.
Clauses 1 to 3 in this document set out the scope, normative references and terms and definitions which apply to the use of this document, while Clauses 4 to 10 contain the requirements to be used to assess conformity to this document.
In this document, the following verbal forms are used:
a) “shall” indicates a requirement
b) “should” indicates a recommendation
c) “may” indicates a permission
d) “can” indicates a possibility or a capability
Information marked as “NOTE” is for guidance in understanding or clarifying the associated requirement. “Notes to entry” used in Clause 3 provide additional information that supplements the terminological data and can contain provisions relating to the use of a term.
This document contains both requirements and guidance for use. The guidance for use is included in Annex A, which mirrors the structure of the main body text of this document (i.e. Clauses 1 to 10).
Operating management system — Requirements with guidance for use
1.0 Scope
This document provides specific requirements and guidance for organizations in the field of the oil and gas industry, including petrochemical and lower carbon energy activities to develop standardized and consistent operating processes to manage risks and opportunities and improve operating performance.
NOTE In the context of this document, the term “operating” applies to every type of operator or provider activity and applies to all phases, from technology research to access to new resources through exploration scoping and concept definition, during design, procurement and construction of facilities, through start-ups, normal operations and shutdowns, when products are transported and brought to market, or when facilities are decommissioned at end of life.
This document is applicable throughout the value chain and lifecycle of an organization’s activities, assets, products and services.
The requirements and guidance provided in this document can be applied to other activities undertaken by the organization and by other sectors.
2.0 Normative references
There are no normative references in this document.
3.0 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/
3.1
organization
person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives (3.6)
Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.
Note 2 to entry: If the organization is part of a larger entity, the term “organization” refers only to the part of the larger entity that is within the scope of the operating management system (3.4).
3.2
interested party (preferred term)
stakeholder (admitted term)
person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision or activity
Note 1 to entry: Stakeholder is the preferred term in the oil and gas industry, including petrochemical and lower carbon energy activities and is used in this document.
Note 2 to entry: Stakeholders can include customers, suppliers, regulators, employees, shareholders, and communities.
3.3
top management
person or group of people who directs and controls an organization (3.1) at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization.
Note 2 to entry: If the scope of the management system (3.4) covers only part of an organization, then top management refers to those who direct and control that part of the organization.
3.4
management system
set of interrelated or interacting elements of an organization (3.1) to establish policies (3.5) and objectives (3.6) as well as processes (3.8) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines.
Note 2 to entry: The management system elements include the organization’s structure, roles and responsibilities, planning and operation.
Note 3 to entry: In the context of an operating management system, the management system provides a structured and documented set of interdependent practices, processes (3.8) and procedures used by the managers and the workforce at every level in an organization (3.1) to plan, direct and execute activities.
3.5
policy
intentions and direction of an organization (3.1), as formally expressed by its top management (3.3)
3.6
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.
Note 2 to entry: Objectives can relate to different disciplines (such as finance, health and safety, and environment). They can be, for example, organization-wide or specific to a project, product or process (3.8)).
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended result, a purpose, an operational criterion, as an objective, or by the use of other words with similar meaning (e.g. aim, goal, or target).
Note 4 to entry: In the context of operating management systems, objectives are set by the organization, consistent with the operating policy (3.5), to achieve specific results.
3.7
risk
effect of uncertainty
Note 1 to entry: An effect is a deviation from the expected — positive or negative.
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73) and “consequences” (as defined in ISO Guide 73), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73) of occurrence.
3.8
process
set of interrelated or interacting activities that uses or transforms inputs to deliver a result
Note 1 to entry: Whether the result of a process is called output, product or service depends on the context of the reference.
3.9
competence
ability to apply knowledge and skills to achieve intended results
3.10
documented information
information required to be controlled and maintained by an organization (3.1) and the medium on which it is contained
Note 1 to entry: Documented information can be in any format and media, and from any source.
Note 2 to entry: Documented information can refer to:
— the management system (3.4), including related processes (3.8);
— information created in order for the organization to operate (documentation);
— evidence of results achieved (records).
3.11
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to the managing activities, processes (3.8) products (including services), systems or organizations (3.1).
3..12
continual improvement
recurring activity to enhance performance (3.11)
3.13
effectiveness
extent to which planned activities are realized and planned results are achieved
3.14
requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and interested parties that the need or expectation under consideration is implied.
Note 2 to entry: A specified requirement is one that is stated, e.g. in documented information.
3.15
conformity
fulfilment of a requirement (3.14)
3.16
nonconformity
non-fulfilment of a requirement (3.14)
3.17
corrective action
action to eliminate the cause(s) of a nonconformity (3.16) and to prevent recurrence
Note 1 to entry: In the context of this document, corrective action also relates to unplanned events and outcomes.
3.18
audit
systematic and independent process (3.8) for obtaining evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf.
Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
3.19
measurement
process (3.1.4) to determine a value
3.20
monitoring
determining the status of a system, a process (3.1.4) or an activity
Note 1 to entry: To determine the status, there can be a need to check, supervise or critically observe.
3.21
operating
design, implementation and control of activities that convert resources (3.2.8.1) into products (3.2.8.2) and services (3.2.8.3) to fulfil an organization’s business strategy.
Note 1 to entry: In the context of this document, the term “operating” applies to every type of operator or provider activity and applies to all phases, from technology research to access to new resources through exploration scoping and concept definition, during design, procurement and construction of facilities, through start-ups, normal operations and shutdowns, when products are transported and brought to market, or when facilities are decommissioned at end of life.
3.22
operation
act or instance, process (3.8), or manner of functioning or operating (3.21)
3.23
license to operate
grant of permission to undertake business operations (3.21.1), subject to regulation or supervision or through managing stakeholder (3.2) expectations and requirements
Note 1 to entry: Licenses can be granted by governments or government agents in accordance with related regulations and by contracting parties based on contractual agreements.
Note 2 to entry: social licence to operate reflects ongoing acceptance by social stakeholders, typically employees and the communities in which operations are undertaken, of how the organisations plans are developed and implemented.
3.24
stakeholder management
systematic identification, analysis and planning of actions to communicate with, negotiate with and influence stakeholders (3.2)
3.25
stakeholder engagement
process (3.8) by which an organization (3.1) involves stakeholders (3.2)who can be affected by the decisions it makes, or can influence the implementation of its decisions
3.26
strategy
planned activities to achieve a long term or overall objective (3.6)
[SOURCE: ISO 9000:2015, 3.5.1.2]
3.27
organizational philosophy
guiding vision, purpose, framework and touchstone for organization’s people and culture policies (3.5)
Note 1 to entry: The organization philosophy enables an organization to test its policies and practices against agreed core beliefs, values and principles as it seeks to develop and live out its unique culture and brand.
3.28
organizational objective
overarching objective (3.6) that sets the context and direction for an organization's activities
[SOURCE: ISO 55000:2014, 3.1.14]
3.29
plan
set of intended actions, including timescales and resources (3.2.8.1), required to achieve an objective (3.1.3.2)
[SOURCE: OGP Report 510]
3.30
process owner
person with assigned responsibility and authority for a process
Note 1 to entry: The responsibilities of a process owner can include defining, developing and deploying the process, communicating with interested parties, measuring and monitoring the results of the process and continually improving the performance of the process.
[SOURCE: ISO 10014:2021, 3.7]
3.31
asset
any item, thing or entity that has potential or actual physical or intrinsic value to an organization.
[SOURCE: ISO 55000:2014 3.2.2, Modified – Notes 1 to 3 to entry deleted]
Note 1 to entry: An organization can operate assets that are wholly owned or partly owned through joint ventures or other arrangements.
Note 2 to entry: Typically, an asset is a facility, or group of facilities, and can comprise land or sea acreage, buildings, plant, engineered structures, hardware or software, fixed or mobile equipment, vessels, aircraft and road vehicles, terminals, pipelines, offices or retail outlets, licences, intellectual property rights.
3.32
resource
commodity, service (3.34), workforce or asset (3.31) that is sourced or supplied to meet the needs of activities to generate products (3.33)
[SOURCE: OGP Report 510]
3.33
product
output of an organization (3.1) that can be produced without any transaction taking place between the organization and the customer
Note 1 to entry: Production of a product is achieved without any transaction necessarily taking place between provider (3.2.9) and customer but can often involve this service (3.34) element upon its delivery to the customer.
Note 2 to entry: The dominant element of a product is that it is generally tangible.
[SOURCE: ISO 9000:2015, 3.7.6, modified – Note 3 to entry has been deleted.]
3.34
service
output of an organization (3.1) with at least one activity necessarily performed between the organization and the customer
Note 1 to entry: The dominant elements of a service are generally intangible.
Note 2 to entry: Service often involves activities at the interface with the customer to establish customer requirements as well as upon delivery of the service and can involve a continuing relationship.
Note 3 to entry: A service is generally experienced by the customer.
[SOURCE: ISO 9000:2015, 3.7.7, modified – Note 2 to entry has been amended by removing examples, and original note 3 to entry has been deleted.]
3.35
provider
supplier
organization (3.1) that provides a product (3.33) or a service (3.34)
EXAMPLE: Producer, distributor, retailer, contractor or vendor of a product or a service.
Note 1 to entry: A provider can be internal or external to the organization.
[SOURCE: ISO 9000:2015, 3.2.5, modified – Note 2 to entry has been removed and "contractor" has been added as example.]
3.36
learning
acquisition of knowledge, skills or attitudes
[SOURCE: ISO/IEC 2382-36:2019, (3.1.1)
3.37
performance standard
statement, which can be expressed in qualitative or quantitative terms, of the performance (3.11) required of a system or item of equipment for it to satisfactorily fulfil its purpose
[SOURCE: ISO 16530-1:2017, 3.44]
3.38
improvement
activity to enhance performance (3.11)
[SOURCE: ISO 9000:2015, 3.3.1]
3.39
innovation
discovery, development and implementation of new or significantly improved product (3.33), service (3,24) or process (3.8), technology, marketing method, or organizational method in business practices, workplace organization or external relations
3.40
process safety system
System consisting of devices and process controls used on a facility to prevent or mitigate the potentially undesirable events that can occur within the process
[SOURCE: ISO 10418:2019, 3.1.22 Modified]
3.41
safety critical element
part of a facility, including systems, equipment, structures, software, whose purpose is to prevent or limit the consequences of a major incident
Note 1 to entry: Safety critical elements include measures for prevention, detection, control and mitigation (including personnel protection) of hazards
[SOURCE: EU Directive 2013/30/EU, modified]
4.0 Context of the organization
4.1 Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended result(s) of its operating management system.
When determining the external and internal issues, the organization shall consider:
a) the context of the sector in which it operates
b) the context of the value chain, both external and internal
c) the lifecycle of the organization’s operation(s)
d) its license to operate.
e) the sustainability of the communities in which it operates
f) whether climate change is a relevant issue
NOTE 1 Business objectives focus on opportunity before risk and describe what the organization wants to achieve, which can be part of the organization’s vision, mission and strategic directions.
NOTE 2 Understanding the internal context can be facilitated by considering issues related to purpose, values, culture, knowledge and performance of the organization.
NOTE 3 Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive, market, cultural, social and economic environments, whether international, national, regional or local.
4.1.1 Understanding the needs and expectations of interested parties
The organization shall determine:
— the interested parties (stakeholders) that are relevant to the operating management system;
— the relevant requirements of the stakeholders;
— which of the requirements will be addressed through the operating management system.
The stakeholder management process shall address stakeholder planning and stakeholder monitoring .
NOTE 1 Relevant stakeholders can have expectations and requirements related to climate change.
4.1.2 Determining the scope of the operating management system
The organization shall determine the boundaries and applicability of the operating management system to establish its scope.
When determining this scope, the organization shall consider:
— the external and internal issues referred to in 4.1
— the requirements referred to in 4.2.
— the operating lifecycles
— the relevant functional areas
The scope shall be available as documented information.
NOTE 1 The scope and design of the operating management system, including its processes, should be informed by the organization's business purpose, objectives, current and emerging operations, operating value chain/lifecycle, functional areas and stakeholder requirements and obligations.
NOTE 2 Typical lifecycle phases and functional areas for operations are provided in Annex A.
4.1.3 Operating management system
The organization shall establish, implement, maintain and continually improve an operating management system, including the processes needed and their interactions, in accordance with the requirements of this document.
The organization shall determine the processes needed for the operating management system and their application throughout the organization.
The organization shall:
a) determine the inputs required and the outputs expected from these processes
b) determine the sequence and interaction of these processes
c) determine and apply the criteria and methods (including monitoring, measurements and related performance indicators) needed to ensure the effective operation and control of these processes
d) determine the resources needed for these processes and ensure their availability (ref 7.1)
e) assign the responsibilities and authorities for these processes
f) address the risks and opportunities
g) evaluate process suitability and effectiveness and implement improvements to ensure achievement of intended results
Documented information shall be available to support the operation of its processes and to have confidence that the processes are being carried out as planned.
The organization shall define the extent of documented information required to meet relevant stakeholder requirements (see 4.2 and 4.3).
5.0 Leadership
5.1 Leadership and commitment
Top management shall demonstrate leadership and commitment with respect to the operating management system by:
— ensuring that the organization’s operating policy and operating objectives are established and are compatible with the strategic direction of the organization
— ensuring the integration of the operating management system requirements into the organization’s business processes
— ensuring that the resources needed for the operating management system are available
— communicating the importance of effective operating management and of conforming to the operating management system requirements
— ensuring that the operating management system achieves its intended result(s)
— directing and supporting persons to contribute to the effectiveness of the operating management system
— promoting continual improvement
supporting other relevant roles to demonstrate their leadership as it applies to their areas of responsibility
NOTE Reference to “business” in this document can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence.
Top management shall demonstrate leadership and commitment with respect to license to operate by ensuring that:
a) the risks and opportunities that can affect license to operate and the ability to enhance stakeholder satisfaction are determined and addressed
b) applicable statutory, regulatory and sustainability requirements are determined, understood and met
c) stakeholder satisfaction is enhanced
5.1.1 Policy
Top management shall establish operating policy that:
a) is appropriate to the purpose of the organization
b) provides a framework for setting objectives
c) includes a commitment to meet applicable requirements
d) includes a commitment to continual improvement
The policy shall:
— be available as documented information
— be communicated within the organization
— be available to stakeholders, as appropriate.
5.1.2 Roles, responsibilities and authorities
Top management shall ensure that the responsibilities and authorities for relevant roles are assigned and communicated within the organization.
Top management shall assign the responsibility and authority for:
a) ensuring that the operating management system conforms to the requirements of this document
b) reporting on the operating performance of the operating management system to top management
c) ensuring the suitability and effectiveness of the operating management system
6.0 Planning
6.1 Actions to address risks and opportunities
When planning for the operating management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:
— realize value of resource(s) and asset(s) to achieve business objectives
— give assurance that the operating management system can achieve its intended result(s)
— prevent, or reduce, undesired effects
— achieve continual improvement
The organization shall plan:
a) actions to address these risks and opportunities including:
— defining techniques, tools and their application for risk identification, assessment, prevention and mitigation
— identifying sources of risk, areas of impacts, events and their causes, and their potential consequences
— analysing potential risk by determining consequences and their likelihood
— evaluating risk and developing risk controls
— applying appropriate risk treatments
b) how to
— integrate and implement the actions into its operating management system
— evaluate the effectiveness of these actions
Documented information shall be available to support and demonstrate the management of risks and opportunities.
NOTE See Clause 8 for requirements on the management of risk in the context of the operations.
6.1.1 Objectives and planning to achieve them
The organization shall establish operating objectives at relevant functions and levels.
The operating objectives shall:
a) be consistent with the policy
b) consider risks and opportunities
c) be measurable
d) consider applicable requirements
e) be monitored
f) be communicated to relevant stakeholders
g) be reviewed and updated as appropriate
h) be available as documented information
When establishing its operating objectives, the organization shall consider the requirements of relevant stakeholders and of other financial, technical, legal, regulatory, sustainability and organizational requirements in the operating management planning process.
When planning how to achieve its operating objectives, the organization shall determine and document:
a) what will be done
b) what resources will be required
c) who will be responsible
d) when it will be completed
e) how the results will be evaluated
When planning how to achieve its operating objectives, the organization shall define:
a) method and criteria for decision making and prioritizing of the activities
b) processes and methods to be employed in managing assets over their lifecycles
c) appropriate planning time horizon(s)
d) technical, non-technical and financial implications
e) sustainability implications
f) review period.
6.1.2 Planning of changes
When the organization determines the need for changes to the operating management system, the changes shall be carried out in a planned manner.
The organization shall be prepared for planned and unplanned changes and manage the risks and opportunities resulting from unforeseen consequences from these changes.
Management of change shall encompass changes in:
a) Context and associated objectives, obligations and requirements referred to in 4.1 and 4.2
b) The operating management system scope, systems and processes referred to in 4.3.and 4.4
c) Organisation and personnel
d) Infrastructure
e) Products and services
The organization shall assess risks and opportunities associated with planned or unplanned changes, permanent or temporary, that can have an impact on achieving the objectives.
The organization shall ensure that such risks and opportunities are managed in accordance with 6.1 and 6.2.
Documented information shall be available to support and demonstrate the management of change.
6.1.3 Planning for contingency, emergency, crisis and business continuity
The organization shall, in cooperation with its stakeholders, establish, document and maintain plan(s) to be prepared:
a) for eventualities and contingencies and manage those when they occur
b) for emergencies and manage those when they occur
c) for crises and manage those when they occur
d) to ensure business continuity should circumstance require
NOTE See 8.1 and 8.4 for activities required to implement the contingency and emergency plans in response to unplanned events and outcomes.
7.0 Support
7.1 Resources
The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the operating management system.
7.1.1 People resources
The organisation shall determine and provide the capacity of people necessary for the operation and control of its processes to achieve operating objectives and obligations.
The organisation shall determine and demonstrate the necessary competence of person(s) doing work under its control that affects operating performance.
The organisation shall consider:
a) the capacity and competence of, and constraints on, existing internal personnel
b) utilisation of capacity available through stakeholders, partners and external providers
c) people resources required to maintain the operating management system
7.1.2 Infrastructure
The organization shall determine, provide and maintain the infrastructure necessary for the operation of its processes and to achieve conformity of products and services.
Infrastructure can include:
a) facilities, buildings and associated utilities
b) equipment, including hardware and software
c) transportation resources
d) digital technology infrastructure
See 8.2 in respect to the acquisition, development and implementation of infrastructure required to meet operating requirements.
See 8.3 in respect to the operation and maintenance of the organisation’s infrastructure.
7.1.3 Environment for the operation of processes
The organization shall determine, provide and maintain the environment necessary for the safe and effective operation of its processes and to sustainably achieve business objectives.
NOTE A suitable environment can be a combination of human and physical factors, such as:
a) social (e.g. non-discriminatory, calm, non-confrontational)
b) psychological (e.g. stress-reducing, burnout prevention, emotionally protective)
c) physical (e.g. temperature, heat, humidity, light, airflow, hygiene, noise)
These factors can differ substantially depending on the scope of operations and products and services provided.
7.2 Competence
The organization shall:
— Determine the necessary competence of person (s) doing work under its control that affects its operating performance; refer 7.1.1
— ensure that these persons are competent on the basis of appropriate education, training, or experience
— where applicable, take actions to develop or acquire the necessary competence, and evaluate the effectiveness of the actions taken
— validate competency to specific proficiency levels appropriate to the risk associated with the task.
Appropriate documented information shall be available as evidence of competence.
NOTE Applicable actions can include, for example, the provision of training to, the mentoring of, or the re-assignment of currently employed persons; or the hiring or contracting of competent persons.
7.2.1 Awareness
Persons doing work under the organization’s control shall be made aware of:
— the operating policy
— their contribution to the effectiveness of the operating management system, including the benefits of improved operating performance
— the implications of not conforming with the operating management system requirements.
— the operating objectives and operating management plans
— their work activities, the associated risks and opportunities and how they relate to each other
Changes in organization’s policy, objectives and operating management plans shall be communicated through the management of change process referred to in 6.3, to internal and external parties (see 7.4).
Note 1 to entry: Persons doing work under the organisations control includes external providers; see 8.1.
7.2.2 Communication
The organization shall determine the internal and external communications relevant to the operating management system, including:
— on what it will communicate
— when to communicate
— with whom to communicate
— how to communicate
— who communicates
— communication effectiveness
7.2.3 Documented information
7.2.4 General
The organization’s operating management system shall include:
a) documented information required by this document
b) documented information determined by the organization as being necessary for effective operations
c) documented information necessary to meet stakeholder and customer requirements
NOTE The extent of documented information can differ from one organization to another due to:
— the size of organization and its type of activities, processes, products and services
— the complexity of processes and their interactions
— the competence of persons
7.2.5 Creating and updating documented information
When creating and updating documented information the organization shall ensure appropriate:
— identification and description (e.g. a title, date, author, or reference number)
— format (e.g. language, software version, graphics) and media (e.g. paper, electronic)
— security classification and associated access controls
— review and approval for suitability and adequacy
7.2.6 Control of documented information
Documented information required by the operating management system shall be controlled to ensure:
a) it is available and suitable for use, where and when it is needed
b) it is adequately protected (e.g. from loss of confidentiality, improper or malicious use, or loss of integrity)
For the control of documented information, the organization shall address the following activities, as applicable:
— distribution, access, retrieval and use
— storage and preservation, including preservation of legibility
— control of changes (e.g. version control)
— retention and disposal
Documented information of external origin determined by the organization to be necessary for the planning and operations shall be identified, as appropriate, and controlled.
NOTE 1 Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.
NOTE 2 ISO 30301 provides a framework for records management.
NOTE 3 ISO 27001 provides a framework for information security management.
7.3 Science, technology and engineering
7.3.1 General
The organization shall establish, implement and maintain strategies and processes for science, technology and engineering to ensure the performance and integrity of activities, assets, products and services throughout their development and operating lifecycle.
Science, technology and engineering strategies and processes shall inform technology solutions that:
a) meet intended functional and performance requirements
b) conform to applicable internal and external standards
c) ensure process safety risks are eliminated or mitigated
d) enable safe and efficient manufacturing, fabrication, construction, commissioning, operation and maintenance
Solutions should also enable business case outcomes, particularly with respect to operational performance at lowest lifecycle cost.
The processes for science, technology and engineering established by the organization, as well as providers in the case of externally provided services, shall include the applicable design and development controls from a recognized quality management system standard (e.g. ISO 29001).
7.3.2 Design lifecycle
General
The design lifecycle includes:
— design development in support of opportunities (see 8.2)
— design support during operations (see 8.3)
Develop the design
The organization shall establish design processes to support opportunities considering:
a) design and operating philosophies
b) design data acquisition
c) concept technical feasibility
d) basis of design
e) process safety including definition of safety critical elements and performance standards
f) front end engineering design
g) detailed design
h) follow-on engineering
i) design close-out and handover
Maintain the design
The organization shall establish design processes to support operations considering:
a) maintaining the basis of design and design configuration
b) operating to design parameters and integrity envelopes
c) maintenance strategies and plans
d) fitness for service
e) performance measurement and analysis
f) improvement (via management of change)
7.4 Externally provided processes, products and services
7.4.1 General
When the organization uses externally provided processes, products and/or services that can have an impact on the achievement of its objectives, it shall assess the associated risks and opportunities and establish supply chain engagement strategies, plans and controls which assure the mitigation of risks and realization of opportunities.
The organization shall determine:
a) the processes, products and services that are to be externally provided
b) the scope and boundaries of the externally provided processes, products and services
c) the interfaces and integration of externally provided processes, products and services with the organization's own processes, products and services
d) the responsibilities and authorities within the organization for managing the externally provided processes, products and services
e) the risks and opportunities associated with the scope of externally provided processes, products and services and controls to be implemented to assure externally provided products and services remain within the control of the organization and conform with agreed requirements and sustainability obligations
f) process safety and any associated performance standard requirements
g) the processes and scope for sharing of knowledge and information between the organization and its process, product and service provider(s)
Documented information shall be available that defines strategies, plans and controls for externally provided processes, products and services, and that demonstrate the effectiveness of the activities.
7.4.2 Provider capability
The organization shall assess providers to ensure that they are capable, competent and have the appropriate controls to deliver the specified requirements.
The level of assessment to a specific provider’s scope of supply shall be based on the complexity of the design, history with the provider (i.e. track record), applicable risk assessment output, and proposed extent of externally provided processes, products and services.
The organization shall assess external provider performance in meeting specified requirements at planned intervals and adjust the type and extent of the organization’s controls to manage associated risks and opportunities.
7.4.3 Type and extent of control
Information for external providers
The organization shall agree with external providers the scope and requirements for the processes, products and services to be provided including:
a) Regulatory and stakeholder compliance
b) the approval of:
1) product and service technical requirements
2) methods, processes and equipment
3) the release of products and services
c) competence, including any required qualification of persons
d) the external providers' interactions with the organization
e) control and monitoring of the external providers' performance in delivering the specified requirements to be applied by the organization
f) conformity assessment activities that the organization may perform
g) management of change
h) information technology and information delivery requirements
NOTE The organization can specify supply chain quality management system requirements on the basis of recognized standards in the oil and gas industries including lower carbon energy, such as ISO 9001, ISO 29001, API Spec Q1 or API Spec Q2.
Control of external providers
Prior to commencement of work the organization shall review and agree external provider execution plans, processes and quality control plans. The organisation shall also specify the risk-based conformity assessment activities that they will undertake for incorporation in the provider’s quality control plans
The organization shall undertake planned conformity assessment activities during execution of the scope and as a prerequisite to release of externally provided processes, products or services for incorporation in its operations
Provider performance in meeting the requirements shall be routinely assessed during execution of the scope. When nonconformance is identified, the organization shall ensure that the provider demonstrates correction of nonconformity and appropriate corrective action is implemented.
The level of conformity assessment shall be periodically reviewed and adjusted consistent with risk.
8.0 Operation
8.1 Operational planning and control
The organization plan to implement and control the processes needed to meet requirements, and to implement the actions determined in Clause 6 by:
— establishing criteria for the processes
— implementing control of the processes in accordance with the criteria
Documented information shall be available to the extent necessary to define and communicate planning outputs for each operating lifecycle phase including definition of:
— scope (activities)
— objectives and perfromance criteria
— processes to be employed
— enabling support services and resources; refer 7
— associated risks and controls
Documented information shall be available to the extent necessary to have confidence that the processes have been carried out as planned.
The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary (see 6.4).
The organization shall ensure that externally provided processes, products or services that are relevant for the operating management system are controlled (see 7.7).
8.1.1 Business opportunity realization (Development Phase)
The organization shall develop, implement and control processes to identify and realize (develop) opportunities that are consistent with the objectives.
The processes shall be risk-based to create, optimize and maintain value for business opportunities.
The processes shall address:
a) identifying opportunities and confirming alignment to business objectives
b) assessing whether there is merit in progressing opportunities
c) selecting the optimal concept in line with business objectives
d) defining the selected concept for development of the opportunities
e) developing and implementing an execution plan to realize the opportunities as promised in the investment decision
f) confirming that all objectives as defined in the plan and investment decision have been achieved
g) Handover for the operations phase of the lifecycle
A decision gate process can support the progressive value maturation of a business opportunity through creating and optimising value. Annex A provides an example of the opportunity realization decision gate process.
NOTE Definition and development of the selected concept includes definition of operational philosophies and performance standards.
8.1.2 Operations Phase
8.1.3 Plan
The organisation shall plan operations to effectively deliver products and services and other outputs required to meet business objectives and stakeholder requirements.
The operations and maintenance planning process shall consider factors, including but not limited to:
a) Health safety and welfare of personnel and the community
b) output needed to meet customer delivery commitments
c) any associated customer and stakeholder obligations including sustainability and climate change considerations
d) available resources
e) rated capacity, safe operating limits, capability and availability of facilities, plant or equipment
f) condition monitoring and risk-based inspection (RBI)
g) maintenance and sparing strategies
h) external factors
Documented information shall be available for managing the operations and maintenance activities.
8.1.4 Operate
The organisation shall operate assets with integrity within defined limits and according to performance standards.
The organization shall define processes and controls for operating within safety and production operating envelopes during:
a) start-up, shut down, return to service
b) turn arounds (TA)eExecution
c) routine operations
d) non-routine/temporary operations; and maintenance
e) emergency operations /shut downs.
The processes and controls shall include provisions for:
— design parameters and operating envelope information
— safety critical elements and associated equipment
— control of work including simultaneous operations
— management of change (see 6.4)
Documented information shall be available to the extent necessary to have confidence that the processes and controls ensure achievement of operational objectives.
8.1.5 Maintain
The organisation shall maintain both operational and idle assets according to established maintenance strategies and plans to ensure operating integrity and to achieve safe and reliable operations.
The organization shall implement risk-based monitoring, inspection and verification activities at planned intervals, to determine the performance and integrity of its assets.
The organization shall implement maintenance programs and processes based on the determined performance and integrity of its assets which ensure the assets continue to meet performance standards.
Equipment and spares management, including storage provisions, shall be consistent with the operational philosophy and criticality to ensure availability and integrity of equipment and spares.
Deviations from specified criteria shall be managed (see 6.4).
Documented information shall be available to the extent necessary to demonstrate conformance with specified requirements and performance standards.
8.2 Response to unplanned events and outcomes
The organization shall periodically validate response capability to ensure that the contingency and emergency plans required by 6.4 and 8.1 remain adequate.
The organization shall implement appropriate controls in response to unplanned events and outcomes to:
a) provide for timely detection and response
b) mitigate the consequences, appropriate to the magnitude of the unplanned events and outcomes, and the potential impact to the business and relevant stakeholders
c) provide for recovery to planned operations
d) communicate and provide relevant information to internal and external stakeholders
The processes and controls shall be evaluated after testing and after the occurrence of unplanned events and outcomes and shall be revised as necessary.
Documented information on the controls for unplanned events and outcomes as well as of actual events and outcomes shall be available as the basis for review (see 9.3) and corrective action (see 10.2).
9.0 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
The organization shall determine:
— what needs to be monitored and measured
— the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results
— when the monitoring and measuring shall be performed
— when the results from monitoring and measurement shall be analysed and evaluated
— to whom and how to communicate performance results and associated actions.
Documented information shall be available as evidence of the results.
The organization shall evaluate the operating performance and the effectiveness of the operating management system.
Monitoring, measurement, analysis and evaluation shall include:
— the performance of externally provided processes, products and services.
— performance in meeting stakeholder expectations and requirements; and
— stakeholder perceptions of the degree to which their expectations and requirements have been fulfilled.
The organization shall use this information to assess the effect or potential effect on the organization's ability to sustainably achieve business objectives and stakeholder expectations and requirements.
9.1.1 Internal Audit
9.1.2 General
The organization shall conduct internal audits at planned intervals to provide information on whether the operating management system:
a) Conforms with:
— the organization’s own requirements for its operating management system
— the requirements of this document
b) is effectively implemented and maintained.
9.1.3 Audit programme
The organization shall plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting.
When establishing the internal audit programme(s), the organization shall consider the importance of the processes concerned and the associated risks, and the results of previous audits.
The organization shall:
a) define the audit objectives and scope for each audit
b) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process
c) ensure that the results of the audits are reported to relevant managers
Documented information shall be available as evidence of the implementation of the audit programme(s) and the audit results.
9.2 Management review
9.2.1 General
Top management shall review the organization's operating management system, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organization.
9.2.2 Management review inputs
Management reviews shall be planned and carried out considering:
a) the status of actions from previous management reviews
b) changes in external and internal issues that are relevant to the operating management system
c) changes in needs and expectations of stakeholders that are relevant to the operating management system
d) information on the performance and effectiveness of the operations including trends in:
— feedback from stakeholders
— the extent to which operating objectives have been met
— nonconformities and corrective actions
— unplanned events and outcomes, and any actions taken
— monitoring and measurement results
— audit results
— performance of external providers
e) the adequacy of resources
f) effectiveness of actions taken to address risks and opportunities
g) opportunities for continual improvement
9.2.3 Management review outputs
The results of management reviews shall include decisions and actions related to continual improvement opportunities and any need for changes to the operating management system.
Documented information shall be available as evidence of the results of management reviews.
10.0 Improvement
10.1 Continual Improvement
The organization shall continually improve the suitability, adequacy and effectiveness of the operating management system.
Improvement, learning and innovation are key, interdependent aspects that contribute to the effectiveness of the operating management system and the sustained success of an organization.
The organization shall monitor changes in internal and external issues, including the needs and expectations of stakeholders, providers of processes, products and services, and select opportunities for improvement, learning and innovation that support the sustained achievement of the organization's purpose, business objectives and stakeholder expectations and requirements.
Opportunities can include:
a) improving the capability, deployment and performance of its people
b) improving operating performance, facilities and products and services to meet requirements and to address future needs and expectations
c) correcting, preventing or reducing undesired effects
d) improving strategic decision making with respect to business opportunities realization
e) improving the effectiveness of operating management system processes and controls
NOTE 1 Improvement activities can range from continual improvement or corrective actions through to significant breakthrough, innovation or organizational design changes. Improvement processes can follow a structured approach, such as the plan-do-check-improve (PDCI) cycle with tools and techniques selected to suit specific improvement objectives.
NOTE 2 It is expected that the organization establishes improvement as a fundamental part of the organization’s culture by empowering people to participate and contribute to the successful achievement of improvement initiatives, providing the necessary resources to achieve improvement objectives, celebrating success, and the visible involvement of top management in improvement activities.
NOTE 3 ISO 9004 provides guidance on improvement, learning and innovation.
10.1.1 Nonconformity and Corrective action
When an unplanned event, outcome or nonconformity occurs (see 8.4), the organization shall:
a) react to the unplanned event, outcome or nonconformity and, as applicable:
— take action to control and correct it
— deal with the consequences
— update relevant internal and external stakeholders about the progress and management of the unplanned event. outcome, nonconformities, corrective actions, and eventual outcome
b) evaluate the need for action to eliminate the cause(s) of the unplanned event, outcome or nonconformity, in order that it does not recur or occur elsewhere, by:
— reviewing the unplanned event, outcome or nonconformity
— determining the causes of the unplanned event. outcome or nonconformity
— determining if similar unplanned events, outcomes or nonconformities exist, or can potentially occur
c) implement any action needed
d) review the effectiveness of any corrective action taken
e) make changes to the operating management system, if necessary
Corrective actions shall be appropriate to the effects of the unplanned events, outcomes or nonconformities encountered.
Documented information shall be available as evidence of:
— the nature of the unplanned events, outcomes or nonconformities and any subsequent actions taken
— the results of any corrective action
10.1.2 Organizational knowledge
The organization shall determine the knowledge necessary for the operation of its processes and to achieve business objectives.
This knowledge shall be maintained and be made available to the extent necessary.
When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates.
NOTE 1 Organizational knowledge is knowledge specific to the organization; it is generally gained by experience. It is information that is used and shared to achieve the organization's objectives.
NOTE 2 Organizational knowledge can be based on:
a) internal sources (e.g. intellectual property; knowledge gained from experience; lessons learned from failures and successful projects; capturing and sharing undocumented knowledge and experience; the results of improvements in processes, products and services);
b) external sources (e.g. standards; academia; conferences; gathering knowledge from customers or external providers).
(informative)
Guidance on the use of this document
Introduction
The aim of implementing operating management systems is to provide a holistic business approach to managing an organisation’s operations, specifically to achieve business objectives and obligations within the context of associated risks and opportunities, including but not limited to:
— sustainable delivery of business objectives and obligations
— product and service stewardship and quality
— occupational and community health and safety
— process safety
— local and global environmental impact
— security of people, assets, information and reputation
— Sustainability, including social responsibility to employees, local communities and other stakeholders
— management of products and services supply chains.
An operating management system can provide an overarching framework for the establishment of a single management system or to interface discipline-based systems fully aligned with overall organizational business objectives and obligations.
The operating management principles presented in this document derive from the four fundamentals in IOGP Report 510 and the sustainability and climate change principles in ISO Guide 84:2020. The documents strongly focus on the essential management principles for an effective operating management system: leadership, risk management, improvement, sustainability and implementation.
These nonsequential principles apply equally to every element of the operating management system. Constant focus on each principle will sustain the operating management system, driving organisational performance and effectiveness.
Guidance relating to the application of the principles is provided as follows:
a) Leadership; See A.5.1
b) Risk management; See A.6.1
c) Improvement; See A.10
d) Sustainability and climate change; See A.4.2
e) Implementation; See A.4.4
Operating management system model; See Section 4.4 requirements and Section A.4.4 for guidance on the design and implementation of operating management systems.
Contents of this document; For further context and guidance regarding common requirements for management system standards and the harmonised management system structure, refer to the Joint Technical Coordination Group on Management System Standards (JTCG) Website (https://committee.iso.org/home/jtcg) and the JTCG website, which includes a complete listing of management system standards (MSS) (https://www.iso.org/management-system-standards-list.html).
- Scope
The scope of this document, Operating Management Systems for the Oil and Gas industries, including petrochemical and lower carbon energy activities, provides a standard management system framework for organisations working in the sector and is aligned with the scope of ISO/TC67.
Refer to the ISO/TC67 Website for further details of the scope of and standards developed by ISO/TC67 (https://www.iso.org/committee/49506.html)
The principles and requirements established in this document apply to any operational context, including:
a) organisational context, including owners/operators and principal providers (contractors, suppliers) in an organisation’s supply chain
b) emerging operations and technologies employed to realise lower carbon energy.
The term “operating” applies to every type of operator or provider activity and applies to all phases, from technology research to access to new resources through exploration scoping and concept definition, during design, procurement and construction of facilities, through start-ups, normal operations and shutdowns, when products are transported and brought to market, or when facilities are decommissioned at end-of-life.
The term “operating” is intentionally broad to enable flexibility when organisations determine the scope and design of their management system in line with their context and objectives. This principle precludes limiting the application of management system requirements to one or more of the discipline-specific management system standard requirements.
When planning for the implementation of an operating management system, organisations may be subject to stakeholder requirements to conform with discipline-specific management standards.
See A.4.3 Determining the scope of the operating management system.
- Normative references
This document does not establish any normative references.
This document references several related discipline-specific management system standards, the requirements of which may apply to an organisation’s operating management system, refer Appendix B Bibliography.
- Terms and definitions
Section 3 adopts the core definitions from the harmonised structure with amendments and supplementary definitions deemed pertinent to operating management systems developed for the Oil and Gas and lower carbon energy sector.
Additional reference sources are available through the standards included in the bibliography and through the use of the ISO and IEC online browsing platforms, Refer Section 3.
- Context of the organization
- Understanding the organization and its context
- Context of the organization
The organization can use systematic analysis tools, such as PESTLE (political, economic, sociocultural, technological, legal and environmental) analysis, to consider issues that inform its context and that can have either a positive or negative impact on its activities, such as:
a) political factors: government regulations, taxes, political turmoil, geopolitical conflicts, National Oil Company (NOCs) requirements and resolutions from international forums such as the Organisation for the Petroleum Exporting Countries (OPEC)
b) economic factors: oil and gas and energy prices, credit availability, interest rates
c) social factors: demographics, culture, public attitude towards the industries in which the organization operates or which provide potential operational opportunities
d) technological factors: existing and emerging technologies and their application within the organization (e.g. due to economic issues or competencies)
e) legal factors: which can overlap political factors but specifically refer to international, national or regional laws and regulations that can affect the organization's operations or which the organization must comply with, such as competition law, antibribery, labour, health and safety
f) environmental factors: which are particularly sensitive for the oil and gas and lower carbon energy industries and include consideration of climate and climate change, biodiversity, and emission to air, water and soil.
The organization should analyse their internal context to assess its strengths and weaknesses. This analysis should include tangible and intangible resources and soft elements such as organizational culture, leadership and skills.
The organizational context informs the definition of a business (assets, facility) operational lifecycle best suited to manage the operations to achieve business objectives; Refer 4.1 c
Operational lifecycles employed within the sector, reflect two operational states, “opportunity realization” and “operate and maintain”.
Lifecycle phases are typically represented as:
— Opportunity identification (new business opportunities)
— Concept (selection, definition, plan to execute)
— Execution (implementation of approved plans)
— Operate (operate and maintain)
— Opportunity Identification (relating to existing business or asset)
The transition between phases is typically governed (controlled) by a decision gate process.
Refer 8.1 and see A.8.1 for detailed guidance on operational lifecycles.
- Understanding the needs and expectations of interested parties
Interested parties (stakeholders) can include shareholders, people, partners, regulators, customers, providers, and communities. Aspects that can be considered when determining stakeholder expectations and requirements include:
— proximity: those that interact closely with the organization
— influence: those that might affect the organization’s activities or be affected by them
— impact: those that are impacted by the organization's activities
— responsibility: those with which the organization might have legal or financial obligations
— dependency: those that might depend on the organization, directly or indirectly, or those on which the organization’s activities might depend
Determination of the impacts of the organisation’s and their stakeholder’s decisions and activities can facilitate the determination of the organization’s most important stakeholders and prioritisation of actions to realise stakeholder expectations and requirements. The organization should analyse its stakeholders to determine associated risks and opportunities and implement appropriate actions to address them. Other factors that can be considered include stakeholder power and their support or attitude towards the organization and its activities.
The organization can use different tools and mechanisms to monitor stakeholder engagement and satisfaction and take necessary actions to ensure that objectives are met. These can vary from online surveys to face-to-face meetings. The organization should choose the appropriate tool and mechanism for each group of stakeholders, e.g. more effort needs to be put into monitoring stakeholders with high interest and high influence, as illustrated in Figure A.2.
Figure A.1 — Example of stakeholder analysis: influence/interest matrix
In determining which stakeholder interests to recognize, the organization should consider the lawfulness of those interests and their consistency with international norms of behaviour, such as those established through the ISO Sustainability Objectives and international trade practices and anti-bribery legislation.
NOTE 1 ISO 26000 provides guidance on identifying and engaging with stakeholders.
NOTE 2 ISO 37001 specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system.
When planning actions to manage the needs and expectations of stakeholders, the organization should consider:
a) focus on risk before opportunity
b) its license to operate (i.e. regulatory context)
c) the actors in its supply chain and their interfaces
d) its corporate social responsibility
e) Criteria to be monitored to assess the effectiveness of the actions taken
- Determining the scope of the operating management system
The organisation’s context and operational lifecycle should be used to inform the definition of the operating management system scope.
The scope includes the definition of the business and boundaries that the operating management system will apply to:
— which operations/facilities
— what discipline/function requirements need to be met by the system
When planning for the implementation of an operating management system, organizations can be subject to stakeholder requirements to conform with discipline-specific management standards. This document references a number of related discipline-specific management system standards, refer Bibliography.
This document interfaces with functional management system standards and other supporting (industry) standards and guidance, as illustrated in Figure A.3.
This document provides input to and is intended to be used to monitor operating activity in accordance with these standards.
Figure A.2 — Interface of this document with functional management system standards and (industry) standards and guidelines (examples)
Typical functional areas for operations in the oil and gas and lower carbon energy industries include:
— non-technical areas, such as governance and compliance, health, safety and the environment, quality assurance, and supply chain management
— technical areas, such as subsurface, wells, surface engineering, and production engineering
- Operating management system
The requirements of this document inform, but do not prescribe, the design of operating management systems.
The design and documentation of operating management systems should reflect the organisation’s context and operating model and define the processes and controls employed to meet its objectives and obligations.
Generically documentation of management systems should establish a hierarchy which, from the highest levels, defines
— organisation: vision, mission and values,
— policies: overarching governing principles, requirements and standards
— objectives: strategies, business plans, targets
— processes: plans, procedures, controls deployed to manage the operations
— guidance and tools: guidelines, applications, templates
Figure A.3 presents an example of a hierarchy of operating management system documentation.
Figure A.3 — Example of a hierarchy of operating management system information
Determination of the processes needed for the operating management system should be informed by the business model, associated technologies and management practices.
Process design should establish:
— purpose, objectives and applicability
— methodology including interfaces with interdependent processes
— pre-requisite resources; see 7.1 and A7.1
— pre-requisite competencies see 7.2 and A 7.2
— information received or generated as process inputs or outputs; see 7.5 amd A7.5
— controls scaled consistently with identified risks and opportunities
- Leadership
- Leadership and commitment
- Leadership
Section 0.2.1 of the Introduction establishes the importance of leadership, stating that successful management systems need leaders who are committed advocates and owners of their organisation’s operating management system.
Success relies on people at every level being champions and role models to others, and dedicating time and effort to achieve the organization’s objectives and desired levels of performance. Everyone involved in establishing the operating management system should be visibly committed. This is the case whether a leader is at the business, asset or project level, or is an appointed owner with specific responsibilities for parts of the system.
To be successful, leaders should:
a) regularly communicate to employees and contractors their objectives, expectations and responsibilities so that all persons involved in the operations support and conform to operating management system requirements;
b) demonstrate through their own behaviours their personal commitment and enthusiasm;
c) recognize and reward positive behaviour or intervene and address behaviour that does not meet expectations;
d) establish processes, measures and criteria to measure the degree of improvements won, and simultaneously promote and create a culture wherein improvement is an expectation;
e) be proactively involved in the other principles. i.e. risk management, implementation and improvement.
Leaders should seek assurance that the operating management system is working well by actively looking for insights about system effectiveness and using appropriate measures to understand performance. Regular review of audit outcomes, key performance indicators (KPIs), and investigations of unplanned events, outcomes or nonconformities provide opportunities to evaluate performance. Another type of input is a culture embodying constant vigilance or ’mindfulness’. Personal observation, careful listening and an acute awareness of risks can help maintain a state of alertness. In turn, this develops sensitivity and response to ’weak signals’ of emerging changes in areas such as operating discipline, workforce engagement and stakeholder concern. This is particularly critical for process safety risks where organizations ensure that risk controls are effective.
Consistent application of the operating management system provides a robust platform for leaders to improve culture, behaviour and business performance.
While everyone can be a leader by virtue of their role and influence on colleagues, the organization should also recognize the importance of and support people with specific accountabilities within the operating management system, such as technical authorities, supervisors and line managers,.
Leaders have a significant influence over their organisation’s licence to operate both in respect to ensuring compliance with formal licence to operat obligations and in visible leadership of stakeholder management; refer A4.2.
- Policy
Policy establishes overarching principles, requirements and standards which govern an organisation’s operations.
Policy can encompass:
— Public statements of intent establishing an organisation’s commitments in respect to internal and external stakeholder expectations and requirements. Public policies can address issues such as, safety, quality, environment, diversity, sustainability, climate change, modern slavery, anti bribery and corruption and corporation regulations.
— Internal statements establishing principles, requirements and standards which inform and govern operating processes and associated, requirements, authorities and controls
Policy is typically established at corporation level and applied across the entire organization. Organisations can establish protocols for elements of the organisation (businesses, assets, projects) to establish customised or additional policies as required (consistent with those at organization level) to manage specific projects, operating activities and local issues.
- Roles, responsibilities and authorities
To ensure effective implementation of management system processes organisational roles, responsibilities and authorities should be defined and communicated to the extent required to ensure people are aware of their:
— respective roles, responsibilities and authorities
— role’s interfaces and interdependencies
— paths for escalation and resolution of issues outwith their authority
The extent to which roles, responsibilies and authorities is defined should be determined based on associated risks (the criticality of the role or process) and applicable stakeholder requirements.
In defining roles consideration should be given to internal roles and externally provided roles which by their nature, should remain within the control of the organisation. This should include roles required for the development, implementation, assessment and improvement of the operating management system.
Tools which can be employed to define, communicate, manage and assess role effectiveness can include:
— Organization models (charts, organograms) defining relationships between businesses, functions, sites, assets, activities and individuals
— Authority matrices; defining role or individual authorities and escalation paths
— Role or position descriptions
— Process documentation and tools, including procedure naratives, deployment flow charts, matrices (RACI, RASCI, RAPID etc)
— Process applications incorporating inherent process controls based on defined roles and authorities.
See A.7.1.1 in repect to people resource management
See A.7.2 in respect to competency management
See A.7.3 in respect to awareness
- Planning
- Actions to address risks and opportunities
- Planning
When developing risk and opportunity management processes to address the requirements of Section 6.1 organizations should consider proven risk management principles, frameworks and generic processes such as those available in ISO 31000, ISO/TR 31004 and IEC 31010.
When determining risks and opportunities that need to be addressed, organizations should consider sector-specific issues, including:
a) Non-technical risks and opportunities such as:
— Personal safety: Physical harm and the threat of physical harm to personnel involved.
— Process safety: Specific harm to people, assets and environment related to the uncontrolled release of energy, exposure to hazardous substances.
— Health: Physical, emotional and psychological well-being of all people involved (e.g. operational, management, contractors).
— Hygiene: Adherence to all practices that prevent disease and lead to good health wherever and whenever (e.g. offices, roads, camps, well sites, production facilities).
— Environment: Operation’s execution in an environmentally responsible manner to minimize any impact on the environment.
— Personal Security: Protection of employees, families, and all other people directly involved with daily operations as required by the level of risk, including the impact of the security arrangements on communities.
— Sustainability: Achieving objectives, commitments or obligations
— Business continuity: including risks to organizational knowledge, cyber security etc.,
— Social performance: Well-being of the employees and communities in all location activities by respecting community relations, management of nuisances, local content, social investment, Indigenous peoples and cultural heritage, land acquisition and land access.
— Transportation: Various methods of transportation used to move people, materials, liquids and gas, in which main challenges are related to the high moving frequency, mass quantities, crossing countries and borders and potential hazards (e.g. ignitable products, explosives, desert and snow driving).
b) Technical risks and opportunities such as:
— Well integrity: Technical, operational and organizational solutions to reduce the risk of an uncontrolled release of formation fluids into another formation, to the surface, or to the environment throughout the well lifecycle to a level as low as reasonably practicable.
— Safety barrier management: Safety barrier management processes, systems, solutions and measures which should be in place to ensure the necessary risk reduction through the implementation and follow-up of barriers; see ISO 17776 Offshore production installations – Major accident hazard management during the design of new installations
— Surface equipment integrity: Ensuring safe operations and securing all surface equipment potential availability during the whole production phase without any sacrifice to safety or the environment.
— Equipment and tools failure: Inability of components, tools, machines or processes to function properly or does not perform its intended function.
— Engineering design: Application of theoretical or empirical knowledge about the behaviour of reservoir, proposed well construction, oil and gas production and commissioning in various working environments. Process of developing a component, system, process or plant by the methodical series of steps that engineers use in creating functional products and processes and follow to come up with the solutions to problems to meet the specifications, standards and regulations.
— Execution: Implementation processes that are the act of performing the works and activities in accordance with the plans and procedures to satisfy the specifications and contractual requirements.
— Deferred production: Hydrocarbon production that is delayed due to any reasons, specifically well repairs, well construction delays, facility construction delays, restrictions that restrict production, regulations, etc.
— Assessment and evaluation: Systematic and objective assessment of an ongoing or completed activity to determine the relevance and level of achievement of the agreed objectives, development effectiveness and efficiency.
When planning actions to address risks and opportunities, the organization can consider the following generic actions:
— Accept and control the risk: Accept the risk and put in place appropriate controls (prevention and mitigation) to manage the risk to maximise value.
— Transfer and/or share the risk: Some risks are transferred (e.g. to an insurance company) or shared (e.g. with contractors or joint venture partners).
— Terminate or forego activity: Risks are avoided (e.g. by stopping an activity or withdrawing from a country/market). Some risks are terminated in part through sale or divestment. It is important to establish whether all of the risks will be terminated or whether some will remain with the business (e.g. environmental liabilities).
For each risk, the organization should determine the acceptability, which involves an assessment of the residual level of risk compared with the amount of risk that the organization is willing to accept.
- Objectives and planning to achieve them
Processes employed to manage the definition, deployment and monitoring or progress towards objectives should be established at relevant functions, levels and processes to ensure the effective deployment of the organizations strategic direction, policies and obligations.
Top management leadership is essential to ensure that objectives are aligned with strategies, policies and obligations and that committed resources and the operating environment enable their realization
Objectives can be defined and measured using techniques such as SMART (Specific, Measureable, Achievable, Relevant, Time-bound), balanced score card, dashboards and should be revised or supplemented when necessary consistent with new or changed strategies, policies and obligations
Issues typically addressed when setting objectives can include; stakeholder requirements, opportunity realization, operational performance, product and service stewardship, process safety, sustainability, occupational and community health and safety, quality,local and global environmental impact, security of people, assets, information and reputation, social responsibility to employees, local community and other stakeholders.
See A.9 for guidance for Performance Evaluation processes required by Clause 9 in respect to the evaluation of objectives realization performance.
- Planning of changes
Change can relate to a diverse range of issues (change triggers), including but not limited to:
— organzsational context (including internal and external issues)
— organizational changes, including changes to structure or allocation of responsibilities / authorities
— conditions relevant to the delivery of business objectives
— infrastructure (facilities, hardware or equipment)
— procedures (including operational, maintenance, inspection), or other approved operating management documents and/or operating management plans that primarily have an impact on operational and business performance;
— deviations from standards, contractual terms and conditions, work-scope, historical norms, procedures and instructions.
Organizations can address the diversity of change through the establishment of an overarching management of change (MoC) process or standard and/or inclusion of change controls in specific processes.
Generically, MoC processes should ensure that:
a) Change proposals are documented in a way that they apply to the specific change trigger issue, see above, and impacted work process or operation subject to the change.
b) Evaluation of proposed changes considers the value to be realized or protected through the change based on the organization’s risk context and appetite.
c) Changes are subject to approval/endorsement in accordance with defined authorities, including, when applicable, escalation for decisions.
d) Implementation of approved changes and demonstration of the value realized or protected is verified.
- Planning for contingency, emergency, crisis and business continuity
Crisis and emergency events can take many forms and may threaten harm to employees, contractors, neighbouring communities, the environment, company assets, business processes, and operations.
Unplanned events can include process upsets and incidents relating to safety, environment, quality, personnel, and reputation.
A high performing, systematic organisation will experience fewer unplanned events.
Planning for potential events ensures that they are managed systematically if they do occur, reducing risks and the potential harm.
The organisation should identify crisis and continuity management scenarios, including medical emergency scenarios with reference to their risk registers and risk processes and the capability to manage the scenarios they have identified.
The organisation should develop and document response plans to enable it to systematically and apprioriately respond to each scenario it has identified.
The organisation should implement and maintain its plans, define emergency performance requirements, and provid the necessary expertise and resources to execute them; see ISO15544 Offshore production installations — Requirements and guidelines for emergency response.
The organisation should regularly drill its response plans and review performance. It should also validate the scenarios and associated crisis and continuity plans on a risk-based schedule, see A8.4.
Note The organisation should consider the requirements and supporting guidance specified in discipline based ISO management system standards that apply to their context when planning for contingency, emergency, crisis and business continuity. For example ISO 14001 and 45001 in respect to the potential consequences of emergency situations.
- Support
- Resources
- People resources
- Resources
- Support
Successful organizations recognise the importance of their people and establish processes to determine and manage the people required to operate the business.
Process(es) established for people management throughout the development and operational lifecycle should include consideration of:
— Operational lifecycle phase, including phase management and contracting strategies
— Operating environment; see A.7.1.3
— Forecasting, budgeting and resource allocation
— Required roles and pre-requisite competencies defined
— People development and remuneration
— Recruitment, onboarding, deployment and demobilisation
— Compliance with applicable legislation and contractual obligations
When planning for the necessary people capacities and competencies, organizations should consider:
a) Internal Capacity: What people capacity and competence will be developed internally and processes for maintaining optimum internal capacity and agile allocation of internal personnel to development and operational phases, see A.7.2
b) External Resources: Innovative utilisation of capacity available through stakeholders, partners and external providers to provide capacity flexibility and access to non-core skills and competencies
c) Operating Management System: Ensuring people resource competency and capacity to develop and maintain its operating management system. Typical competencies should include facilitation, framing, process design, training, mentoring, performance analysis, assessment auditing, benchmarking, etc.
- Infrastructure
Infrastructure encompasses all plants, facilities, assets (fixed and moving assets) and IT infrastructure, including hired or subcontracted infrastructure employed to undertake the organization’s operations.
The operational lifecycle established in Section 8 includes the development and operational phases of the infrastructure organizations employ to achieve business objectives, including conformance with requirements and obligations.
See A.8.2 for guidance on acquisition, development and implementation of the infrastructure required to meet operating requirements.
See A.8.3 for guidance on operation and maintenance of the organization’s infrastructure.
- Operating environment
The provision and maintenance of safe and effective operating environments will be informed by a diverse range of considerations, including internal and external requirements, obligations and expectations.
Considerations can include formal (regulated) obligations, management and technical process infrastructure and control requirements, and people and communities needs and expectations.
Operating environment considerations can be categorized and guided based on:
Social: The organizational culture and behaviours that influence people’s awareness, engagement and empowerment to perform (e.g. Open, transparent, non-discriminatory, calm, non-confrontational)
Psychological: Management and technical process designs that are efficient with inherent controls, thereby avoiding behavioural factors (e.g. stress-reducing, burnout prevention, emotionally protective)
Physical and Human: Factors that influence facility capability, material characteristics and human performance (e.g. temperature, heat, humidity, light, airflow, hygiene, noise).
- Competence
An operating management system is most effective when all people understand and apply the skills, training, education and experience needed to perform their roles and responsibilities.
It is the responsibility of top management to not only provide the necessary people capacities and competencies, Refer A.7.1.1, but also to provide opportunities for the organization’s people to develop and apply the necessary competencies.
Competence management should encompass screening, selecting, training and conducting ongoing assessments of the qualifications, fitness-for-task, enabling behaviours, and supervisory needs and abilities of the workforce to meet specified role requirements.
Competence should be assessed for an individual in a post that has a clearly defined profile setting out the job requirements.
Competence should be regularly reassessed with a frequency determined by the criticality of the role.
The organization can develop a competency model that defines a competency catalogue, proficiency levels, criteria for attaining and maintaining proficiency, and resulting competency profiles. Options to validate proficiency levels can include technical interviews, assessments and online training.
The organization’s use of external people resources should include an evaluation of the providing organization’s competency management processes and consideration of collaboration opportunities for cross-organization competency development.
ISO/TS 17969 establishes general principles of competency management that can be applied to any operation within the oil and gas and lower carbon energy industries.
- Awareness
Strategies and processes for ensuring that persons doing work under the organization’s control are aware of the organization’s policy commitments, objectives and plans/information regarding the operating management system and are engaged in its effective implementation can entail a diverse range of communication, training and collaboration techniques and enabling tools.
Leadership and the active participation of top management are essential prerequisites to engaging and empowering people; Refer A.5.1.
Operating management system awareness strategies and enabling processes should include:
a) Definition of roles and responsibilities and provision of resources for communication, training, facilitation and performance evaluation
b) Development of management system induction and training programs
c) Targeted training methods customised to meet specific process competency needs, Refer A.7.2
d) Interactive delivery techniques ensuring people can confirm their understanding and are empowered to provide feedback and propose improvements
e) Measurement and analysis of levels of awareness and engagement
f) Actions to leverage highly engaged people and to facilitate greater engagement when required
Awareness and engagement are key aspects of ensuring the effective implementation of change; refer to A.6.3.
The organization’s use of external people resources should include an evaluation of the providing organization’s awareness and engagement management processes and consideration of collaboration opportunities to enhance awareness and engagement.
Virtual learning environments can be used to deliver and validate communication, training and assessment activities, which can determine competency and awareness and assess levels of understanding of the implications of non-conformance and commitment to conform.
- Communication
The organization should establish communication and engagement mechanisms to ensure clear and consistent reinforcement of the purpose and requirements of the operating management system and issues relevant to its application and effectiveness.
Relevant issues can include:
— Organizational context, including vision, mission, values
— Business and operational objectives
— Stakeholder requirements and expectations, Refer A.4.2, A9.2
— Change, Refer A.6.4
— Performance (business and management system); Refer A.9
— Improvement, Innovation and Knowledge; Refer A.10
Communication should be transparent, appropriate, credible, responsive and clear. The organisation should ensure that relevant information is provided, is received and is understandable to its people and relevant stakeholders.
The organization can use available channels (e.g. e-mail, web pages, posters) and present information in the appropriate manner for each audience and situation.
Responsibilities and competencies for the communication process should be established. A single area or spokesperson for top-down communication should be designated to avoid misunderstandings or contradictory information.
When defining who communicates, the organisation should establish protocol(s) and authorities for escalation and external communication.
The organization should also foster two-way communication processes with both internal and external stakeholders, to not only disseminate its information, but also ensure it receives relevant information from them.
- Documented information
- General
- Documented information
Objectives of an organization’s documented information can include:
— communication of information;
— evidence of conformity;
— knowledge sharing;
— to disseminate and preserve the organization’s experiences.
When establishing the required documented information, the organization should determine the roles and responsibilities associated with it.
The organization should keep the extent and complexity of documented information as low as possible to ensure effectiveness, efficiency and simplicity.
Digitization of information, automation of workflows and digitalisation of applications can help fulfil the requirements of documented information in all its phases while reducing the organization’s effort and minimizing the possibility of error and loss.
NOTE ISO 30301 specifies requirements to be met by a management system for records to support an organization in the achievement of its mandate, mission, strategy and goals by addressing the development and implementation of a records policy and objectives and giving information on measuring and monitoring performance.
- Creating and updating documented information
The organization should establish processes to ensure the latest versions of documented information are approved, uniquely identifiable and available, with defined retention, back-up and archival systems for the management of information and related records, whatever format or media such information is.
- Control of documented information
Documented information required by the operating management system may be integrated with other information management systems established by the organization.
Legal requirements should be considered when determining and implementing the internal controls on documented information.
NOTE ISO/IEC 27000, ISO/IEC 27001 and ISO 30301 can be considered when planning the processes and controls to be applied to documented information, including its security.
- Science, technology and engineering
- General
- Science, technology and engineering
An organisation’s science, technology and engineering capabilities should enable the performance and integrity of activities, assets, products and services throughout the development and operating lifecycle.
Organisations should ensure effective control of their science, technology and engineering processes consistent with associated risks through the adoption of a recognised quality management system standard such as ISO 29001 to inform engineering processes design.
Conformance with the requirements of standards such as ISO 29001 should enable rather than inhibit innovation and the development and application of new and emerging technologies to enable opportunity realization. Conformance should provide risk based controls which ensures selection, definition and execution of optimum technology solutions to deliver business objectives.
- Design lifecycle
Science, technology and engineering can be deployed as a support service across all to an organisation’s operations.
The design lifecycle, as depicted in Figure A.4 establishes science, technology and engineering roles in respect to:
— design development in support of opportunity identification and realisation
— design support of assets during operations and maintenance
Figure A.4 — Example of a design lifecycle
- Develop the design
Processes employed for the identification, selection and development of technology solutions should enable innovation and ideation at the front end and progressive maturation of selected solutions in line with opportunity realization milestones and decisions.
Resources committed to research and development and the acquisition of technologies should be informed by and inform an organisation’s strategic direction and objectives.
Front end study proposals should be subject to evaluation criteria which ensure that only credible ideas are matured to the extent necessary to prove/disprove their viability in respect to business opportunites.
Design development of selected design solutions during each opportunity phase should be the minimum required to inform dependent functional development activities, typically including execution planning, operations planning, contracts and procurement, quality, safety and environment, leading to forecast schedules and cost estimates of sufficient maturity to inform phase gate decisions; see A.8.2.
It is recommended that organisations define design development processes and output deliverable requirements, including maturity criteria, aligned with their development phases to facilitate clear definition of design and development scopes and subsequent verification and acceptance of engineering deliverables for each development phase and at handover to Operations.
When defining, engineering controls, the respective roles of the organisation, its providers, and relevant regulators in respect to design authority, integrity and compliance should be included in relevant processes, standards, specifications and contractural agreements.
- Maintain the design
Management of change principles applied during the Operations Phase of any asset should ensure that facilities are operated and maintained in accordance with the “as-built design”.
Consistent with this principle design change in the Operations Phase should be limited to simple technical change (like for like) activites with material design changes raised as a new opportunity.
Engineering support during the Operations Phase typically includes supporting operators and maintainers in:
— analysis of performance parameters and trends including interpretation of events outwith operational envelopes
— analysis of unplanned shutdowns, equipment failures etc.
— collaboration to identify potential improvement opportunites
— management of change decisions
Opportating Phase technical controls should include clear definition of engineering authority delegation boundaries for operators and maintainers.
- Externally provided processes, products and services
- General
- Externally provided processes, products and services
The guidance provided in this section is based on ISO 29001, Sector specific quality management requirements for product and service supply organisations.
At any level in the supply chain, organizations can elect to provide products and services using their own processes, or through contractural agreements with management or execution contractors or directly to package, equipment, component or material providers.
Figure A.5 illustrates this principle, the cascading contracting model.
NOTE An operator (blue box) can decide to contract an external provider at any level in the supply chain. Similarly, any other organisation in the supply chain (orange boxes) can provide the contracted process, product or service themselves or decide to (partly) outsource these activities.
Figure A.5 — Cascading contracting model
Figure A.6 depicts a generic process methodology for defining externally provided scope and contracting stratergies, assessing and managing associated risks during the execution of outsourced scope consistent to the role/scope played by selected providers of products and services.
NOTE QR is quality requirement, RA is risk assessment, TBE is technical bid evaluation, and CAS is conformity assessment system.
Figure A.6 — Representation of risk management and conformity assessment process
The organization should perform risk and opportunity assessments for externally provided processes, products and services.
Assessments should consider, as applicable:
a) intended use;
b) effects on health and personal safety;
c) effects on process and personal safety;
d) effects on environment;
e) field-proven design, configuration and experience;
f) reliability and complexity of product or service;
g) effects on capital expenditure;
h) effects on operational performance/expenditure;
i) provider capability; see A7.7.2.
Risk-based assurance and conformity assessment controls should be implemented consistent with the scope and selected provider capabilitiy; see A7.7.3
- Provider assessment
The organization should evaluate potential providers to determine their capability to meet the scope requirements and that they have the pre-requisite (quality) management system controls to ensure that requirements are met. Considerations may include product or service complexity and the need for the organization's involvement during design, manufacturing and supply chain for the products or services, taking into account:
— design novelty of the products or services (e.g. ranging from modification of proven/tested design to redesign to new design of complex item);
— manufacturing complexity of the products or services (e.g. ranging from mass produced to singular runs that require prototypes, complex assembly and test requirements);
— requisites for preserving goods intended for use in petroleum or natural gas specific activities (e.g. elastomeric components or chemicals);
— supply chain knowledge, risk ownership and accountability, number and type of supply avenues (e.g. multiple layers of subcontracting, complex or unclear sources of component supply);
— providers present resource and proposed facility capabilities.
Evaluation of potential provider capability may be based on prior performance, prequalification or audit.
Contracts should only be placed with providers who have been identified as being capable and competent. Gaps within a provider’s capabilities or competency should be covered through additional controls; see A.7.7.3.
- Type and extent of control
- Information for external providers
- Type and extent of control
Information for external providers defining; contractural agreements, scope and associated technical requirements and management and admistrative requirements provides the foundation control for the delivery of conforming externally sourced processes, products and services.
When defining information for external providers in accordance with 7.7.3.1 organisations should consider use of proven (standardised), forms of agreement, technical specifications and management standards in conjunction with concise, verifiable definitions of scopes of supply.
Supplements or deviations to standardised, industrialised soluions should be justified based on risk mitigation or potential value realisation through innovation.
Collaborative development of scopes and applicable requirements with providers and stakeholders particularly during early phases of opportunity realisation and during pre-contract negotiations can provide greater certainty and value realisation during delivery of scopes of supply.
ISO 13879, Content and drafting of functional specifications and ISO13880, Content and drafting of technical specifications, provide a sound basis for organisations to define and agree functional requirements and the suite of technical specifications, plans and controls that providers will implement to deliver conforming scopes of supply.
- Control of external providers
The extent of an organisation’s control (conformity assessment) of external providers should be informed by the outputs of scope risk and criticality assessments and provider capability assessments and refelected in contractural agreements and provider quality control plans.
Importantly responsibility for conformance remains with providers and intervention by the purchasing organisation or their representatives to undertake conformity assessment should be limited to that necessary to mitigate assessed risks or to comply with statutory obligations.
ISO 29001 Sector-specific quality management systems — Requirements for product and service supply organizations describes a standardised methodology for defining and implementing provider conformity assessment programs.
ISO 13881 Classification and conformity assessment of products processes and services describes quanitative and qualitative methodologies for classifying scopes of supply to inform implementation of conformity assessment systems.
- Operation
- Operational planning and control
- Operation
Organizations typically plan and execute their operations on the basis of analysis of the full lifecycle of their assets, including processes for acquisition, marketing, exploration, development, execution, operation, maintenance, decommissioning, and disposal.
Planning should consider the complete value chain of interlinked activities of the organization, providers, customers and other stakeholders who directly or indirectly contribute to the definition and achievement of the objectives.
Operational planning and control processes should include provisions for identifying those processes, products and services which are to be externally provided, establishing contracting strategies, processes and controls for their acquisition and for managing their integration into the operations (see 7.7 and A.7.7).
Figure A.7 illustrates typical lifecycle phases in the Oil and Gas and lower carbon energy industries.
Figure A.7 — Typical lifecycle stage in the oil and gas and lower carbon energy industries
- Business opportunity realization
An organization should establish and maintain plans for future business opportunities.
Plans should be prioritized according to the business objectives.
Capturing and realizing opportunities can include:
— acquisition of physical assets or intellectual assets;
— evaluation of the viability of the opportunities offered by the assets;
— construction, modification or lease of an asset;
— execution of contractual agreements for the sale and purchase of products, or the provision of services;
— operation of assets to generate revenue;
— decommissioning, abandonment or divestment of assets that are no longer core to the organization.
The organization should:
— Identify and manage business opportunity risks.
— Establish a business case based on verified estimates and assumptions including risk exposure in valuations and reflecting the expected value. The business case should form the basis for formal negotiations and decisions.
— Assess external competitive environments and counterparties (due diligence).
— Review realized opportunities to capture learning and improvement potential.
Business opportunities that are consistent with the operating objectives can be realized through progressive value maturation.
Following the generic lifcycle model; refer Figure A.? value maturation can follow the following generic scenarios:
Identification (New Oportunites)
Identifying opportunities, confirming alignment to business objectives and assessing whether there is merit in progressing (expending resources) to develop opportunities.
As depicted in Figure A.?? new opportunities may relate to new or existing assets.
Development (Concept Selection and Definition)
Research, studies and evaluation of potential solutions and selection of an optimal concept in line with business objectives;
Development and definition of the selected concept in sufficient detail to plan its execution and supporting costed business case to inform an investment decision.
Execution
Detailed planning and implementation in accordance with the developed concept and execution plan to realize opportunities as promised in investment decisions.
Confirming that all commitments, requirements and objectives which informed a investment decision have been achieved as a pre-requiste to handover to operations.
Progression of opportunities should be governed through implementation of a decision gate process that assesses progressive value maturation. Decision gate processes can include the first assessment through to the realization of a new business opportunity. As opportunities mature they progress through a series of stages, which are separated by decision gates. At each decision gate, a choice is made whether to proceed with the opportunity. The review process at each decision gate should ensure that internal and external stakeholders understand expectations for the desired outcome, that the risk exposure is tolerable, and that the opportunity meets applicable requirements.
ISO 21502 Project, programme and portfolio management – Guidance on project management and referenced standards, provides guidance on the establishment of project management processes to manage the realization of business opportunities.
- Operations Phase
- Plan
- Operations Phase
Planned economic benefit should be realized during the Operate Phase of an organisation’s assets.
To ensure that assets deliver business case objectives and deliver on stakeholder expectations and requirements they should be operated and maintained in accordance with defined operating and maintence plans and enabling processes and tools.
Operations phase planning should typically encompass:
a) processes for identifying, evaluating and managing operations risks for all activities and interfaces throughout the lifetime;
b) a planning hierarchy for operations that provides realistic outlook, supports current business objectives and is aligned across the value chain;
c) planning, executing and monitoring operations activities
d) processes for implementing and managing barrier management;
e) clearly defined operational interfaces and handovers;
f) processes for managing and updating life cycle information necessary to support an asset's business objectives.
- Operate
Assests should be operated in accordance with pre-defined plans and processes with particular emphasis on:
a) continuously analysing operations and taking necessary actions to improve performance against targets;
b) monitoring and investigating operations outside of safe operating envelopes and implementation of corrective actions
c) reporting and managing operational performance targets and measures;
d) subjecting temporary and permanent operational changes to a management of change process (see 6.4).
a) identification of technology solutions that enhance safe and profitable operations (new opportunities).
b) Operations assurance activities, which ensure safe, sustainable and profitable operations.=
- Maintain
Assets should be monitored, inspected and maintained in accordance with pre-defined plans and processes with particular emphasis on:
a) activities, which ensure that all systems remain safe to operate and perform their required functions as and when required;
b) justifying modification projects through a business case that is aligned with asset targets and strategies (new opportunites);
c) managing functional failures that can escalate into an unacceptable situation, based on a failure management policy;
d) management of outsourced services to achieve intended maintence outcomes;
- Response to unplanned events and outcomes
The management of exercises undertaken to validate response capability and any actual unplanned events should follow the response plans established in accordance with 6.4 and 8.1 taking into account the exercise scenarios or unplanned event context and potential and actual outcomes.
Analysis should consider the suitability and effectiveness of controls established for:
a) Event detection and response; analysis of the effectiveness of event barriers and the responses taken following initiation and escalation of event causes.
b) Mitigation of consequences; analysis of the effectiveness of barriers established to mitigate the escalation of event impacts
c) Recovery to planned operations, analysis of the effectiveness of contingency plans and time taken to return to operations For example, effectiveness of plans to undertake a black start of a facility after a unplanned trip or shutdown.
d) Communication during and after an unplanned event; analysis of effectiveness of initial and progressive communication with and coordination of internal and external responders and stakeholders and subsequent collaboration during post event analysis and reporting
Consideration should be given to the use of risk management tools and event analysis tools for determining cause and effects.
Analysis findings should be reviewed to inform learning and actions including:
a) Immediate actions in support of recovery to planned operations
b) Corrective actions of causes to prevent reoccurrence
c) Knowledge sharing within the organisation and with stakeholders
Actions may relate to facility design, operating, inspection and maintenance protocols and processes and enabling competency and human factors considerations
See Clauses 10 and A.10 in respect to management of corrective action, improvement and organisational knowledge arising from unplanned events.
- Performance evaluation
- Monitoring, measurement, analysis and evaluation
- Performance evaluation
Activities undertaken to evaluate operating management system effectiveness should combine evaluation of process controls and capability, process outcomes and resultant performance in meeting business objectives.
Monitoring and measurement protocol design can be informed by:
a) measures and targets of business goals and objectives;
b) enabling operational and supporting process capability parameters;
c) process risks and opportunities and controls established to assure management of risks and realization of opportunities;
d) establishment of inherent process controls and associated measures;
e) the relationship between and potential interdependency of drivers and success in such areas as business objectives, regulatory compliance, asset safeguarding, protection of tradable or other confidential business information;
Information derived from monitoring, measurement, analysis and evaluation derived from monitoring, measurement, analysis and evaluation should be presented in a manner that informs:
a) policy decisions
b) business and operating planning
c) corrective action development and implementation
d) improvements in operating capability
Information design and presentation should also consider
a) requirements to evaluate and demonstrate the effectiveness of overarching assurance, governance, risk management and compliance management processes
b) requirements to communicate to stakeholders the degree to which the organization is achieving its performance and assurance objectives and the actions taken to improve performance.
Figure A.8 provides an example of visualization of an ‘assurance model’.
Figure A.8 — Example of visualization of ‘assurance model’
- Internal Audit
- General
- Internal Audit
The organization should employ assessment and audit activities to validate the implementation, suitability and effectiveness of its management system in delivering business objectives and satisfying regulatory obligations and stakeholder expectations.
Assessment and audit constitute key elements of organization’s governance risk and compliance programs and inform performance improvement initiatives.
- Internal audit programme
Assessment and audit programs should build on and be informed by frontline monitoring and measurement protocols, systems output information. Assessment and audit programs should be prioritized and planned on the basis of risk.
ISO 19011 provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process.
- Management review
- General
- Management review
Management should review the organization's operating performance at planned intervals to ensure management system suitability and effectiveness, and alignment with the strategic direction and operational objectives of the organization. Reviews should be dynamic, considering operational risks and opportunities, current and anticipated business and operational changes, and the nature and significance of unplanned events together with resulting lessons learned.
Reviews should be performed by appropriate levels and functions of the organization. Reviews should evaluate the organization’s progress towards achieving its policies, strategy and objectives. They should also address the assessment and evaluation of improvement, learning and innovation activities, including aspects of adaptability, flexibility and responsiveness in relation to the organization’s mission, vision, values and culture.
- Management review input
No guidance provided.
- Management review outputs
Review outputs should enable evidence-based decision making at all levels of the organization and the establishment of actions to achieve desired results, which typically includes:
a) confirmation of the organization’s assurance performance;
b) satisfaction of stakeholders;
c) adherence to legal, regulatory and contractual obligations;
d) availability and suitability of both human and non-human resources;
e) improvement opportunities;
f) any need for changes to the operating management system.
- Improvement
- Continual Improvement
- Improvement
It is expected that the organization establishes improvement, learning and innovation as fundamental expectations of the organization’s culture by empowering people to participate and contribute to the sustained achievement of improvement initiatives, providing the necessary resources to achieve improvement objectives, celebrating success, with visible leadership and involvement of top management.
Use of the of the Deming Plan Do Check Act (PDCA) cycle as a generic model for presenting the operating management system requirements, refer Figure 1, is intended to establish how use of the requirements to plan, develop and implement an organisations operating management system establishes processes for sustained improvement of operating management systems and operational performance.
Depicting the operating management system requirements using the PDCA Cycle does not in any way constrain organisations from adopting one of the many proven improvement or problem solving techniques as the basis for their improvement practices. Importantly organisations should consider use of a range of existing and emerging methodologies such as DMAIC, A3, Six Sigma, Lean 8D/PSP where appropriate. Table A.1 Establishes similarities of a range of established improvement practices.
Use of the ISO 29502 assessment methods and criteria is recommended for assessing the organisation’s maturity in respect to improvement, learning and innovation.
- Corrective action
Organisations should apply corrective action principles and define processes for analysing the causes and sources of unplanned events and outcomes with a view to preventing their re-occurrence of leveraging an opportunity
The methodology applied should include provisions for;
a) Reacting to the event or outcome to control, mitigate, correct an outcome or realise an opportunity
b) Analyse the contributing causes, plan and implement actions in conformance with the organisation’s risk management and management of change practices
c) Validate the effectiveness of the actions taken to prevent re-occurrence or to sustain the benefits
- Organisational Knowledge
Learning organisations value knowledge and establish objectives and processes to develop, aquire, and apply knowledge as a key enabler of management process suitability, effectiveness and improvement and the achievement of business objectives.
The acquisition, sharing and application of knowledge should be established as a fundamental management system objective to be reflected in management system processes and peoples’ roles and objectives.
Learning should be established as a real time process implemented across the planning, implementation and review of all activities.
Innovation in knowledge acquisition, sharing and application should be enabled both within and outwith organisations sharing and leveraging public domain, organisational, and stakeholder knowledge consistent with intelectual property obligations.
ISO 30401 Knowledge management systems Requirements defines knowledge management principles and requirements which can be considered when planning operating management system processes for organisation knowledge.
Bibliography
<std>[1] ISO 9000, Quality management systems — Fundamentals and vocabulary</std>
<std>[2] ISO 9001, Quality management systems — Requirements</std>
<std>[3] ISO 9004, Quality management — Quality of an organization — Guidance to achieve sustained success</std>
<std>[4] ISO 10418, Petroleum and natural gas industries — Offshore production installations — Process safety systems</std>
<std>[5] ISO 13879, Petroleum and natural gas industries — Content and drafting of a functional specification</std>
<std>[6] ISO 13880, Petroleum and natural gas industries — Content and drafting of a technical specification</std>
<std>[7] ISO 13881, Classification and conformity assessment of products processes and services</std>
<std>[8] ISO 14001, Environmental management systems – Requirements and guidance for use</std>
<std>[9] ISO 15544, Oil and gas industries — Offshore production installations — Requirements and guidelines for emergency response</std>
<std>[10] ISO 17776, Petroleum and natural gas industries — Offshore production installations — Major accident hazard management during the design of new installations</std>
<std>[11] ISO/TS 17969, Petroleum, petrochemical and natural gas industries — Guidelines on competency management for well operations personnel</std>
<std>[12] ISO 19011, Guidelines for auditing management systems</std>
<std>[13] ISO 26000, Guidance on social responsibility</std>
<std>[14] ISO/IEC 27000, Information technology — Security techniques — Information security management systems —Overview and vocabulary</std>
<std>[15] ISO/IEC 27001, Information security, cybersecurity and privacy protection — Information security management systems — Requirements</std>
<std>[16] ISO 29001, Petroleum, petrochemical and natural gas industries — Sector-specific quality management systems — Requirements for product and service supply organizations</std>
<std>[17] ISO 30301, Information and documentation — Management systems for records — Requirements</std>
<std>[18] ISO 30401, Knowledge management systems — Requirements</std>
<std>[19] ISO 31000, Risk management — Guidelines</std>
<std>[20] ISO/TR 31004, Risk management — Guidance for the implementation of ISO 31000</std>
<std>[21] IEC 31010, Risk management — Risk assessment techniques</std>
<std>[22] ISO 45001, Occupational health and safety management systems — Requirements with guidance for use</std>
<unknown>[23] OGP Report 510, Operating management system framework: for controlling risk and delivering high performance in the oil and gas industry, June 2014, International Association of Oil and Gas Producers (IOGP) and International Petroleum Industry Environmental Conservation Association (IPIECA)</unknown>
<other>[24] Report O.G.P. 511, OMS in practice: A supplement to Report No. 510, Operating management system framework, June 2014, International Association of Oil and Gas Producers (IOGP) and International Petroleum Industry Environmental Conservation Association (IPIECA)</other>
