As a follow on to our post covering last month’s Offshore Technology Conference, Maritime Commons is providing a summary of responses to questions asked by attendees during the conference as well questions submitted to conference organizers in advance. All responses were provided by Capt. Joshua Reynolds with the 8^th Coast Guard District OCS Officer in Charge, Marine Inspection.  

What are the results of the second round of SEMS audits and are they being shared with other regulators? Do other regulators share outcomes of management systems audits with BSEE?

The Coast Guard does not have a regulation requiring SEMS on the OCS. We do have a regulation implementing the International Safety Management (ISM) Code which applies to some vessels on the OCS, but it is not universal and primarily only comes into play for self propelled MODUS. We do assist BSEE with SEMS on marine systems, operations, and training on OCS facilities, and we recently revised the applicable memorandum of agreement OCS-07 reflecting this.

What is your opinion on the NAS report about prescriptive versus performance based regulations?

I’m a fan of performance based regulations. They can, however, be challenging to implement so you need a prescriptive option or industry standard/ guidance to serve as a baseline. Two examples that come to mind are dynamic positioning and well intervention. Risk management for both of these operations comes primarily through risk assessments that inform a safety management system. I think there are good baselines to inform industry about a proper risk assessment; in the case of dynamic positioning you have the Marine Technology Society guidance and in the case of well intervention you will soon have guidance from the Offshore Operator’s Committee.

How do you think industry and regulators can work together to advance safety culture?

While industry is the primary agent for fostering a safety culture, the regulator can assist. I think the keystone habit is a good way for the regulator to do their part. It naturally focuses regulator attention on operators or contractors that are struggling with safety and assists inspectors to develop the mindset that safety management systems are the way to assess and manage the risk. I don’t think it’s fair for regulators to insist you keep your SMS “alive” and not “shelfware” if we don’t constantly refer to them as a matter of routine in our interactions with you.

How can you, as regulators, incentivize a better safety culture?

We can continue to work with industry to reinforce its own methods to manage the risk. You all have – or should have- barriers that you believe in at all levels of your organization: corporate, mid management and deckplate. Whether a regulator is considering an alternative to a prescriptive regulatory requirement or is investigating the root cause of a casualty they must look at barriers industry has identified to mitigate the risk and if they are implemented at all levels. Implementation is the key. It becomes a reality when you have a safety culture.

How do you think management systems affect safety culture?

They can either hurt or help depending on the level of buy-in you have. In the best case you have a tight, concise management system that all levels are familiar with and employ. This is the “living document” we all hope for. In the worst case you have “shelfware.” I’ve found this is typically the result of a disconnect between corporate and other layers of the organization.

What is the status of risk-based inspections? Are you happy with the outcomes so far?

Last June I issued the interim risk-based methodology in the federal register and performed an evaluation of it in 2016. In general I am pleased with the results. We were bound to improve by having more tactical coordination with BSEE, considering the industrial mission the OCS facility performs and the associated compliance and casualty record from BSEE. There are a lot of improvements to be made in the interim methodology. The primary improvements are the prioritization of different types of industrial operations under a BSEE APM [application for permit to modify] and the integration of the SEMS/SMS MOA into the methodology.

How can industry adopt a safety culture versus a compliance culture yet still meet its stakeholders’ demands to deliver a profit?

Last June we published a risk-based resource allocation guide. We decided to get a whole picture of the risk to literally drive how we choose which operation gets an unannounced inspection. The Coast Guard looked at things from a maritime perspective and BSEE looked at things from an industrial perspective and when we put the two views together, we get a complete understanding of the actual risk that is present.

My view is that you’re more likely to find a compliance culture when all inspections are planned and known in advance. You know when we’re coming and what we’re going to look at based on the checklist, so you can make sure each item on the checklist is ready.

Unannounced visits require you to adopt a holistic safety culture because you don’t know when we’re coming and which areas will be selected for inspection. But, you know that maintaining a good safety record gives you more control over your own destiny because the regulators tend to pay more attention to those operators that have more casualties or a history of non compliance.

How does adopting a safety culture apply when talking about security risks?

The MTSA requires the establishment of Area Maritime Security Committees, which are comprised of both government and industry. The AMSCs develop plans to address all the barriers to acts of terrorism that might exist in any particular location. So, if you think about it, we hold exercises and measure performance based on what’s in the plan. Then we follow up with spot verifications to verify they can actually do what’s in their plan.

There is a lot of discussion on cyber and the threat of an external hacker versus an inadvertent incident. Do you have any statistics to show how big of an issue this is?

I don’t have statistics yet for that, but there is a lot of anecdotal data that is helping us to develop cyber risk management frameworks for the various segments of maritime industry. I can tell you that in planning for the AMSC exercises, the IT departments of all the operators have said their number one concern is the intentional or inadvertent introduction of some malicious malware into a major power system. The frameworks are one way by which we’re implementing our Cyber Strategy to help us focus on this new operational domain.

To read Capt. Reynolds’s full remarks from OTC, check out our Maritime Commons post. Have questions not answered here? Submit them in the comments section below!

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.