How to Approve Engineering Changes Safely

The Management of Change (MOC) process is a fundamental element of process safety and environmental protection. It involves a structured review and authorization procedure to evaluate any proposed changes to equipment, processes, personnel, procedures, or organizational structures. The primary objective is to ensure these modifications do not introduce new hazards or increase existing risks to workers, the public, or the environment. MOC emphasizes proactive identification and control of risks, requiring appropriate hazard analysis and risk assessments before implementation. This structured approach helps prevent incidents caused by poorly managed changes. Additionally, MOC requires updating all affected documentation, such as operating procedures, safety data, and process design information, to reflect approved modifications and maintain operational integrity. An essential component of MOC is effective communication. The process ensures that all potentially impacted personnel are informed, trained, and prepared for the changes. This improves situational awareness and maintains a high level of preparedness across departments. By integrating risk management into the change approval process, MOC supports regulatory compliance, enhances operational safety, and promotes a culture of continuous improvement. Ultimately, MOC helps safeguard people, assets, and the environment during periods of change. The scope of the Management of Change (MOC) process encompasses all proposed changes that could impact the safety, health, environmental, or operational integrity of a facility. This includes modifications to equipment, processes, technology, materials, procedures, organizational structures, and personnel responsibilities. Both temporary and permanent changes fall under the scope of MOC. For example, altering operating conditions, replacing materials of construction, upgrading software or control systems, changing maintenance practices, or restructuring teams may all require an MOC review. The process also applies to non-routine operations and emergency changes, though these may follow expedited protocols. MOC ensures that any change, regardless of scale, is assessed for potential hazards and that the risks are understood and mitigated before implementation. It also requires communication with affected personnel and updates to related documentation, such as process safety information, operating procedures, and training materials. The broad scope of MOC ensures a consistent and comprehensive approach to managing change, helping organizations prevent accidents and maintain safe, reliable operations across all functional areas.

🙈 “Risks in the Shadow of Change“ 🙉 The basic goal of Management of Change (MOC) is to determine the risks brought by changes to be made in a hazardous process in advance, to eliminate or minimize these risks and to ensure that the change is implemented safely and sustainably. This approach is of vital importance, especially in technical areas. Because even a small change can have major consequences; it can cause rupture, leak, fire or even a major industrial accident. Unfortunately, many change approvers make decisions by evaluating this process only on paper. It is a common mistake to approve without seeing the reflection of the change in the field and without making the necessary analyses and observations. This can ironically turn change management into a process that creates risks rather than reducing risks. MOC is not only a procedural approval process, but also a critical discipline that requires technical expertise, field experience and a multi-faceted evaluation. Therefore, it is essential to adopt a multidisciplinary approach, especially in technical changes. Different areas of expertise such as mechanics, electricity, chemistry, operator, automation, occupational health and environment should come together to make an evaluation. Many industrial accidents in the past have resulted from the implementation of changes without sufficient analysis. For example, a small design change made in a pipeline may not be able to withstand the system pressure and may eventually cause explosions. Similarly, a small error made in software updates may hide alarms of processes that will create risks in PLC or DCS systems. In order to prevent such results, the MOC process must be supported by field observation, engineering calculations, and function tests. Although analyses on paper provide some basic insights, they cannot always reflect the complexity of real conditions. Therefore, conducting onsite inspections, interviewing employees, and observing the physical condition of equipment are critical steps. It should not be forgotten that change inherently involves uncertainty. This uncertainty can only be managed through a planned, systematic, and participatory MOC. It is necessary not only to analyze risks, but also to be prepared for these risks, to provide transparency in processes, and to create systems that can reverse change when necessary. Creating an effective MOC not only prevents accidents, but also paves the way for continuous improvement and innovation. Therefore, it is a critical requirement for change management practitioners to have field awareness as well as technical knowledge. #oil #gas #LPG #refinery #process #safety #learning #engineering #MOC #managementofchange #risks #riskassessment #terminal #safeoperation #safechange #LNG #oilandgas #evaluation.

Most architecture decisions fail before a single line of code is written. Not because the tech is wrong. Because the questions are. This is the framework I use to approve (or kill) architecture changes 👇 Before we add complexity, we must answer yes to all of these: 1. Does it solve a real pain happening RIGHT NOW? No future scale stories. No hypotheticals. Name the pain. If the pain isn’t concrete, we stop. 2. Is the pain caused by the system, or by how we use it? Bad workflows, unclear ownership, or missing guardrails are not architecture problems. If usage causes the pain, fix that first. 3. Is architecture the simplest way to fix this pain? Could code cleanup, limits, caching, or better defaults solve it? If architecture is not the simplest fix, we reject it. 4. Does this make the system easier to reason about? Good architecture reduces mental load. If diagrams get bigger and explanations get longer, that’s a red flag. 5. Can we undo this without major damage? Reversible decisions can be tried. Irreversible ones require strong proof. If rollback is unclear, approval stops. 6. Do we have evidence, not opinions? Metrics, incidents, queues, timeouts, error rates. If we can’t point to numbers, we measure first. 7. Who owns this when it fails at 2 a.m.? Clear owner. Clear on-call path. Clear responsibility. No owner means no approval. Architecture exists to remove pain, not to prepare for imagined futures. Everything else is optional complexity. Which question do teams skip the most?

The Hidden Risk of “Quick Fixes” in an IT Environment Dear Auditor, let’s imagine this: You take your car for an oil change. The mechanic, without telling you, quietly adjusts your brakes because “he thought it would help.” No record. No approval. No explanation. Weeks later, you are driving on the highway and the brakes fail. I can imagine you saying “God forbid” 😁 Now the real danger isn’t just the faulty brakes, it’s that you had no idea the change was made in the first place. That is exactly what happens with undocumented IT changes. In many IT environments, engineers apply “quick fixes” a firewall tweak, a database update, or a config change without logging or seeking approval. At first, nothing looks broken. But later; Systems crash with no clear cause, hackers exploit the untracked gap and Auditors find no trail of accountability. Here are few steps on how you can review IT changes; 1️⃣ Start with the Policy: Is there a documented Change Management Policy? Does it define roles, approvals, emergency procedures, and rollback plans? 2️⃣ Review Change Records: Obtain the list of change tickets for the period under review, sample the change tickets and confirm if are they complete? (description, risk assessment, approvals). Were changes tested in a staging environment before going live? 3️⃣ Check Emergency Changes: Were they logged and retrospectively approved? Is there evidence of post-implementation reviews? 4️⃣ Look for Unauthorized Changes: Compare system logs/config changes against approved tickets. Is there “ghost” changes? Investigate. 5️⃣ Evaluate Monitoring & Metrics: Are failed changes tracked and analyzed? Is management reviewing change KPIs (success rate, incidents caused by undocumented changes) One undocumented change can snowball into downtime, breaches, or failed audits. Uncontrolled changes don’t just break systems, they break trust with customers, regulators, and stakeholders. #DearAuditor, when next you review changes in IT, don’t just tick boxes by checking if changes were approved. Check if all changes are even visible in the first place, and ask “If I trace every change from policy to implementation, does the story fully add up?” #DearAuditor #ITAudit #CyberSecurity #ChangeManagement #InternalAudit #RiskManagement

🏭 𝗖𝗼𝗻𝘁𝗮𝗶𝗻𝗺𝗲𝗻𝘁 𝗶𝘀𝗻'𝘁 𝗮𝗹𝘄𝗮𝘆𝘀 𝘀𝗮𝗳𝗲𝘁𝘆. Sometimes it's the hazard. It is one of the more counterintuitive lessons in process safety: A design choice meant to reduce dust release can quietly create a new explosion scenario. The logic at the time often makes sense. A conveyor or transfer point releases dust into a broader area. To keep things cleaner and limit migration, an enclosure or partial enclosure is added around it. The problem is volume. 𝗔 𝘀𝗺𝗮𝗹𝗹𝗲𝗿 𝗲𝗻𝗰𝗹𝗼𝘀𝗲𝗱 𝘀𝗽𝗮𝗰𝗲 𝗰𝗵𝗮𝗻𝗴𝗲𝘀 𝘁𝗵𝗲 𝗺𝗮𝘁𝗵: 🔸 The same dust release now occupies less air volume 🔸 Airborne concentration rises faster 🔸 The chance of reaching the minimum explosible concentration goes up 🔸 Ignition sources inside that enclosure become much more consequential If the system later experiences an upset — a clogged chute, a backed-up transfer, a process change — the release that follows happens into a confined, dust-rich space rather than an open one. The design intent was containment. The unintended outcome was a deflagration-ready enclosure. 𝗧𝗵𝗶𝘀 𝗶𝘀 𝘄𝗵𝘆 𝘁𝗵𝗲𝘀𝗲 𝗰𝗵𝗮𝗻𝗴𝗲𝘀 𝗻𝗲𝗲𝗱 𝘁𝗼 𝗯𝗲 𝗲𝘃𝗮𝗹𝘂𝗮𝘁𝗲𝗱 𝗮𝘀 𝗺𝗼𝗿𝗲 𝘁𝗵𝗮𝗻 𝗵𝗼𝘂𝘀𝗲𝗸𝗲𝗲𝗽𝗶𝗻𝗴 𝗶���𝗽𝗿𝗼𝘃𝗲𝗺𝗲𝗻𝘁𝘀: ⚠️ Reduced ventilation can shift hazard profiles ⚠️ Smaller volumes amplify concentration risk ⚠️ Ignition source control becomes more critical, not less ⚠️ Existing protection assumptions may no longer apply 🧠 𝗣𝗿𝗮𝗰𝘁𝗶𝗰𝗮𝗹 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆: Any retrofit that changes enclosure volume, ventilation, or air flow around a dust source should be treated as a Management of Change item with potential explosion consequences — not just a cleanliness upgrade. #CombustibleDust #ProcessSafety #ManagementOfChange #DustExplosions #IndustrialSafety #EHS #SafetyEngineering

🔍 A practical visual of the Change Control / VO workflow from Early Warning and PCR through review, approval, VO issuance, and contract amendment. On most projects, changes are inevitable. What matters is how they are identified, assessed, approved, documented, and formalized. A well structured Change Control / Variation Order (VO) process helps protect the project from: • unclear scope changes • unauthorized instructions • weak cost traceability • schedule impact disputes • approval gaps • contract administration risks 📌 What does the attached flowchart show? It presents a practical route for managing change from: ⚠️Early Warning → 📝PCR → 📊Evaluation → 🤝Negotiation → ✅Internal Approval → 📄VO Issuance → 🔒Contract Amendment 📌 Important clarification: A change may be initiated by: • Contractor • Owner / Client • Consultant / Engineer • Other project stakeholders, depending on the trigger and governance structure 📌 What should a good VO usually capture? A proper VO should clearly include: • change reference number • background and reason for change • description of revised / additional / omitted works • contractual basis or related instruction • cost impact • time impact • technical assessment • supporting documents / drawings / correspondence • approval status and routing • final agreed commercial position 📌 What usually supports the process? Depending on the project, the workflow may already include standard forms and templates such as: • Early Warning Form (EWF) • Potential Change Request (PCR) • Engineer’s Instruction (EI) • VO Form • Internal Approval Form (IAF) • budget transfer / approval forms • change logs and variation trackers 📌 What about approvals and duration? The review path typically involves technical, commercial, managerial, and budget approval layers before formal execution. The actual duration is project-specific and depends on: • governance structure • DOA levels • budget availability • complexity of the change • urgency of implementation • stakeholder response time 💡 In short: A VO should never be treated as just a price form. It is a structured record of what changed, why it changed, what it means, who reviewed it, and how it was approved. Q&A QUICK VIEW ❓ Why start with an Early Warning or PCR? Because early identification improves visibility, allows assessment before commitment, and supports proper governance. ❓ Does every project have the same timeline? No. The duration depends on governance, approval authority, complexity, and the project’s internal procedures. ❓ Why are forms important? Because they create traceability, consistency, documented approvals, and stronger contract administration. 🏗️ On live projects, change is normal. Uncontrolled change is the real risk. #ChangeControl #VariationOrder #ProjectControls #CommercialManagement #ContractManagement #ConstructionManagement #ProjectGovernance #RICS #EngineeringManagement #CostControl #CIOB #CIarb

Leadership Lessons From Aviation How Test Pilots Push Limits Safely Ever wonder how test pilots take aircraft to their limits without compromising safety? They follow a disciplined process called test points. Each test point pushes one step further than the last. Controlled. Measured. Recoverable. I've watched engineering managers do the opposite. They roll out massive reorgs, new tech stacks, and shifted reporting structures all at once. Then they wonder why everything breaks. Flight Test crews and engineers would never do that. They use a controlled process where safety is paramount. Here are 3 aviation-inspired moves to push limits safely: 1️⃣ Define Your Test Points, Not Just Your Goals 🎯 Break big bets into small, deliberate steps. Each step should have clear success and abort criteria. Test points tell you how to get there incrementally. Safely. 2️⃣ Change One Variable At A Time 🔬 Never change speed, altitude, and configuration all at once. Isolate one variable so you know exactly what caused the result. Slow down. Learn. Then move forward. 3️⃣ Use A Chase Aircraft To Monitor What You Can't See ✈️ You need a trusted peer, someone with a different vantage point who sees what you can't. Flight test crews don't fly test points alone. Neither should you. Great leaders structure risk. They push limits deliberately and always have someone watching their blind spots. If you're planning a risky organizational change or technical bet, send me a DM and let's talk about how to design your test points. DVIDS Image - U.S. Navy photo courtesy of Michael D. Jackson

A typical lifecycle of a network change in a hyperscale environment. At scale, even “just a policy update” needs to behave like a product launch! In traditional networks, a config change might be tested in a lab, typed into a router, and marked as “done”. In hyperscale environments, the process is radically different, and necessarily so. When your change affects thousands of devices, millions of routes, and billions of customer requests, you don’t just push and hope: You engineer the entire lifecycle of that change, from idea to impact. 1. Proposal: It all starts with a problem Every change begins with a clearly defined intent: - A policy is too permissive - An interface isn’t fault-resilient - A region is underutilized - A new failure mode has emerged Engineers don’t jump to the fix. They define the "why", capture the desired outcome, and frame it in terms of customer impact, risk, and scalability. 2. Narrative and design review Before any code is written, a 6-pager or HLD is prepared: - What is the change? - What paths are impacted? - What are the risks and rollback paths? - What telemetry will confirm success? Senior engineers and stakeholders review the document silently and debate it rigorously. No slides. Just clarity. 3. Simulation and pre-validation In hyperscale networks, no change goes directly to production: - Routing policy is tested in emulated topologies - Config is rendered and diffed in dry-run pipelines - Shadow updates are applied in staging fabrics - CI/CD systems run intent validators and safety checks Nothing moves forward unless what you intend and the network sees match exactly. 4. Deployment: Guardrails over heroics Approved changes go live through phased rollouts, often: - According to a specific rollout strategy, depending on the fabric and layer, touch specific devices at a time and in a given order - With health checks gating each step - Guarded by rate limits and dependency awareness - Logged, versioned, and monitored in real time - If anything deviates from expected behavior, the rollout halts automatically 5. Validation and observability After rollout, observability pipelines check: - Prefix propagation and routing convergence - Latency and path symmetry - BGP/IGP stability - Fault domain integrity Validation ensures success by detecting silent drift or unintended side effects. 6. Rollback Strategy If something breaks: - The system knows how to reverse the change - A previously known-good config is versioned and ready - Automation undoes the state surgically, not blindly Rollbacks are not shameful. They’re safety mechanisms by design. 7. Postmortem (Yes, even for “Non-Incidents”) Whether the change succeeded or failed, a brief RCA or lessons learned doc is captured. What worked? What didn’t? How can the next one go faster and safer? Every change is a system event. At hyperscale, there is no such thing as “just another config update".

What is MOC (Management of Change), and How to Implement It Effectively? Change is inevitable in any process-driven organization, but unmanaged change can lead to risks, inefficiencies, or even disasters. MOC is a systematic approach to ensure that changes in processes, equipment, personnel, or technology are reviewed, approved, and implemented safely and effectively. It is a critical part of Process Safety Management (PSM) and operational excellence. Key Steps to Implement MOC 1. Recognize All Changes: Identify any changes—big or small—that might impact safety or operations. Example: Changes in equipment, materials, or operating procedures. 2. Identify Hazards and Risks: Assess potential risks associated with the change. Example: Will the new material cause a chemical reaction? 3. Note Hazards That Can Be Controlled: Document controls to mitigate risks. Example: Engineering controls, alarms, or safety procedures. 4. Conduct Pre-Startup Safety Review (PSSR): Before implementing the change, conduct a final safety review to ensure all precautions are in place. 5. Is the Change Feasible?: Evaluate if the change is practical and beneficial without introducing unacceptable risks. 6. Train Affected Workers: Inform and train all impacted personnel on new processes or systems. 7. Implement the Change (if Safe): Only proceed once all risks are addressed and approvals are obtained. 8. Monitor and Adjust: After implementation, continuously monitor for unexpected outcomes and make adjustments as needed. Why MOC is Critical Prevents unforeseen risks or accidents. Ensures regulatory compliance. Promotes operational consistency and safety. #ProcessSafety #ManagementOfChange #SafetyCulture #OperationalExcellence #RiskManagement #HSE