A Guideline: Using or Creating Incident Databases for Natural Gas Transmission Pipelines

Strategic Insights, Volume VII, Issue 1 (February 2008)

by Achim Hilgenstock

Abstract

This report details the work undertaken by the International Gas Union (IGU) Study Group 3.4 during the triennium 2003–2006. The initiative that launched this work came during the 22nd World Gas Conference where it was noticed that use of pipeline incident information often is not fit for purpose.

A comparative analysis has been carried out considering the most frequently used and reliable high pressure gas pipeline incident databases. The four main objectives of the analysis were to determine the differences and similarities of existing databases, create a reference model to be used when developing a new pipeline incident database, assess if harmonization of existing databases is possible and to provide recommendations regarding the above.

Introduction

During the 22nd IGU World Gas Conference held in Tokyo 2003 it was noticed that many presentations used different existing pipeline incident databases (PID) as reference, most frequently the U.S. Department of Transportation (DOT) database and the European Gas pipeline Incident data Group (EGIG) database. In some cases, the pipeline incident frequencies derived from the DOT database were compared with the frequencies derived from the EGIG database and inaccurate conclusions were made that did not take into consideration the inherent differences in the PIDs. In some risk analyses, pipeline incident frequencies were used without consideration of the likeness of data referenced and the background of associated frequencies.

Worldwide there has been a substantially increasing demand for incident database reports. It was noted that the EGIG information was being used to assess risk associated with oil pipelines in South America or offshore pipelines in the Gulf of Mexico. Given the limitations of each of the large databases in existence, it was concluded that data was being misused and in some cases the “damage” is considered irreparable.

Because of the apparent misuse, the EGIG companies took the initiative and proposed to International Gas Union (IGU) the implementation of a comparative analysis covering the most frequently used pipeline incident databases and the preparation of a guideline of how and when to use which database.

Scope of Work

Early work looked at a comparison of incident databases covering the whole gas chain. However, due to the relatively short period of time that was available to conclude the project, the study group has limited itself to “only” pipeline incident databases pertaining to onshore high pressure gas pipelines. Although some of the databases do contain offshore incidents, the main focus of this report is on the onshore gas pipelines.

The databases that were taken into account within the scope of the IGU Study Group (SG) cover only such pipeline incidents where an unintentional gas release has occurred. All other near misses like coating damage or external corrosion without gas release are not taken into consideration although such events are much more frequent than gas releases, but they do not result in consequences to people or material.

Due to major differences in definitions, descriptions and circumstances it is not reliable to compare results from different databases with each other.

The scope of work for IGU SG 3.4 study group covered the following main elements:

• Determine the differences and similarities of existing databases
• Create a reference model to create a new pipeline incident database
• Determine if harmonization of existing databases is possible
• Provide recommendations regarding the above (including promotion of the results).

This report summarizes the main results of the performed work. More details can be found in the original IGU report, which is available on the internet.[1]

4. Importance of and Need for Pipeline Incident Information 

4.1 General

Statistics indicates that high pressure gas pipelines are inherently safer for the public than other modes of gas transportation. The gas transmission industry in particular assures high safety performance for its pipelines by paying great attention to safety issues, to environmental protection and to reliability during all the phases of the service life of a pipeline. However the gas transmission industry is increasingly requested to demonstrate this safety performance in response to requests from regulating authorities or from the public with regard to new or existing pipelines. These requests are dealt with by ensuring open and detailed communication. In this respect, data and information regarding the incidents, the corresponding failure mechanisms and the resulting consequences, as well as information related to the industrial facilities and its operations, have become of increased importance to open and effective support in this communication process.

Various comprehensive databases exist throughout the industry. Government authorities and pipeline operating companies collect data on pipeline incident and their causes. These “incident databases” and the data they contain, together with analysis of any incidents which occurs, are essential for the authorities, operating companies and engineering companies as well as for the general public to both demonstrate and ensure that pipelines remain a safe and reliable means of transporting gas.

The importance and need for these incident databases for the different stakeholders mentioned above are discussed in the following paragraphs. 4.2 Users of Pipeline Incident Information 4.2.1 Authorities and Regulatory Bodies

For the authorities, data and information regarding incidents are fundamental. The analysis of the incident data should advise on the need to maintain or improve the existing legislation or standards and, where necessary, on the need to propose new initiatives. Using the information, authorities can play an ever more active role in identifying deficiencies or gaps in the legislation or requirements regarding external safety for individuals and the protection of the environment. The technical knowledge, which is gained from analyzing the incident databases, represents a powerful tool in order to identify the areas where more focused attention is required.

4.2.2 Gas Pipeline Operating Companies

The overall responsibility to comply with regulatory requirements relating to the construction, operation and maintenance of hazardous liquid and gas pipelines is the responsibility of pipeline operating companies in each country. Additionally, when regulatory requirements do not exist, prudent operating companies can apply regulations from other countries or internal company practices and procedures. In order to manage this responsibility, accurate statistics can be an effective tool for the management of different activities and some examples of possible applications are given in the following:

• Construction of new pipelines

In order to obtain all the permits necessary for constructing new pipelines in some countries in the world the gas pipeline operating companies are required to prepare and submit documentation adequately demonstrating the safety of the new projects. This documentation normally includes an analysis of the possible hazards and the effects on safety and on the environment due to the presence of the new pipelines linked with the route selection.

• Improvements to or demonstration of the safety of existing pipelines

Information on the most frequent types of incidents and the category of pipelines most frequently affected enables pipeline operating companies to gain a better understanding of the causes of incidents, to monitor trends and to diagnose problems that may indicate the need for targeting solutions or additional actions or protective measures.

• Using these facts, pipeline operating companies can demonstrate to authorities, regulatory bodies and the public the safety levels of the network and monitoring effectiveness.

This knowledge can also optimize their maintenance and inspection programs by concentrating efforts on these critical areas.

• Evaluation of safety management system performance

The information obtained from the incident databases can be used to measure the performance of a Safety Management System (SMS), to verify that the policies regarding safety and environmental protection adopted are effective, to demonstrate to all the stakeholders the reliability of the transmission system, to characterize the overall health of the industry and to determine if the resource allocations adopted are functioning effectively.

• International benchmarking

Groups of companies can decide to exchange incident data, improve communications regarding safety performance, create a “safety language” and carry out benchmarking analyses. In order to make this possible, a common viewpoint is required and a standard definition of the data to be collected and the analysis to be performed.

4.2.3 General Public

Historically, communication relating to pipeline safety aspects has been “what the technical experts told the outside world.” It would typically be largely one-way communication where the public had little or no input in determining the acceptability of the safety levels, or in making safety management decisions. However, the public no longer willingly accepts, without question, the decisions of the “safety experts.” The public is demanding input into safety decisions that affect the environment and the community, sometimes showing a strong opposition often referred to as the NIMBY (not-in-my-backyard) syndrome. This, along with increased regulatory requirements for safety communication, has created a need for an improved and better understanding and management of the safety communication process and the factors that influence risk perception.

4.2.4 Consultants/Contractors/Engineering Companies

Due to requirements from regulating authorities and pipeline operating companies, consultants, contractors and engineering companies rely more and more on statistics obtained from pipeline incident databases to evaluate and optimize their pipeline designs. The data is important for design activities in order to evaluate hazards to which a given pipeline is subject, thus enabling improvements in the design of the pipeline and its protective measures by taking into consideration the relevant failure scenarios.

5. Comparative Analysis of Existing Pipeline Incident Databases

In order to successfully compare the results of the different pipeline incident databases it is necessary to gain a further understanding of their makeup. Factors such as different definitions of the term “incident” and considered target systems as well as data collection methods explain why a direct comparison between statistics produced by different organizations can be difficult to perform or may lead to misleading interpretation.

The goal was to highlight the differences and similarities between the incident databases and reports so that more informed comparisons of data can be performed and to highlight the areas where, when changes are made to the databases themselves, the comparability of the data sets can be greatly increased. The databases reviewed include the National Energy Board (NEB) of Canada, the U.S. Department of Transportation (DOT), the European Gas Pipeline Incident Data Group (EGIG), UK Onshore Pipeline Operator’s Association (UKOPA), the Russian Association for Licensing (Gosgortehnadzor) and the Australian Pipeline Industry Association (APIA) (See: Figure 1). It was not intended to compare the safety performance of the individual pipeline systems.

 Figure 1: Pipeline Incident Databases across the World

A comparison between the major pipeline safety databases was made by analyzing the different external factors which affect the pipelines, pipeline system information, incident definitions, categorization of incident parameters, categorization of incident causes, damage classification, categorization of incident consequences and reporting of the data. External factors affecting the safety performance of pipelines such as population density and extreme geographic conditions (desert, mountains, permafrost), and soil types were studied for all the available incident databases.

The term “pipeline system information” refers to the data, which is collected about the pipeline systems included in the pipeline incident database. Database owners usually have two report forms which must be completed by the operators:

1. One form collects pipeline system information (usually on a yearly basis) about the pipelines being operated by the different pipeline operating companies; and
2. A second form collects detailed information about specific incidents.

By collecting pipeline system information, such as year of construction, diameter, wall thickness, depth of cover, class location and grade of material, it is possible to monitor trends (e.g., tendency towards larger diameter, higher pressure pipelines) and to normalize the incident data. An example of normalization is the common practice of dividing the number of incidents by the number of km-years to calculate a benchmark which is not affected by the yearly increase in the total length of the pipeline network.

The most significant obstacle in the direct comparison of pipeline incident data is the way in which the different authorities or database managers define an incident. Although unintentional release of gas (also product loss, loss of containment) is a common criterion in the definitions, other consequences and events are often included which, when combined with differing target systems (pipeline system scopes), lead to difficulties when comparing data sets. For an event to be classified as an incident, it not only has to fulfill the conditions laid out in the incident definition but it must also occur on or involve the target system of a safety database i.e. it must occur within the pipeline system scope of the safety database.

The gas supply chain can be divided into collection, transmission and distribution networks. Each part of the chain represents a specialized field, each of which has very different requirements and is subject to different threats. Offshore collection lines may be at risk from internal corrosion and anchoring, while high pressure onshore transmission lines may be threatened by external corrosion or excavation activity. Distribution systems may be at risk from road works. The inclusion of collection or distribution system incidents in an analysis of transmission system incidents would also lead to misleading results when comparing different incident databases. Figure 2 shows that the incident data bases across the world cover different parts of the gas supply chain.

 Figure 2: Pipeline Incident Databases and Different Database Boundaries

EGIG, for example, covers incidents only the onshore pipe body of a natural gas pipeline, whereas DOT, for example, covers on- and offshore pipelines as well as incidents on stations and other installation facilities. Hence, it is obvious that incident numbers may be different on both PIDs and not comparable.

When an incident occurs, report forms are completed by the pipeline operator, recording the details of the incident. Apart from collecting information about the pipeline specifications and other boundary conditions, a major focus is naturally placed on collecting data about the size and type of damage and on data related to the causality of the incident. When collected on a large scale, such incident data provides the statistical basis for safety and risk analyses, trend detection and the assessment of accepted best practices. As each statistic categorizes these topics differently, this can lead to difficulties when comparing data from different databases.

The causal data collected by all organizations enables an analysis of the major threats posed to transport pipelines. The cause that each safety statistic covers generally groups them into five major classes:

• Corrosion
• Material
• External (third party interference)
• Natural
• Other

Although the subclasses in each group vary somewhat there is a strong correlation between the types of root cause information covered by all safety statistics. This enables reliable comparisons of causal data from different statistics and can highlight different trends in different countries. For example, in densely populated areas third party interference is more of a concern than in sparsely populated areas.

After establishing the causes of the incident, it is necessary to collect information regarding the damage caused. Most safety databases use linguistic terms to classify the damage. The use of linguistic terms makes comparisons between certain statistics difficult because associations between the linguistic terms used can only be approximate. UKOPA is an exception in that it records the critical dimensions of the defect and then uses classes (e.g., 6–20 mm, 110 mm–full bore) when presenting the damage data in its report.

There is, however, a trend of providing three damage classes of increasing magnitude. EGIG and Gosgortehnadzor use the terms “pinhole/crack”, “hole” and “rupture.” NEB and APIA use “leak”, “puncture” and “rupture.” DOT uses very similar terms to NEB and APIA but categorizes “leaks” as “pinholes”, “connection failures” or “punctures” and “ruptures” as “circumferential weld separations”, “longitudinal tears” or “cracks.” The term “puncture” for example describes how the defect was caused but gives no indication of size and technically can also be classified as a “leak” or as a “hole."

Data pertaining to the extent of the databases such as the total number of incidents and the total exposure of the pipelines (measured in km-years) is important to establish the reliability of the statistical data. As the number of records naturally increases in a sample so too does the confidence interval of any statistically derived results. The oldest statistics are UKOPA (1961), EGIG (1970) and DOT (1985) which can show trends over several decades. These statistics all show a reduction in the frequency of gas releases per 1000 km-yr over their respective reference periods. The EGIG and UKOPA reports also give five year moving average values to highlight short term trends by filtering out older incidents. That gives an excellent measurement for the increased safety performance of the grid due to newly applied methods (such as management methods like Pipeline Integrity Management Systems (PIMS)).

The comparative analysis results were two-fold. It enabled creation of an incident database model for new databases and also highlighted those ways in which harmonization of existing databases can be achieved. 

7. Pipeline Incident Database Reference Model 

Five aspects are essential in creating and utilizing an incident database. These include:

1. Determination of the data boundary
2. Population system information
3. Definition of an incident
4. Occurrence/reporting of an incident
5. Data handling

7.1 Determination of the Data Boundary

The recommendation for data boundary collection as a minimum is to define “hardware”, life cycle phases and medium.

“Hardware” boundaries should at a minimum allow for separation of incidents relating to the pipeline only, pipeline equipment, pipeline facilities, offshore versus onshore pipelines. Other “hardware” boundaries may include elements, such as pressure regimes, diameter categories and pipe material.

The life cycle phases of the gas transmission activity should at a minimum allow for separation of incidents occurring during construction, operations and abandonment.

The third element of the boundary should be defined as a minimum by gas or liquid. Further classification may include dry gas, wet gas, sour gas and refined products.

Regardless of the scope of the data boundary, it is essential that the data is clearly discernable to provide the means to filter out each aspect for the comparison to other databases. 

7.2 Population System Information 

The database population is any detailed information with regard to the pipeline network. At a minimum the following pipeline information should be collected in order to perform statistical analyses within the database itself and to enable the calculation of failure frequencies for comparison within the database and to other databases (normalization of the data).

• Nominal pipe size
• Wall thickness
• Grade of pipe
• Year of construction
• Type of coating
• Maximum operating pressure (MOP)
• Depth of Cover

For all the above attributes it is essential to collect the length of each attribute within the database population. Avoiding the use of ranges to represent pipeline attributes where ever possible is recommended and where sufficient data is unavailable, ranges similar to those used in other databases should be used. The definition of the ranges could limit the possibility of comparisons across other databases.

If the definition of “hardware” has been extended to pipeline equipment and pipeline facilities the number of valve stations, number of compressor stations and metering stations, etc. should be included at a minimum.

Regardless of the scope of the population data, it is essential that the data is clearly discernable to provide the means to filter out each aspect for the comparison to other databases. 

7.3 Incident Definition

For the pipeline body, an incident should be defined at a minimum as any event resulting in an uncontrolled release of gas. For a pipeline facility, a different definition for incident may be appropriate. 

7.4 Incident Reporting

The following categories should be used as a minimum to define the possible causes of incidents. These seven causes include corrosion, third party interference/damage, material/weld/construction defects, natural forces, equipment, incorrect operations and other/unknown.

1. Corrosion: Both external and internal corrosion should be included as causes of pipeline incidents. It would also be recommended, as is present in existing databases, that the corrosion be further categorized as localized or general corrosion, and as galvanic, microbiological, or stress corrosion cracking (SCC).
2. Proposal to change “third party” to “external” Third Party Interference/Damage: Historically, third parties have been the leading cause of pipeline incidents. It is important to note with each incident, the party that was involved, whether it be the operator’s contractors, another operator’s contractor, a farmer, landowner, etc.
3. Material/Weld/Construction Defects: This category would include any manufacturing defects such as hard spots or laminations as well as girth or longitudinal weld failures. Noting the type of weld in which the failure occurred is also beneficial from a statistical standpoint.
4. Natural Forces: Obviously, certain events of nature cannot be prevented, yet they are a cause of pipeline incidents. Incidents classified in this category may include failures due to earth movement, heavy rains or floods, lightning, erosions, land slides, high winds, and extreme temperatures, i.e. frozen components.
5. Equipment: This category is applicable only to those databases that have extended their boundary beyond just the pipeline. These types of failures are typically caused by components of the pipeline system, such as control or relief equipment, broken couplings, or stripped threads.
6. Incorrect Operations: This category is for any incident that results from improper procedures of the pipeline operators.
7. Other/Unknown: It is possible the cause of some incidents will be an odd chain of events or a miscellaneous type incident and will not fit into one of the above categories. In rare instances, the cause of an incident may not be able to be determined.

At a minimum the data must mirror the information discussed previously where it is only specific to the location of the incident. In additional to those seven attributes, the following should be included:

• Date and time of incident
• Design factor
• Method of detection
• Pressure at the time of the incident
• Define the size of the hole in the pipeline in terms of its equivalent diameter

Analyzing the effect of incidents on public safety and the environment provides a means to discern between those events that tend to cause catastrophic consequences. As a minimum, the following data should be collected to define the consequences of an incident.

• Fatality
• Injury
• Ignition/explosion
• Evacuation

7.5 Data Handling

To ensure a homogeneous set of data, detailed descriptions of all elements and attributes of the database should be clearly defined and communicated to all the providers and users of information from the database. Regardless of the form of data collection, it is necessary to store the data electronically. The complexity of the storage is dependent upon the resources available and the programming skills available. A simple Excel spreadsheet can handle the data storage, although working with the data for statistical purposes will be cumbersome. Data storage that allows for “filters” to be conducted is the necessary way of analyzing the data across databases. For example, it may be necessary to filter out pipeline facility failures to allow for the comparison to a database that does not collect such data. The collection of pipeline attribute data by length allows for the calculation of an incident rate, which is the only accurate means to compare the rates across databases. The incident rate should be defined as the number of incidents occurring per km-year. However, it is necessary to be aware of other pipeline attributes in order to make a sensible comparison regarding safety. For example, the impact of failures on large diameter pipe is far more significant than on small diameter pipe, rural areas versus urban areas, etc. The most recent data should be considered due to the impact of modern safety management systems, therefore it is recommended that the incident rates are calculating on a moving five year scale, provided enough data is available. Periodic reports containing summaries and analyses of the data can be made publicly available depending on the objective of the database owner. However, it is not recommended to make raw data available without providing caution statements on its limitations. For specific analyses, raw data could be made available on a case by case basis. The intent of this is to prevent the misinterpretation of the data.

8. Conclusions

There is an increasing demand for reliable pipeline incident information, as an increasing number of other parties are using the information of a variety of different purposes. A huge amount of information is available on the internet but selecting the right data for the right purpose is almost a “mission impossible.” The study group investigated a range of available pipeline incident database sources and concludes that, with regard to high pressure pipelines, the most comprehensive frequently used and reliable PIDs are:

• DOT database
• EGIG database
• NEB databases

Studying the details of the most comprehensive, accurate and frequently used pipeline incident databases, it is concluded there are many significant differences in boundaries, population, definitions and classifications and that statistical results are not easily comparable. Knowing all the details and limitations of the most frequently used pipeline incident databases and the purpose and use of pipeline incident information, an IGU pipeline incident database reference model was developed. The reference model highlights the overlap, which is required for comparing results across different PID. Therefore, applying this reference model is believed to greatly improve and ease the comparison of pipeline incident information. The ability to filter data is found to be necessary as the existing databases do not have the same boundary definitions. The IGU pipeline incident database reference model also enables the creation of new PID by providing guidance and definitions for information necessary. From discussions with the owners of the most frequently used databases concerning the details of their databases, it was concluded that harmonization is possible/feasible with relatively few changes to DOT, NEB and EGIG. The harmonization can be done without loss of historical data. It is important that the data from different databases and different systems is normalized to enable some comparisons across databases (e.g. by normalizing with the length of the pipeline system). This allows different pipeline attributes to be considered such as length of segment, operating pressure, diameter, wall thickness, etc. However, careful consideration should be made on characteristics that cannot be directly compared across databases such as geographic differences, design criteria, safety management systems, operating history, minimum regulatory requirements, etc. Based on the work performed in preparing this report and the above mentioned conclusions, the following recommendations are given:

• Start the harmonization process as soon as possible;
• Use this IGU guideline when creating new pipeline incident databases to ensure compatibility with major (harmonized) pipeline incident databases like DOT, NEB and EGIG);
• It is highly recommended that when raw data is made available, a guideline should be provided describing precisely the boundaries and limitations of the database and how to analyse the data. When publishing results of the database, it is important that boundaries of the database are clearly defined.

The work completed for Study Group 3.4 was presented at the 23rd IGU World Gas Conference held June 6 -9, 2006 in Amsterdam. At this time, IGU took the initiative to continue the harmonization activities in the coming triennium, 2006–2009.

Acknowledgments

The authors would like to express their sincere thanks to the following people for their contributions to this paper. Without the worldwide effort of those involved, this analysis would not have been possible.

• Mr. A. Taberkokt, XG Gas Transmission
• Ms. K. Duckworth, NEB
• Mr. R. Little, PHMSA
• Mr. H. Haines, PRCI
• Mr. P. Tuft, APIA; Pipeline Operators Group (POG)
• Mr. A. Niemirowski, Fluxys
• Mr. B. Krivoshein, R&K Consulting
• Mr. E. Espineira, TGS
• Mr. R. Owen, UKOPA
• Mr. R. Minson, E.ON Ruhrgas

 About the Author

Achim Hilgenstock, Ph.D., received his degree in mechanical engineering from Bochum University in 1983. As part of his dissertation at the German Aerospace Centre (DLR) in Göttingen he also worked on numerical simulations of flows around delta wings. In 1992 he joined the Appliance Development department of Ruhrgas AG (now E.ON Ruhrgas AG) in Essen where he was involved in the development of gas burners and flow measurement devices. From 1999, the focus of his activities shifted towards pipeline engineering. Aside from his work as project manager in a number of pipeline construction projects, he has since been representing the interests of E.ON Ruhrgas AG on numerous national and international committees connected with pipeline engineering. As part of his work for the IGU he also conducted a comparison of internationally used damage statistics for high-pressure gas pipelines. Today he is head of the Pipeline Projects in the company’s Pipelines Competence Centre.

 References

See the Report of IGU Study Group 3.4: A Guideline, "Using or Creating Incident Databases for Natural Gas Transmission Pipelines," 23rd World Gas Conference, June 1-5, 2006, Amsterdam.