Monica is a Marketing Manager at Frontline Data Solutions. She has a background in warehouse operations and bachelor’s degrees from Indiana University in both Supply Chain Management and International Studies.
Summary
Major process safety incidents rarely happen without warning. In most cases, investigations for these incidents reveal a familiar pattern: someone made a change without formally evaluating the risks, and the safeguards that existed were designed for a different set of conditions. Management of change (MOC) is the structured process that prevents gaps like these from opening in the first place.
This post explains what MOC is, why it matters for OSHA-regulated operations, and how gaps in MOC practice create the conditions for serious incidents. It also offers ideas for safety and EHS leaders who want to improve their MOC processes without rebuilding their program from the ground up.
Key Takeaways for Safety Managers and EHS Leaders
- MOC is a regulatory requirement under OSHA’s Process Safety Management (PSM) standard for facilities that handle highly hazardous chemicals, and a widely adopted best practice for any operation where change introduces risk.
- Most major process safety incidents involve some form of change that was not adequately reviewed, communicated, or controlled before it was implemented.
- A weak MOC process creates operational and financial risk long before a major process safety incident occurs.
- Improving MOC doesn’t require a complete overhaul. Standardized templates, clear ownership, and regular process reviews can materially reduce risk in a short time.
- The goal of MOC isn’t to slow down operations. It’s to help the people responsible for safety to understand what’s changed and to verify that existing controls are still adequate.
What is Management of Change and Why Does It Matter for Process Safety?
Management of change (MOC) is a formal process used to evaluate, approve, document, and communicate changes to equipment, materials, procedures, personnel, and operating conditions before they go into effect. It helps prevent changes from introducing new hazards or compromising existing safeguards without proper review and authorization.
Under OSHA’s Process Safety Management standard, 29 CFR 1910.119, facilities that handle covered quantities of highly hazardous chemicals must maintain a written MOC procedure. The regulation states that before making any changes, the MOC team should review:
- The technical basis for the change
- The impact of the change on safety and health
- Modifications to operating procedures
- The time necessary for the change
- Authorization requirements for the proposed change
But MOC goes beyond PSM compliance. It’s a standard element of strong EHS programs across industries like oil refining operations, chemical manufacturing, utilities, food and beverage, pharmaceuticals, and any other sector where process conditions, equipment configurations, or material handling practices affect worker safety.
The reason MOC matters so much is rooted in how major process safety incidents actually happen. More often than not, they happen when teams make a series of small changes in isolation without realizing the collective impact these conditions had on existing safeguards. So, over time, seemingly harmless changes create an unsafe environment whether it’s a piece of equipment, process failure, or risky substitution to chemicals or ingredients (among other things).
Managing Hundreds of MOCs at Once
Learn how Todd Energy simplifies and expands its MOC program with Frontline MOC software.
How MOC Failures Contribute to Major Process Safety Incidents
When companies investigate major process safety incidents, MOC gaps appear repeatedly in the findings. The reasons for failure vary, but the common denominator is that a change occurred, and the person or people who did it failed to evaluate the associated risks or to prepare other people within the process. Before you can eliminate risk in your MOC process, review these common reasons why the process fails in the first place.
Changes Incorrectly Classified as “Replacement in Kind”
Many MOC programs allow teams to expedite or bypass formal change management when changes are classified as replacement in kind, meaning the change is identical to what already exists. In practice, this classification sometimes applies to changes that differ in material specifications, operating ranges, vendors, or design standards. But if you don’t catch those differences, the replacement doesn’t perform as assumed, and the safeguards you calibrated for the original equipment might not be adequate anymore.
Temporary Changes That Become Permanent
Temporary changes are one of the biggest MOC gaps that cause major process safety incidents. This happens when a team approves and implements a workaround for a short period, and they never formally return the equipment, process, etc., to the intended state. Over time, the temporary change becomes the operating norm, but it never receives the full review that a permanent change requires. If conditions shift, the safety measures in place may be ineffective for the actual state of the system.
Procedural Changes Implemented Without Formal Review
Procedure updates are sometimes treated as administrative tasks rather than changes that require a full hazard analysis. When you add, remove, or modify a process step without formal MOC review, the people following that procedure might not understand the reason for the change or the risks it introduces. Training records might become outdated. In high-hazard environments, this means operators might be following a procedure that no longer matches the hazard profile of the process.
Changes to Personnel Without Safety Competency Verification
Personnel changes, including new hires, shift reassignments, and contractor substitutions, can all lead to major process safety incidents. Risks increase when incoming personnel haven’t had training on the specific hazards, procedures, or equipment configurations relevant to their role. A strong MOC program addresses personnel changes by verifying competency before individuals take on a safety-critical function.
Incomplete Pre-Startup Safety Reviews
A pre-startup safety review (PSSR) is the final step before implementing a change. When MOC documentation is incomplete, the PSSR cannot be conducted effectively because the reviewer cannot confirm what changed, what was inspected, and what action items remain open. An inadequate PSSR can cause your team to miss important hazards introduced by a new change only after it goes into effect. This is a major process safety incident risk because it’s when the cost of correction and exposure to workers is highest.
The Real Cost of Weak MOC Practice
Weak management of change creates costs that show up before a major process safety incident occurs. You might not notice these costs because they often fall under existing operation expenses, making them hard to attribute to MOC gaps. If you don’t know that these costs exist, then your MOC processes and procedures will become less effective over time.
| Cost Category | What It Looks Like | How to Reduce It |
| Compliance and regulatory costs | OSHA citations for PSM noncompliance, repeat findings in process hazard analyses, gaps in required documentation during inspections | Standardize MOC templates, enforce completion requirements before implementation, maintain a detailed change log |
| Operational costs | Extended downtime because changes were not reviewed before implementation, rework when a change produces unexpected results, schedule disruptions when MOC reviews are conducted reactively | Set clear timelines for routine MOC program audits, separate reviews by risk level, integrate MOC into project planning early |
| Incident and exposure costs | Near misses and process safety incidents due to undocumented changes, hazards from longstanding temporary changes, safeguard failures from equipment that was modified without updating the safety instrumented system | Track all action items related to changes, require closure before restart, link corrective actions to change records |
| People and knowledge costs | Loss of institutional knowledge when experienced personnel leave without documenting the changes they managed, training gaps when procedure updates are not reflected in training records, confusion among operators about current versus historical operating conditions | Require MOC documentation as part of personnel transition, enforce document version control for MOCs, and add MOC notices to safety training |
What Does Strong Industrial MOC Look Like?
Good MOC practices have nothing to do with how many changes your team completes. Focus on tracking the impact of the changes your team makes. Does your TRIR drop? Are there fewer near misses reported? Does the throughput time of your process or the total unexpected downtime drop? Always measure the success of your changes by the metric that most closely matches the equipment, process, or department where you’re making them.
Well-run MOC programs do a good job of identifying operational risks, routing tasks to the right reviewers, documenting decisions with the MOC process from start to finish, and communicating changes to frontline workers. You’ll need all these elements to build an MOC process that prevents major process safety incidents (and more).
A Clear Definition of What Requires MOC Review
One of the most important things to do when building your MOC program is to clearly define the requirements for formal change management. If you don’t outline what needs to go through the MOC process, then your team will most likely skip it whenever possible. Effective programs define specifically what constitutes a change versus a replacement in kind, make that definition accessible, and apply it consistently across sites, shifts, and departments.
Risk-Based MOC Reviews
Not every change carries the same level of risk, and not every change should require the same level of review. Programs that treat all changes identically tend to create bottlenecks that incentivize workarounds. A risk-based approach establishes different review tracks based on the potential hazard of the change, with more rigorous review reserved for changes that could affect process safety boundaries, safety instrumented systems, or relief device adequacy.
Defined Ownership and Authorization
Every formal change should have a named initiator, reviewer with the appropriate technical competency, and defined authorization level. If ownership is unclear, MOC reviews stall out and that increases project costs. The best practice is to clearly define authorization levels so that the right people with the right qualifications review changes at each step in the process.
Closure Requirements Before Implementation or Restart
The MOC process doesn’t end when you’ve approved a change. You can cross an MOC off your list when you’ve completed all action items, updated procedures, notified and trained relevant personnel, conducted a PSSR, and carefully monitored the change after startup. Don’t close out your MOCs before you’ve ensured their safety and established a method for monitoring their effectiveness over time.
A Searchable, Centralized Change Record
Management of change records serve two purposes. They guide the change process in the moment, and they provide the historical record that allows future engineers, inspectors, and investigators to understand why a system is in its current configuration. The key is to store these records in a central location like MOC software, so they’re easy to find. Unexpected employee turnover, organizational changes, etc., can have a huge impact on MOC programs if your records aren’t accessible. Without the context they provide, your team has a higher risk of major process safety incidents.
What OSHA Inspectors Look for When Evaluating MOC
When OSHA conducts a PSM compliance audit at a covered facility, the MOC element of PSM is one of the areas most likely to generate findings. Inspectors typically evaluate whether the facility’s written MOC procedure meets the requirements of 29 CFR 1910.119(l), and whether actual practice is consistent with that procedure.
During an MOC compliance inspection, the OSHA representative will try to determine:
- Whether your facility has a written MOC procedure that covers the required elements, including technical basis, safety and health impact, procedure modifications, timeframes, and authorization
- Whether you apply MOC consistently, including for temporary changes and changes to procedures
- Whether your team documents and completes pre-startup safety reviews before returning modified equipment to service
- Whether employees and contractors receive training before they work with the modified system
- Whether the facility can produce change records and evidence of completion for prior changes
Remember: if you didn’t document it, it didn’t happen. If you can’t prove consistent MOC practices through documentation, you’ll face citations. You’ll also face a more significant operational risk: an unreviewed change that has been in service for months or years may have already altered the facility’s hazard profile in ways that existing safeguards can’t handle. This means a major process safety incident could be right around the corner.
Dive Deeper Into MOC
Trying to figure out how to take your MOC program to the next level? Get a free copy of our MOC compliance guide to find out how.
What Can You Do to Fix and Improve Your MOC Process?
The hardest part of MOC is building a program from scratch. So, if you’ve already got a process in place, then you’re ahead of the curve. For most teams, meaningful improvements are more about closing small gaps than fixing giant holes. Here are some steps you can take to evaluate your MOC process and take it to the next level.
Step 1: Audit Your Current MOC Trigger Definition
The first step is to review your current definition of what triggers the MOC process. It should be clear which types of changes can bypass the process, and your team should be able to reference that definition at any time.
Ask supervisors and process engineers to describe the criteria they apply to potential changes and decide if it needs an MOC or not. If the answers are inconsistent, that gap is your highest-priority fix. Definitions that vary by person or shifts create the conditions for changes to move forward without review.
Step 2: Identify and Close Open Temporary Changes
Next, pull a list of all the temporary changes your team has in progress. For each one, determine whether you need to close it out or formally extend it. If a temporary change has exceeded its authorization period without formal review, you should treat it as an open MOC item that requires hazard evaluation before it can continue. Doing this type of review will help you find those changes that have become de facto permanent without the associated documentation.
Step 3: Standardize Ownership and Review Routing
Then, take time to define who initiates, reviews, and authorizes each category of change. Assign a specific individual, not a role or department, to own each active MOC. If your team conducts reviews informally or via email, establish a documented workflow with a required sign-off at each stage. Routing clarity is the single most effective structural fix for programs where workers frequently skip or delay MOC reviews.
Step 4: Inspect Your MOC Records
Pick five to ten changes that your team implemented in the past 12 months and try to find complete documentation for each one. Can you find the original management of change request form? Is the technical basis documented? Are the affected procedures updated? Are training records linked to the change? Is the PSSR documented and closed? The gaps you find in this exercise are the same gaps an OSHA inspector would find. Fix the highest-risk ones immediately and address the rest systematically.
How Frontline Supports MOC and Process Safety Readiness
At Frontline Data Solutions, we help industrial safety and operations teams standardize management of change with our cloud-based software system, Frontline MOC. The system’s MOC workflow walks your team through each change from request to closeout.
Optional stages allow you to tailor the process depending on the risk level of the change you want to make. And the ability to categorize MOCs based on the department, location, and type (PSM or non-PSM) makes it easier to document and report your process to OSHA regulators.
With Frontline MOC, you can centralize change records, standardize review processes, track related action items, and keep updated on all your MOCs. Want to talk to our team about how to take your MOC program to the next level? Book a demo and we’ll show you how other teams are managing change for PSM and beyond.
