CHEMICAL SAFETY AND HAZARD INVESTIGATION BOARD WORKSHOP ON THE YEAR 2000 TECHNOLOGY PROBLEM AND CHEMICAL SAFETY FRIDAY DECEMBER 18, 1998 + + + + + The Workshop met in Room 333 in the Hall of the States at 444 North Capitol Street, N .W., Washington, D.C., at 8:30 a.m., Dr. Jerry Poje, Board Member, presiding. PRESENT: JERRY POJE, Board Member JACK ANDERSON, Participant JERRY BRADSHAW, Participant ROBERT J. BRANT, Participant KENNETH BROCK, Participant DENNIS CALHOUN, Participant JORDAN CORN, Participant DANIEL DALEY, Participant GEORGE R. DAVIS, Participant NORM DEAN, Participant RICHARD DUFFY, Participant LOUIS N. EPSTEIN, Participant MARK FRAUTSCHI, Participant KEITH L. GODDARD, Participant DAVE HART, Participant RON HAYES, Participant JIM S. HOLLER, Participant JOSEPH T. HUGHES, Participant PAUL E. HUNTER, Participant CHARLES ISDALE, Participant IRENE JONES, Participant DAVID C. KURLAND, Participant TOM W. LAWRENCE, Participant JIM MAKRIS, Participant SAM MANNAN, Participant PRESENT: (Cont'd) CRAIG MATHESON, Participant RUTH McCULLY, Participant FRED MILLAR, Participant ROBERT NEWELL, Participant RICHARD W. NIEMER, Participant ERIK D. OLSON, Participant PAUL ORUM, Participant ISADORE ROSENTHAL, Participant MANIK ROY, Participant GERALD SCANNEL, Participant ADRIAN SEPEDA, Participant RAY SKINNER, Participant ROBERT G. SMERKO, Participant DAVID SPEIGHTS, Participant MIKE SPRINKER, Participant PARIS STAVRIANDOS, Participant ANGELA SUMMERS, Participant ANDREA TAYLOR, Participant STEPHEN VIEDERMAN, Participant JACK WEAVER, Participant HARRY WEST, Participant INDEX OPENING REMARKS AND INTRODUCTIONS Dr. Jerry Poje 3 John Koskinen 9 PRESENTATIONS Dan Daley, Occi Chem 52 Adrian Sepeda, Occi Chem 66 Jordan Corn, Rohm & Haas 85 OVERALL RELEVANT CHEMICAL SAFETY ISSUES IN CONJUNCTION WITH Y2K COMPUTER PROBLEMS 127 HIGH PRIORITY ISSUES 182 P-R-O-C-E-E-D-I-N-G-S 8:41 a.m. DR. POJE: Good morning, everybody. It is amazing to gather this expert crowd into a room on a Friday morning in December when all sorts of other events are occurring in Washington. But we have a topic that is time-bound, and it is very important that we are here.. I would like to start with my introductory remarks. My colleague, John Koskinen, hasn't arrived yet. He has a rather busy schedule, as I am sure all of you can appreciate. When he does come, we will allow him to give us his opening remarks. The Year 2000 computer technology problem justifies establishing health and safety protection as a higher global priority. The Y2K dilemma requires strengthening all elements and their interrelatedness in our current system of safety. This means the equipment manufacturers, the facility managers and designers, the workers, the emergency response community, investigators, insurance companies, regulators, policy makers, researchers, professional societies, trade associations, environmentalists, community-based organizations and foundations. I think it is very important for us to understand that that is our system of safety. We all have a role to play in this system of safety. Simply stated, early computer designs do not function in the Year 2000. The source of Y2K problems are pervasive, involving computer hardware and software, date-related problems can affect computer clock mechanisms, operating systems, software packages, libraries, tools and application software. In addition, many different types of computer technology systems are at risk, such as personal computers, mainframe and mini-computers, programmable logic controllers, microprocessors, and embedded software based systems. The flawed designs became standard through all sectors of the world's economy, including chemical processing, handling, distribution and disposal industries. Larger technology systems developed around failed computer designs thereby creating a monumental problem. Fixing this problem is technically demanding, time consumptive and costly. Deadlines are certain and immutable. Several classes of date problems will be encountered over the next several years beginning in 1999. The major problem of relying upon two digits to indicate calendar year dating and others such as incorrect leap year algorithms, alternative number codes and rollover of registers used to store date data. While some institutions provide valuable models of due diligence in resolving Y2K problems, many governments, industries and communities are recognizing that it is too late for some important systems and organizations to repair the problem before the deadline. Available skilled personnel and financial resources are not sufficient. Many institutions have been slow to recognize the magnitude of risk associated with Y2K failures, and contingency planning and implementation are warranted. Chemical safety concerns include complete failure of safety-related systems, both for control and protection, malfunctions of embedded microprocessors and equipment, and potential failure to respond correctly to program instructions. Computer technology failures could include outright crashes or the generation of large observable errors or small accumulating errors in computer-derived data. Complicating the problem for chemical safety is the embedded Y2K problem that presents the added difficulties in locating non-compliant technologies. Of the 4 billion chips produced in 1996, 90 percent went into embedded systems. Between 1 and 3 percent of the estimated 50 billion embedded chips worldwide are subject to Y2K problems, and only a smaller percentage of these are deemed mission critical. Yet, this indicates that up to 25 million mission critical systems have a date problem. In the chemical manufacturing arena, as much as 70 to 90 percent of inventory assessment, remediation and testing efforts must be directed towards the embedded systems, which include alarm systems, computer mother board system controls, lighting controls, process controllers, pumps, refrigeration controls and valves. The goal of this expert workshop on the Year 2000 technology problem and chemical safety is to assess the Y2K problems associated with the safe management of hazardous chemicals and to identify opportunities to strengthen our system of safety. I commend the leadership, talent and public commitment of the participants in this workshop towards this task and look forward to your interactions throughout the day. You have been extraordinarily generous with your time and energy and motivation in bringing this meeting together. I hope you appreciate the rich talent to your left, to your right and across the table from you. You may not know each other yet, but I hope this meeting allows you to come together. I would also though like to take this opportunity to introduce a special guest today. Senators Bennett and Dodd have actually spurred us into this room by requesting the Chemical Safety Board to convene this meeting. However, we are also fortunate today to have the head of the President's Council on the Year 2000, Mr. John Koskinen, who opens our workshop with an assessment of the Y2K challenge before us. John Koskinen serves as an assistant to the President. From 1994 to 1997, he was Deputy Director for Management at the Office of Management and Budget, where he was responsible for OMB oversight of federal policies covering information and computers. Prior to joining OMB, John Koskinen spent more than 20 years in the private sector as a crisis management specialist, obviously bringing him to the forefront of national leadership on Y2K. John was appointed Assistant to the President and chair of the President's Council on the Year 2000 conversion in February of 1998. He has only been in this position for less than a year. He is responsible for coordinating federal government's efforts to insure that its critical information technology systems operate smoothly through the Year 2000, and the federal relationships with state, local and tribal governments and private sectors and foreign institutions as they deal with the same challenges. It is my pleasure to introduce John Koskinen. MR. KOSKINEN: Thanks. I knew when I saw the fire engines that I was in real trouble. You don't need a Y2K glitch to tie up traffic and make things late. But I am delighted to somewhat belatedly have a chance to talk with you, and I was very pleased when Jerry asked if I could join you. Because this is the kind of gathering that we have been trying to encourage really across not only the country but across all of the critical infrastructure and major industry sectors in the United States. And as Jerry was describing and as you all know, this is a unique kind of problem, particularly when you look at it from the perspective of Washington, not just because you can't move the date -- there is no way you can get an act of Congress to delay it and you can't get the judge to give you another week and you can't get the professor to give you another few days to do the paper. But also because it has a clear performance measure. For many of issues in the government we are used to thinking about what the appropriate perspective is to make sure that we are postured well. And as I have told the federal agencies, the unique thing about this problem is, as I said, not the date. It is, in fact, that the goal is not to have the better documents or the better graphs or the better arguments. The performance measure is very simple. Either the systems work or they don't. And it will be very obvious to people as we move through 1999 and the software systems increasingly are challenged, and then as we move into the Year 2000 and the hardware and the embedded chips are challenged to make the rollover. It will be pretty obvious whether we have met the challenge or not. It is indeed a fascinating challenge, because it reflects the underlying and increasing reliance on information technology across the economy and really across the globe. You hear a lot of talk about global villages and global economies, but what is clear, and those of you who are dealing in a major industry like chemical manufacturing and use understand, is that that global economy and that global village increasingly relies on the exchange of information and financial services through electronic transmissions. And while significant increases in productivity are the result of our increased reliance on information technology, now we find that it all has come home to roost. Because to the extent that this problem is not met, it really challenges everything that virtually moves around the world. So when I agreed with the President to come back and take on this responsibility, the original focus certainly of everyone has been the federal systems. And in fact, when my new best friend, Ed Yardeni, began a year and a half ago to predict that there was a 30 percent chance of a deep worldwide recession, his analysis was based primarily on the fact that the federal government and its systems were not going to be able to make it and that the billions of dollars of transfer payments would fail. We would not be able to issue Social Security and Veterans checks, and we would not be able to collect taxes, which didn't worry too many people. But on the other hand, we would not also be able to make refunds and process those transactions effectively. We wouldn't be able to put the $250 billion a year into the economy we do through the Medicare system, and in fact there would be a major economic contraction as we go forward. That is a legitimate concern and has been for some time. When I was in the government before in my prior incarnation, one of the numerous management initiatives that I had responsibility for was this problem. We organized in 1995 an interagency task force to deal with the problem. And we, like everyone, initially started to look at it as a software issue because in fact the government is primarily involved in information processing and financial transactions. But as you step back, you don't have to step back very far to be able to understand that if the federal systems all work, it doesn't do us much good if the interfaces we have with state and local governments and others don't work. Most of the -- a significant number of major federal problems are actually run and administered by the states. So that we have a major project with all of the states to make sure that Medicaid, food stamps, job training and unemployment insurance can be run effectively by their systems. And then you don't have to step back much farther to take a look at the economy and look at the world and understand that even if we get the federal systems to work and we get the state systems with which we interface to work and we have major problems anywhere else, we have not really actually been able to protect the economy and the public as we should. So we have basically worked on those three tiers, the federal systems, the interfaces, and reaching out, both domestically and internationally across the public and private sectors, to try to see what we can do in a cooperative venture to deal with this problem. And in that regard, in our outreach we have organized the President's Council, which has 35 agencies, including the regulators -- the Securities Exchange Commission, the Federal Reserve and others -- into a set of sector working groups taking a look at what are the most important sectors to us in terms of trying to protect the economy and the public. So we have a working group on oil and gas, we have a working group on electric power, telecommunications, transportation, financial services and you move through the area. And one of our concerns is the concern you are dealing with here, which is in fact the chemical industry, which has the safety issues that you are concerned with that obviously is a critical part of the economy. And even if we can protect the safety, which we need to focus on, we also need to worry about whether we can continue production. So EPA has been reaching out and working with the major associations as part of our strategy, which is to deal with this problem on a wholesale rather than a retail basis in light of the magnitude of it. So in each of these sector groups, we have been reaching out to existing trade association and umbrella groups to form a working relationship on the theory that they can then reach out to their constituent members and feed back to us information that would be important. So as you look at it, I thought it might be helpful to give you a little bit of our perspective as of today as to where we are and where we are going in a context in which you all know far better than most that it is still impossible to predict today what the end of 1999 looks like. And people who tell you what is going to happen, including the survivalists who are selling lots in New Mexico as well as the people who say nothing is going to happen, they are all making guesses. Some of them may be slightly more educated, but they are guesses because we have still substantial amounts of work to be done and it is being done in the private sector as well as in the public sector. But if you run quickly through those tiers, notwithstanding the continuing expressions of concern in some areas, starting with the federal government it is clear now as you look at the quarterly reports that the government puts out, and it was just put out on the 7th -- the quarterly reports. We have been doing these quarterly reports to the public for almost two years. As Yardeni says, whatever else you want to say about the government, it is the only transparent organization on the planet about this problem. If you want to know an agency and a number of mission critical systems and where they are, all you have to do is read the report. And according to that report, the last one that comes out, 61 percent of the mission critical systems in the government have been renovated, tested and implemented. So we are done with those. Of the mission critical systems that are at risk, 90 percent of the fixes have already been accomplished and those systems are into testing. Our goal is to have all work done, tested and implemented and operational by the end of March of 1999. And while a handful or a small percentage of mission critical systems won't meet that deadline, I think by then and even now it is going to become increasingly clear that the problems, to the extent there are any, and threats to the economy and the public won't come from the federal systems. That doesn't mean we have solved all the other problems, but whether it is the FAA or Social Security or the IRS, those systems actually are going to meet the government deadlines. That doesn't mean that there isn't a substantial amount of work still being done, just as in the chemical industry. Clearly in a couple of agencies, we have major challenges. The Defense Department has cornered the market on microprocessors and embedded chips. All those smart weapons that are now in use in Iraq are smart because of the fact that they have embedded chips in them and all of those systems have to be tested as well as all of their software and processing systems -- their financial management and payroll systems. But everybody from the Secretary of Defense on down is focused on that problem. Our other major area of focus and challenge is in the Health Care Financing Administration, which puts $250 billion a year into the health care network, and is viewed as a government system. But the irony is it is run by 60 large private sector insurance companies. The HCFA internal system will easily meet the government goals. The question is whether we can get the private sector companies to be up and running and meet those challenges. They are running antiquated technical systems. There are 7 major systems. So that while it is clear that all of them aren't going to miss the deadlines, some of them may. But they demonstrate the need that we have talked about with federal agencies and that again applies across the board that everybody needs a back-up plan. They need to be able to deal with what the eventualities are if a system you thought was fixed turns out not to be fixed or if somebody else's system that you rely on that they thought was fixed is not fixed, or if people haven't even tried to deal with it. In fact, we will do a press briefing next week on unemployment insurance, which will be the first federal program challenge. It is run by the states for us. And, it calculates benefits by looking forward a year. So on Monday, January 4, 1999, it has to be able to -- the systems have to be able to read January 3, 2000 and calculate backwards. And as luck would have it, a handful of states and territories are having difficulty getting their systems up to speed and running by then, which I think is actually terrific. Because always being an optimist, there has got to be a good story in there somewhere. It is going to allow us to demonstrate a number of things. First, that this is a real problem and that if you don't get your systems fixed, they are likely not to be able to function. Secondly, it will demonstrate to the states that where they are administering federal programs, the rest of the programs have a year to go and my hope is the governors will decide they don't want to be in the same difficulty and the same crunch as the handful are that are now dealing with unemployment insurance. Thirdly, it will demonstrate the importance of contingency and back-up plans. Because, in fact, the labor department in those states have workarounds that will allow the benefits to be paid in January across the board and the beneficiaries will never notice the difference. And a corollary to that point is it is important for the public to understand that if a system doesn't work and can't meet the challenge, it doesn't mean that the world comes to an end. There are appropriate in many cases back-up or work-around plans so that in many ways it will create more back office work and it may slow things somewhat, but if there is a problem, it can in fact in most cases be dealt with. Which moves us, as I say, if the federal systems are going to work and as I say I think we are going to have a lot of ongoing dialogue as we have now with projects with the states, the real question is what is going to happen everywhere else. I think clearly we have major problems internationally. Probably today still half the countries in the world have not made any major effort in this area on the theory either that it doesn't apply to them because they are not running big mainframe systems, or the theory that a lot of people have is that they will fix it when it breaks. They will watch and see what happens and then they will respond accordingly. So to some extent out of frustration with the fact that there is no organized global coordination of this issue, we worked with the United Nations. You may have seen the reports. We got the United Nations to invite every country to send their Year 2000 coordinator to meet with us last Thursday and Friday (December 10-11, 1998) in New York at the United Nations, partially on the strategy that if we invited countries and through the World Bank paid for one coordinator from each developing country, if necessary, we might actually get somebody appointed as the Year 2000 coordinator so that they could come to the meeting. And it turned out that that happened in a number of cases. It was on the theory that for about $2,500.00 through the World Bank if we could get somebody appointed in a country sent to New York, spend a day and a half with us and go home nervous and worried, then it would be the best $2,500.00 investment we ever made. We thought if we got 30 or 40 countries, it would be a nice critical mass and if we got 50 or 60, we would have a chance to accomplish something. 120 countries sent their senior year 2000 executives to meet with us in a stunning turnout. The only major country in the developed countries that didn't participate was Belgium. Everyone else in the OECD and across the world was there. And it generated what I think is the most valuable Year 2000 document in the world right now, which is the list of the 120 countries, their Year 2000 coordinators, their name, address, fax numbers and e-mail addresses. Because it now allows us to deal directly at the senior level in these countries with whoever is nominally in charge without going through all the diplomatic niceties of trying to figure out through our embassies and their embassies who you need to get a hold of. But we also wanted them not to just come together and commiserate about the problem. We created break-out sessions at working lunches and now have a commitment to regional cross-border activities in each of the major regions of the world. The steering group that we created was, by design, created in such a way that we have at least one country and in many cases two who are in fact now committed to being the coordinators for those regional activities -- in Asia, South America, Central America, Africa, Western Europe and Eastern Europe. As we went through the U.N. meeting and we had a series of sectoral presentations, it is clear that internationally, much as domestically and in fact in most countries, the central bank regulators have done an excellent job and the banking system, as a general matter, while there is more work to be done is going to function. And certainly domestically, as we will reveal with the assessments we are having done, there will not be major problems in the financial system. And it is a great tribute to the work that the banking system has done. As I kid the bankers, it is a testimony to federal regulation because part of the reason that it is so systemically being solved is the banking regulators -- the Fed, the OECD, the OCC and the FDIC -- I love those outfits -- have all worked together constructively with the industry, so that now less than 1 percent of the banks have any question at all about their ability to meet this transition, banks of any size. It is also clear that while, when I started, the International Telecommunications Union was not doing much, with a lot of prodding there is now a fairly significant international telecommunications process going. This may not solve the problem in every country but at least will keep the major networks around the world operating. And similarly with air traffic, the FAA has been working very actively with the international air carriers and others. At the other end of the spectrum, it is very clear that shipping has not had a similar level of activity and it is a concern of ours. We are now, as a result of this meeting, have organized a cabal, as it were, to lean heavily on the international maritime organization to in fact hold a meeting in January of all the major players -- the International Association of Ports, the IMO, all of the tankers companies which have a group called Intertanco, my favorite name actually -- Intertanco and the major shippers to try to in fact get an international now full-court press to look at what the shipping issues are. As Admiral Nakara of the Coast Guard who made the presentation to the UN noted, 95 percent of what we import in this country comes by sea. And if we have major problems in ports around the world or we have major problems with the operation of shipping, it is obviously going to be a problem for us. Domestically I think that the major infrastructures will hold. The grids will hold. Telecommunications systems will work. Clearly banking functions will work. Our risks, and they are real risks, are in those areas and with those organizations that have decided much like foreign countries that it is not their problem or they will fix it when it breaks. A lot of small to medium-size companies and public organizations have done a very good job, and we are trying to be careful not to ding everybody who is not in our huge operation. But on the other hand it has been clear from the start that a lot of particularly smaller organizations in the private sector and the public sector have come late to the game if they are in the game at all. The National Association of Counties did an assessment for us that was released last week, and it noted that on the one hand, 50 percent of the counties have an organized plan for dealing with this problem, the other side of the coin, of course, means that 50 percent of the counties don't. And that split is primarily by size. Virtually all of the large counties with over 500,000 people have an organized plan, and the majority of smaller counties do not. And as I have told them publicly, it was a great public service that they did for their members, even though the county executives were a little unhappy, because it now has, I hope, everybody in their local counties and every local newspaper asking is our county one in the 50 percent that have a plan or are we in the counties of the 50 percent that don't, because that is where we are going to have our risk. I don't think that we are going to have a major single catastrophic event that shuts down the country, but I think our risk if we don't get more activity at the local level and we don't get more activity by all the small entities in every industry group, is that we will have a series of localized problems. Our bigger risk that we are focused on is the risk of overreaction by the public. Clearly it is not an issue of how many people go to New Mexico or the high desert in California to get away from it all, because there will always be a certain number of people who want to do that. The real question is how many people decide to take what seem to be very normal precautions. If a few million do it, it is one thing. If a couple hundred million Americans all decide to do anything differently, they can create a self-fulfilling prophecy that has nothing to do with whether the systems operate or not. So if we have a substantial number of people who decide to take 20 percent of their investments out of the market or to take money out of the bank and all show up buying prescription drugs and gasoline in the last week of 1999, it won't matter whether the systems are operating. We will have a major economic challenge to deal with. So we all have a challenge to deal with. Our strategy for that, and it is a strategy that this industry and every industry I think needs to pursue, is we need to provide the public with candid information and assessments of where we are. Overreaction occurs and panic occurs when people don't have information or there is a void and rumors then hold sway because that is the only information out there. So one of the things I would encourage all the individual companies as well as this industry is be candid. The lawyers all say, gee, don't say anything, even in the face of the Information Disclosure Act we got passed. Some public relations firms are saying, wow, you know gee you have got to be careful. People were appalled in a public relations firm gathering that I would even consider going on 60 minutes. I tell you, I think it is the wrong approach. I think your customers and the public and government agencies you relate to and others will all feel a lot better about the process if they know where you are and they know you are working against the problem. So the first thing we have to do is get more real information out and it needs to be candid. We cannot mislead people about the nature of the problem or what is fixed or not fixed. My goal, as I have said, is for the public to feel they know everything I know. So we are going to provide all the data and all the information as we get it to the public because I think they need to know that. The second thing they need to know, and again this meeting is a step in that direction, is that we are managing against the problem. Again, people panic and decide that it is every person for themselves when either they don't have information or it looks like no one is in fact in an organized way dealing with the problem. So in an area as important as the areas you are dealing with today about public safety and the safety of chemical plant operation, but as I say also, I think, in the ability of chemical plants to continue to provide the critical products they provide, it is important for people to understand that the industry is working together and companies are, in fact, managing against the problem. The reason we have these working relationships, I think it is important for the public to understand, is that the government and the private sector are working together cooperatively to deal with this issue. This is not a question of people regulating or yelling at each other or trying to find blame. This is an issue of all of us trying to make sure that we meet that performance standards and that the systems, or as many of them as we can, work. The third thing we have to do, and again I think it is part of the information flow, but we have to establish for the public that, in fact, our normal emergency response mechanisms have been reviewed and updated, and, if there are problems, we will be able to respond to them. People have a great deal of confidence in our ability to respond to natural disasters and they have a great deal of confidence in our ability to respond to industrial accidents and problems because we have experience and we have organizations and they understand that. What we must have people understand, and it has to be a reality, is that we are prepared to deal with whatever problems occur through 1999 and at the end of 1999 and that we are building on the existing emergency response systems. And if we can get that information across to the public, and if we can share that information on a regular basis, I think then there is a tremendous amount of common sense in the body politic and people will respond accordingly, and we won't aggravate whatever difficulties we have by allowing people to overreact to the issue. A final request I would have, and one of the reasons I really was delighted to come and talk with you, is that as you know in response to the ongoing dialogue we have had with a whole set of industry sectors, Congress to its credit passed the bill we suggested, modified and made better by that process, providing protection for voluntary disclosure of information. And it is critical, we think, for people to not only exchange information about how they are doing, but in areas like chemical production and operations as well as telecommunications and power, we need people to share technical data and information about their experience with products, their experience with systems, where the problems are, where the problems are not, where there are problems how they were fixed, what the testing protocols are and what the testing results are. The statute very clearly protects all of that information in terms of being shared both from anti-trust charges and also from charges of product disparagement from anybody whose products you talk about and also in terms of negligence or other liability claims if the information isn't 100 percent accurate. In fact, unless you lie about it, you are protected totally. And the reason for sharing that is obviously major players and companies need to be able to take advantage of that, because nobody knows exactly how to test for this because nobody has ever had to deal with this problem. So it is important for people to be able to compare test results. Equally important, if you look at the issue internationally and if you look at the issue in every industry, and in this industry as well, the smaller players who are coming late to the game may have far fewer technical resources and they clearly have less time. We have 378 days left -- but who counts. Those less-resourced people and businesses need to be able to take advantage of the experiences that other people have already had. We talked in New York where the vast majority of the countries there are developing countries, and what they need is, besides time, not money so much as they need technical information. If you are running a water treatment plant or a waste treatment plant or a chemical plant or a power plant anywhere in the world and you are late to the game, your only chance of making it is to be able to know what the experience of others has been about where the problem is and what the fixes are and what the tests are. And while there are only 378 days left, there still are 378 days. And while I have said, while it is never too late to start, it may be too late to finish. But nonetheless, the work has to be done. And if it is a 6 to 9 month process or it is a year and a half process, if you don't do the first year's work now, it is going to have to get done in the year 2000. So I would encourage the trade associations represented here and the companies here to work together to figure out how do you get on the Web sites and otherwise in the public domain the information you've got about how you dealt with this problem. And if we can do that and we are pushing and encouraging people across the board to do that, you will have made a major contribution not only to your own companies and industries as a solution to this problem, but you will have made a major contribution to the ability of people around the world to be able to get through this problem with as little difficulty as possible. So Y2K is a major challenge. I don't think there has been anything like it that anybody that I know anyway has been able to identify in terms of a problem that cuts across all sectors and a problem that cuts across all countries and in fact is going to happen more or less in a very constrained period of time. But on the other hand, I think that we are making great progress. There are increasing numbers of meetings like this where people are cooperatively looking at problems together. And as I say, not saying who is at fault, but basically trying to figure out how do we solve the problem. So I really appreciate and commend Senator Bennett and his staff and Senator Dodd, with whom I have had a very close working relationship, for encouraging this meeting to be held. And I appreciate the fact that all of you who have day jobs that don't involve sitting in this room have come together to share the information and to develop a common perspective about where we are going. And as I say, my sense is the public understands this is a complicated problem, and they don't expect the result of this meeting to be there is no problem or it is all solved. I think people will be delighted to know that we have isolated where the problems are and what work remains to be done. Because as I say, if they are confident that we are engaged in that mode of cooperative action, I think they will be confident that we will solve the problem. So I appreciate the time and wish you all good luck. DR. POJE: Thank you, John. Please take just a brief opportunity to introduce ourselves to each other. We have prepared background bios from everybody and we have also provided a list of participants. There are many corrections to be made to this list. I am going to circulate it around. But I think it is important for us all to know the qualifications and experience of the people from various sectors who are around this table. I am Jerry Poje with the Chemical Safety Hazard Investigation Board. MR. KOSKINEN: I am going to stay and listen to find out who you all are. DR. POJE: To my left? MR. DALEY: I am Dan Daley with Occidental Chemical. I am the Maintenance Director. MR. SEPEDA: I am Adrian Sepeda with Occidental Chemical Corporation, and I am responsible for the Process Risk Management Programs. MR. CORN: I am Jordan Corn with Rohm and Haas. I am responsible for the Year 2000 Process Control Program. MR. FRAUTSCHI: I am Mark Frautschi. I am with Shakespeare and Tau Consulting. I am interested in embedded systems and the human and social dimensions of the Year 2000 problem. MR. DEAN: Hi. I am Norman Dean. I am the Executive Director of the newly created Center for Y2K in Society. Our role is to try to mobilize the non-profit community and foundations to take an interest in this issue. MR. FRODYMA: My name is Frank Frodyma. I am the Deputy Director of Policy at OSHA (Occupational Safety and Health Administration). Among other things, we handle interagency coordination with organizations like EPA and the Chem Board. MR. SKINNER: I am Ray Skinner. I am the area director of the Houston South OSHA Office. We are very, very much concerned with the continued safety. We are very proud of the chemical industry for the progress they have made so far in the implementation of the process safety management of highly hazardous chemicals, and we want to make sure that the Y2K issue does not cause us problems. MS. GREENHOFF: My name is Cheryl Greenhoff. I am the new IT director for OSHA. I have just been on board a couple of weeks. MR. CALHOUN: I'm Dennis Calhoun, Citgo Petroleum Health, Safety and Environmental focusing on Y2K contingency planning and crisis management and I am here representing API. DR. ROSENTHAL: Isadore Rosenthal. I am a new member of the Chemical Safety Board. I come with a background in the chemical industry and more recently in business studies. MR. SCANNEL: I am Gerry Scannel, President of the National Safety Council and former Assistant Secretary of OSHA. We have over 17,000 members that are anxiously waiting to see what they should be doing. Unfortunately, they should have started before now. MR. KOSKINEN: Tell them it is never too late. MR. ISDALE: I am Charles Isdale. I am a process control consultant and part-time senior lecturer at Texas A&M University. MR. BRADSHAW: I am Jerry Bradshaw, also a lecturer at Texas A&M University and representing the Mary Kay O'Connor Process Safety Center which we have in the chemical engineering department at A&M. MS. JONES: I am Irene Jones representing Huntsman Corporation in Houston, Texas, and I am responsible for process safety and risk management. DR. MANNAN: Sam Mannan, Director of the Mary Kay O'Connor Process Safety Center at Texas A&M University. We have made a major commitment to process safety and issues related to process safety. So we think the Y2K issue is a major issue for us to deal with. MR. SUSIL: I am John Susil, representing Celenese Corporation from Dallas, a chemical manufacturer. I am manager for process safety for Celenese. In addition to that, I chair the global steering committee for Y2K for Celenese. MR. KOSKINEN: I assume that was a skiing accident. No? MR. SUSIL: No. It is just years of abuse. I wish it were something more exciting, but no. MR. LAWRENCE: I am Tom Lawrence with Risk Reliability and Safety Engineering and Safety Consulting firm, and I am here representing the American Society of Safety Engineers. DR. WEST: My name is Harry West, Shawnee Engineers out of Houston, Texas, and I represent the small systematic integrators who are being blamed for all these problems. MR. HUGHES: My name is Joseph Hughes and I work for the National Institute of Health and I am the Director of the Superfund Worker Training Program. We focus on training chemical workers and emergency responders, and we are thinking about undertaking a training initiative over the next year to look at the Y2K preparedness. MR. KURLAND: I am David Kurland. I am a senior counsel with Rohm and Haas Company. I have been providing legal counsel to my company on its Year 2000 efforts. I have also been chairing an information sharing group -- a technical information sharing group within the Chemical Manufacturers Association, where we get a lot of folks who are working on this problem together in a room and talk about where we are, what we are doing, testing results and other kinds of useful information. MR. HART: My name is Dave Hart. I work with Rockwell Automation and I work on mostly customer and Y2K issues. MR. HAYES: I am Ron Hayes. I am from Sunoco. We make gasoline and chemicals and I am in the manufacturing group. MR. VIEDERMAN: I'm Steve Viederman, President of the Jessie Smith Noyes Foundation representing no one. However, we fund environmental work at the community level. And, we are deeply concerned about the impacts of the whole Y2K issue from chemical safety to everything else on communities, and we will be reporting back to them because of our concerns for community and workers. DR. TAYLOR: Good morning. I am Andrea Taylor, newly appointed board member for the U.S. Chemical Safety Board. I would like to alert those up front that it is very hard to hear in the back of the room. So if you can project your voices for those of us who are hard of hearing, it would be much better. Thank you. DR. HOLLER: Good morning. I am Jim Holler with the Agency for Toxic Substances and disease registry. I am responsible for the emergency response activity, which deal with public health issues in acute release situations. MR. NEWELL: I am Bob Newell from Honeywell's Industrial Control Division in Phoenix, Arizona. I am the Year 2000 program manager for the customer response for all the products we have in the world. DR. NIEMEIER: I am Rick Niemeier from the National Institute for Occupational Safety and Health. I am a senior toxicologist and the Internet guru. And because of that Internet guru title, I have been awarded the Y2K problem for the Institute. In about another week or so, we are about to launch an Internet site where occupational safety and health professionals can share their issues about the Y2K problem. And we are working closely with OSHA and trying to address these occupational safety and health issues for Y2K. MR. SPEIGHTS: I am David Speights. I am Deputy Director of the Chemical Emergency Preparedness and Prevention Office at U.S. Environmental Protection Agency. And we are involved in both the Y2K problem for its impact on EPA itself and government, and also for its impact in the chemical industry and particularly its relationship to risk management plans and the general duty clause in the Clean Air Act. MR. DUFFY: I am Rich Duffy. I am the Occupational Safety and Health Director for the International Association of Fire fighters. We are the labor union that represents 225,000 men and women that are fire fighters and emergency medical personnel. We are probably ill prepared at this point for December 31, 1999. MS. EPSTEIN: I am Lois Epstein. I am an engineer with the Environmental Defense Fund here in Washington, and we are interested in the range of environmental impacts that might be associated with the Y2K issue. DR. MILLAR: I am Fred Millar. I am formerly the Toxic Director at Friends of the Earth. And in that capacity, I initiated Section 112R of the Clean Air Act, which means that on June 20 of next year, 66,000 chemical companies will for the first time reveal to the public their worst case accident scenarios off-site. If that is a time of rising concerns about Y2K, it should be a very important thing for us to work on. I am now doing some writing for the National League of Cities and other people with the Public Technology Incorporated in terms of what local governments should be doing to work on Y2K. DR. DAVIS: My name is George Davis. I am here representing the ISA, which is the International Society for Measurement Control. Our role in the Y2K equation is to try and disseminate as much information as we can to a membership of roughly 50,000 to 60,000 process control engineers worldwide. MR. ANDERSON: Hi, my name is Joe Anderson. I am the Health and Safety Director of the Oil, Chemical and Atomic Workers International Union. As you can tell from our title, we represent many of the workers that will be employed in the facilities which you all represent. So, we are happy to be at the table. We are very interested in being integrated into both the planning and process implementation phase of this Y2K problem. We think that we can offer both important information and facility to deal with this problem. DR. GODDARD: My name is Keith Goddard. I represent the State of Maryland Department of Labor. I also administer the occupational safety and health program in our state. DR. WEAVER: I am Jack Weaver. I am representing two groups today. The first organization is the American Institute of Chemical Engineers and the several divisions of the AICHE which deal with safety, computer controls, engineering design and construction. And secondly, I am representing the Center for Chemical Process Safety, which has about 85 members, 60 of them in the chemical, petroleum and pharmaceutical industry with others including contractors and consultants. Over 100 universities are associated with the center and we also have strong affiliations with government agencies, including DOE, EPA, the Health and Safety Executive of the UK, and the Chemical Safety Board. DR. SUMMERS: My name is Angela Summers. I am the Director of Premier Consulting and Engineering. We are an independent consulting organization within Triconex Corporation. Triconex manufactures a triplicated computer system used in emergency shutdown systems. My group supports user companies such as OxyChem, Shell and Exxon in the application of those computer systems. MR. BRANT: Good morning. I'm Bob Brant with the Chemical Safety Board. I head up the investigations for the board, such as the chemical investigations of refineries. I am glad to see this group addressing Y2K here because we already have enough work. MR. MAKRIS: My name is Jim Makris. I am the Chairman of the United States Government's National Response Team, and I direct the Chemical Emergency Preparedness and Prevention Office at the Environmental Protection Agency. If you want to understand how I spend most of my time, it is carrying out the program that Fred Millar says he initiated a few years ago. MR. HUNTER: My name is Paul Hunter. I am with the Senate Special Committee on the Year 2000 technology problem. This area of chemical safety and chemical manufacturing and Y2K readiness has become my responsibility. On behalf of Senators Dodd and Bennett, I would really like to thank the Chemical Safety Board for arranging this meeting on such short notice. It has been an excellent cast of members that Jerry has pulled together, and we are really appreciative of him doing that. MR. BROCK: My name is Ken Brock. Andrea, you can tell them who I am back there if you can't hear me. I am Senior Vice President for Loss Prevention at HSB Industrial Risk Insurers. If the name is not familiar, we were the old IRI. I guess I represent the insurance industry because my partner from Factory Mutual is not here yet. I am in charge of loss prevention services that we provide to our global 1000 customers, and we are very interested in fire and explosion issues. My field staff are working with our customers on Y2K issues and have been for some time. DR. SMERKO: Good morning. I am Bob Smerko, President of the Chlorine Institute. The Institute's mission is the promotion of safety in the production, distribution and use of chlorine, which is a critical chemical for the world. We recently put up a Web site for sharing information about Y2K among our members. MS. RICKETT: My name is Kate Rickett. I work at EPA on the Year 2000 outreach project. MR. JONESEY: My name is Gary Jonesey. I am a senior counsel at the U.S. EPA's Enforcement Office. I was the primary drafter of the Y2K enforcement policy. In the short-term, I am most interested in any information or perspectives that people might have that would cause us to revise the policy. It is available on our Year 2000 Web site, but we will be making any revisions that might be necessary over the coming three to four weeks and then publishing that in the Federal Register. MS. WARNER: Hi, I am Karen Warner from the Bureau of National Affairs. I am covering this meeting for Daily Environment Report and other publications. MR. MATTHIESSEN: I am Craig Matthiessen, a chemical engineer with the Chemical Emergency Preparedness and Prevention Office responsible for chemical accident prevention programs. MS. FRANKLIN: I am Kathy Franklin, EPA, and also with the Chemical Emergency Preparedness and Prevention Office. MR. ORUM: I am Paul Orum. I coordinate the Working Group on Community Right-to-Know, an affiliation of public interest groups in all 50 states, representing more than 1,500 groups concerned with disclosure of chemical hazards and the use of that disclosure to reduce those hazards. MR. OLSON: I am Erik Olson with the National Resources Defense Council and also here on behalf of the Campaign for Safe and Affordable Drinking Water, a coalition of about 300 groups. We are particularly concerned both about chemical releases to air and water. However, we also are concerned about losses in critical infrastructure, particularly water and waste water, and what impacts that may have on the chemical industry and many other aspects of what goes on. MR. MILLER: My name is Robert Miller. I am the Information Systems Manager for the Chemical Safety Board. MS. DAY: I'm Felicia Day, Right to Know News, Thompson Publishing. MS. BARTON: I'm Delila Barton, the Thompson Publishing Chemical Process Safety Report. MR. COGAN: My name is Phil Cogan. I am head of external relations for the Chemical Safety Board. MR. SMITH: I am Jonathan Smith. I am a reporter with Chemical Engineering. MR. MORALES: I am Oscar Morales with the Environmental Protection Agency working inside and outside on the Y2K problems for the Office of Toxic Substances and the inclusion of prevention policy. MS. MORGAN: I'm Renee Morgan, U.S. Chemical Safety Board. DR. STAVRIANIDIS: I am Paris Stavrianidis, and I am the Director of Risk Engineering for Factory Mutual insurance company. We provide research engineering and loss prevention services to our insurance customers. MR. LAMAR: My name is Eric Lamar. I'm Director of Hazardous Materials Emergency Response Training for the International Association of Fire fighters. MS. LINDHART: I'm Joanne Lindhart from Organizational Resource Counselors. I represent users and producers of chemicals, some of whose members are in this room and some who are not. MR. ERNY: My name is Bill Erny. I am with the American Petroleum Institute at headquarters here in Washington, DC. I am a mechanical engineer. I am here representing the interests of the petroleum industry with Mr. Calhoun of Citgo, and we certainly want to ensure the safe petroleum operations here in the United States. MR. MARSHALL: I am Mike Marshall. I am with OSHA. I am the program coordinator for OSHA's Process Safety Services. MR. KIRK: Phil Kirk. I am with the Chemical Safety Board, and as you might have guessed from my photographic activities, I am with the Office of External Relations. DR. POJE: Okay. We have heard everybody's names. I would encourage you throughout the day, particularly at breaks and at lunchtime to engage each other in conversation. One of the messages that John Koskinen gave to us this morning was the importance of disseminating good information and to be candid. We are blessed today with having two presentations to initiate our discussion. The presentations are by our colleagues from OxyChem and from Rohm and Haas. The purpose of the presentations is not necessarily to put both of these companies under a microscope, but to give us examples of how companies are coping with this issue. I commend the individuals and their companies for their willingness and eagerness to provide these presentations and information for your briefing books about how they are coping with their Y2K problem. So without further ado, I would like to introduce Dan Daley and Adrian Sepeda from OxyChem. Our schedule calls for about a 20 minute presentation, and we will allow 15 minutes for questions and answers. Then we will hear from Jordan Corn at Rohm and Haas. MR. DALEY: Thank you. I appreciate the opportunity to come and speak to you. This is one of those areas that it probably takes 2 million words to adequately describe. I am not going to have time for that today. So if you would please hold your questions until the end, and I will try to get through this briefing as quickly as possible. What I am trying to do here is explain what OxyChem is doing to address the Y2K problem. Basically in OxyChem our Y2K program focuses on five key areas -- information technology, control systems, the supply chain, which consists of suppliers and customers, and contingency planning. In each and every key area that I mentioned above, the Y2K program will depend on a specific process that includes each of the following steps. The first step being conducting an inventory of all the devices, systems or relationships where there is a concern about Y2K failure. When I use the term all, basically it is an issue of trying to find all of those devices. For example, we have done inventories at our plants. At the time that we did the inventories on the 40 plants that we have internationally, we identified 30,000 embedded devices. So there is a large quantity of devices to follow up on and process. The kinds of relationships that I am talking about is supplier relationships where effectively if we lose a supply, our plants will be interrupted. I mentioned the customers. Clearly on that end of the Y2K program, we are getting a lot of inquiries. We are getting thousands of inquiries from our customers. But we are primarily concerned with what we call close-linked customers. Those customers where if they have an interruption, it would back up into our plants. The next step is investigation. We are determining the true likelihood of failure and the impact should a failure occur. That is one of the most difficult parts of the program, truly understanding the likelihood of failure. Just because you find a device and it contains a microprocessor does not mean that it has a high likelihood of failure. As a matter of fact, a very small percentage of the devices are likely to fail. Remediation includes the actions that will correct the Y2K related deficiencies or mitigate or impact their failure. And finally documentation includes the creation of the information needed to share the results. And a large piece of what we are doing upon which our program amongst those 40 plants depends is the ability to share results so that people aren't doing things in a redundant manner. If we want to focus on process plant safety, the two most important areas of our program are control systems and contingency planning. Control systems refers to the process being used to identify and correct problems associated with microprocessors and programming that is embedded in systems and devices used to monitor and control process plants. This basically includes distributed control systems (DCSs), programmable logic controllers (PLCs), the whole range of smart controllers, and anything that has a microprocessor built into it. At the beginning of our program, there was a perception that microprocessors had come into our plants in a much smaller way than they really have. One thing that you have to realize is that if you've replaced things over the last couple of years, the only kinds of devices that you had available to replace with in many cases are devices that in some way contain a microprocessor. So there are just a lot more microprocessors in the plants than you might first imagine. The second issue is contingency planning, and that is the process used to identify the likely scenario and make plans to deal with it, and to surface possible situations and to assure ability to respond to them. I think the two important words to highlight here is the 'likely scenario.' It is important to actually have identified the devices and the relationships, screened all of those, and to build that into a likely scenario of what you are going to have to deal with. And then also go beyond that and take it to the point of understanding what the possible scenarios are if, in fact, you didn't find everything. This is a detailed slide. I am sure you are probably not going to see everything. You might refer to the briefing books that you received. What I tried to do in terms of how we are going about handling systems is focus on one of the areas, handling of control systems. The first step is basically to identify again all underlying systems and devices containing microprocessors and programming. The second is to prioritize all identified systems according to likelihood of failure and impact of failure. I think everybody is used to a Process Hazard Analysis (PHA) prioritization grid. We assigned a priority code based on both likelihood of failure and impact of failure. The next step is to investigate. Here basically we attempted to develop a standard methodology, and I will emphasize the importance of standardization in creating processes and programs that can be used across your entire enterprise. My sense is that probably with many of the different companies you talk to, you will find out that they use a different approach, but it is important that they standardize that approach and they adhere to that approach. Within OxyChem, basically the approach that we use starts with triage by priority. Clearly the items that are down with a low likelihood of failure and a low impact, the benefits of investigating and carrying on the work on those is fairly small, and so we tend to prioritize those out and not work on them as part of our early program. The next step is sharing information. We have set up the sequel server data base in which we compile all the information about the devices that we have investigated. As a second step after prioritization, we ask for plants to look at similar devices from other plants to see if they have already been cleared. And if they have, basically engineers use that information to clear their own devices. The third approach is to use vendor information. Facility managers eliminate items vendors have tested -- underline have tested -- and confirmed to be compliant or not a Y2K device. Again, some folks take the point that everything needs to be tested. Well, everything is not a Y2K device. Everything does not contain a real time clock. And it is important to understand those things that do not contain a real time clock and get them off your list. But in addition, rather than just going to a vendor and asking for a verbal response, "Is this device compliant or not?", if it is a Y2K device, it is important to understand that it has been cleared by some testing procedure like a Sematech test rather than accepting some people's claim that they are certain that it is clear. The next step is physical inspections. If previous approaches haven't worked and you have a spare device on the shelf, it is possible to actually do a physical inspection. If the device does not have an internal battery, it can't maintain an internal date. If it doesn't have digital exchange of signals and it only exchanges analog signals, it can't have its date renewed externally, then it is also not a Y2K device. So it is possible by physical inspection to eliminate some additional items. If all of the above, which are less expensive ways of doing things fail, then basically we go into detailed testing. Detailed testing requires rigorous preparation and rigorous execution of the test. One thing to be certain of is that you can get yourself in more trouble testing if in fact you haven't done it right. From that information, we create a data base to record results and share the information. The one piece of advice I would give is think about your end results before starting to develop a data base. We spent some time doing that. I know of a number of other companies who have not done that. Basically they end up with a bunch of spreadsheets all over the different plants and they have a very difficult time in sharing information. On the other hand, don't spend all of your time working on the means to the end. Get into the process of clearing things and start remediating things as quickly as possible. Provide adequate technical support. While not a particularly technically demanding issue, there are some important subtleties about Y2K, such as clock cycle issues -- basically the issue of register overflow. Just because you can't see that a device uses a date and it doesn't print a date, that doesn't mean that somewhere in the device that a date is not being used and is not critical and may not cause a Y2K failure. So be certain that you understand clock cycle issues. Another problem is the integration and interrelationship issues. Overall work process flow focusing on the right things. Make sure that your process basically understands how you plan to clear things and that you are focusing on the right things. There are Y2K issues or Y2K-like issues that will not occur in the Year 2000. For example, on clock cycle issues, one manufacturer is selling devices claimed as being Y2K compliant that will have a register overflow condition that will occur in the year 2006. That approach is not really what we are after. We are after something that we think will have addressed all these date problems. Next comes remediation. Again, create a standard methodology and use the standard methodology. Here I offer one piece of advice: don't try to be opportunistic. Fix the Y2K problem. In many, many cases people are saying, "Gee, this is broken. Let's go ahead and upgrade and take care of a whole bunch of things that we want to do in the future." If you spend too much time in engineering doing that, you are not going to fix the Y2K problem and get it done on time. Take patches and fixes that are supplied by vendors. Lots of vendors are providing free patches and fixes. That is the cheapest, easiest, fastest way to get it done, and those are the best things to use. When a vendor doesn't have a plan for remediating their equipment, fire up the steamroller. If you are dealing with vendors and they don't know what they are doing, you have to get after them fast and escalate it through the organization. Using this approach avoids the problem of having some poor engineer in a plant fighting with a big vendor trying to solve problems. This is not the time for normal budget cycles. Basically it is time that you get your program funded and get things remediated. Track remediation to insure closure. Make sure that there is a system in place that basically tracks each device to the end when it is cleared and it is ready for production and then test after remediation. Finally, we come to documentation. Create a minimum standard requirement for documentation. Describe what, where, who and when. Don't duplicate documentation. For a company like OxyChem that has both a central corporate function and a plant function, basically make sure that you are doing your documentation at one place and audit while the work is being done. That is one of the key points. For the process that we are using at OxyChem, we need to make sure that all facilities are following the intent of that process and not just slipping by somehow. I am going to say a few brief remarks on contingency planning. Adrian will say more. I think that the SEC's requirement to identify the most likely worst case scenario is a good one. This requirement tends to focus on each plant and each company truly understanding what is the most likely case. And that is important to go down and specifically for each area, such as for IT systems identify what is the most likely worst case scenario there, what is the most likely scenario for control systems, and so on down the list including suppliers, close-linked customers, for the surrounding community. And after that, Y2k contingency planning requires creating a composite scenario that assumes multiple problems occurring simultaneously. That is probably the biggest difference from conventional contingency planning. Many of us who have worked in plants have spent some time on the wrong end of a fire hose, but we have done that and there has been a communication systems in place. We have been able to communicate. We have had radios and we have had phones. Think about it if you are on the wrong end of a fire hose and there is a problem and you don't have a communication systems. How would that work? How would you get around that issue? Conduct what-if exercises and conduct table-top exercises. Now onto the emergency response piece. Basically above the line here we are thinking about things that we have been able to accomplish and quantify. And, below the line in emergency response we are thinking about all the 'uns': the unlikely situations, the unrecognized problems, and those that we have been unable to address. In those cases, basically those are the scenarios that are not as straightforward and they are not as well quantified, but we need to be able to respond to them. Finally, the last thing I wanted to mention is I think successful Y2K programs will incorporate the following characteristics. Under project management, you need a 'take charge' leader. If you are a fan of Star Wars movies, you probably remember when Darth Vadar arrived at the death star and said, "I am here to put you back on schedule." You need somebody like that. In many organizations, the information technology (IT) people are heading Y2K problem resolution. And yet, in many cases, an IT project manager does not have the same kind of project managerial skills that we expect in engineers who build plants and does those kind of things. You need somebody that is a steamroller kind of person. Under process development, recognize that nobody has ever done this before and it doesn't come naturally. You need someone who understands and can articulate how the process will work in a plant. Don't allow the process of clearing devices or remediating devices to be done 47 different ways because it is going to take a lot longer. Standardize the way in which you do things. Under process implementation, realize that in the last 10 or 15 years, billions of dollars have been spent on reengineering. Go out and find one of those reengineered processes that is working the way it was designed to. It is important when you design your process that the people use the process as it was designed and you have a mechanism in place that allows people to understand that. Finally, define accountability and authority. Make sure that somebody has been pointed at and told, "This is your job. It is critical that you get this done and you are going to have the resources to do it. Are there any questions about that?" MR. SEPEDA: In building on the Y2K program structure that Dan described, and specifically the triage sections and the likely worst case scenario sections, OxyChem has developed contingency planning into three broad groupings around those things that you would do for: 1. continued operations, 2. safe shutdown, and finally 3. emergency response. As you examine each of these I sequence and again falling back on the structure that you saw earlier, you transcend from the more likely scenarios down into addressing the more unlikely scenarios. Specifically, the first level of contingency planning deals with those things that are necessary to keep your facility running in an environmentally and safe fashion. What are the preplanned items that you can deal with and that you should implement to keep the facility on line but also operating environmentally and safety? I will present just a few examples. I won't elaborate on all of these, but to give you some idea of the things that you should consider. You might want to look at adjusting inventories, both incoming and outgoing, and perhaps waste water systems, so that you build in some flexibility from normal time constraints to address issues and respond to those issues and continue operations without excursions. If you are a small user of some types of utility services that you are buying from others or perhaps even generating yourself, you can look at ways that you may be able to supplement or back-up those systems. For example, you could purchase compressed air -- bottled compressed air and nitrogen systems to back-up generating systems on plant site, and maybe you could even purchase some portable steam generators that would supplement steam that you are buying from a neighbor who could also have Y2K problems. Dan mentioned communication systems. Sometimes our communication systems are so sophisticated that very small upsets bring the entire system down. You may want to look at other ways that you can communicate, perhaps some low-tech systems that will allow you to communicate over relatively short distances. Other things that you can deal with are perhaps the increase of staffing at certain key times. A number of dates may be key, not only the midnight at the turn of the century, but some of the embedded systems perhaps have actions that are taken hours after that. They may recognize the date change but not have an action to take immediately. So it may be an impact that falls sometime after that. You may have some units that you run part-time. Plan ahead. If you are a batch operator, maybe you want to plan so that your batches aren't in the middle of something at what you view key time periods are. If you have some units that you only run part-time, run them and get ahead and shut down during the key times so that you have more resources available to address major issues as they arise. There are a number of inputs and outputs in the system. Perhaps you have to make other travel arrangements, both for your commodities and perhaps for your people as well. One thing that popped up that we thought might be important is there may be an opportunity for you to lock yourself out of your plant. So you might want to examine your security systems and make sure that they positively work and you guarantee it and you know it. If not, make sure that you have ways to go around those systems so that you can get into perhaps your plant, that the gates work, or that you can get into key rooms in your plants or perhaps computer systems. As you go down the list of likely scenarios and their impacts and you look at it in a variety of categories, the next thing is what if the plan doesn't work. What if there is an issue that comes about in the plan itself and the first level of contingency planning didn't take care of it and you recognize that you have to shut the facility down? So what are the things that you can do to shut the facility down safely? Again, I offer some examples. In all likelihood, it is going to be in the middle of the night. So you might need some lights or some very simple things as to make sure that everybody has a flashlight with batteries in it that work and that it has been checked, or assure that maybe there are some portable light stations. Again, assure staffing of key people to perform various functions. Shutdowns take a lot of work. So you want to examine those procedures and ask what are the functions that we might need to have an orderly shutdown should we have different types of service interruptions. Perhaps the problem could arise from something that was overlooked within your site or perhaps it could come from an external influence. Those externalities are the more likely things that could occur: external inputs causing you to bring your plant down. So how are you going to address those? Maybe there is one or maybe there are two or three things that may be happening to you at one time. Be sure and test all of your emergency shutdown equipment and systems and so forth. Industry typically goes through the emergency response plans and drills and even start-ups and shutdown training and drills to make sure that they know how to do that. If you have some opportunity to predict more likely times that you are going to do this, take advantage of that knowledge and pre-plan and test systems as much as possible. Obviously, you want to test your Uninterrupted Power Supply (UPS) systems. For communication systems, if you have a system that requires vent scrubbing, make sure that that works. And look at how it might work under a variety of conditions with various system failures. Do some shutdown drills. You don't necessarily have to shut the plant down. You can do table-top drills, you can do intellectual drills, you can do walk-through drills. There are a number of types of drills that you can go through, but conduct some drills on shutdown and know how would you shut this facility down if you had this type of failure or this type of failure, and again go back to the risk breaking that you looked at when you said what are the likely scenarios that may occur. And finally, after you go through the plan and you have proceeded all the way through the first level of contingency planning where you are trying to keep plant processes running and the second level where you are trying to effect the safe shutdown, should you have an incident, what are you going to do in your emergency response plan to make sure that you have the proper attention and address emergencies in an appropriate fashion. Most facilities do drills pretty regularly. Emergency Response Planning provides an opportunity to enhance those drills looking at a variety of factors. You may want to have your emergency response team on some kind of active standby. As you proceed through the other layers of contingency planning to see that they build upon each other, some actions are the same for all levels of contingency planning and some of them might have very specific use. And some people play different roles. So you have to look at where are you in the contingency planning and what might happen next. If you have an emergency response team or a control center, you may want to activate that during key periods or you might want to make sure that it can be quickly and easily activated. If communications are anticipated to be a problem, you might want to verify how you are going to handle the communication systems, both with your outside emergency responders and maybe with the community around you. How are you going to provide information if someone, an outside emergency response agency, is no longer able to provide that to the community? How can you work with that agency so that you or the agency has a back-up system for providing communication to the community around you? And how are you going to be able to call for emergency response if the communication systems are out or maybe other systems are out? Again, you want to start looking at having drills considering various types of failures, maybe multiple system failures, both internally -- what might happen to you internally and then how do you deal with outside agencies or responders or anyone around you when you have more than one failure. As you walk through those, you can see that they tend to build on each other and they are just examples. To make it work effectively for contingency planning, you have to do that very specific work, first for your company because it has a specific and designated type of culture, then you look at the business groups and you walk it all the way down to the individual facility. Contingency planning for one facility is probably a little bit different than it is for another facility, maybe even within the same business group. What might be important in silicates operation may be somewhat less important in a chlorine manufacturing operation or in a facility making some kind of special chemicals like resorcinol and so forth. So you have got to look at the specific facility that you are dealing with and decide what are the likely scenarios. What are the things that you can do to preplan to first look at on-line, shutdown, and then effective emergency response? Dan and I will be glad to enter into a discussion and answer some questions if you would like. DR. POJE: Thank you very much, Adrian. While I know we are a little bit behind schedule, I want to take a few questions. Dan and Adrian are going to be here throughout lunchtime and the rest of the day to provide additional informal responses. Jack? DR. WEAVER: A question for Adrian. There are lot of really good insights here, and I think suggestions that many hadn't thought of before. One that occurred to me was that in the first level, the continued safe operations, as you are planning for the event, Year 2000 or one of the other date-sensitive events. A number of the things that are recommended are counter to normal practice, such as minimizing inventories of products and maximizing inventories of raw materials. Am I correct in presuming that you would want to reverse that or rectify that at some point after you are past the critical time point? I am thinking in particular of maximizing raw materials where they might be hazardous. MR. SEPEDA: Yes. And I had written down in the contingency plan, 'safe' levels. You probably have what your operating level is, and beyond that what your safe maximum operating level is. A number of facilities have gone to just-in-time inventories, both inputs and outputs. So you may have reduced flexibility for your normal operations. If you suspect that you are going to have some problems -- even on a daily basis if you suspect you are going to have some supply problems, you typically may alter those inventories. Both input inventories and output inventories may change, if you have a shutdown coming up or if you know that you are going to be doing some maintenance in your plant that might reduce capacity. Well, in the Y2K arena, you have the same type of issues. You have some kind of warning, so you may want to adjust those inventories for a short period of time, but that is not forever. You are right. At the end of that time period, you would go back to your most efficient mode of operation. DR. WEAVER: And I guess the other side of that is how far ahead of the event do you build up those inventories of materials? MR. SEPEDA: That is going to be very specific to the plant, the suppliers, and the types of scenarios that you see might evolve causing you to do that and the consequences. It would fall into a risk type analysis. DR. POJE: For the sake of hearing, everybody please stand when they issue their questions just so everybody can hear it. Fred? DR. MILLAR: Either Adrian or Dan, could you say anything about whether when you were doing your identification of sensitive systems in the plant, did you find it necessary to get some help in terms of outside auditors or whatever to avoid complacency? MR. DALEY: Basically for OxyChem, I guess if you went back maybe as much as two and a half years, some internal audits were done in our plants. People tended to focus on things that they thought were going to fail. They looked at PLCs and DCS's. Then we brought in a couple consultants who were named as specialists in Y2K, and they did inventories. And we found in both plants that we did the pilots in, we found a 10:1 ratio. We found that they identified 10 times as many devices as we had identified. DR. POJE: Norm? MR. DEAN: I am interested more broadly in whether there is the likelihood of some key national shortage of components or parts or systems that will be needed for contingency plans. One that came up in a discussion that I had with some folks yesterday was back-up power generators. Almost everyone's contingency plan that I have seen includes the need for backup power generation, but I was told that there is now a two-year back order for industrial or commercial grade power generators. Do you see that as an issue or other key components or materials that may present a problem because of shortages? MR. DALEY: Certainly as people start moving toward the key dates, there are things that could fall in that category. I think the most important thing -- and to go back -- in one of the questions we were talking about the event. I think the thing is that focusing on the event may be a kind of a misnomer or a problem. For each plant, our focus is to identify all the systems and to find out which ones are likely remaining problems. It doesn't matter if it is control systems, IT systems, or if it is those external relationships. Ultimately, we have all the major utilities for our plants listed as a key critical vendor, and we are in the process of trying to identify and articulate if in fact they will be reliable sources. One of the problems that we are having is certainly finding out if in fact they are going to be reliable sources. To answer your question, are there going to be a shortage of electrical generators? There is going to be probably a shortage if, in fact, the electrical distribution networks in the United States are not reliable. On the other hand, if they are reliable, I think things will be fine. MR. SEPEDA: You also might need to look at what are you going to try to do with that. If you are going to try to buy enough portable electric generators to run a chlorine plant, you are not going to make it. So the severance of some key suppliers will automatically drive you further down that contingency planning level. You don't have to go to step one if you lose electrical power in a chlorine plant. You are already at step two. So you've got to be judicious in trying to apply what might be some of your back-up systems, recognizing that you can't continue to run your plant under some conditions. DR. POJE: Irv? DR. ROSENTHAL: I have a couple of issues. First of all, it sounds like a lot of what you are worrying about are a shut-off of infrastructure, right? Supply of electricity. But that occurs now. Isn't that already covered in your normal disaster plan? That is issue one. I have a second one and then you can respond to it. MR. DALEY: Only two issues. DR. ROSENTHAL: The second issue is I would really like to learn what have you found that is specific to disastrous failures: not shutdowns in production, not failure to deliver. Rather, I am interested in disastrous outcomes as a result of Y2K problems -- not normal shutdowns and not the normal infrastructure which your plant has to deal with at the present anyway. Those are the two issues. MR. DALEY: Okay. I will answer your second one first because I remember it. We have found situations, and there are situations with some of the older operator consoles for DCSs that effectively will go to a black screen. The date turns over and there is nothing in front of you. The question is does that produce a disastrous situation? Well, to a person who is not familiar with plants, that may appear to be that way. But on the other hand, I have worked in plants where effectively we have had an outage to the power system to our controllers and we have managed to continue for some period of time operating the plant. Okay? So it is not automatic that some of the most horrendous type of failures may not lead to disastrous situations. Clearly, we don't want that to happen. But I don't think there is a direct relationship between even the things that we have found so far that appear to be very, very significant and a one to one relationship with a catastrophic type of failure. DR. ROSENTHAL: So in other words, you haven't identified any catastrophic failures just as a result of a Y2K failure. MR. DALEY: No. The other question is about the continuity of electrical distribution. Yes, we have that all the time, and we have contingency plans to deal with it. On the other hand, I am going to be asked by my management to give them an appraisal of the likelihood that each plant will survive. Part of that is being able to identify the survivability of those infrastructure items. Clearly my answer to them is going to be different if the electrical utility has a 10 percent chance of survival or a 90 percent chance of survival. So it is important to me to know that. Because we will make different decisions in terms of how we are dealing with things if we think that the electrical utility and the grid, the overall grid, is going to survive versus if it is going to fail. DR. POJE: Two more questions. Jim Makris? MR. MAKRIS: Thank you, Jerry. I think what you have just said stimulated, as often happens from Irv's questions, is that we are incredibly interdependent here. You know, you could spend an awful lot of time and money worrying about contingency planning, and you have got to do that. It is a critical thing. We are canceling leave at the federal level in several agencies -- FEMA, EPA and others for emergency workers and I suspect you are going to be doing the same thing. But, you really have to focus on the part of the problem that OxyChem can solve and work closely with the parts of the problem that the electric grid and the water systems will solve, but not try to presume that with your participation with them that we can keep that functioning. If, as you said a moment ago, your bosses are going to be asking you more questions and they are going to be more intense about the availability of everything at all of your plants at a time later in the year, right? And I can just see this enormous pressure in September or October where you cannot answer every question that you have thought about, and suddenly people are going to say go out and buy it. And it is going to be exactly what John Koskinen talked about this morning. We are going to create our own problem. We are going to create our own shortages. We are going to create our own issues. So what I think is really important is that you do as you have done here. Look closely inside your organization and provide as much help as you can to the infrastructure for its support, but let it take the lead in looking inside its organization. DR. POJE: One more question. Mark? MR. FRAUTSCHI: I wanted to ask Adrian if the contingency plans included looking far outside the organization to the level of individual families which may experience technological disruptions or social disruptions. Basically is there anything that could interfere with workers coming to work or once they are at work that their home concerns would be far enough in the background that they can focus on the very difficult facility tasks that may be at hand during that critical period? MR. SEPEDA: Yes. There is a section on that in our contingency planning. We also had consultants work with us on contingency planning, and there is a section in the contingency planning process that addresses the individual worker's concerns for his home life. Just as in our Gulf Coast facilities hurricane emergency plans there are sections in there that address worker viability to either be at the location or at least recognize the worker's concerns for his family's safety and security when a hurricane comes in. It is going to be important that the worker feel comfortable enough to do his or her job at the facility and that you prearrange scheduling, as it was mentioned before -- at the end of the year. A lot of folks are going to want to be having a party, but you've got to start working on that now to make sure that they are comfortable in being at the facility, and that they feel comfortable that their families are taken care of so that they can be effective on the job. There is a section on that. DR. POJE: The group has many more questions, but time is short. I am keeping an inventory of who I have called on to equitably distribute questions. Adrian and Dan are here for the rest of the day, so please engage them informally with any additional questions about the OxyChem activity. Now we would like to hear from Jordan Corn from Rohm & Haas on how a different company with a different line of products and a different suite of industrial processes is coping with the Y2K issue. MR. CORN: I wanted to start out with a 20-second story here. While my 15-month-old daughter was shoveling scrambled eggs down her mouth this morning, I asked her if we are we going to have a Y2K catastrophe. She looked at me very seriously and said, "No." So I said, well, are we just going to sail through. And she said, "No." Now, of course, she says no to everything. My third question was, well, since there won't be a catastrophe, can we just sort of stop working on what we are doing, and she said, "No." Now I should have stopped while I was ahead, but I went to one more question and I said, Jillian, do you know what you are talking about, and she said, "No." That said, very briefly what I would like to cover is just a few comments about basic chemical process safety and then the implications of Year 2000 on basic process safety, an overview of the program that we are following for our manufacturing systems, what we found to date, and then one final layer of protection that I would like to briefly mention. Starting with process safety, this material is not just applicable to Rohm & Haas. This is just good industry practice. When you design a chemical plant, you assume that any physical device can and eventually will fail. That can be a valve. It can be a pump. It can be a control system. Or, it can be your electrical utility. Your systems have to be designed to be able to withstand these failures. And so to do that, you build multiple layers of protection. There is basic equipment protection. There is some protection your basic control architecture provides. There are some guidelines for fail-safe design. You have operators and engineers to help achieve safety, and you have administrative features that help you. And clearly the closer you get to basic equipment, the more robust your design needs to be. If you look at typical basic equipment within a chemical plant, you are usually talking about tanks with ability to stir material, transfer it, and load it in, and requirements state that every device you have has the ability to be started and stopped locally. So even if your control system goes completely away, you are supposed to be able to bring your system to a safe state. You have also got the ability to manually shut off or shut down any vessel so that you can make sure that that material can't get in or out of it, and then we have got pressure relief devices, which you certainly hope you are not going to have to exercise, but if you do, at least save you from anything catastrophic. Basic control systems start out with the field equipment, and then above it typically you will have some hard-wired intersafety locks. These are designed to bring your plant to a safe state regardless of the state of your control system, regardless of the state of anything else going on in the plant, and they are usually pretty impervious to dates or to anything, since they are generally just electromechanical or pneumatic. Moving up the layers of safety, you typically have a PLC or a DCS control system, and this gets back to the point OxyChem's experts made. This is really where you have to start your Year 2000 work, and you have got to make sure that those things are okay, but they are designed to handle some process safety and a lot of the operation in your plant. Normally above that, you have a distributed control system or a personal computer, and you are supposed to be designed so that if that fails, your plant can still operate or shutdown safely, and certainly as we are moving up here, the more reliance there is on date. Now in the case of Rohm & Haas, we invariably isolate between are supervisory controls systems and our corporate networks, and that says that faulty transmissions back and forth should not happen ever. If anything down here fails, the remainder of your company network is okay, and if anything up here fails, your control system is okay. Now everything I have said so far is independent of the Year 2000. Additionally, every piece of that architecture that I just defined is designed so that it fails safely. You fail with your cooling system still in operation. Your valves are set so that they are powered to the state -- they are not powered in the state that you want them to fail to. So if power fails, cooling valves stay open and material distribution valves stay closed. By doing that, you have got your facility set up to survive the loss, not just of power, but by following good design practices, also the failure of any single device, any other utility and even water. I will come back to that on the next slide just briefly. Additionally, every system that you install is subject to formal design reviews, and those include hazard operability studies and failure modes and effects analyses. I would single out that one for attention because that is where you go through the plant piece of equipment by piece of equipment and say if this fails, what do I do. Now given that this whole design is geared around safe start-up and safe shutdown, why am I saying all this and what are the implications for the Year 2000. Well, probably the single biggest implication, and OxyChem's engineers already mentioned this, is that these systems are typically designed to deal with single failures -- you lose electricity, you lose a device, you lose a control system, you lose power. The big issue with the Year 2000 is that what happens if you have multiple failures -- multiple control failures, multiple utility failures, a mix of the two. And that is kind of the area that we are engaged in now. Our view of it is that safe design and a good Year 2000 program will provide you with good protection against most of this. However, as I think this was pointed out in the previous discussion, our greatest exposure is unquestionably in the utility failures, and it is also the area where we can probably do the least. We can try to work with the suppliers, but that doesn't necessarily help them get done. So what we have done is that we have focused on the equipment and the systems that we have to make sure we won't get in trouble. Rohm & Haas has identified a corporate policy that I won't read hear but essentially we have said that as a company it is our job to identify and correct all of our potential Year 2000 problems -- regardless of where they are throughout the company. To do that, we have divided our scope into eight key areas, and basically we have got some IT issues, we have got supply chain issues, and then we have got the places where you have got the embedded systems, the process control issues, and most of the process safety issues. These are the areas that I will talk about for the remainder of my 20 minutes here. We divided manufacturing systems into two classes. The first includes process control systems and the second includes other physical systems. I will come back and describe what the difference is between the two and the rationale for that division. There is a similar approach for each of the classes of equipment, but there are some slightly different requirements within that approach for the different types of systems. Both of these efforts are coordinated by the same group, and that group really means me and the people who work for me. I am based in our corporate engineering division, and I have got at this point a dotted line to the person who has Year 2000 responsibility for the entire company. Let me discuss a little bit first about control systems, and then I will come back and talk about physical systems. We define control systems as the computer based equipment that directly controls the manufacture of chemicals, and these include typical process control systems: distributed control systems, programmable logic controllers, PCs, anything that you bought as a single utility, like perhaps a waste treatment system that you plug in and go. Really this includes anything that product or effluent or raw materials would pass through. That is purchased equipment containing computers. We excluded pneumatic and electromechanical control because those things do not have date dependencies and they typically do not have chips in them. Physical systems were defined as other physical plant equipment used in the manufacturing process, anything that distributes your raw materials to where they reside prior to coming into your process stream, including monitoring systems like vibration analysis equipment, any test equipment you might have, laboratory analytical equipment, some waste treatment systems -- and yes, there is a fuzzy line there between what is process control and what is another physical system. It also includes other physical equipment necessary to insure the uninterrupted operation of the plant. That is where you get into perimeter security systems, making sure that people can get in or out of the plant, or at least have a contingency plan if they can't, any other security systems like cameras, more importantly fire detection and suppression systems and HVAC systems. And in fact, we distributed a list to our sites of approximately 60 or 70 different classes of equipment that they needed to look at. Why did we separate categories this way? A lot of it has to do with how we started. We got started on this back in early 1997, and certainly much less was known about the problem at that point than is today. And we originally chose to focus on control systems for a handful of reasons, and this still prevails to this date. This is your highest degree of risk within your process operation. All of your operators' view of the process comes from here. All of your control of the process comes from here. Your sequences originate here. Your data is acquired here. Your products are kicked off here. If that thing goes, you are out of production. You may be able to shut down safely, and in fact you will be able to, but if it goes, you are going to lose material and we didn't want that. Second, we were an engineering group. We had a strong central understanding of these systems. Most of them were put in by the central engineering group. And that allowed us some leverage with the suppliers we use. We only use a handful of suppliers for most of this equipment; not all of it, but most of it. And that gave us good access to those suppliers and to the information they had, more than just the pro-forma exchange of letters that says we are working on it. We really want to know what is the status of this equipment. We also felt that a consistent approach was required for these critical systems. Anything that touched the process in making chemicals had to be approached in a common format. Our original intent was to let sites manage other physical equipment independently because the range of equipment was substantially more diverse, a lot of that equipment was selected and installed locally, and from a central standpoint, we didn't know quite as much about it. We should have listened to OxyChem's talk about a year ago. Because what we found was that the different sites took very different approaches with these other physical systems. Some of them, not knowing any better, reported them in with process control systems. Others reported them in with their infrastructure and IT issues. Some reported directly to the company's Y2K manager. Some kept great records but didn't report anything because they didn't know what they were supposed to do. And so we found, I guess going back about six months now, that there would be substantial benefit in centrally coordinating that process. That is one of the first things that we will admit that we should have done right up front that we did wrong. We should have coordinated that right up front from a central group. By doing that, we have created better communication and information sharing. We have imposed some more uniform guidelines on those systems. And perhaps most importantly, we get a good corporate view of what is happening at each site. And, we get the ability to report that up to our management to understand the issues at each site and to know what it is that is on their critical paths. For control systems, we defined what we called a five-tier safety net. You will see that this is a mix of system analysis and remediation and also the roots of contingency planning. We asked sites to obtain vendor certification of every process control component that they had, whether it was a Programmable Logic Controller (PLC), a PC, a Distributed Control System (DCS), a computer used in control, one of these package systems that they bought. We then have asked them to test every operating system. Many of the companies we share information with are not in a position to be able to do this. We are because just about all of our processes are batched, and they have got some schedule time where they can shut down, roll the date ahead and do a test. Without getting into too much detail, what we asked them to do is demonstrate that their systems will successfully roll through midnight and then demonstrate that they can make material following midnight. We also asked them, and this goes back almost a year now, if they intended to operate through midnight, they needed to demonstrate that their control equipment would allow them to do that. Now I will come back and say some more about that a little bit later. The third level of the safety net is we told them to analyze their code for dates where critical. We went out ahead as we started this program, talked to a number of the people who had written code for us both internally and externally, and all of them said we didn't use dates. We had a number of systems scanned for dates and found none in any control equipment. Data acquisition obviously is a separate story. Reporting and logging is separate. But in just making the chemicals, we found no occurrences of date. So instead of trying to analyze everything, we defined a threshold of criticality based on a hazard index for the site, based on the number of other systems within the company that the unit supplies, and based on whether there was any likelihood at all that they might use dates. And if any of those three thresholds were cleared, code analysis was required. We were not too specific on how to do that. One of the things we will be doing next year is going back and providing better tools for people who want to do that. To this date, we have yet to find an application where somebody used a date. Now that doesn't mean we haven't found systems with problems. But we have yet to find anything where we added a problem to what the vendor provided us. I show a dotted line because the last two elements here are really the beginning of contingency planning. They are not part of the assessment or repair of systems. The first is we have told every site that they are going to have to arrange technical coverage through and beyond midnight. We have already recognized that people will have to be on site. The sites we have talked to, we have run into a number of engineers who fully expect that they will not be drinking champagne, so they won't be contributing to the champagne shortage and they know they have got to be there. And lastly, we have asked each site to identify how they handle upsets and how they shut down their plant in the event of an emergency, and we are collecting all of that and recording it, and we also asked them when and how often they test that and how often they have to respond to upsets in their units. So the theory is that if something gets through these layers and gets remediated and retested and still doesn't work, we are prepared to deal with it if it has a problem and we are prepared to shut down in the event that it has a worse problem. In terms of the documentation that we have kept, our sites have submitted inventories of their control systems. We have got about 40 sites worldwide. We have a mixed data base of control and physical systems. We have in the vicinity of 1200 identified control systems. And again, I keep saying that there is a gray area between the two, but that should give you some sense of the magnitude for that. Testing -- as each site tests their systems, we check it off. Actually, they check it off and report to us that they have done it and report the details of the test. We are collecting the upset handling procedures that I discussed previously. And we are asking sites to tell us of their remediation requirements and also to tell what they have spent and us when the remediation is done. And, we have each site certified that they would either face acceptable risk, or they know what they have to do to get there and when they have done that they will have to recertify. One thing that should be clear from all this is that we have very clearly placed this responsibility on the sites. I think is the right thing to do because they know the equipment they have, they know the criticality of it, they know how they can respond to it, they are the ones who go through the drills, and they are the ones who deal with the upsets every day. There are things we have left to do. We need to complete contingency planning. We are talking about a framework of it. We recognize that it will be hierarchical, ranging from devices to production units, meaning a segment within a plant to plant, and then you have sort of got suppliers and customers off on the side. Then you get up to business. But really at this point we are just starting that. We have been focusing on the bottom level of it, which is what are sites going to do to respond to emergencies. We also have to get sites to complete their transition and staffing plans. We felt it was really too early to do that when we put this program out early this year. Because at that point, sites really didn't know whether they would be running or how big a problem they might be facing. And lastly, as I already mentioned, at the end of everything we are going to have the site managers certify that they believe that the risk they face is acceptable. I mentioned that the requirements for other physical systems are a bit different and I will talk through that quickly. Again, an instrument is required. OxyChem referred to triage. We have asked our sites to write the criticality of these systems, and in a fine demonstration of sharing information, we borrowed a good ranking system directly from Merck, which uses five scales ranging from critical to irrelevant. Critical would be something like an analyzer that you cannot ship a product without or an environmental monitoring system that if it doesn't run, you must shut down. In other words, anything where there is an imminent risk to product to safety or to equipment or health. And irrelevant at the other end would be something like a wall clock. So there are five levels in-between there. We then asked for each piece of equipment for the sites to outline what they felt the appropriate assessment techniques were, and the ones we recommended were vendor certification, testing, code analysis and anything else they could think of. The reason we couldn't prescribe it is because the spread is much more diverse than it is for process control systems. In some of this equipment, you may have a date but you can't set it. In some of it, it may just be impossible to test it. In some of it, it may not be critical enough that anything beyond vendor certification is necessary. For example, we have one plant who has an analyzer and they say we have got vendor information on it, but the vendor tells us it fails. They don't tell us how it fails, but we have a second one. So if it fails and it is catastrophic, we just won't use it. It will have some minimal impact on productivity, but we don't really care. Then we asked them to determine and implement their remediation requirements. We asked them to report all of the above and then to go back and determine their approach for less critical items. And by less critical, we are really down to the things that have a minimal impact on production. So we are going after the things that will have a major impact first. So what are our findings? And this gets to Irv's question in the previous session. So far in control systems, we have yet to find a failure that the vendor didn't report. We went into this guessing that the vendors would probably be the best source of information for control systems, and that was all just based on our thought process saying, hey, if we find problems, what are we going to do. We are going to go to the vendor. So the vendor is probably going to be logging these and tracking them. And as the months have gone by, we have found that to be more and more the case. There are reports of anywhere initially up to 3 percent of vendor information being incorrect. And what that says is you have to go back and recheck it, and we do that. We went out ahead for the central vendors that we have the most equipment from, built links to their sites or got their information, and we periodically go back and recheck it or someone at a site goes and checks it and says, hey, this information has changed and you better update it and do something about it. Now we are hearing numbers under 1 percent in terms of information from vendors that turns out to require reclassification. What is the use of dates? We have found -- I already mentioned this -- limited to data acquisition and reporting. We have yet to find one in the direct manufacture of chemicals. Generally we find our old control systems do require upgrades. That will be for various reasons. Often it will be more the open computer component. Not the part that actually runs the plant, but the part where the operator has got their window to the process or the part that you use to configure the system, and those tend to run more on off-the-shelf equipment. Those tend to need upgrading. We have found -- and this has not been true of all of our peer companies -- we have found our vendors to be generally cooperative. Maybe it is because we chose the right ones, or maybe it is because we have just been lucky. But by and large, we have had good fortune with our vendors. To date, we have found only one catastrophic control system failure, and let me qualify that a bit. Catastrophic meaning that the control system itself went to an unpredictable state from which you could not recover. The process could still have been shutdown safely, but the control system itself was rendered completely inoperative. I won't mention the vendor's name, but basically that was in a lab test. It was erratically reproducible. So sometimes it happened and sometimes it didn't depending on the configuration. Needless to say, the production one is being replaced. A question -- yes? MR. SUSIL: Just to clarify. So on that previous slide, your definition of catastrophic failure was that the system just wouldn't operate, not that it would have lead to a release and all of that sort of thing. MR. CORN: That is correct. MR. SUSIL: Okay. MR. CORN: That is probably a poor choice of word. There was one control system failure that locked the system and rendered it inoperable. Good question though. With other physical systems, we are typically finding -- when I wrote this slide, it was 5 to 7 percent required remediation. It is probably closer to the 7 percent side requiring remediation, and usually what that involves is replacement of computers within systems. If you get an analyzer, it has got to read out on a computer. If the PC itself has a problem, the analytical equipment may or may not. Very few of them turn out to be critical. We have found no catastrophic failures yet. That doesn't mean there aren't any. We are still working through this. But we just haven't found any at this point. Many of the identified failures have reasonably straightforward workarounds. And one thing I think we are going to have to do next year is get into some sort of tagging procedure for the devices where a workaround is required. This includes: manual reset of the data after 1/1/00, elimination of the systems, like that analyzer I mentioned earlier, manual intervention, again where you have to either reset a date or when you file something make a note on it that says the date on this is incorrect. And there are a number of cases where you can just do nothing. We do have some systems that will fail, but all they will do is report an incorrect date. The information is transient. It is used and gotten rid of. And the question is why do anything about it. It is not like we keep it for records and we don't submit it with products. So in some cases, we are saying it is okay to do nothing. My final comment is it is our opinion that most of the major problems that will occur will occur while a plant is running. And we have believed from the beginning that shutting down operations through the millennium is a prudent precaution. We are very close to -- we don't have it yet, but we are very close to having a statement from the president of our company that it will be company policy to shut down operations. Now I know once we put that stake in the ground there will be some pushback. There will be some people who say it will be safer for us to run than to shut down and restart. Our position will be you will be down unless you give us an extensive plan for how you are going to run and cover and you get the explicit authorization of the president, who has set this policy. That is all I have. I was almost 20 minutes. DR. POJE: Yes. Thank you very much. Sam? DR. MANAN: I have so many questions, I don't know where to start. But I will start by saying that we must laud the efforts of OxyChem and Rohm & Haas in doing all these prudent things. One of the questions I have is that these are only two companies and there are a host of other companies small and large. In your opinion, what percent of the companies are doing something similar to that? And secondly, what percent of the problems are you catching? That is one part of the question. The other part is I realize that you are saying that not running the plant during the Y2K cycle is a prudent initiative. That could very well be true. But on the other hand, I feel that human factors is a big issue that we haven't yet addressed. And starting of the plant later on, if you look at the Seattle explosion, it happened during start-up. So have you factored those in? And if you are talking about putting extra people during the Y2K cycle, again human factors is an issue. So I would like for you to address these two issues if you can. MR. CORN: Sure. The first one I can answer for large companies -- and Occidental, feel free to contribute to this. We share information with as best as I can tell somewhere between 40 and 50 large companies. I am currently involved in three information exchange groups. One is the Chemical Manufacturers' Association (CMA), one is the Chemical Information Technology Association, and the other is a branch of the World Batch Forum dealing specifically with Year 2000. All of those companies have active programs that are similar to either what you saw with Occidental or what you saw with us. They are all doing the work they need to do in my opinion. They are all doing it differently, but with similar frameworks in place. I can't speak for the companies that we don't exchange information with. The one pattern I can state is that if I look at the companies we do share information with, most of them are large. And from that I can conclude reasonably well, I think, that large companies are doing what they need to do. I really can't draw a conclusion about small companies. MR. DALEY: Basically I think our information reflects what Jordan is saying. The kind of feedback that we have gotten, and it is not explicit, is that smaller companies are having a harder time of it. So basically in terms of support needed to help companies, it is probably something that would be packaged for companies that maybe don't have full-time IT people or full-time control systems people and need help getting through a program. MR. CORN: Regarding the second question about shutting down through midnight. Is that safe or what risks do you run in restart? I did mention that most of our facilities are batched. And as batch operations, most of them go through routine shutdowns and start-ups. I have a semantic debate with a friend of mine as to whether stopping between batches and restarting constitutes a shutdown. He claims it does and I say it doesn't. But in all seriousness, the fact that they are constantly introducing different chemicals and they are constantly going through idle states says it shouldn't be that big a risk. I expect the pushback will come from the continuously operating units, the ones that typically run for six months or a year. We do not have any units that run for years on end. So every one of our units does at least shut down once during the year, which says we have got a history of doing it and supposedly we know how to do it. And again, that is something that I have got to rely on the inherent design of the plant, the training of the operators, and the ability to do that. Regarding the personal factors of having people around and staffing, that is something we still have to address. And I think one thing we are going to have to do is accelerate the time frame in which we tell plants you have got to get your support figured out. We were thinking third quarter and it might need to be earlier. DR. POJE: Paul? MR. HUNTER: I have two comments. One concerns the actual trusting of vendor certification. I think I heard a stronger trust in the first presentation than the second. And I just want to put out a cautionary note. In other sectors, in health care and transportation, we have had witnesses, technical people not management, come before us and say they have had vendor certification and then they have ran a test and the device failed: sometimes in a nonrecoverable way and sometimes in a nuisance way. But in one life critical medical technology, the device failed and was not recovered. So I would caution the whole group about vendor certification as a means of testing. It is certainly something you would like to obtain, but if it is a critical device or life safety device or an environmental safety device, I would strongly recommend that it be certified independently. The second was something I didn't hear in terms of contingency plans for global corporations. You may be aware that the Senate committee has asked the administration to try to do something about a worldwide alert system to track effects around the world in the different time zones as the time clicks by and we go midnight to midnight. It occurred to me sitting here that with global situations, you may not be running the same process or developing the same product, but you probably have similar technology and you can take advantages. And even if your leading edge companies are having problems, at least your ones that are going to hit the date later on in the day can take appropriate contingency actions. So I think for global corporations, that is an important contingency item. MR. CORN: I would point out that we haven't done anything formal there, but we have so far identified the key sites we would want to look at for that, and I think we will do something in that field. MR. DALEY: One comment I would make. You had mentioned our reliance on testing. And I tried to underline the point that it is testing -- or it is vendor certification based on testing. And I had mentioned going back to like the Semitech test or some standard testing. Clearly we have got a lot of certification early on in which vendors said that they were compliant but they didn't reply back and identify what kind of test they used to certify their device. Clearly if a vendor has tested it, and they can show results that they have tested it, then that is something that I don't think we need to duplicate. MR. HUNTER: Yes, I would agree. I think it goes back to the old Reagan dictum of trust but verify. Just don't take a piece of paper. DR. POJE: Mike Sprinker? MR. SPRINKER: Actually one of the things I didn't hear specifically addressed was the whole issue of worker communication and worker involvement as a policy that is actually enforced at the various plant sites. We have members in various multinational companies, and it is always amazing the differences that exist at times between what corporate policy is and what really happens at each individual plant. I think this may be particularly important here. Different plants may make decisions to get around problems, both in testing and when the actual event occurs in different ways. And, unless the workers have some real input, they may say, "Wait a minute, we can't be out there looking if the screen goes blank. We don't have enough people there to be able to communicate what is going on at different tanks and different levels. If you have got tanks that are dual-use tanks where you could end up with product or incompatible product going in at the same time." So I am wondering what happens there? And also, how do you handle the whole issues of potential problems during actual tests on your processes and on Occidental's processes? Because it seems to me that would fall into the -- certainly the OSHA mandate, the management of change issues, and maybe more. Has that been formally worked on? MR. CORN: Well, let me see if I can remember both questions. The first one, how do we make sure what is happening at sites is reasonably standard and that the workers are involved and that there aren't sort of things going on that are counter to the program or that we don't know about or issues not getting surfaced. We are engaged in a program of going to every site in North America and probably every site in Europe and then representative sites in the Asia Pacific region and in our Latin America region to do interviews. I hesitate to call them audits, because what we really do is focus on what are you doing with this program, who is involved, what are they doing, what have you found, and how are you executing it. To date we have been to I think 10 sites. So we have got a mechanism in place where we are trying to deal with that. Another way we deal with it is we have got centralized reporting and we are in frequent contact with the sites, both through e-mail and teleconference. And is there a possibility that an issue like that happens where one site does something slightly different? Yes. But between site visits, contact, and we will do some form of formal auditing next year, I think we are going to catch most of it. And again, layering this onto the very minimal number of critical problems that we found and the fact that we are not going to be running, I don't think we have got a major risk factor. MR. SPRINKER: But when you say you are in contact with the sites, is that merely with plant management and engineering staff and all, or is it actually some discussion with the actual plant operators and maintenance folks and so on, which is a key issue? MR. CORN: It is generally with management and engineering. But those people -- the engineers are the ones who are going to be on staff during the transition. MR. SPRINKER: You mean you are not going to have any hourly people on staff? MR. CORN: Well, we are going to have hourly. I grant that is something we probably ought to do more of. MR. SPRINKER: Yes, I think so. MR. KURLAND: Can I add to that a little bit? I am from the same company. In addition to being the company's Year 2000 lawyer, I turned out to be the company's OSHA lawyer and environmental lawyer as well. So all these seemingly divergent parts of my job are really converging here. But many of our sites are OSHA VPP sites, and that mandates worker involvement. Also, if Year 2000 issues at the plants are going to require some unusual action beyond normal standard operating procedure, you've got to go through management of change. To go through management of change, you need a Haz Op and you need a safety review and procedures say you've got to have workers involved. You can't do that without worker involvement. So normal management of change and safety reviews at the plants require that hourly workers and employees and operators be involved in those activities if it is something outside of standard operating procedure. And if it is an SOP, then it has been developed with worker input. MR. CORN: There was a second part to that about testing. Should I answer it? DR. POJE: I would prefer to have more people asking their questions. Steve, you have one? MR. VIEDERMAN: I have two generic ones again. Koskinen noted the importance of transparency in all of this to avoid problems if nothing does occur. And I am concerned that I have heard very little about how, when, and with whom the companies are dealing with communities. At the Noyes Foundation, we work with communities of color, poor communities. Talking to the mayor is not necessarily sufficient. The people we are talking to are trying to get information and are not getting it. And I think that the whole question, if we are coming up with recommendations at the end of this, the whole question of the periodicity and with whom you talk in the communities is going to be very important if we are going to avoid problems. Secondly, the question of testing still concerns me. And I am not an engineer. I have been looking at the banking industry or finance industry for things and they are all saying they will be compliant at the end of the year and they start their testing in January. The point is made that all banks are now operating their systems at about 95 percent capacity. So it is hard to test the system when it is already operating like that. Then there is the question that I haven't heard about the linkages between your systems and systems of other companies with whom you are in regular contact. We know the story of the Union Pacific/Southern Pacific merger where now it is two years down the line and they are still not talking to each other by computer. So it strikes me that we are dealing with systems of systems, and what I hear you talking about is testing devices, and that is worrisome. MR. CORN: Dave, you might want to talk about the community issues. I will be glad to talk about the testing ones. MR. KURLAND: Yes. Briefly on community issues -- although my company has got a Website, some of the folks you are dealing with might not have access to that. All of our plants have community advisory counsels. They usually include LEPCs and representatives of the communities, the fence-line neighbors, business leaders in the community. So there is a mechanism there if those community leaders have questions about the plant or the company's Year 2000 status, the Community Advisory Panel (CAP) is one avenue. The other thing is the Clean Air Act 112R is coming out with worst case scenario planning, and I expect and have -- I am involved in that side of it as well. So I have made sure that all of the people who are doing the worst case scenario communications are prepared to answer questions about Year 2000. There is going to be a question from the audience, when you get up there and present your worst case scenario. Somebody is going to ask will this happen on midnight Year 2000. So I am just trying to make sure that the Year 2000 people and the RMP people are talking to each other so that they know the answer. So there are some avenues for communication. It is probably not perfect. DR. POJE: We only approached a question in here. I want to stay focused on technical management of the job at the facility. We will get time for that other discussion throughout the rest of the day. I want to just take two more questions. MR. CORN: Can I answer the one about testing? DR. POJE: Sure. MR. CORN: In terms of testing, I think the key thing is if we are looking at the safety and our ability to handle upsets, the most important thing is to test the systems within our company. The control systems are isolated, both from our general purpose network and from any of our customer sites or any of our supplier sites. So I really don't see that there is going to be impact there. EDI is another realm altogether. That is a different part of the effort. That is being worked through. But in terms of process safety, I think the most important thing to do is to test systems that control the chemicals, and that is what we are doing. DR. POJE: George Davis? DR. DAVIS: Yes. This question really has to do with the scope and anyone in the room can answer this. The two presentations represent large companies that you say are among a group of about 60 large chemical processing organizations. MR. CORN: That is more than I said, but yes. DR. DAVIS: Okay, fine. What is the total number of chemical processing organizations U.S. and global? 8,000? And does anyone know, are there any similar kind of communication links? Not likely? MS. EPSTEIN: In the OxyChem presentation, we heard that in terms of remediation, don't try to be opportunistic: fix the Y2K problem. We all know engineers that might get very focused on something and then the time would be lost. But it seems to me there are some opportunities to actually fix the Y2K problem and increase safety at the plant level and that kind of thing. Can you lay out what your perspective is on that? MR. CORN: We have had a handful of those. Our guideline -- and I won't say it is policy -- our guideline was the same. We said focus on the Y2K problem because if you let the scope grow too far, you will run out of time and you will run out of resources. You will get into approval issues and you will lose all of your time and credibility. We have a handful of major capital projects that this Y2K effort has kicked off. And, generally in each one of those there has been a case where you are going to be spending 20 or 25 or 30 percent of the money required for the capital project for Y2K remediation anyway. There are other business drivers at hand, whether they be safety, obsolescence of equipment, new production requirements and new product requirements. And in each of those cases, we do track what the project is and what percentage of it is Y2K. How many is that? Out of I think we have identified something like 90 remediation projects involving more than just an upgrade of one piece of software. Maybe 10 to 15 percent of those are sort of major capital projects. But we did start with the same guideline. We do have a handful of exceptions. DR. POJE: We have been engaged in continuous discussion for a while. I want to take a 10-minute break as opposed to a 15-minute break. Before you leave, think about the issues that you consider most crucial to the Y2K and chemical safety question. When we come back into the room, we can allow about 40 minutes just identifying issues, not reacting to each other, but just identifying major chemical safety issues identified with Y2K. Please be back promptly. DR. POJE: As I expected, there was plenty of useful conversation going on after the first set of presentations. I don't want to lose the energy and the leadership of this audience. Let's review the process. For the next 40 minutes identify issues that you see as important chemical safety and accident prevention issues related to the Year 2000 computer problem. Our goal is just to identify the issues that we see as important, not to debate the merits of the issues. Following this enumeration process, the issues will be displayed around the room. Then, collectively we can rank the issues that we see as very high priorities. When we come back from lunch in the afternoon, we can focus on those four or five issues asking the question how well is the system of safety addressing each issue. Thereby, we will identify potential gaps that could be filled with the recommendations from this audience. Now I don't profess that in 40 minutes all the issues can get identified. Because there is a limitation to the amount of time for us to speak, if people want to write them down and pass them up to the front, we will try to be recording them. Similarly, if people after that process have ideas on how they would rank some of the issues, please bring that forward. We will be working through lunch to summarize topics that we think have a common interest to the audience. So, after having heard the two presentations and hearing some other aspects of the Y2K issue, who would like to start the discussion. Ray? MR. SKINNER: I jotted down about four items that were of concern to me because they have occurred in the past and not necessarily due to Y2K, because they could be triggered by a number of events. But if this were to happen during that particular time, it certainly would increase potential for serious injuries and death to a number of personnel. DR. POJE: When you speak, please stand up so that the full audience can hear you. MR. SKINNER: Absolutely. I wanted to make sure that facilities do not put increased inventories in decommissioned tanks that are very, very close to tanks that are already in the facilities, because they may be violating facility siting issues. Because if in preparing for Y2K shortages you put increased inventories in hazardous locations, you may increase the facility siting as a problem. Second, when we do have uncontrolled shutdown of processes, we need to make sure when we are going to rely on manual valves that we have determined that those manual valves are located in safe locations because you are going to have to use them. Also, particularly when we have multiple factors occurring all at once, sometimes we have chemical releases, fires and explosions. It has been my experience when you lose power at a chemical plant or a refinery that you may in the process trigger all your fire water sprinkler systems. They come on all at once and of concern to me is will you have adequate fire fighting capabilities if you lose all your fire water supply as a result of reduced pressures. And also as a result of putting a number of increased personnel in these facilities, (particularly in control rooms which may or may not be adequately safe due to their age) we are definitely placing a greater number of people at risk due to putting them there to deal with Y2K faults. That is some of the things that are of concern to the agency and me. DR. POJE: Erik? MR. OLSON: I am Erik Olson with Natural Resources Defense Council. I wanted to raise an issue that is directly related to Rohm & Haas's presentation, which suggested that the greatest exposure is when there is multiple utility failure. An issue that I want to bring to folks attention is that recent House testimony describing a survey of over 700 of the nation's water utilities found that by their own estimate voluntarily put forward, about one in five is not going to be Y2K compliant. The question that I have is what does it mean if we are losing the water supply, likely losing in some cases at least some pressure in the water supply, at least in some cases, and also potentially losing sewage -- the availability of sewage treatment. What is that going to mean to safety issues, first of all, and secondly to ongoing production? DR. POJE: Okay, Jack? DR. WEAVER: I think the issue I would like to raise has to do with very small companies and someone referred to it earlier this morning. And I am not talking about medium-size companies, but companies that are in the 100 to 200 employee stage. And I think particularly within that group, those that are dealing with hazardous materials, in other words, a subset of those. I think that these are a concern because it is known that they don't have the internal capabilities to deal with basic process safety in many cases to start with. We are not sure of what their awareness is of the Y2K problem and their readiness. Another argument is if they are very small, they are probably very simple and they probably don't have very complex operations or very many complex controls systems, and consequently there may not be too much to worry about. But I would say if they are dealing with the likes of chlorine processing and materials like that, they should be on the list. DR. POJE: So you mean small enterprises? DR. WEAVER: Small enterprises that utilize or produce hazardous materials. DR. POJE: Joe? MR. ANDERSON: I would just like to reiterate the issue that Mike Sprinker talked about. Although it is implied in both of the presentations we had this morning, or at least it was my inference, one major issue is that people at the control panels, the operators and those that Ray was talking about that will have to manual operate to shutdown in cases where the Y2K problems cause system problems, be included in the Y2K plan, both up front and at the back end. At remediation, are the people who are going to apply these remediation tests -- the workers and the front line supervisors - how are they to be integrated and consulted on the front end and applied at the back end. The second point, I would just like to ask a question of the group. I heard about redundancy in the OxyChem presentation regarding some of the microchips. It is my understanding reading the briefing booklet that two of the authors in the briefing booklet discussed the difficulties, if not problems, with assuming that integrated chips, although manufactured by the same manufacturer and even in sequence in the inventory numbers operate at the same level and in the same manner. It is my understanding they do not. And an application of that thought process of using that understanding and then trying to use it as a redundancy systematically could lead to other system failures. Finally, I would like to thank the presenter from Rohm & Haas for presenting a systems and safety point of view that is very important and near and dear to the heart of those at the OCAW. DR. POJE: Okay. Rick? DR. NIEMEIER: I'm Rick Niemeier from NIOSH. We are all chasing the Y2K demon bug, but there has been some word about -- well, coming out of the UK health and safety executive about lots of other dates that we need to be concerned about. Are we, as a group, concerning ourselves with those other dates, and specifically they are January 1, 1999, September 9, 1999, February 29, 2000, and March 1, the leap year date, December 31, 2000, January 1, 2001, and February 28, 2001. So that is a general concern question. DR. POJE: Okay. Yes, Eric? MR. LAMAR: I'm Eric Lamar with the Fire fighters. As a concern for people who are doing contingency planning, and that would be the outright unavailability of public emergency response. Because if you are not lucky enough to have the first problem, chances are that you are going to get a step-down response or one that is non-existent. DR. POJE: Yes. Tom? MR. LAWRENCE: The integrity of the power grid. DR. POJE: The integrity of the power grid. Chip? MR. HUGHES: Yes. I just want to echo what Eric was getting at in terms of the municipal and local infrastructure. My concern is with what the other Erik was talking about local emergency responders and the integrity of emergency response equipment at the local municipal level. From what we heard today, a major issue is the involvement of local responders in either contingency planning, actual response exercises during this next year, and also how they are going to get a seat at the table in terms of figuring out how to triage before the rollover. DR. POJE: Okay, Denis. Yes? MR. CALHOUN: While it is true that in electrical power failure situations most process facilities have built plans and designed systems to address those issues, most of those systems are based on single causation failures. And the solution traditionally engineering-wise has been to put in separate feeds coming from two separate substations or two feeds into the facility. However, with the Y2K, that now may make it a single failure event. So it may be good for the process industry to go and revisit those scenarios in light of a single cause failure. DR. POJE: For the purposes of today's discussion, and because we are recording this for future availabilty on our Website, please introduce yourself when you speak. Mark? MR. FRAUTSCHI: I am Mark Frautschi with Shakespeare and Tao Consulting. I would like to throw in technological wild cards. That is, there may be technical failures that we haven't anticipated. The one I mentioned in note 7 on my paper is called the Crouch-Ecklan effect, which is an unintended consequence of fixing the Year 2000 problem in PCs. There may be other unintended consequences. So we should have technical wild cards as one of my concerns. DR. POJE: Yes, Paris? DR. STAVRIANIDIS: I am Paris Stavrianidis, Factory Mutual. The thing that I would like to talk about is transportation. We have focused on the plant side, but a lot of chemicals are being transported, and railroads, for example, rely on chips, embedded chips. DR. SUMMERS: I am Angela Summers, Premier Consulting in Engineering. For the last three years, I have been working with companies to comply with the ANSI ISA S84 1996 standard for designing safety instrumented systems for the process industry. Over the course of that three years what I have found is that there are many companies who have not provided the type of separation that OxyChem and Rohm & Haas refer to in terms of separating the regulatory normal process control functions from the emergency shutdown system. In addition to that, I have found companies who have not provided a manual means of shutdown independent of the programmable logic controller. So, therefore, if there is a failure in the programmable logic controller and then a failure of the process control system emergency shutdown system, they would not be able to shut it down. And while there are many companies who have worked very hard to make sure that they have those types of separation, there are a lot of small companies that have not. DR. POJE: Jim? MR. MAKRIS: An observation and a point or two. First on the emergency management side, Koskinen and I were at a FEMA meeting yesterday where all the agencies came together and there is going to be a fairly large state and local outreach, both in the early part of the middle spring and then during the summer. So there is at least a major federal plan to try to deal with the emergency management community throughout the country, led largely by FEMA and their related agencies. An issue that I thought was terrific this morning on the Rohm & Haas and OxyChem presentation, they certainly indicated what large industry is capable of doing. They also both identified the problem of the small and medium-size enterprise, and they didn't offer a solution. Let me try to offer what might be part of the solution. Both OxyChem and Rohm & Haas are part of the CMA, which means that they have subscribed to the idea of responsible care, which includes the obligation for product stewardship. And I would ask the big guys what they can do under that product stewardship responsibility to specifically deal with getting the kind of wonderful information they presented to us here out to the small and medium-size companies that either may be their customers or their suppliers. DR. POJE: I let Jim get away with issuing a recommendation. MR. MAKRIS: I am sorry. DR. POJE: Before we move into the recommendation arena, we are still identifying the issues here. Paul? MR. HUNTER: Did the large number of small and medium-size? Did that get up there? DR. POJE: The large number of small and medium-size. MR. HUNTER: I mean medium and small. Okay. By the way, I am Paul Hunter with the Senate Year 2000 Committee. I would like to identify what John Koskinen was referring to this morning in his opening remarks. He was talking in general and we see this in sector after sector where the big corporations know the problem and they know how important information technology is and they have been working on it for years. Senator Bennett likes to say the easy way to solve this problem is you should start in 1993. There is a solution to Y2K. Start in 1993. What scares me about this particular area and from some of the information that I have gotten from some of the people who have talked to us on the committee is the very large number, the 66,000 or so estimated, that have to comply with the RMP regulation. We are going to see the same thing in this industry or sector except that I think the potential public risk is so much higher in this than in some many other sectors that it bothers me a lot more. We see the same kind of distribution in the readiness of counties and the readiness of towns and the readiness of airports and everything like that. So I guess my real issue here is how to outreach to where the most lethality resides. This area has, I think, an extreme outreach problem compared to other sectors that I am worried about. DR. POJE: Fred? DR. MILLAR: I am Fred Millar. It seems to me that one of the unresolved problems is that no level of government has taken on the responsibility, neither federal nor state nor local, of assuring the public that there is not going to be Y2K related failures that lead to chemical accidents. The federal government is not doing it because they are being told that they are supposed to work through trade associations. But they are not in the position of contacting facilities directly. The state governments are not doing it. You can ask the Texas Commission on Y2K. They say that is not our job. And the local governments are not doing it. If anybody knows of one, let me know because I am trying to write up some models of what local governments could be doing there. So I think the short way of stating it is that no level of government so far has taken on the responsibility of assuring the public that there is not going to be major chemical accidents caused by Y2K related failures of various kinds. DR. POJE: So the issue that you are raising? DR. MILLAR: The issue is how do we get some level of government to take responsibility for reassuring the public that there is not going to be -- that they have got enough credible information from the facilities that there are not going to be Y2K related problems in their water plants -- in their chlorine waste water plants, in their chemical plants and refineries, et cetera. DR. POJE: Mike? MR. SPRINKER: I'm Michael Sprinker from the International Chemical Workers Union Council of Commercial Workers. To the degree it hasn't already been dealt with here, and I think there have been a number of components mentioned, is the need to get information out there and explain about the whole process of developing management of change procedures when tests and such are being done -- before tests are done. You know, proper advance planning. The second thing, and I am not sure if this is uniformly applicable because we have efforts in all of these various states at this point, is, of course, deregulation of a number of services: electrical being one of the main ones, telecommunications and so on, and to the degree that that is going on at the same time that we are trying to prepare for the Year 2K. What effect is that going to potentially have on -- not just on the plant level, but on the major feeds coming into the plants and communications outwards too, and is that something that has even been really looked at on the other line? DR. POJE: Okay. Steve? MR. VIEDERMAN: I'm Steve Viederman. Just because I asked the question before, my issue is the community right to know -- -- in a real way. I understand that CAPS exist, but in many companies the people in the community do not feel that the CAPS speaks to their interest. That they speak to some business communities and others. And the whole question again of what does a test of a system mean and when can it be done if your system is already running full time. MR. DEAN: I'm Norman Dean with the Center for Y2K in Society. Playing off of that comment, it seems to me that one of the problems we have is that there is no clearly defined set of parameters for what constitutes an acceptable contingency plan, either at the plant level or at the community level. There is a need for those kinds of parameters or standards. And similarly, there is a need to integrate the contingency planning that is occurring within plants with the contingency planning that is occurring in the communities. DR. POJE: Okay. Other issues? David? MR. KURLAND: I'm David Kurland. Just to switch perspectives, from the plant operation side, our biggest concern is the availability of all utilities. It is electric and water and the rest of those. There has been a lot of talk here about what will chemical plants do to address the failure of utilities, and that is clearly critical. The plants have to know what to do if those utilities are not available or are unreliable. But there also needs to be pressure on the utility companies themselves to make sure that those problems don't occur. DR. POJE: Chip? MR. HUGHES: Jerry, from the HAZWOPR (hazardous waste operations) world, if I can use an acronym. There is a need for thinking about training, including: the levels of training for groups of target populations from awareness operations for pressure technician specialists, how we develop either training materials or training opportunities. We need to let people at various levels of plant operations and contingency planning be more broadly aware of what is going on, including plant supervisors at the local level, emergency responders, front line workers that people talked about. So that there is a way that we can integrate that into the process to assure that there is not fear, panic, and overreaction. I think what we need to do is build on our existing HAZWOPR infrastructure or the incident command system from a training point of view this year, right now. MR. ORUM: Paul Orum, working group on Community Right to Know. I am concerned with how companies will communicate to the public both the existence of the hazards and the justification for bringing the hazards into communities. DR. POJE: Jim? MR. MAKRIS: As an issue rather than a recommendation, a lot of organizations are discussing how they are going to be communicating as the sun sets across the world, and I am afraid we might have a communications tie up as all these organizations independently try to create a communications net by which we learn what happens in Korea and Japan and Australia earlier than what happens in Europe and earlier than what happens in New York and earlier than what happens in California and Hawaii. Someone needs to try to pull this together. As you know, OECD put out a press release on this issue and John Koskinen talked about some work at the United Nations and there was a Yokohama Conference on it. Somebody needs to try to figure out how we are going to communicate these lessons quickly and efficiently to all parties. DR. POJE: Just to assure that everybody's on equal ground, the issue that Jim is raising relates to the fact that the arrival of Year 2000 across the globe obviously doesn't occur simultaneously. There is a 17-hour period before the new year will hit the East Coast or the West Coast of the United States after its arrival in the Pacific. The 17 hours is the preparation time that he is referring to. Kenneth? MR. BROCK: Ken BrocK from HSB, Industrial Risk Insurers. One of the concerns that I have maybe with the smaller companies is that a workaround for Y2K issues is to go back to manual operation. We have relied heavily on computer technology to control our processes, and if now we are going to, in some cases, rely on human technology to control those, we may need to, as part of our contingency plan, consider retraining workers that will be operating some of our systems on manual controls rather than automatic. MR. HUNTER: May I follow up on that? Many times we ask people about contingency plans and we are given the assurance, don't worry, we can operate all of these manually. I think there are two things that have to be remembered, and this point really reinforced it right here. Often the manual procedures are forgotten about. In emergency dispatch systems, you will have operators on board nowadays who only know how to use the automated systems. They don't know how it worked in the past. And if the contingency plans aren't exercised before the date, you are going to be out of luck. The second thing is we often forget that we automated to reduce personnel. So if you want to go back to a manual procedure, you have got to make sure that you are going to be able to scale up and have enough people to do that manually once again. DR. POJE: Angela? Dr. Angela Summers. DR. SUMMERS: Angela Summers, Premier Consulting and Engineering. We have talked about consequence mitigation systems in terms of fire water, but there is a lot of other consequence mitigation systems that are just as critical such as flares, pressure relief valves that relieve to those flares. For instance, in gas plants, emergency isolation and emergency depressurization is one of the main processes by which they prevent having a major bomb occurrence on the site. But these systems are often in order to control med alert conditions, they are also controlled through programmable logic controllers to control how fast the pressure control valve opens releasing that pressure that is in the system. So all of the consequence mitigation systems need to be evaluated for their adequacy, not simply fire water and cooling water and those types of things. DR. POJE: Joe Anderson? MR. ANDERSON: Joe Anderson, OCAW. How to integrate broader communities like labor and surrounding communities within the advisory groups like the oil and gas -- the President's Working Group on Oil and Gas. I don't know anything about that and we represent a lot of workers in oil and gas. DR. POJE: Lois Epstein. MS. EPSTEIN: Lois Epstein, Environmental Defense Fund. I am building a little bit on Jim Makris's point about the worldwide issue. I don't think it is yet known how to move towards Y2K compliance worldwide. I think we can put down there, particularly for multinational companies, but obviously it is a much bigger problem than that. DR. POJE: Michael Sprinker. MR. SPRINKER: One of the things that we see frequently is that people make certain assumptions. I know that during the Rohm & Haas presentation, they said most -- and I think the very key word in there was that most of the electromechanical systems are not date driven. And I think it is easy for a lot of plants and a lot of folks to say, well, that probably means we won't have to worry about it. I think somehow we need to get the word out to folks to avoid making too many assumptions that things will fail in a safe manner. If 90 percent of their electromechanical devices are not date driven then, we cannot really forget the other ones too. DR. POJE: Steve Viederman. MR. VIEDERMAN: I heard the question of plant shutdowns. I thought I heard OxyChem say that if there is a failure, then you might shut down. Obviously, that is after the fact and may be the problem. How, when, and again who is involved in the decision to make the plant stop or start? How are the workers involved? How are the surrounding communities involved? And what are the levels of information they are going to need over the whole 12 months in order to make this something that everybody is a part of and feels comfortable with? DR. POJE: Joseph Hughes. MR. HUGHES: Joseph Hughes, National Institute of Environmental Science. I guess I was picking up on what Joe just said where the President's Council has looked at sector-specific planning and organization. I think what we are doing here is multisectoral, multidiscipline, interagency. Another issue is how can we create a structure for the ongoing communication just like we are having here to continue over the next year so that we can have more integrated discussions of stakeholders. DR. POJE: Mark Frautschi. MR. FRAUTSCHI: I wanted to pick up on the going back to manual mode issue. One of the great things about, for example, programmable logic controllers is that they work just as well at 4:00 in the morning as they do at 9:00 in the morning. Human beings don't, which is one of the reasons why we go to these systems. So in addition to practicing, I think that we need to make sure that we have people being alert for those 24-hour-a-day processes. DR. POJE: Paul Orum. MR. ORUM: Paul Orum, Working Group on Community Right to Know. I reiterate the latter half of what I said before and expand upon it. In what forum do decision-makers at chemical plants justify their decisions to communities in public meetings and other statements. In what forum does that take place? DR. POJE: Gary Jonesey. MR. JONESSE: Gary Jonesey, EPA, Office of Enforcement. The issue I want to raise is at least to the extent that we have a role in this, we are trying to encourage testing through our Y2K enforcement policy. And the question would be whether or not we have struck the right balance there. In exchange for some reduced and in fact waived penalties, we lay out some conditions in our policy. And one I want to raise in particular, which is that any testing that is done we thought has to be done as soon as possible in the shortest period of time necessary, but in no event over a greater period of time than a 24-hour time period. So I guess we would be looking to know whether or not that is a valid technical assumption. We do provide for retesting with complications. But, again, we would just lay that out there. DR. POJE: Joe Anderson. MR. ANDERSON: Following up on the question. I would like to ask the question whether this regulatory bypass for testing should be permitted in a way that in a facility a hot work permit is issued to insure that people are aware of the situation. Equally so when -- I shouldn't opinionate about that. I am raising the question of whether there should be a mechanism to permit people to test in a way that may be out of regulation for OSHA regulations or EPA regulations. DR. POJE: Fred Millar. DR. MILLAR: Given the critical nature of the electric utilities and so forth and their understandable reluctance to come out in public these days and talk about where they are -- I mean, that is my experience at least -- it seems to me what are the 20 questions that a community group or a major user of an electric utility can ask to ascertain the current posture of that utility on Y2K questions. It occurs to me that maybe major users of electric utilities like refineries and so forth might already know some of those questions and can community and local government people learn from that. What are the 20 questions that anybody ought to ask of their major provider of major infrastructure, whether it is water, waste water or electric utility or transportation. DR. POJE: Yes, Bob Newell. MR. NEWELL: Bob Newell from Honeywell. I think there are a couple of things here. Rohm & Haas touched on it. They were going to inventory their plants. Perhaps a list of what questions should be asked to determine the readiness of a plant, not only of its internal pieces but of its suppliers. And then another one that we are considering is to have a Year 2000 day in September, where we actually work with our suppliers and our customers to try and figure out if, in fact, we are ready or what could be some different scenarios. MR. KURLAND: Can we do that on September 9? DR. POJE: Coming back around, Dennis. MR. CALHOUN: Dennis Calhoun. Mr. Koskinen mentioned and in the briefing documents it talks that one of his key areas of concern is the marine industry. So we talked about watching your supply levels in the presentations this morning. That is a real great concern, especially for the foreign flag vessels. DR. POJE: Okay. Norm Dean? MR. DEAN: Norm Dean, Y2K Center. There is going to be a lot of testing going on in the first half of the year, and I am interested in how there is learning that will occur beyond the boundaries of the plant within which the test occurs. The federal law, from all reports that I have seen, has failed to encourage companies to disclose information about their Y2K test results. Is there anything that can be done to provide increased incentives for information sharing? DR. POJE: Joe Anderson. MR. ANDERSON: I would like to know -- the question is what is the mechanism to recognize inventory, remediation, and certification of repair or whatever the phrase may be beyond just the common discussions. How does -- and someone mentioned Merck. How does someone know if what Merck is doing is the same that Rohm & Haas is doing -- not exactly the same, but will Honeywell set the standard? Who will set the standard for what to look at, what the remediation is, and certify that the remediation has been done? I mean, maybe I am demonstrating my ignorance and naivete. But from where I sit, I don't know the answer. Everybody is talking about how they are doing this, and I haven't a clue about what that is. MR. HART: My name is Dave Hart with Rockwell Automation. Building on that point and some of the other points that came up about communication, especially with medium and large size companies, we give free seminars to our customers about Y2K issues. And, it is frightening at some points how few people are really engaged in Y2K deeply, and how few people realize that the term compliance can mean different things to every person in this room. Okay? And what I think is really of need and really a major issue that I am concerned with is it was brought up before about sharing information in like industries: people that have like systems or like processes or what not. Because to your point, Joe, maybe you don't know how to test. But again, when we look at Y2K, we are balancing out risk versus return, right? It is a business decision. That is what a lot of people get tripped up on. And before we can communicate that to the business community and let people realize that and have people sharing information more, then I think we are not really going to get to where we want to go. DR. POJE: Yes, Joseph Hughes. MR. HUGHES: I am going to expand upon the EPA discussion about their Y2K compliance policy. There are many aspects to our existing regulatory structure -- on the EPA side, look at RCRA, ISLA, CERCLA, Clean Air Act, NPDS permitting, and also on OSHA's side, look at process safety management, 119 and 120, and also that emergency response. Another structure of the permitting system that I don't think has been raised is how do we either encourage or compel people to do Y2K testing and compliance as a permit condition, which may take it beyond what you guys were just looking at, which is the testing. Because I think as was just said here, the SMEs and a whole large sectors of society are not taking this seriously. What Erik Olson was talking about in terms of municipal water systems and also sewage treatment plants under the control of county and local governments are not taking this seriously. Is there a way that we can use the regulatory system, the much-hated regulatory system, to maybe like kick people in the butt a little bit about it. You can put that down if you want. MR. BROCK: Ken BrocK again. I will follow up with a variation of that, but it is on the other side. One of the concerns I would have is what else will industry and business be asked to do next year that will divert resources away from Y2K. And we have to be careful that we don't create new legislation that requires additional record keeping or system changes or other things that might detract from our ability to address Y2K problems. DR. POJE: Angela Summers. DR. SUMMERS: We all acknowledge that there is not much time left, and we have also acknowledged that not everybody is doing anything. I wish there was a mechanism by which the companies who have forethought and done something about this issue, like OxyChem and Rohm & Haas, to be able to share their specific results on their assessments with companies without fear of litigation or without fear of liability. They have shared with us a lot of generalities that most of their systems are compliant and that they have found a few problems. But if you are a mom and pop chemical company in the U.S. or even internationally, you don't have access to that type of information unless you do the tests yourself. And it would be nice if there was a mechanism by which companies could supply that information to business in general without fear of litigation. DR. POJE: Sam Mannan. DR. MANNAN: I would like to make a comment which plays off of several things that I have heard here. First, on Irv Rosenthal's comment earlier that if it is not a catastrophic issue, then do we have to worry about it from a point of view of process safety. The second thing is that we are all trying to find a prudent approach to how to deal with this "problem", which we don't know the nature and extent yet completely. In doing a prudent approach, the example that I can give you is in a paper that I read where someone said that it would be nice to have $1,000.00 in cash at the turn of the century, so that if banks stop operating, we will have money with which to buy some goods. Well, the problem you create with about 150 million households in the United States multiplied by $1,000.00 each is another problem that you have created. And that is what I want to remember from John Koskinen's earlier comments. Our remedial measures should not be so overwhelming that that itself becomes a problem. I think that is a critical issue that we have to keep in mind when we look at all of this and address our remedial measures. DR. POJE: David Kurland. MR. KURLAND: I want to build off of what Sam Mannan just said and something that Mr. Skinner said earlier. Specifically for the chemical industry when you are talking about these contingency plans that might themselves cause a problem, I have had a good bit of concern about people are talking about inventory builds. We are going to build up raw materials or products, and that in itself could cause problems. So I am looking to dampen concerns about the Year 2000 problem so that folks don't feel they need to build inventory and therefore create transportation problems, storage problems, and other kinds of disruptions. DR. POJE: Mr. Skinner. MR. SKINNER: I thought of another problem in discussion with my neighbors around me here that I think is very, very important. Houston being such a close-knit chemical community, when an event occurs, they all act like a family and all rush to everyone's need and mutual aid. What would be the impact if we had four or five plants all at once having these problems and they were relying on their sister plants to provide assistance. You basically don't have that and you are dealing with other problems. So I think we are going to have a major problem if it is multiplied in several facilities. So knock out mutual aid. That is a problem. DR. POJE: Irv Rosenthal. DR. ROSENTHAL: Thank you, Jerry. Playing off of what a number of people have said, we are going to end up with a whole series of issues, each of which separately could cause a problem. The inventory build-up may increase the risk of just conventional build-up of a hazard so that if there is a normal accident, it is going to be larger. Similarly, we've identified the transportation problems, the $1,000.00 problems. I think it is incumbent on someone to take the available information and attempt to rank these problems in order of importance. To throw out 500 different problems without offering guidance as to the importance to which they be attacked is probably destructive. You will get everyone taking out $100,000.00 instead of $1,000.00, and all of these things taking place. So I think that the need for someone to try to take the available information and rank the likelihood of these is important. If, indeed, it turns out that the possibility of a Y2K failure is small, then the resultant build-up of inventories and movement of people and transport of workers in because transportation and driving to the plant are necessarily a problem that kills as many workers caused by accidents, then we are going to be causing more problem than what we are solving. DR. POJE: Irv reminds me that our hope was that we spent 35 or 40 minutes identifying the issues. As we have raised issues from around the room, we are starting to hear a few things get repeated, maybe with a few nuances on each. Can we start to look at these items that we have been writing here and tacking them up? Can we start to move in five or ten minutes into a more synoptic approach. How many of these issues could be subsumed under a rubric of training? How many could be subsumed under the heading of testing? Can we summarize the issues in a way that after lunch, we could subdivide our time spending a half hour on each major issue? In doing such could we get further into an analysis of how well is the system of safety covering these issues and what opportunities might there be for strengthening that system? Let's go for about five more minutes, but start to think about becoming more synoptic. Erik? MR. OLSON: Yes. I wanted to raise two issues somewhat playing off of other things that have been raised already. First of all, I wonder who is going to actually do an independent audit of the small and medium facilities, including not just the chemical facilities but the utilities that they rely upon? Because if nobody is going to audit it, what do we know about what is going on in those situations? And secondly, what are the incentives for those small and independent or medium-size facilities and utilities to actually become Y2K compliant in advance. Especially I wanted to identify the regulatory incentives. Somebody had mentioned permitting and a lot of these facilities may not have permits that authorize some kind of authority. So is EPA going to be sending signals, for example, that we are just going to waive enforcement if you have a problem because it was a Y2K problem. If EPA is sending those signals, I think a lot of these small folks are just going to say, well, we will wait and see what happens. DR. POJE: Paul Orum? MR. ORUM: I haven't heard anything yet about inherent safety. How do we spur interest in the development and adoption of inherently safer technology such that we are not merely responding to the problem of the day or the year, which this year is the Year 2000. DR. POJE: Paul Hunter? MR. HUNTER: Yes, Jerry. I would like to bring up an issue that may not be an issue here, but I would like to bring it up anyway. Let me bring it up and then we can have a discussion. Let me tell you. When we try to put together a hearing on certain topics or certain sectors as you call them, we often find that there are four reasons why we have difficulties getting witnesses. First of all, they are ignorant. They don't know there is a problem or they are in a state of denial. I think the second one you have heard talked about many times is the liability issue of either being sued now or being sued later. If you expose something now and you have a problem, you can be sued later on or you can be sued right now by disparaging someone. The third issue we often hear is we are not going to talk about our problems because it is going to impact our company's value right now. If we disclose something and our competitor doesn't, then our market value goes down. That is also the real world. The last one is competitive position, and I think this is irresponsible but I think it is the real world of business, and I hope it is not true here. There are industrial segments that have said we are not going to tell you about what is going on and what we have learned and what we did because if we are in a better position than our competitor. And, if they have Y2K problems, that means we are going to gain market share. That is the real world in other segments. I would hope it is not the real world here, but I think it is something to be looked at to see if competitive positions are preventing the sharing of information. Because I would contend that just a few accidents in this segment are going to cost the overall industry much more than someone is going to get out of the gain in market share. DR. POJE: Very good. MR. MAKRIS: Thank you. First a comment on the comment regarding the enforcement issue. EPA's view on the enforcement leniency is to promote testing to avoid Y2K releases. It is not to provide leniency to Y2K releases that are as a result of corporate misdeed or negligence. So we are trying to find a way to encourage testing so there won't be Y2K releases and provide some enforcement leniency. I think one of the things you may want to talk about this afternoon is the general place of regulatory programs versus the place of voluntary activities with a very public oversight. I think it is a really important issue to keep in mind. This is January, 1999. You need laws to do regulations. You need regulations that need public notice. The whole legislative and regulatory process is time consuming and may not be awfully helpful right now. We need to find solutions that relate to public interest, public oversight, public exposure, and maybe without trying to deal with a series of harsh regulations, unlike where agencies have control over a water treatment plant. They certainly can impose specific things on that. DR. POJE: Bob Smerko? DR. SMERKO: Bob Smerko with the Chlorine Institute. I would just like to raise the issue of how do we develop trust among all of the various stakeholders that are in this room. DR. POJE: Jack Weaver. DR. WEAVER: It is scary, but it has happened a few times before when Jim Makris reads my mind. There were really two issues that I was going to highlight. One was that as we look through the issues and the problems and solutions, we need solutions that are 378-day solutions, not 5 year solutions. And I think many of the ones we have heard of and issues and needs are really important. As an example I would highlight is inherent safety, which our group is working hard on and a lot of the industry is putting a lot of effort into it. That is, for the most part, not a 378-day issue, just as an example. So we need to do practical things that can be done within 378 days. The second is, and it is Jim's point, and that is that we are not dealing with a traditional classical regulation situation here. We are dealing with an important issue that is happening once in -- I don't know, very infrequently and what can happen. And if it goes wrong, it can cause regulations to be broken. But it, by itself, is not a regulation. And I think we just need to be careful that we approach it in a way that solves the problem, but I think the traditional regulatory approach and solution is not the best way to do it. DR. POJE: Michael Sprinker. MR. SPRINKER: This actually probably fits under what does a test of the system mean, but I think one of the things that would be good for folks to know who haven't done their tests yet is what they really should be looking at. And one example I do want to toss out is the fact that doing a test in July in the northeast Ohio area, where I just came from, you may find things and you say, well, okay so the steam goes down, but that is all right, things will still flow. And so the water -- the fire suppression systems go off and we have got water flowing everywhere. That is not too bad in July, but people need to remember that we are talking January 1, 2000. We are talking about the high potential for freezing weather. So I think we need to assure that people plan contingencies around those parameters most likely to occur on January 1, 2000, or the other dates which were mentioned too, which unfortunately also are mostly winter dates. DR. POJE: Steve Viederman. MR. VIEDERMAN: It is nice to know that everybody is assuming global warming will take care of the problems you are dealing with. Paul Hunter I think raised a point that hasn't been on the table, which is the whole reaction of financial markets. We are told by the Harvard Economics Department that economics is just rational behavior, but that defies most of our own experience. Yardeni may be an extreme when he says there is a 70 percent chance of a recession, but you've got the World Bank saying an Asian recession in 1999, and the Wall Street Journal this week reported a major chance of a Latin American recession this year. These things are all part of the system. And then as people start getting worried about this and start saying should we get out of stocks and get into equities or treasuries or something like this, it could kick off a whole series of things that will then start other problems for the chemical industry, the water industry and the electrical industry. Unfortunately, I have made efforts to find people on Wall Street who even want to talk about that, and they are in the pre-denial stage. They just will not talk about it. It is not litigation. It is not fears. It just is not part of their lexicon. DR. POJE: Mike Marshall, OSHA. MR. MARSHALL: I guess I have a little more focused concern of a couple of the items that were brought up this morning, one being the most hazardous operating phase is start-up, and the other one being the power grid. This grows out of an event that happened in the Houston ship channel two summers ago when a refinery blew up. We had one of those big south Texas thunderstorms that knocked out the power supply. And as the power supply kept coming back on line as well as the uninterrupted power supply (UPS) system in the plant, the equipment kept kicking in and kicking out. Eventually -- I won't get into a lot more detail -- but as a result, that was one of the direct causes of this big explosion down in the refinery, and I think there is a parallel here. DR. POJE: Yes, Dave Hart. MR. HART: I have two points. The first is I have a little bit of a concern with certain companies that see the Y2K project as kind of a beginning and an end situation. So let's say six months from now they say we are done with Y2K and we can forget about it. We have done what the CEO told us to do and let's move on. Well, they could institute some of the problems that they have paid good money to fix. So that is a concern. The second concern, which is more to me than maybe a lot of other people because we are a supplier of support services, will everything that causes any problem in a plant, no matter what type of plant, be attributed to Y2K come the new millennium? So will we be completely swamped and not be able to provide the services. Something to think about so that people are well informed that just because you have a glitch in the system, don't throw up your hands and say it is a Y2K situation, let's call in the troops. DR. POJE: Joseph Hughes. MR. HUGHES: I am going to pick up on what Michael Sprinker said. I was having a discussion with some people at the Hanford Nuclear Plant, of course who aren't around the table here -- DOE, in terms of the nuclear weapons complex -- but they are going to do their testing in January to have actual realistic conditions during testing. So I guess the point is try to figure out realistic conditions for doing testing. And obviously since we have a weather-bound incident coming up here, I think that is something everybody should take into account for realistic scenarios. DR. POJE: Bob Newell. MR. NEWELL: To play on what Dave Hart was saying, I was in Aberdeen and we talked to a whole pile of customers and users of our equipment. And, we talked about the fact that if we had 50 calls and we only had 10 people to respond to that, how would we prioritize that. A suggestion came up in the area which was maybe what we ought to do is prioritize the industries by region so that suppliers and people who are going to respond to a call could then prioritize based upon some ad hoc standard. Now the private people that were in the -- the business people there said, well that is a government thing. We could never get that to happen. So obviously we are at the government level here, so maybe that would be something we could institute -- a regional prioritization of companies and industries that would be responded to first. DR. POJE: Harry West. DR. WEST: I have a different viewpoint. I represent basically the small independent integrators who essentially service the small plants, not the large plants. There is a different viewpoint, and I am probably the only one in the room who has experienced something like a Y2K problem. In 1977 at about 2:00 in the morning on Christmas Day I got a call from Venezuela that our control system at a gas plant had shut down. We had a -- and I am going to be nice -- they called it a recalcitrant programmer who put a little sub-routine in there that as soon as it was Christmas Day on that particular day, he went to a subroutine and said Feliz Navidad. He forgot to put a return on that program. Therefore, it shut down the gas plant. There was no accident. Speaking in that sense, he didn't call ABB or Honeywell, he called the guys who put in the control system, essentially the people who -- and there are lots of little small companies like that in Houston that are really not incapable of responding to multiple customer -- and that is leading onto that point. We also need -- and the second point I want to go on is emphasizing what Angie said. DR. POJE: For transcription purposes, the first point was small --? DR. WEST: Small companies -- DR. POJE: And small integrators -- ? DR. WEST: And small integrators are going to have a hard time responding to the calls. Even though the large companies are going to have a hard time, I think the smaller ones are going to even have bigger problems. That was a $25,000.00 pop on our little company to send a guy to Venezuela for that one little thing. But you can understand that in a backrow situation. The second thing is little companies have a different viewpoint with regard to liability. Angela mentioned it a little bit ago. We talked about this issue that there is a new law saying that you are not liable for something you have said and told people. But both Angela and I were at a meeting in Houston of the Chemical Engineering Society and a lot of smaller companies were in there and even medium-size companies. They were still -- when they asked other companies, they thought that this liability still existed. So the ability of that legislation to be outreached into the smaller community I think is absolutely critical because a lot of people even now don't know it exists. And if they had that and they had the ability to go to a Website that they felt more comfortable with and didn't have this liability tail given to them, then I think we would have a lot more people in smaller companies at least starting to participate. DR. POJE: I am going to make a suggestion. We are approaching the 12:30PM mark. Several recent issues seem to reframe some that have already been discussed. I would like to take maybe three or four additional issues and then I would like to give you a list of what I have heard and other people have heard and transcribed. Then, I suggest then we break for lunch. So a few more comments. DR. ROSENTHAL: I just wanted to frame the recurring issues. That is, is the Y2K problem distinctively different than any other problem of a hazard in a system? That is question one. Is it really a different problem? And two, do existing regulations have the ability and practices to address this as part of a general hazard problem? And three, if they do, are the resources in place or are there plans to do anything about it? DR. POJE: You don't want an answer to those three things. DR. ROSENTHAL: No, these are questions. I know the answers. MR. CALHOUN: This sort of flies in the face of some experience and perception, but I think the regulatory agencies are resources and repositories of solutions, and I know the solutions will come up this afternoon. But perhaps there is an opportunity for the regulatory community to provide assistance and address the potential problem without having to always resort to regulations. Because we don't have the time for that as was stated earlier. But it may set a new trend for how we can address certain issues without going through the regulatory process. DR. POJE: Coaching, perhaps. Joe Anderson. MR. ANDERSON: Real quick, I want to echo this that regulatory agencies are helpful. And please take this as we are talking very honestly and openly here. From someone who represents workers in facilities, not all these facilities but in many of them, we are what is called human capital. And when it is discussed that regulations -- costs, liability and all these issues are prohibitive. That is what I am hearing, and I don't think that is what we are saying. But what I am hearing is they are prohibitive to making the changes necessary to address the Y2K problem. What does this say about the people that are in those facilities and surround those facilities? What is the implication? That is not, I don't think, what you are trying to say. But what happens if that is what comes out as the discussion point that all these changes, reviews are prohibited by liability, by cost, by regulation. I don't think anybody is saying that. Everybody is shaking their heads no, no, no. But from somebody who is not a business person but deals in the business, from somebody who represents workers there, you wonder on the back-end of that looking for the solution, -- where does the human capital end up. And I think we need to have a response to that collectively. DR. POJE: Fred, the last comment. DR. MILLAR: Well, this is kind of a conceptual question. I have been hearing -- you know, the industry presentations were extremely useful. And one of the key concepts that everybody kept saying from Rohm & Haas and OxyChem was certification. In other words, the plant manager is supposed to certify that they have done the testing, and the plant manager is supposed to certify that they are Y2K ready. The vendor is supposed to certify to the customer, namely to Rohm & Haas or to OxyChem, that their component or their device is Y2K compliant. Certification seems to be an extremely important concept when you really need to know whether that thing is going to work or not, right? Now what I am interested in is what is the community or the worker counterpart of certification? When you really are serious, what is the worker and community counterpart of certification? DR. POJE: Let me take the opportunity to now summarize what we have been hearing. It is hard for anybody to repeat all of these things. I am trying to be comprehensive here. What does Y2K compliance mean? The definition of compliance is an issue. What is the issue surrounding utility supply and chemical safety? Communications as a broad topic, but more specifically communications with various stakeholders seems to be a theme that has come out as issues here. Small and medium-size enterprises and their response to the Y2K problem, particularly as it relates to the high hazard materials handling. Fail-safe and backup. Transportation. Training. Emergency response. Inventory levels and changes. Global concerns. Testing and contingencies around the testing. Equipment and the contingencies around equipment. Sharing of information, and perhaps the communication issue. Outreach to small companies -- perhaps the small and medium-size enterprise issue. Employee involvement, perhaps part of the communication issue. Management of change, part of a Process Safety management (PSM) invocation. Regulatory and legal concerns. Considerations of weather and putting our Y2K dates into an actual understanding of the time of the year. Public or corporate stampede or the perception of the problem creating additional problems. And then certification. If anybody thinks that we have missed a major issue that was near and dear to you, come up to me and we will add that to our list. I don't want to exclude anything. But eventually, I want to narrow down to a smaller subset. I would ask that you come back, hopefully before 1:30PM. When you return, look at this list once again and be prepared in about a half an hour to have a sense of the five most important points. A couple of administrative issues. In your briefing book is a small section that describes the EPA policy on testing. It is not the most current policy. That needs to be corrected. If you go to the EPA Website identified on that document, you will get the most current policy. Please don't distribute the wrong policy to your friends and colleagues and ask what do you think about this. Go back to the original Website and get what is most current. Second, I will be distributing something that Bill Erny gave to me from the American Petroleum Institute (API) about how they are approaching Y2K. So please be back by 1:30. (Whereupon, at 12:24 p.m., the meeting was adjourned for lunch to reconvene at 1:39 p.m.) A-F-T-E-R-N-O-O-N S-E-S-S-I-O-N 1:39 p.m. DR. POJE: During your time at lunch, we reviewed all of the issues that were discussed in the morning session and tried to synthesize them down to 21 issues. There is not enough time to discuss 21 issues. We are going to try to take a ballot vote on these issues. Everybody will be given a ballot. You get two votes. Pick whichever issues you think are the ones that are the most urgent and most important. However, before we do that, I wanted to read the list because you may have suggestions for things that I missed, or identify issues that you think are more logically combined into a smaller subset so that we are voting on fewer sets of issues. MR. SUSIL: Jerry, as you read the list, is that the appropriate time for comments or clarification on those items prior to balloting? DR. POJE: Please. Let me start here. Issue number one -- don't read this as a ranking -- management of change. Number 2, Regulatory and legal concerns. Number 3, Consider the weather. MR. HUNTER: Jerry, can I stop you at that one? I was thinking about that one just before lunch, and I think the issue there is to do realistic testing. So it is having the right level of staff, the right time of year, the right processes running. So it is realism of the testing environment. DR. POJE: Let me just read them and then we will try to combine them. So I am putting realistic testing over consider the weather. Number four I have here certification. Five is Y2K fear and overreaction. Six is trust among stakeholders. Seven is equipment testing. Eight is contingency plan testing. Nine is information exchange. Ten is outreach to small companies. Eleven is employee involvement. Twelve is transportation. Thirteen is training. Fourteen is emergency response. Fifteen is inventory levels and changes. Sixteen is global concerns. Seventeen is communication. Eighteen is issues with utilities. John? MR. SUSIL: Jerry, this is one -- Irv and Tom and I were talking back here, and I will ask them to clarify if I don't say it right like we said it. If you look at most of these issues, most of these are within the control of individual companies. This issue with utilities isn't even -- it strikes us isn't even within the control of specific utility companies when you look at the national grid. So this one strikes me as an issue at a government level, maybe near the top of the list from all of the others, if you are looking at it from the perspective of where should agencies or government be stepping in. I just wanted to make that point. MR. ORUM: What do you see as the difference between 17, communication, and 9, information exchange? DR. POJE: Here is an example of where issues, perhaps, could be combined. If people want to combine them, I will just cross out one of them. MR. MAKRIS: Small companies and SME's. 10 and 19, I think, come together. Outreach to small companies and the SME. DR. POJE: Shall we deal with the first issue? Paul is suggesting that information exchange is part of communication. DR. ROSENTHAL: Well, I want a clarification. Communication between companies or between companies and their stakeholders? Are you lumping them both together? Because they are really a very separate issue. DR. POJE: Okay. So before I take this one off, should we say communications within the business and then communication outside. DR. ROSENTHAL: I would like to suggest information exchange among enterprises and units dealing with the Y2K problem. DR. POJE: Information exchange --? DR. ROSENTHAL: Between companies. DR. POJE: Between companies and then communications -- ? DR. ROSENTHAL: With stakeholders. DR. POJE: With stakeholders. Okay. Joe? MR. ANDERSON: So is communication -- when I think of communication -- my spin, of course -- communication also -- or is that employee involvement where you communicate with the end-users of what these changes are? How do they -- the supervisors and the panel operators -- Y2K changes go into effect, how is that communicated. What could or could not be a problem or the situation and how do they apply the changes. MR. CALHOUN: Can we combine both training and employee involvement? MR. ANDERSON: Well, we could, but when I think of employee involvement, aside from management of change, I think of Process Hazard Analyses (PHAs). I think of Haz Ops. I think of all kinds of ways in which looking from a regulatory framework and a practical framework, there is integration amongst the entities or amongst all the communities and the management and the work force. It should be all one in the same. DR. ROSENTHAL: Make a suggestion, Joe. MR. NEWELL: How about taking contingency, employee involvement, training -- and I don't know what transportation is, but those are all things you need to do once you say, well okay, what if and how am I going to respond to it. Because once you decide your contingency plan, then you have got to get your employees involved with that and then you have got to train them. Because chances are, you are going to have to do things differently. MR. ANDERSON: If I may just quickly respond, one of the things I am thinking of is Haz Ops and PHA is pre-planning. It is identification. I think that is important. MR. FRAUTSCHI: How about planning/response, and then you put all those things underneath it. DR. POJE: Does anybody agree with that? Mark, what are you suggesting? We are condensing here? MR. FRAUTSCHI: Planning/Response and then put training underneath there. I am sorry, what were some of the other -- DR. POJE: We have contingency plan testing. MR. FRAUTSCHI: So that would go under that. Those two things go naturally together. You try to stop it from happening and if it happens, what do you do? DR. ROSENTHAL: But that really is your system for managing the risk. It includes all of those. So the emphasis ought to be perhaps added emphasis on the risk management process, which is basically what the read from the EPA regulation includes -- employee involvement, Haz Ops, training, maintenance. In other words, to increase the tension to risk management. That includes management change. MR. ANDERSON: If you look at PSM and RMP as a model -- I am trying to impose that model into this process. DR. ROSENTHAL: What if we take management change -- DR. POJE: How about we take that out and we put risk management. Is there anything else that drops out by saying this? MR. SPRINKER: Emergency response. Number 14 drops. DR. POJE: Okay. Does everybody agree that we can take out number 14, emergency response? Okay, keep it as a separate topic then. MR. MAKRIS: You really have almost in some ways two issues. If we are talking about the issue of -- some of these things fit into the issue of testing and so on, both the design, conduct and analysis of your tests. And then there is also the stuff that comes out when you figure out, gee, now we think this can happen, so you've got the emergency response and other issues. You have also got to put in somewhere in late December what you have to have in place for the first. DR. POJE: This was separated here as equipment testing. The Y2K task of assessment -- inventory assessment, remediation, testing activities. And this is contingency plan. MS. JONES: But the thing is if you build on what Joe was saying and you use the model of RMP, you identify the hazards. That is the first thing you do. The identification is what you are saying. You develop plans with safeguards in place. Part of that is the testing you are talking about. And then for those things that you must respond to, you develop emergency response. So those three are combined together under the umbrella of risk management planning. MR. MAKRIS: One of the reasons why I suggested management of change earlier is considering management of change or some sort of a permit process or whatever when you are actually thinking more in the terms of a hot work permit process when you are designing your tests, your initial test of equipment and so on of the system. DR. POJE: Now remember, we are just trying to get the categories here that we want to vote on. We don't want to get into the discussion of what are those categories going to tell you. Otherwise, we will never subdivide this into four or five topics that consume the rest of the afternoon's discussion time. So let's keep focused on issues that are combinable so we are voting on fewer things. And I will make sure that we spend no more than 10 more minutes on this phase of our discussion. Otherwise, we are not going to get on to the task of analyzing any particular issues. Jim? MR. MAKRIS: I would like to go back to the 10 and 19 combination. Because clearly SME is a problem, whether it is outreach or training. It is that whole small and medium-size enterprise issue. DR. POJE: I see 10 being under 19. Anybody disagree? MR. VIEDERMAN: I am assuming the category trust among stakeholders is supposed to respond to the community issue. Because quite frankly that wording is going to take a lot more than Year 2K. There is much too much there. What we are talking about is responsiveness to stakeholders, which is different than trust. I mean responsiveness and involvement of stakeholders would be the heading that I would include. DR. POJE: If I change the word responsiveness -- would that better characterize the issue? We want to vote on the issue. MR. VIEDERMAN: Yes, it is better than trust. Communication can be one-way or two-way. We are talking about the two-way process. MR. CALHOUN: Why don't you combine 6 and 17 and change the language to make it responsive communication with stakeholders. You can't have responsive communication without trust. DR. POJE: Does anybody disagree with that? Responsive communication with stakeholders. And I will take 6 off. MR. CALHOUN: We are not writing a regulation, so we don't have to wordsmith it. DR. POJE: Responsive communication and somebody said among stakeholders. I think that is a better word myself. Okay, Dennis? MR. CALHOUN: I was thinking about number 12, transportation. And then there were issues with utilities. Both of those factors being under a category of external factors. Not really internal to the company and not really within the control of the community or the stakeholders. Those are external factors that have to be dealt with. MR. DALEY: Transportation I think is a lot different than utilities. The basis -- we can pick and choose if we want to use a trucker or a supplier of transportation. In most cases you have some choice of transportation suppliers. Whereas with utilities, like electrical utilities, if they are not ready, you don't have a choice. MR. CALHOUN: You don't have that much choice on crude oil tankers. Pipelines -- you don't have hardly any choice on pipelines. So that was my thought. DR. POJE: Anybody have a swell of consensus here about including transportation with utilities? Andrea? DR. TAYLOR: I just have one question regarding Community Right to Know. Are we saying then that that is under the responsive communication among stakeholders? Okay. Because sometimes stakeholders doesn't necessarily include community. You have got to make sure the definition is clear. DR. POJE: Steve? MR. VIEDERMAN: One other thing that doesn't seem to be there of systems that are around there are systems of the market, the financial market. DR. POJE: That I thought was assumed under global concerns. MR. VIEDERMAN: Global concerns to me is what happens if Russia blows up. The market is a domestic issue that is impinged by global issues. DR. ROSENTHAL: Is this financial issues as they effect process safety or what? MR. VIEDERMAN: The financial markets as they relate to the whole range -- I mean, to the extent if the market tanks, what is that going to do to the chemical industry and its ability to invest in other things. MR. ISDALE: That would be under 5, fear and overreaction. MR. SUSIL: I think we are talking today about what Y2K issues can cause accidents in chemical plants and potential releases. So what you are talking about is very real, but it is kind of a longer term. I wasn't thinking of that as fitting under the umbrella. MR. HUGHES: Jerry, just for clarification, are we implying "the Y2K impact on chemical releases" after each of these issues? DR. POJE: You are correct. All issues are more narrowly focused on the core topic of this workshop. So let's make sure we are talking about employee involvement issues that are totally on the topic of chemical safety in Y2K. MR. HUGHES: Because I think that is what Steve's point is. Can we somehow lump externalities together in some way, vis-a-vis, Y2K impact on -- DR. POJE: But I am hearing him say that is the global financial reality. MR. VIEDERMAN: We don't know what will happen in markets and how that will affect the chemical industry. If people start withdrawing -- DR. POJE: Okay. I will put it down. Again, it is votable. MR. VIEDERMAN: It is a footnote to the discussion, but it has got to be there. DR. POJE: Okay. Joe? MR. ANDERSON: Would anyone agree to putting equipment testing, 7, and contingency plan testing, 8, under 4, certification? DR. POJE: I'd much rather leave them discrete and go to a vote on it. Let's look at this. We have 3 now called realistic testing and we have 7 as equipment testing. And 8 is contingency testing. Can we take the realistic word out and say it has to be dealt with under the testing? So it is just a two-testing issues. MR. ORUM: Do we still have something here about small companies? DR. POJE: Number 19. MR. ORUM: Number 2 reads regulatory and legal concerns. That is not specific enough to garner anybody's vote. What does it mean? DR. POJE: From my understanding of our discussion this morning, regulatory and legal concerns has to do with those issues of what are the existing regulations and how do they influence the issue of chemical safety in Y2K? What is the realm of possibilities with other legal issues influencing the chemical safety in Y2K issues? DR. SMERKO: And what is the impact of legal or regulatory issues that take away from assets going to Y2K remediation. DR. POJE: Right. DR. ROSENTHAL: Well, put it in a way that is more than concerns. That is to say better, greater or some adjective employment of existing regulatory and legal -- DR. POJE: How about if I read them once again. Does anybody have a burning issue that they think has to be dealt with? DR. TAYLOR: Did I say employment involvement and training was going to be -- keep that separate? Are you going to put those under risk management? DR. POJE: There is a strong feeling -- employment involvement. We talked about that. Somebody said it was separate. MR. CALHOUN: The advantage of putting it in there is if you vote for risk management plan, then we can discuss it. But if you've only got two votes and you don't pick it, then it is off the table. So I would vote that we reconsider and include it in there myself. DR. POJE: Let that be an interpretation that people could invoke if they wanted to. We will leave it as a separate issue, but some feel it can be dealt with. DR. SUMMERS: Before the vote could somebody explain the difference between contingency plans and emergency response? Because I thought contingency plans included emergency response. MR. CALHOUN: It did in the presentation but not in -- MS. EPSTEIN: Well actually one difference may be the concern people raised about there being multiple emergencies at multiple locations at the same time as opposed to testing your own facility. DR. POJE: One more clarification. Chip? MR. HUGHES: Jerry, I think in terms of emergency response -- and this is a view I think that pervades this meeting -- is that a lot of people are looking internal to their own enterprises and operations. I would raise emergency response as an external question of off-site and community emergency response outside the existing internal enterprise. MR. SUSIL: So 14 should say external emergency response? DR. POJE: I'd like to take the question at hand. We have number one, risk management. Number 2, regulatory and legal incentives/disincentives. Number 4, certification. Number 5, Y2K fear and overreaction. Number 7, equipment testing. Number 8, contingency plan testing. Number 9, information exchange between companies. Number 11, employee involvement. Number 12, transportation. Number 13, training. Number 14, emergency response. Number 15, inventory levels and changes. Number 16, global concerns. Number 22, market forces. Number 17, responsive communication among stakeholders. Number 18, issues with utilities. Number 19, small and medium size enterprises. Number 20, fail-safe and back-up. And 21, inherent safety. Please vote for two items. You can vote for the same item with two votes. You can split them under one of those numbers. Please record your vote and pass it forward. MR. SUSIL: But the question is vote for those two items which we feel what? DR. POJE: Which we feel are the most urgent ones for this audience to be discussing for the next two hours. (Whereupon, at 2:03 p.m. off the record until 2:05 p.m.) DR. POJE: Do we have a reporter for each of these panels? We need one for that panel and one for this one. Write it in pen. Okay, 19, 7, 1 -- I am sorry, take that 1 off. Where is utilities, 18? 19. 1, 17, 17, 19, 9, 19, 1, 19, 19, 17, 1, 19 -- I see a pattern emerging -- 19, 18, 1, 17, 18, 1, 1, 13, 8, 19, 7, 19, 13, 1, 18, 5, 1, 11, 19, 9, 18, 19, 19, 5, 1, 17, 17, 1, 4, 17, 17, 19, 18, 19, 7, 19, 7, 14, 1, 17, 5, 20, 17, 5, 19, 18, 18, 19, 18, 19, 1, 19, 17, 18, 18, 19, 18, 2, 18, 19, 1, 7, 19, 1, 18, 18, 17, 21, 18, 19, 1, 20, 1, emergency response, I don't remember the number, 2, 2. Okay, so let's take a tally. We have 16 votes for number 1. For number 2, three. For number 4, one. For number 5, 4. For number 7, 5. For number 8, 1. Number 9, 2. And number -- is that 11? MR. MAKRIS: 12 is transportation. No one is going anywhere, so it has got zero. 13 is training and it has 2. 14, emergency response, has 2. 15 and 16 have zero and 22 has zero. DR. POJE: Okay, up to the big board. 17? MR. HUNTER: 17 has 12. DR. POJE: 18? MR. HUNTER: Has 15. DR. POJE: 19? MR. HUNTER: 24. DR. POJE: 20? MR. HUNTER: 2. DR. POJE: And 21? MR. HUNTER: One. DR. POJE: So the lead with 24 is "small and medium size enterprises." Number 2 is "risk management." Number 3 is "utilities." And number 4 is "communication with stakeholders." And number 5 is "equipment testing." After that there is a pretty big dropoff. I don't want to discuss the relative ranking of all the other issues. We should begin our discussion with small and medium-size enterprises. Let's focus on what are the issues associated with small and medium-size enterprises? How are those issues being covered by the existing system of safety? And where are the gaps that might find logical recommendations emanating from this audience. I would like to set it up so that we spend at least a half an hour on this discussion and then step into the other three issues with a greater consensus. And if time permits we can cover a fourth issue. Joe? MR. ANDERSON: Jerry, would you be kind enough to define that? DR. POJE: Let's discuss what we mean by the term "small and medium-size enterprises." From our discourse this morning, while we have wonderful examples from Rohm & Haas and from OxyChem, significant amount of concern was expressed by many people who interact directly with smaller enterprises. The scope, the depth, the resource base being expended and the plan of action by larger corporations is not nearly matched as you step down into a smaller economic entity. Issues of resources in terms of capital, financial resources to address Y2K, and in terms of the engineering and IT competencies to address the Y2K problem. And Jack Weaver asked us to make sure we are emphasizing it is not all small businesses that we are talking about, but we are focused on those that handle very hazardous chemicals for whom there would be a greater degree of concern for something going awry. Additional comments about this. Jack? DR. WEAVER: I would say the term SME implies that we are not talking just about companies. They may include public facilities. They may be water treatment plants with chlorine or it could be some other type of municipal public facility. These same companies that may have an issue with Y2K, clearly have potential problems with process safety, RMP and process safety management as well. And the Center for Chemical Process Safety and others have been trying to get the message to them. . DR. POJE: Dennis? MR. CALHOUN: I think they have the problem with PSM and RMP for the same reasons they have a problem with the Y2K, which is internal expertise and time and resources. But the one resource that you didn't mention that I would like to inject into the debate is umbrella organizational support, which provides the forum for interchange and helps you learn and grown like the larger companies in API or NTRA or CMA. The association is a mechanism where businesses can get together and talk. They have seminars. They discuss the issues. And that is why we are further ahead in addition to just the pure resources issues. I don't know where those small and medium-size firms go for that knowledge. DR. POJE: One issue that you have identified is that within the system of safety for small and medium-size enterprises, trade association status may be very weak. Irv? DR. ROSENTHAL: I would say not so much the absence perhaps of trade associations, because the largest number of regulated facilities in Jim Makris's RMP rule are propane distributors. There is a well-developed natural propane distributor organization that is engaged in a dialogue with the government. But I mean that there already is a forum. The water works firms all belong to the American Association of Treatment, or some such organization. So the question is determining to what degree these organizations have programs and what their problems are in disseminating information. It may be not the absence of an organizational mechanism, but the lack of resources of these member companies to participate in these workshops and implement what the recommendations are. In fact, the measures that EPA's Chemical Emergency Preparedness and Prevention Office (CEPPO) put into the propane distributors guidelines are essentially taken from the Petroleum Distributors Association. MR. HUNTER: My response is that while organizations may exist, we have seen time and again that the organizations only do what the members ask them to do. So it might be an awareness issue among the actual players. DR. ROSENTHAL: So you are saying an organization exists but -- ? MR. HUNTER: They may not be addressing it. DR. POJE: Let's hear from Bob Smerko of the Chlorine Institute. DR. SMERKO: Paul, that doesn't happen all the time. When Jerry came to see me about the Y2K program that he got us involved in, this one, he asked what is the Chlorine Institute doing, and I said we are not doing anything now because nobody has asked us to do anything. So you are right on that point. However, after talking with Jerry, it became clear that the Institute should be doing something. So I decided to do something. And that something is what I mentioned a long time ago today, was to put up a Website where our members could go to and get information. But the information that they can get is vitally dependent on those people who are willing to share that information from our member companies. Also, I am putting up some material that primarily, Jerry, you have shared with me. And there is also a chance for people to exchange thoughts about different subjects. There is a chat board or whatever that is called. It is just up there now. And the American Water Works Association (AWWA), by the way, has a major Website available for people to get information with loads and loads and loads of hot links to other information. So if a trade association doesn't have something up that should have, then Jerry I would say go after them and get them to do it. DR. POJE: So, Bob is saying that the trade associations can and do play a useful role. Are there other issues around the trade association question that we want to flesh out right now before we get onto other aspects of the system of safety for small and medium-size enterprises? Gerry Scannel? MR. SCANNEL: My experience, and it is pretty broad -- you can put information up, but for the small and the medium-size company, you have got to provide models for them. They have got to be able to walk away from a regional meeting or a national meeting with this is how it is done. This is a successful strategy. This is a proven method of how to do it. Take it and just fill in the blanks. You know, there is no question that small and medium companies, as small as they are, have restructured recently and they are going to restructure again. So it is an issue of resources. They just don't have the internal technical resources. Trade associations also are going through restructuring. They don't seem to have the technical resources or some don't. DR. SMERKO: Jerry, could I make one more point? DR. POJE: One more point. DR. SMERKO: We also have sent out to about 150 of our members, those people that are producing, distributing and handling and using chlorine, a survey on their readiness. And Jerry, I hope to have that back for you by the time of your hearing so that you might be able to use that information. DR. POJE: Great. DR. ROSENTHAL: Jerry, could you repeat the three pieces of information you want to develop out of each one of these? You said you wanted three things. DR. POJE: We wanted to identify the issues that tell us where the weaknesses are in the system of safety around Y2K and chemical hazards, what the gaps are and what are the opportunities to be had across the larger system of safety. So for small and medium-size enterprises, we are focusing right now on roles of trade associations. Are there other aspects of the trade association question that we want to discuss or identify? Or other issues we want to move on to. Jack? MR. WEAVER: Somewhat in contrast to what Irv says, I think there may be trade associations for many of these organizations. But I suspect that there are many very small companies who either don't have a trade association that they would fit in or aren't aware of it or don't have the money to participate in it. DR. POJE: So associations are not the whole answer for the small and medium size entity problem as you see it. MR. SUSIL: What the Chlorine Institute did, though -- because I was making some notes here relative to CMA companies -- there is nothing that says CMA or the Chlorine Institute or whoever can't have a Website with advice that anyone can review. You don't have to be -- CCPS or whoever. DR. POJE: Tom Lawrence, ASSE. MR. LAWRENCE: At least a piece of potential good news is that we have heard from a couple of what I would term large speaking BLE's, big and large enterprises, that when they went and looked, they didn't find any "Oh My God's" to speak of. Not that it is totally clean, but they didn't find a whole lot of stuff. Maybe we can take some solace in that even the smaller people may not have -- it may not be a disaster simply because we found some data from bigger folks, an order of scale or magnitude. That is perhaps a positive in this issue that it may not be as bad as we think it might despite the fact that they don't deal with process safety very well. DR. POJE: I would like to clarify our charge once again. Sam Mannan reminded me once again of the Senate's letter that you received in the briefing book. Specific items that we want to discuss, again under these priority issues that we have selected include: 1. the extent of this problem in the automation systems and embedded systems that monitor or control the manufacture of toxic and hazardous chemicals, 2. the awareness of large, medium and small companies within the industry of the Y2K breadth, 3. their progress to date in addressing the Y2K problem, 4. the impact of the RMP program required in June of 1999, and 5. the role federal agencies are playing in preventing disasters due to this problem and the recommendations that would grow out of our review of these. Make sure when we are talking trade associations that we are also talking about governmental roles and we are also talking about our understanding of the extent of the problem across all of these diverse small and medium-size enterprises that might occupy different association levels. Fred? DR. MILLAR: It seems to me that in trying to think in an alternative way to reaching out through trade associations, one model that is available is the Nuclear Regulatory Commission and another one is the Security Exchange Commission. When they want to get to their people and say we want to make sure you are doing very good Y2K work, they require early reporting and frequent reporting from those enterprises. Now it seems to me that if we want to get to a whole lot of small enterprises in the country, one thing is to make it voluntary and ask the trade associations to do this on their own time and on a budget they don't have yet and everything. But another thing to do is to make it regulatory. That would be a way, for example, of requiring early reporting of the 66,000 chemical facilities, all different kinds of chemical facilities, including water facilities, that have already identified themselves as among those who have off-site impact capabilities, namely the RMP universe of facilities. And that would be to get EPA to do an interim final regulation that says we want you to report early on your Y2K problems and progress in the same way that the SEC is asking 9,000 businesses to do that on behalf of investors, of course, and in the same way that the Nuclear Regulatory Commission is asking 120 nuclear plants to report early and often. If we are serious about getting a flow of information in, I don't think we are going to say please would you all do this when you get a chance. DR. POJE: Now we have opened up a different area here beyond the trade association into the regulatory arena. Make sure in our 20 minutes left that we are covering the topic. DR. MANNAN: Jerry, I want to make a comment here. Gerry Scannel made a comment earlier that these small businesses we are talking about, sometimes they encompass 10 people and sometimes they are 5 people. I'd like to relate the experience we have had at Texas A&M University at the Mary Kay O'Connor Center. For example, when we do our symposium or continuing education courses, we will invite small businesses and we will give free registration. Even then we sometimes can't get them. Over the year's time we will enroll 4 or 5 people from small businesses. And even when they show up, they will come and say, the instructor talks about things that doesn't apply to us. It is some other company he is talking about. In my mind the solution requires taking the learnings we have from OxyChem, Rohm & Haas and others. I want to put out a challenge here that if we can get some of the learnings -- specific learnings and distill it into specific application issues for these small businesses, and then feed it to them and give it to them, it might work. We need information specific to their business and not necessarily these larger corporations. For example, there is no representative from small business here today. And I bet if they were here today, they would either be snoring right now or they would leave. Because, this is completely pointless to them. And if we cannot bring it to that level, it is not going to work. DR. ROSENTHAL: Jerry contacted many other organizations, such as the CSMA's, and they sent the note out to their members asking if anyone would like to be here, and the members were into too many other things to be here. So that emphasizes the problem that it is not enough to issue an invitation. You have to have the resources to get here. DR. POJE: George? DR. DAVIS: Let me submit briefly while we are focusing on trade organizations, there is another level of organization that can be utilized here which is the professional organization involving members or individuals. ISA obviously is one, the Kemp Logier Society is another. Those are organizations that could be utilized more thoroughly to transmit information to individual engineers and professional engineers and technicians in the field. It wouldn't serve the entire purpose, but it would be a work-up, if you will. So that could be another approach if we want to get the information out to the member groups. DR. POJE: Another leg in the system of safety? DR. DAVIS: Another leg in the system. DR. POJE: Professional engineers working within and through their professional societies? DR. DAVIS: Exactly. Sort of like an AMA approach. DR. POJE: Performing services to people who had queries about how to address Y2K issues. John? MR. SUSIL: I want to play off something that Fred Millar said a minute ago. You know, thinking about regulation and maybe that is the way to get people's attention. I am going to talk about something in addition to that. I mentioned earlier that the CMA's and the Chlorine Institutes could have a Website. The first question that will come up is what if we post something there and them somebody has a problem and then we get sued. Well, we have done a lot of work through trade associations with EPA and with OSHA. Maybe in addition to the sort of thing Fred is talking about, maybe EPA or OSHA, some government agency, could post this information. The CMA's and the Chlorine Institutes of the world could trnasmit the information that OxyChem and others of us have gathered and make it available, but at least we would have some legal protection for trade associations as entities being potentially sued. So there is another role for government. DR. DAVIS: The information clearinghouse. DR. POJE: Michael Sprinker. MR. SPRINKER: One quick comment is that sometimes I get a little confused on what is a small and medium-size enterprise: whether it is 5 or 10 people or whether using the SBA definition or the new legal definition it is a few hundred employees. But the other point, although not a trade association and unfortunately not representing all members in the chemical industry (we are working on that), work with labor. Labor unions are able to get to their members who can put some upward pressure on -- or take some information to -- their employers to get them to start to work on this question. But again, like everybody else, we also have the problems of time and money and not enough staff too. DR. POJE: Rick? DR. NIEMEIER: In response to the issue that the gentleman across the table raised. NIOSH in the next couple of weeks is planning on posting such a Website for case studies, and we are doing that in conjunction with OSHA. DR. POJE: To help with the recording of the meeting, I want to remind you to state your names, please if I forget. Lois Epstein? MS. EPSTEIN: I work for a small enterprise, and I have been thinking about how to insure compliance with Y2K within my organization, even though we are not a process industry. And my feeling is that the best way to engage small businesses is to make sure that the head of the organization has to be aware of what's to be done and the consequences if nothing is done. I am laying that out as one additional route. DR. POJE: CEO focus is an important component? MS. EPSTEIN: Because even though I am an engineer and I can emphasize the Y2K issues with a number of senior staff, I am not sure they are going to do anything until they are told they have to do something by top management. DR. POJE: Steve Viederman. MR. VIEDERMAN: I want to link this with communication among stakeholders. I think it is quite possible that Y2K will become more of an issue for communities, SMEs and BLEs and all these, when we begin hearing more about it simply by virtue of the fact that the people most at risk are concerned about something happening. And this may be an important way of saying through whatever channels to the SMEs, you better pay attention to it now, because if not you are going to get dumped on later. So it ties in with responsible communication and all that. DR. POJE: Joseph Hughes, NIEHS. MR. HUGHES: Jerry, Mike brought up the issue of the Small Business Administration (SBA), and I think again small businesses should be at the table. How can we engage the Department of Commerce around this question with the chemical safety angle. I am not even familiar with where they are on this, but that would be a great avenue to deal with asset means. DR. POJE: While it may not have been in the briefing packet, the Small Business Administration does have a fair amount of information on their Website. That might be also a convenient spot for us to alert small businesses to Y2K information. Irv Rosenthal? DR. ROSENTHAL: I think we have identified an issue which is how do we take an issue, Y2K overview, and get small and medium enterprises to internalize a cost that society faces. The act of internalizing costs is not an issue towards which this group is expert; this is a group of experts on Y2K problems. That issue is one that the government and EPA and all the regulatory agencies face in spades. Small enterprises are classically very low on the food chain. Survival is the issue. They would probably wish that the only thing that could put them out of business is a Y2K problem. They have got creditors, they have got customers and they have got labor problems. I suggest that we identify that this is a problem and ask that the Senate, in looking at this particular problem, make use of other expertise in government and among a whole set of scholars who have studied how do you internalize the societal costs to the small enterprises. It is a very technical, highly sophisticated area, and the leverage may consist purely of the fear that you are going to be subject to fines. It could be higher fines, it could be voluntary, it could be inducement. But I don't think we can solve that particular problem. We should spend our attention on safety and Y2K. We should recognize that here are small enterprises with limited resources and limited technical ability, and our recommendations should be to the Senate Committee that they employ experts to figure out what is the most cost effective way of getting small enterprises to comply. DR. POJE: I am going to read a wink from Jack Weaver, as a reminder that we have fewer than 400 days worth of time before the millennium and that also guides rationality and reason in our framing of recommendations. Charles Isdale? MR. ISDALE: I wanted to relate that there is one other avenue for bringing Y2K to their attention. I have one client that has sales of $10 million a year. That is a small company I would say. And, they called me regarding the one computer control system that they have in their facility. The reason they called was because one of their customers sent them an inquiry about Y2K asking would their supply be interrupted as a result and could they certify that it would not be. So here is one other avenue. Ultimately, we found that there is only one thing required and that is a manual change on January 1 of the date to 1/1/00, plus another problem in 2006 or 2008 when there is a register overflow problem. But that is another way through the private sector if you are their customers. DR. POJE: Ruth McCully from OSHA. Ruth wasn't introduced this morning, but she is soon to become the OSHA regional administrator for Region 1. MS. MCCULLY: I saw one method that was effective was in the UK in October. They are using public service announcements. It was a public service announcement that was in prime time. It was like on in the middle of the afternoon and it talked about Y2K and showed the range of impacted sectors, like chemical plants to computers. That type of approach at least is needed to raise the issue and get it out there. We are talking about things funneling through professional organizations and trade associations and so forth. But if you want to reach those small entities, they all have televisions. And, if it is not on at 3:00 a.m. but it is on prime time, the PSA is a good way of reaching them and at least getting it in their minds that they should be thinking about this. And something could be in the PSA message as to where to get more information. But it is a good way to go. DR. POJE: Ron Hayes, Sun Oil. MR. HAYES: It seems to me that, it doesn't sound to me like we have a complete idea of what the small and medium business companies are. But I know they all have to report to the EPA under the Toxic Substances Control Act, describing what chemical substances are managed. And they are reporting to EPA for other environmental issues. EPA must know these companies. I think after minutes are collected from this workshop, this group could send out minutes to all those small businesses. We must have names and addresses for the people who are reporting those things. That would be a way of getting the information out. DR. POJE: Dave Hart? MR. HART: It may not be totally effective, but I see a chain reaction effect. Some of the large companies are spending an awful lot of money on Y2K issues, and they are forcing smaller or medium-size companies to tell them what they are doing, which is making them aware of the problem. But what happens is once that clicks and a large company asks what are you doing -- explain to me that you are going to be able to supply me, then smaller companies go into a panic mode. And what if they can't get information quickly, and not just general overviews but the specific information like what we are talking about, whether it is on a Website or whatever, explaining the idea of compliance and testing specifically and going through different phases of Y2K. I think if those information exchange vehicles are in place -- if somehow we can do that and borrow from what the large companies are doing, whether it be through specific testing and assessment of product and risk reduction approaches, I think we will be in okay shape. Maybe not totally, but pretty good shape. DR. POJE: Tom Lawrence? MR. LAWRENCE: Just to repeat what I said before. We are finding by testing that there are not any big problems. That is a generalization. Not specifics. But people have said that they haven't found a lot of problems. So if our emphasis to the small folks, the SMEs if you will, is to be proactive, do we want them to spend a lot of money they haven't got or interest they don't have to test? Should we be emphasizing contingency planning with them rather than testing with the time we have left. DR. POJE: Angela Summers. DR. SUMMERS: I know that from the presentations by OxyChem and Rohm & Haas that they would indicate to you that they haven't found big problems. But I have talked to a lot of other companies that have, and some of them are specific devices that are absolutely necessary for regulatory process control and also for their emergency shutdown systems such as smart transmitters or some varieties that will cease to give inputs. Some programmers over a period of time weren't smart enough to install programs that, on loss of inputs, execute a safe shutdown. So essentially no information and it won't do anything. Analyzers have proven to be a problem. Calibrators used to calibrate transmitters have shown problems. So there are a lot of devices that while in general there are not any really big things like we are going to blow up a tank, there are a lot of little problems that could escalate through their combination of events into very big problems. DR. POJE: Dan Daley. MR. DALEY: One thing I wanted to add to what Angela said is although we said that we haven't found big problems, the thing is that we have found many, many problems. If you have a plant and it has 3,000 microprocessors and 5 to 7 percent have problems and you haven't solved those, it is kind of like -- the analogy is the million bee stings. You know, the million bee stings are going to kill you just as fast as the one 357 in the heart. So you have to address those problems. Don't take it that it is not going to be a problem. DR. POJE: Angela, a follow-up? DR. SUMMERS: I just want to provide one follow up comment. I don't want to pique this because it is an overly dramatic occurrence. But in order for Bhopal to occur, 13 things went wrong, not one. DR. POJE: Mark Frautschi. MR. FRAUTSCHI: We were talking about vectors for building awareness and one of the ones that has been mentioned in other context which I think you should keep in mind is that everyone gets something from the IRS. Having this Y2K notice go out with that mailing is one other way of raising awareness as a possibility. DR. POJE: Irv Rosenthal? DR. ROSENTHAL: Point of information, there is no question that you are going to get a lot of offspray. You are going to get a lot of junk. You are going to get poor records. But for point of information, Angela, how many of these in your customers things would have resulted in a catastrophic failure. DR. POJE: And not 'catastrophic' as defined by our friend Jordan earlier this morning. We are concerned about catastrophic in relationship to accidents. MR. CORN: Well, on a single bee sting basis, none. On a 14 bee sting basis, that is not commonly evaluated -- when you do Haz Ops, you don't look at 14 failures. You look at maybe double or triple redundancy, that is it. DR. MANNAN: So what you are saying is that these 3,000 or 3 million ? MR. DALEY: The one ethylene plant that we evaluated had 3500 devices. If our typical experience is 5 to 7 percent failures, and if you have not addressed these vulnerable devices, then you are dealing with 200 items. And I am not saying that they are all going to fail simultaneously. I am just saying that there are too many things for an operator to respond to simultaneously. DR. MANNAN: I just wanted to play a probability game here. Let's say, you are able to catch 90 percent of the failures that might occur, and all 90 percent of these are these so-called small failures which by themselves don't cause a catastrophic failure. Of those remaining 10 percent then could there be a situation that you could have those 14 sequential failures which cause a Bhopal? And taking 66,000 or 100,000 facilities throughout the country, then do we have enough to where there could be four or five Bhopal's? Is that what we are saying then? MR. CALHOUN: The answer is you don't know unless you do the work. And that is our concern is about those firms that aren't doing the work. If you do the work, you can answer that for a given company. DR. MANAN: What is your opinion, Angela. DR. SUMMERS: My opinion is for the OxyChem's, the Celenese's, the Rohm & Haas's that the answer is no. The probability is very, very low. But for some of the other companies that I have worked with that I am not going to name, I would say the probability is high. Their PSM program is abysmal to start with. DR. POJE: George Davis? DR. DAVIS: Focusing just for a moment back on the SMEs and the information to the SMEs. There is an element here that no one in this room has addressed yet. To put it in context, there is only a finite number of devices that will cause failures. There are a finite number of manufacturers who have sold and installed these devices. Could there be the opportunity of a holding their feet to the fire; they being the device manufacturers? We have talked about a number of ways to get information, warning information to the SMEs. The group that has made the money with the SMEs is the manufacturing and vendor community. It is a finite, limited number that is easily categorized, if you will, could possibly be easily communicated with, and through some sort of arm-twisting, they could be given some responsibility for this. DR. POJE: Let me switch the order of our next comments and get a response from Dave Hart with Rockwell Automation. MR. HART: On a product basis or product level, we do have a Website and we will say which devices are ready versus non-ready. But the bigger issue, and this is part of our training with the customers, is that you've got to worry about application code. You may have equipment that is custom configured for a given application. So it really is a device that is above and beyond something that was shipped out of our door. DR. POJE: And just for everybody's benefit, not to advertise for Rockwell, but I thought the Rockwell schematic is very intriguing and very interesting and educational (see, http://www.automation.rockwell.com/ind_sol/petro/PCMCProc.pdf). It shows the type and range of equipment within which we have to address this Y2K question. And while this schematic might represent a vertically integrated single technology solution, imagine each of these subentities as small and medium-size enterprises for whom the solutions of technology have been different for each of those facilities. DR. DAVIS: The point I am making is exactly what you just said. It could be communicated to the SMEs. That is to say with this product, here is what could happen. It is not us that did it to you. It is some programmer that did it to you. But these are the things you ought to be looking at. That was my point. MR. HART: Yes. And that is a good point. And I am saying with the product, we go through the testing. So we can identify devices as ready or not ready or whatever the case may be. But if you are talking about application code, there is not a finite set of occurrences that can happen based on code. You know, code writers are almost artists in themselves. So you just really never know what is going to happen. DR. POJE: If I could take the moderator's prerogative to get another perspective. Another audience in the room is the insurance industry. What role do they play in terms of this issue of education and engagement of small and medium-size enterprises. I apologize before hand for putting you on the spot. DR. STAVRIANIDIS: I will only say those things that will not result in me getting killed when I go back to my company. We have a Website. What we have done is two things. One thing is we have looked at our own systems, our own ledger systems. So we have a Y2K problem internally. We have also decided that when a question comes from outside the company in regards to a Y2K problem, it goes directly to our legal department. Okay? However, we have communicated with all of our insured on a single basis and we have communicated to them some of our concerns about the Y2K problem. We have information on our Website. We have links to other Websites where they can find information. All three insurance companies have also Y2K Websites. We also have a relatively big page on Y2K on our Internet for our own people to be educated. That is all I can say. DR. ROSENTHAL: Can I ask the two of you from the insurance industry the question, "What do you do for people in terms of Y2K and premiums? In normal loss control, I remember you guys used to come around and review our warehouses, and if we put in a sprinkler, you reduced the premium. MR. BROCK: Somewhat like Factory Mutual, we have a Website also, and part of our Website is the reprint of the magazine that we sent to customers. This was published in the first quarter of 1998, and the whole magazine was on Y2K. And then we made reprints of that and sent reprints of the magazine to all the risk managers of companies that we insure. We did a training program for all of our field engineers earlier in the year on Y2K and what it meant. We have an endorsement to our policy, which every insurance company is struggling with now, that forces the issue to be discussed with the risk manager. When the field engineer goes to facilities, they ask them what they are doing about Y2K or preparing for it. But our focus is on contingency planning. Not necessarily on how they are fixing the problem, because we are not experts in that. Our focus is on contingency planning and if something happens, what do you do to react to the emergency. That represents some of what we are doing. DR. POJE: Jack Weaver? DR. WEAVER: Just coming back to the issue of SMEs and why we had so many votes for it. MR. BROCH: The other thing I would say about us is we don't get to the SMEs, because we work with large companies. That is our customer base. DR. WEAVER: It seems to me there are at least three questions that need to be addressed. One is who are they. When CCPS started to develop a training plan, we couldn't find out who they were. We went to EPA. I would suggest the SMEs are more than the 66,000 facilities that are covered by RMP. And a lot of them we don't know, and they don't know that they are a part of the group that we are calling SME's. So the first question is who are they. The second question is how do we get to them. How do we get to them? And I think that the one answer I heard from Ruth McCully was that in the UK the approach was on the Internet and television: ways that anybody is going to get it, maybe also along with your tax package or whatever. We need some way that Y2K will be sure to get to them. And the third question is what should we tell them. And I think I heard today that the first thing you want to do is get to the leader of that organization and tell them that it is pretty important and they better get onto it. DR. POJE: Yes. I am sorry, I didn't catch your name. UNIDENTIFIED SPEAKER: I work on Y2K outreach at the EPA. DR. POJE: Could you stand up, please? And shout. UNIDENTIFIED SPEAKER: We put together a tool kit package and we sent it to our ombudsman who deals with the small businesses. She had a meeting and she gave the tool kit package to everyone at the meeting, but she also did a mass mailing that I think went out to 1,000 small businesses. And the responses that she got back were very positive. In this tool kit we put a two-page summary of what Y2K is. A lot of information from the SBA, which is very helpful, and I do recommend that you go to their site. But that is one way that we have gotten it out to the small businesses. DR. TAYLOR: What organization are you with again? EPA? DR. POJE: Craig Matheson, EPA. MR. MATHESON: And just to build on that point. Under the Clean Air Act, all the states have small business assistance programs, and we are trying to get with them to work, again, from the top down. And then from the bottom up I would suggest three things are going on. One, we are working on an EPA alert to try and raise up awareness about Y2K and identifying places where companies can get help and assistance. And we are looking at not only trying to do something about the problem, but also elevating the need for contingency planning to be ready and what they can do. But we are also working from the bottom up by focusing on LEPCs, SERC's, and first responder organizations, who through their efforts are engaged with companies in the communities. We are making these organizations a part of the process of asking where are you with Y2K, giving Y2K information and directing facilities towards where you can go get help. In other words, trying to solve the problem. I can't remember what the third one was. DR. POJE: You raised the issue of first responders. Let me redirect our attention towards that. Does anybody want to make a comment about the preparedness of first responders to be effective in addressing this Y2K issue? Earlier we had identified emergency response issues. Maybe with SMEs, this is also an issue that also could be considered. MR. HUGHES: Hopefully, we consider municipal and county governments as SMEs, because they have the same issues. DR. POJE: Dr. Millar. DR. MILLAR: Let me just say, I am on the D.C. local emergency planning committee, which is pretty hopeless. We haven't met in months. And I think most LEPCs around the country are pretty hopeless. But one of the things that might be a straw in the wind about small enterprises like the D.C. government is that last week I learned from the D.C. Y2K committee that even though they got a very late start, they had two important pieces of information. Number one, D.C. intends to hold a great big millennium celebration on the mall with a million people on the weekend of the millennium turnover. And secondly, they have just learned that Metro doesn't intend to run their trains that night. What I want to do is lead into something about small and medium enterprises and tie it back with the insurance industry. Are there some events or are there some activities that small and medium enterprises might engage in, or even just an ongoing operation of small and medium enterprises that the insurance industry might refuse to insure, and therefore it might not go on? There is some speculation about the question about will airlines be flying that weekend,. People often say it depends on whether the insurance industries will insure planes to be flying that weekend. So before we leave the insurance questions, is it possible that there are small and medium enterprises that simply will be considered too risky and that somehow their insurance will be jerked or somehow the insurance industry will have some role in assuring that they operate Y2K compliant? MR. BROCK: My legal counsel is not here. One of the things -- and insurance companies are still struggling with this, but as a matter of course in our company, we insure accidental situations. And we are saying to our customers, Y2K is no accident. You know what day it is going to happen. You know what the issues are. So we will insure your company if something happens as a result of that -- if you have a fire, we will insure you. If you have an explosion, we will insure you. But we are not going to fix your computer. We are not going to pay for lost data. We are not going to pay for the other things that are associated with a date failure of your equipment that causes loss of data. But again, dealing with small companies, I don't believe you really don't get down to talking about those kinds of issues. I mean our customers are pretty aware of what is going on with Y2K, but the small enterprise, you don't even get to see them. An insurance company often doesn't ever see the small enterprise. You may see them once every three years or once every five years if you are lucky, and you may mail them a policy. But do they read the policy? Probably not. They have a broker or an agent who handles all that for them. So the insurance industry isn't really necessarily a good mechanism to get to them. There may be other ways to get to them, either the Chamber of Commerce or some of the things that you have been talking about. I think it requires a multifaceted approach rather than a single approach. The National Safety Council has a lot of small company members that they can get to with news releases. So I think it takes a lot of different things but maybe a common message. DR. POJE: We have been talking about small and medium-size enterprises, but I have got to do a time check. It is now almost 3:00. We also have identified risk management planning activities and program activities that we also said was a high issue. I would like to suggest that, unless we think the SME issue is the whole issue and don't want to deal with other things, we take a maximum of 10 minutes on small and medium-size enterprises. I recognize that not everything can be said in this room today, and all of our thoughts are not going to get out on the table. My e-mail address is in your briefing package. I will continue to gather information on all of these issues for us to incorporate into a response to the United States Senate. The Chemical Safety Board is working with Sam Mannan and his colleagues at Texas A&M University. We hope to finalize that document in January, which means you have provide feedback pretty quickly if it you want us to consider in time for the report. Of course, that doesn't mean that it is not the end of that issue. It just means that it won't meet my deadline. So with your permission, I am going to complete discussion on SMEs in 10 minutes, and then move to the other highly ranked issue, risk management. Lois Epstein? MS. EPSTEIN: I actually have a bridge comment which could let you move on if you wanted to or stay here. To add to Jack's three questions, which were all good ones, a fourth question is are there any ways to identify which facilities might be most vulnerable or most problematic. And, this question applies to both the small and medium-size enterprises and also to larger enterprises. Fred's question to the insurance industry leads me to think that that is still a very important question. Because it doesn't sound like we are going to get much guidance from them. Is there some way of differentiating the folks that we don't have to worry about so much from the folks that we do? DR. POJE: That is a challenge to us all. I am not aware of any exact ranking that has attempted to characterize the relative risks of small and medium-size enterprises with the functional enterprise in which they are engaged. For those in the consulting arena, those who have interacted as large corporations with smaller enterprises, if you have such suggestions, please speak up. I think collectively we would all want to hear how to spend our limited resource from federal regulatory agencies, investigatory agencies, surveillance agencies and others in ways that way we can make our greatest mark on safety. MS. EPSTEIN: And I would add that even within a sector there may be some ways of differentiating. DR. POJE: Mike Sprinker? MR. SPRINKER: Mike Sprinker, Chemical Workers. Just because I am sitting behind Rich Duffy's name plate doesn't mean I am speaking for the fire fighters. From my OSHA inspection days, one of the things that I always heard from employers was that they regularly saw fire inspectors in many of these plants, least in some larger cities. I am not sure if it is that way nationwide, but local inspectors may be one route for information to get out to the companies. Picking up on Irv Rosenthal's comment and a number of others, I also want to emphasize giving them some real information. You know, we mentioned earlier the list of 20 questions to stimulate people to start to really look at what they have got. That might be one route. Again, truthfully this is something that depends on training of those folks. And here, I mean the fire inspectors or the plumbing inspectors or whatever other inspectors are going out. This also depends on the availability of resources, and getting cities and counties and in some cases the states to actually find the money and encourage that activity to be done. That may be one route that perhaps should be encouraged. That might be a useful method. DR. POJE: Rick Niemeier, NIOSH. DR. NIEMEIER: Getting back to the emergency responders. I want to provide a reminder that organized emergency responders only account for about a quarter of the people in the U.S. that are responding to emergencies. We also depend upon about a million to 2 million volunteers. There is a way to get to those and that is through the new efforts of the Agricultural Extension agents, which now have an emergency response network. So just more food for thought. They are not really small business enterprises. DR. POJE: Chip Hughes. MR. HUGHES: We already have a national program for hazardous material training with community colleges that is the outreach mechanism to small businesses across the country. University extensions and other educational institutions again might be a way to disseminate information. When you think about who is it that small businesses turn to in the local areas to get advice, these institution have a role. That might be something that we could directly do through all the community colleges approach. DR. POJE: John Susil of Celenese. MR. SUSIL: I would like to comment on Lois Epstein's remark about risk ranking, which is a good thought. And there are models. There are risk models that you can use. The problem with them is that they can be very complex and very time consuming. For example, you may have an industrial process that uses very hazardous chemicals. However, if it is very well designed and the people are well trained and you have good shutdown systems, it can be much, much safer than perhaps the chlorinating process at the local swimming pool where some high school kid is running the operation. That may not be a good comparison, but then it may be. So it gets very complex and it can take a lot of time. It is not simple. It is not as simple as ranking the companies inventory of chemicals. DR. POJE: Joe Anderson? MR. ANDERSON: Yes, a question. Is there any society, any professional group, umbrella group or anybody else who makes specific recommendations for applications of the inventory identification and remediation and change for Y2K problems right now? Does SBA do that? Anybody at all within the business organizations? I assume no one is identified yet. Would there be opposition from the CMA or the API or small business groups if they were given seed money and funding money from the federal government through the SBA to apply toward that task? DR. POJE: I can't answer the question. MR. ANDERSON: That is why I am asking it openly to this group. DR. POJE: Unfortunately the SBA is not present. SBA would obviously be most expert in exploring all that. SBA sponsored a major event in October, Y2K Awareness Week, which disseminated information to many people. Their Website is still very active and engaged and they are training their own people on outreach. MR. ANDERSON: Well, it seems like there would be some awareness since this ended up to be such a high topic. DR. POJE: Gerry Scannel, National Safety Council. MR. SCANNEL: On Monday I will issue a call to action to our utilities division, which makes up most of the utilities in the United States, including telephone companies and our chemical section. But I will need some help. I will need Jerry Poje and others to meet with them and they can put together a model. They have been working on things like this. But you are right, tempest fugit. It is right around the corner. MR. NEWELL: In answer to your question, most of the Websites that I have seen are very helpful. Like the presentations that we saw today, they operate at a very high level approach to Y2K. They suggest you ought to think about this and you ought to think about that. You need to perform an inventory. They identify what fields do you need to fill in and what information do you need to gather? What contingency plans do you need to do? What questions do you ask of your utilities? We have touched on all of these, and I personally believe if we are going to put something out to small companies, we ought to put enough information so that they could use it and do a readiness plan. DR. POJE: Steve Viederman, Noyes Foundation. MR. VIEDERMAN: If it were possible, and the if is a very big one -- if you could get financial analysts to educate themselves about Y2K issues for public companies and then raise issues with the companies about their profitability and their shareholder value, that is also a way of getting attention. The problem is first you have got to kill the chicken or steal the chicken, and it doesn't look as if it is around at the moment. But thinking systemically, it may well be another issue which has other effects as well. And just one other point, on the insurance company role -- a very minor point. The accountant for the foundation has this particular rider on his policy that says they cover absolutely no Y2K liability. So insurance companies are doing that. They will not touch it at all. It is non-negotiable. He can't buy any Y2K coverage insurance. DR. POJE: Jim Holler. DR. HOLLER: Going back to your question on emergency responders, we shouldn't ignore utilizing the existing mechanisms such as the LEPC's, albeit the problems associated with them, and the EPA emergency response and on-scene coordinator network. Make sure they are aware of not only their need to become Y2K compliant, but also the problems they are going to deal with, contingency plans for their customers and so forth. DR. POJE: And just to follow-up on that, not all LEPC's are the same. I received a submission from the Cuyahoga County LEPC. They could not be present at this meeting, but they have sent a copy of an alert issued to all of the companies in their area about the Y2K problem. They are following up on an alert that was distributed from Jim Makris's office to SERCs and LEPCs. So here is at least one example where that request has been adopted and utilized in one community. Sam Mannan and then Paul Orum. DR. MANNAN: I would like to bring you back to the earlier challenge I had issued. The board's obligation from the letter given by the Senators Robert Bennett and Christopher Dodd is to provide recommendations or provide a synopsis of what the problems are, not necessarily to provide solutions. But I still think that if we could come up with a formula where we can extract the learning from the larger industries, the board could develop some pamphlets for small industries which are specifically relevant to those small industries. Those would be beneficial. So I am putting my challenge back on the table. Would the large industries be willing to share some of that information through the good offices of the board where they might be somewhat more insulated from the lawsuits? I am not a legal scholar or expert to say how much more insulated they would be. And, would the board be willing to provide that insulation? So the challenge goes to both entities. DR. POJE: The caveat also goes both ways. I will take the same caution here. I am not a lawyer. We take our legal counsel's advice. But I think that certainly we will explore that question. And again, the information that has been made public for this meeting will be disseminated through our Website, but we are also interested in other effective avenues as well. DR. MANNAN: More specific, with a checklist and so forth. DR. POJE: More specific issues as well. I did want to recognize one other person who sitting around the corner -- Delila from one of the trade press here in Washington. UNIDENTIFIED SPEAKER: There has been a lot of discussion about outreach for small and medium size enterprises. Everybody has been talking about Internet and Web pages to disseminate the information. I have been covering the chemical industry for three years and I think there is a flaw in that idea. I don't think the majority of small and middle size chemical plants are going to have that access. Most large chemical plants I know have Intranet, but they don't want Internet because of the trade secrets. So I am not sure that that is a useful solution. DR. POJE: That is certainly something to consider. Paul Orum? MR. ORUM: As the representative of a very small enterprise, I think the single most important thing -- I agree with Mike Sprinker and Gerry Scannel and others who have said it -- is practical hands-on materials. People need materials that you can access and use without a lot of intervening hurdles to jump through to get started. However, I think there are three bigger things that are all missing. One, we don't even have any level of government which has acknowledged oversight responsibility here. Two, we don't have any agreed upon standard of independent certification of compliance. And then three, we have no standard practice of communicating to people at risk. I think there is just an immense hole here. DR. POJE: Two more points on this issue of small and medium-size enterprises and then we will move on to risk management. Jack Weaver? DR. WEAVER: I just want to respond to Sam's challenge that you mentioned before. That is -- Jerry knows about this as does Jim Makris, the Center for Chemical Process Safety (CCPS) developed a training program specifically for SMEs on process safety. It is designed and available. It has been employed in four or five states, through LEPCs and through community colleges. The course consists of six four-hour sessions on the basics of chemical process safety, the RMP, OSHA PSM and the basic equipment integrity, management of change and so on. It is in printed form. It is already available. It has been given and it is ready to be given. And we are at the limit of what we can do as a small organization with it. It would be a relatively simple thing to add one more component, a seventh one dealing with Y2K, and we have had a fair amount of success in getting to LEPCs in Florida, Iowa, Michigan and South Carolina. DR. POJE: That is a great point. Norm Dean? MR. DEAN: I was going to reinforce the four-part structure that I thought we had come up with here that I thought was very useful, which is who are they, how do we get to them, what should we tell them, and which are the most vulnerable. To my taste, we need to focus most on the third item. The message has to be put in a form that can be transferred easily and is digestible by the great majority of SMEs, and then we can try to use a wide range of distribution networks. It may be that EPA can distribute some. Some can go through the IRS. My community, the nonprofits, can reach a lot of SMEs. But if we reach them, we have to have something to give them or tell them. So I would really urge that we focus on what is the message -- what materials get disseminated to the SMEs. DR. POJE: I am going to use that comment as a license for turning our attention to risk management. This is a topic that brings us into this question of what is the message, and particularly the message related to chemical safety questions. So let's switch from the SME question and address the other larger issue of risk management. Irv Rosenthal? DR. ROSENTHAL: I am going to show you I am flexible. I can ask the same question on this topic as I did under the other. What you need to get established in smaller or medium enterprises is a risk management program. Y2K is just another hazard in that overall scheme of hazards for a facility. The same problem you face in a narrower sense with Y2K, you will face more broadly here. And because I am a betting man, even if I don't bet big, I am willing to bet that you can solve more problems through a general process safety management (PSM) approach than you will through an independent Y2K. There are many more hazards that small enterprises are managing than are just associated with Y2K. This is the larger problem for SMEs. The question that we looked at at Wharton, and I raise it up here, the scarcest things that anyone of us have is the question of attention. We have more problems than we have time to focus our attention upon. We have to recognize that a small business is sitting in an Everglade surrounded by alligators. They are continuing struggling to stay alive and the alligator that is 10 feet away, they will pay no attention to. Only a large corporation pays attention to the 10-foot distance alligator. How do we provide enough either psychological motivation or rational business motivation, either in incentives or disincentives, to do that program -- to do a process safety management program. That, I think, is the issue that we have to address with small and medium enterprise. How do we get their attention. DR. POJE: Bob Smerko? DR. SMERKO: I would say the first thing, Irv, that you don't do is get them angry. And the first thing to get them angry is to throw more regulation at them. So you have got to find another way of doing it. If you get them angry, it is all over. DR. ROSENTHAL: How do we get their attention to pay attention to this Y2K alligator which may not be the alligator that is going to get them tomorrow. MR. DALEY: There is an ad on TV. Somebody is asked to explain about the Internet. Our senior executives don't understand it. Tell me about it. The guy thinks for a minute and says, for every dollar you spend on the Internet this year, you will have two dollars at the end. That is what you need is something like that. DR. POJE: Steve Viederman. MR. VIEDERMAN: I think the issue of risk management ties into so many of the other things we are talking about and gets into that this is a different set of risks than the things which may occur. We have somewhat higher probabilities here. I think it calls for something more than spin, which is often the term that I associate with risk management. We need to assure the fact of really bringing all the stakeholders in, whether it is the unions and the workers and the communities, to see that everybody is in place at the same time. It gets into the emergency response issues because of the triage needs that we have talked about. So the first issue of risk management to me is that this really must be an effort done not only in the company but in the community and involving all those effected. DR. POJE: There is the general issue of risk management, but then there is the particular issue of the EPA's Risk Management Program (RMP) that also is before this audience today. We suggested many issues earlier today that should be included under the risk management arena. Let's keep our focus on that RMP angle of risk management and ask what are the particular elements that prove to be the most useful tools for improving the system of safety around Y2K and chemicals. MR. BROCK: Now forget about that approach to a plan that merely is a piece of paper that has to be submitted to a regulatory agency. If you look at all of the elements that are in the risk management programs that have to be implemented, it is the stuff you need to do back home that is important. And it would seem to me that embedded in the risk management programs, there is an absolute necessity to be considering the Y2K program. I mean, how can anybody submit a plan or have a program going that is not focusing on Y2K. It is impossible or they are completely stupid. DR. MANNAN: Let me follow up on that for just a minute. The risk management program does not have any verbatim reference to Y2K. What it does have is a paragraph called the mechanical integrity paragraph that OSHA calls 'mechanical integrity' and I believe that EPA calls 'maintenance.' Under these, a subparagraph requires that the employer, in the case of OSHA, and the station or store owner, in the case of EPA, has an obligation to maintain the ongoing integrity of the process, and they list by name the different pieces of equipment that they are to maintain. And instrumentation controls and interlocks are things that are listed. So if an employer or stationary source owner have a knowledge that something could go wrong with that, they have an obligation to fix that. So regulators could cite you on that. DR. ROSENTHAL: If you conduct a Haz Op, how can you fail to ask what if too much, too little, and if a control system fails to shut off or shut down, I don't see how you can do a Haz Op without considering a Y2K failure. DR. MANNAN: I agree with that too. DR. POJE: Okay. So how does the RMP work within this larger system of safety to strengthen -- DR. MANNAN: Give Tom some time. He may have an opposing view. DR. POJE: Tom Lawrence. MR. LAWRENCE: Not an opposing view. On RMP, here is the guy who wrote it over here. What does process hazards analysis do to help if you are given a grandfather clause for process hazards analysis. Between now and next January nobody necessarily will be doing a PHA on a continuously operating unit. Am I correct? Now if they change something, yes, they may do something. DR. ROSENTHAL: Under EPA RMP or OSHA PSM? MR. LAWRENCE: They are the same -- I was referring to Program Level 3 under RMP, the same thing. They are prevention programs. They are the same thing. So I don't know that RMP is actually the solution here necessary. DR. MANNAN: What about mechanical integrity? MR. LAWRENCE: What about it? DR. MANNAN: Well, you are supposed to maintain the ongoing integrity. MR. LAWRENCE: Okay. DR. MANNAN: And if you know that there is a -- MR. LAWRENCE: Suppose you don't know? If you don't know, how are you going to deal with that? Let's give somebody else a chance. DR. POJE: David Kurland, Rohm & Haas. MR. KURLAND: I agree. I don't think the RMP or the PSM really gets to the Year 2000 compliance or risk management right now. For PSM, it is rolling three years. The third year process or five years. So it is not going to get us to the 378-day problem. It is not going to fix the Year 2000. However, if somebody has a Year 2000 failure that causes an incident, EPA or OSHA is going to have a really big hook to give you a big fine or something. But that is an 'after the fact' hammer and it doesn't really get into making sure that the problem is fixed beforehand. So I see it more as a way that EPA and OSHA can get to you afterwards if you have a problem. We want really to prevent problems. DR. POJE: Let me use my prerogative as facilitator here to switch this discussion. Are there any explicit guidances established by OSHA or by EPA that call to consciousness that very issue -- that if you don't address Y2K, we will be there enforcing our regulations. DR. MANNAN: EPA wants to speak. DR. POJE: In your briefing packet, is a copy of the guidance from the safety executive in the UK. Their guidance states that the regulations in the UK require you to be compliant with the Y2K issue. Craig? MR. MATHESON: Craig Matheson, EPA. I am not sure that it is in the enforcement policy, but we have been trying to make it known that as a matter of general duty. This is the notion of operating a safe facility and taking into account all the hazards that may be confronting a facility. You may not necessarily roll it into your Haz Op or other hazard evaluations, but certainly it could be part of the hazard assessment for the potential of a worst case or alternative scenario. And that message is getting out. And it is certainly one of the messages that we definitely want to get out that the RMP is another tool that could be used to help you with that evaluation, but then also to communicate what you are doing. So we are trying to disseminate that message to the RMP-regulated universe. However, there are the rest of the folks that are not covered by RMP that are in that general duty category. We want to apply it in a proactive way saying from a prevention perspective that general duty means you need to be looking at this kind of thing. And here is an incentive to do that and these are sources of information for you to make that happen. Finally, bear in mind if you don't, we are going to be asking you why you didn't. MR. KURLAND: Is there any written interpretation of that? MR. MATHESON: Yes. It may not be in the policy, but it is something that I know Don Flattery's office has put out as written -- MR. KURLAND: It is in the Clean Air Act questions and answers that comes out every couple of months. General duty clause discussion is in there. MR. MATHESON: We will get it out in that and we will also get it out in our alert that we are trying to do by next month. DR. POJE: Joe Anderson? MR. ANDERSON: Joe Anderson. I will ask my boss to write you all a letter that says under the collective bargaining agreement to provide a safe and healthy workplace, could you provide for us that your recommendations or your adjustments for any problem that we may be confronted with under the Y2K problem. It is clearly under the OSHA standard the general duty clause says that it is a requirement of the employer to provide a safe, healthy workplace, folks. This is an interesting intellectual debate but it is beyond my comprehension that anyone here thinks this is more than an intellectual debate. But we all know this. And whether it is going to happen or not is an interesting question. Following on Sam Mannan's remark down at the end of the table about Bhopal, currently within the industries where OCAW represents workers, there continue to be near misses, incidents and accidents on a regular basis. Y2K is just another complication into a very complex processing unit in all different kinds of industries -- the chemical, petrochemical and wherever you want to go. In pharmacy -- any continuous process or batch process has an opportunity for problems. And for us to say that Y2K may or may not have a problem, it may not. I hope it doesn't. But it is a complication in an already complicated industry. DR. POJE: Mark Frautschi. MR. FRAUTSCHI: I am the son of a lawyer, but I need to have a clarification. Would one of the attorneys please frame what general duty clause means? I think that is a significant word. MR. KURLAND: Is anybody a lawyer here? DR. POJE: David is one of the few people who are lawyers. MR. KURLAND: The general duty clause -- under OSHA, it is exactly what was just said. You have a general duty to provide a safe and healthy workplace. In my experience, that has been used by the regulatory agencies when they see a hazard that can cause an injury and it hasn't been dealt with. OSHA has used it with ergonomics and when there are incidents, EPA has used it when there are catastrophic releases such as at Terra industries and other kinds of explosions and disasters. So many times, to my way of thinking as a company lawyer, it is used after the fact to get at something that there is no clear regulatory driver for. DR. POJE: Angela Summers? DR. SUMMERS: I want to add just one more clarification and then mention something else. The Clean Air Act states that regardless of the threshold quantities and the chemicals listed in the Act, even if you are not covered by the Act, you still have a general duty to protect the public and the environment. So that is the catch phrase. I have been working with companies for quite a while to try to apply good safety design. I confront them with OSHA PSM and then I confront them with EPA RMP. And when that doesn't work, I talk about industrial standards and how there are industrial standards that say how I need to do it. If that doesn't work, then I hit general duty that they have to protect the public, the environment and their workers. And when that argument didn't work, I finally learned to just say I can save you money. And it comes back to Dan Daley's comment that you have to -- in order to sell risk management, you have to sell loss prevention. And you have to convince companies that if they don't do something, they losses that they will incur on January 1, 2000 will be greater than the amount of money that they will expend over the next year in trying to prevent that loss. That is the only way it works. DR. POJE: Erik Olson? MR. OLSON: Yes, I will speak as one of the few other lawyers in the room. It strikes me that there is a very clear need for the regulatory agencies, particularly OSHA and EPA, to make it very clear that their general duty clauses and general authorities are going to be interpreted in a way and very explicit that it will include Y2K issues. Because if that word is not clear, it is going to be very difficult to persuade companies, particularly some of the smaller entities, that they should take this seriously. On that point, EPA and OSHA should provide some simple, clear, cookbook type instructions on at least a start for what a small entity ought to be doing. Because if that is not out there now or soon, I am afraid that we are going to miss the opportunity to deal with the problem in advance rather than retrospectively. DR. POJE: Fred Millar? DR. MILLAR: I am going to try a pitch about this parallel to the economic pitch. What about an argument that goes like this. Because of a federal law that people really hate, 66,000 companies are going to have to report about their worst case scenarios, but not until June 20 of next year, On the one hand, it is too late to help anybody in communities deal with Y2K problems. On the other hand, if the anxieties about Y2K are building and the worst case scenarios all come out in mid-June, isn't that a kind of a mixture that we would rather not see all hit at the same time? Wouldn't it be better if there was an orderly flow of information to the communities that would help to allay possible anxieties and panics? And wouldn't it be better if that took place in a steady stream of information between now and then? And wouldn't it be possible that we would follow the NRC model of requiring companies to provide early reporting on their Y2K problems and progress? In other words, this could be a community panic-allaying or panic-averting situation. Isn't it the case that we need to start to learn how to conduct information exchanges in public? And, the public needs more and more candid information about where we are, so that citizens can find out whether we should stockpile food for one week, like the Red Cross says, or for longer than that like they say in the UK, or for one week, two weeks, or for six months. I think an increasing numbers of citizens are going to want to know for our own contingency planning what is the situation with our utilities and our local facilities and our water plants and so forth. So it seems to me that it is different from the economic argument, but it is an argument for another kind of currency, which is a currency of candid public debate and discussion and a steady flow of information between all the major parts. DR. POJE: I didn't give a chance for Ruth to speak up when OSHA was discussed. MS. MCCULLY: I just wanted to talk from an OSHA perspective, particularly when people start using the term 'the general duty clause.' OSHA has a general duty clause and we can use this. Many of you are within the industry and know about OSHA, and the general duty clause is not something that we use easily and it is not something that we use lightly. And even though the language in the Act says that an employer has an obligation to provide a workplace free of recognized hazards that are likely to cause injury, or serious injury or death, we are very careful in using that. You must recognize that there are four criteria that has come down through the courts that are required of OSHA to use. One is that it is a serious hazard. Another one is that it is recognized. So we have all large companies here who are talking about how recognized it is. But we are talking about a problem that may not be recognized by small and medium-size companies. And if it is not, we have lost one of the criteria with the general duty clause and it can't be used. So don't think that we can say, well OSHA, you can use the general duty clause. Because when we actually have to take that and test it, we may actually find from an agency's perspective that it is not within our toolbox to be able to apply it to this issue. From an OSHA perspective, what we have decided to do is to do more in the area of outreach and communication. We have developed, for example, fact sheets that compliance officers give out on inspections to employers. Granted, we are not getting to everybody. We are getting to the people that we get to interact with. We have a Website where we put information on that Website. We are publishing articles. We are working with professional associations with articles. Charles Jeffress talks about it in every speech about Y2K. And the other issue that we are planning to do which came out of the EU-US Safety and Health Conference in Luxembourg is having a Web forum on Y2K. Now our target date to do that is the end of January. But the purpose of that is not only to deal with Y2K on a domestic front, but to deal with it on an international front. So from our perspective, in order to do something that we think we can do effectively and get out there, it is more to do in the area of education and outreach. From a compliance standpoint, even after the fact, after January 1, it is something that we are going to have to look at very carefully. The other issue that I wanted to bring up is that people keep suggesting that agencies have people report. I don't know what it is like in other agencies, but our agency is covered by the Paperwork Reduction Act. Anytime we have any type of reporting, whether it be written or verbal or electronically, that can become an OSHA paperwork burden. And in order to do that, you must understand that this takes time. You have to put a notice in the Federal Register announcing that the agency wants to do this, and gather comments. And basically you are probably looking at 120 days before you are going to be able to get that approval to collect this information. So if you are looking at this Y2K time frame, which is really down to 12 and a half months, then you have got to act fast if you are going to try to get out from underneath the Paperwork Reduction Act and those paperwork burden hours. And I think that would be with almost agency that would have paperwork collection. DR. POJE: That follows up on Jack's mission to say think about the timing here as well. I also wanted to expand upon the international effort. Two weeks ago the Organization for Economic Cooperation Development issued a major press announcement as a result of their meeting on chemical accidents. That has resulted in the creation of a Website that is now focused on some of the issues that we are discussing here. The OECD web manager is very interested in what we are doing here today and how our efforts might feed back into their effort. In addition to the occupational health international effort mentioned by Ruth and the OECD effort, another international organization called the Intergovernmental Forum on Chemical Safety has also issued an international alert on Y2K. They are also seeking an Internet communication vehicle that might provide information to more parties, particularly those in lesser developed countries which may have industrial facilities facing the same kinds of Y2K safety hazards that we are confronting here. Again, this is presented just to share more information. However, I hope we recognize the potential for us to play a role nationally as well as internationally merely with the accessing of the Website issues. Michael? MR. SPRINKER: Michael Sprinker from the International Chemical Workers Union. Hopefully we all here understand what Irv really meant when he proposed that term risk management. Unfortunately, risk management, especially in many people's minds now, is tied closely to the EPA risk management plan. One thing which I would like to avoid in any communication, is confusing generic risk management with the specific EPA RMP, because immediately that restricts the world to a list of 130 odd chemicals and flammables and so on. Clearly, at least to me, the problem is broader than that. I will give one quick example. Unregulated chemicals include a persulfate chemical and other autocatalytic chemicals which when they get too high of a moisture content can react causing a fire. This happened at a plant that we represent up in the Buffalo, New York area and it completely destroyed the warehouse. Clearly in this instance, since this company was the only supplier of that chemical, you have now created a production problem. For one of the questions asked by Senators Bennett and Dodd, you have also got a potentially very large community and worker exposure problem too. So we need to focus in people's minds just what is really covered under this whole risk management issue. Echoing what Joe Anderson said earlier about the argument as to whether or not there are rules from agencies that apply, from my days working in state OSHA, if there is a hazard, I will find a rule to fit it, to be fairly blunt. And that is without going through the issue of do you actually have a moral or ethical responsibility to correct a hazard which could very well affect workers or affect the community. DR. POJE: Irv Rosenthal. DR. ROSENTHAL: I think the issue on process safety management in small or medium enterprises and the Y2K problem all have a similar thing. For a variety of political reasons, the chances of your getting out to see one of these enterprises, the smaller ones, on average is one in 200 years. For the really small ones, probably one in 400 year. Most people don't live that long. The same thing applies with EPA. Regulators don't get out there. If they got out there, word would spread like wildfire. OSHA is coming! OSHA is coming! They would be ringing the bells. But you have no impact at all on those places. The existing rules don't get impacted and you don't have to go there to punish. You can go there with the special emphasis programs that you did before your rule was in place. Just conduct surveys to collect data - find out how deep is the problem. In going there, it will pass through the trade associations. So I would suggest as a rather pointed thing that one of the things that the Senate could consider is seeing that there is authority and funding for the existing agencies under the existing rules to do a special emphasis program aimed at small to medium enterprises. If they did that, they would do the Y2K and the risk management program and they would get a return very broadly and a lot of information and in the course of doing that, they would pass on a lot of information. DR. POJE: In the spirit of discussing different degrees of motivational energy, are there other ways of achieving action that isn't only putting the burden on the regulatory agencies? What is the role of trade associations in contacting their members and conducting some surveillance of SMEs right now though the association. Would that would give us a working model as perhaps detailed as the efforts we are seeing from Rohm & Haas and OxyChem? Is that the kind of case study, if you will, that would be very useful in providing a much more exact checklist of how to manage Y2K problems in small or medium-size enterprises? MR. CALHOUN: I think what you said is on point. But to play off what Irv said and what we heard earlier on trade associations, if you had that type of push/pull system and we were all working for a common interest, if the agencies will go out there, you would generate the interest from the members to pay attention to whatever the trade associations could put out there. They couldn't get it fast enough. I have seen this happen in a number of organization meetings that I belong to. Word gets out. One company says that OSHA came to see me and they say are they coming to see me on this special emphasis program. And then you have association committees working on the programs to address it and get everybody up to speed before OSHA shows up or before EPA shows up. That is just the way it works. First, you get the attention and then you get the members of the associations asking for the information. And the quality of the information must be as was described earlier where companies can just take it and start doing things. It is not going to be as good as if they started in 1993, but it is going to be better than if they do nothing. DR. POJE: Jordan Corn. MR. CORN: What you are really talking about, and this has come up in several different fashions, is what is the wake-up call that you need to get companies working on this. And I think it really takes probably closest to what Angela said. You need somebody at the top of the company who champions this, and probably the best way to make that happen is to get an understanding of what is going to happen if you don't have a program in place. My real wake-up call was when the Board of Directors asked what we were doing and in fact one of the stories I didn't tell is that is essentially how I got my job. My boss got called and was asked what are you doing, and then I was asked what are we doing. But that wake-up call really has to involve either the liability you face personally or for those of us with something on conscience, what can happen to the processes if you don't do anything. DR. POJE: Ken Brock. MR. BROCK: In listening to all the comments, one of the things that we talked about first was how do we get to the SMEs. Then we talked in closing comments that we needed some sort of checklist. If we got to them, what would we tell them and what would the message be. We need a checklist that they can quickly go through and use as sort of their management guide to get things done. So maybe we ought to spend some time thinking about how does that checklist incorporate the ideas in risk management and process safety management standards and process hazard analysis that we can incorporate in that checklist without necessarily calling it that. But give them a guide on Y2K compliance that they can use as a small business owner to make sure they will stay in business after January 1. DR. ROSENTHAL: That is what a special emphasis program would do. MR. BROCK: Well, I think the special emphasis program is part of the answer, but that is only a kick in the rear to get them thinking about it. But then you distribute a common message through trade associations and through the EPA and through OSHA and through the electric utilities or however you get the message out -- but a common message. And if you were talking about the chemical industry, we ought to be trying to figure out how do we target the chemical industry, not necessarily all of industry. Because what we do in the chemical industry isn't necessarily what a small business owner in another industry might need to do. DR. ROSENTHAL: I was not postulating punishment in a special emphasis program. MR. BROCK: No, I understand that. DR. ROSENTHAL: I was postulating the fact that if you go into the firm and you start looking and the word gets out that they put out a list and you didn't comply and here is the list, that would pass around and generate the pressure. MR. BROCK: No matter what you call it, a small business owner doesn't want to see OSHA. DR. ROSENTHAL: That is correct. MR. BROCK: Whether it is a special emphasis program or a voluntary consultation or whatever it is. DR. POJE: I want to recognize Phil Cogan. While Phil is the Director of External Affairs for the board, he also has an enormous amount of experience in the Federal Emergency Management Agency. MR. COGAN: I left FEMA after 23 years when I was deputy director of emergency information and media affairs. This issue of motivating people to take preparedness actions is something near and dear to me. We confronted this problem all the time, and it generally falls into a three-part question. Part one of the question is can it happen. Part two is if it can happen, can it happen to me. And part three, if you get people to acknowledge that it can happen and it can happen to me, the third part is are the consequences severe enough that I should care. We found at FEMA, and I think throughout the emergency management and the preparedness communities that unless you can get people to answer the third question of yes it can happen to me and the consequences will be severe that you can't get people to take action. DR. POJE: Andrea Taylor. DR. TAYLOR: As a follow-up to what Ruth said about OSHA, is it possible that existing programs like the Cooperative Compliance Program could be a mechanism for getting out information or having small businesses participate in Y2K issues or addressing those issues through that program? MS. MCCULLY: Well, we don't have a cooperative plan. DR. TAYLOR: Oh, I see. It is completely dead now? MS. MCCULLY: Right. DR. TAYLOR: So VPP? MS. MCCULLY: Until a court decision comes out, we do not have a cooperative compliance program. DR. TAYLOR: So what about like for some of the others like VPP? Are there other existing opportunities? MS. MCCULLY: I don't know about VPP, but there is a potential mechanism, for example, through the State Consultation Project. But again, even with the State Consultation Project, just as one gentleman was saying, we might get to one place every 100 years or 200 years. Even with the State Consultation Project, you can give out information and dispense information, but it is really the companies coming to the agency. It seems to me that the types of things that we are talking about here is how do we get to the widest group to get that information out there. It might be that what all this distills down to a simple realization. There is a number of resources available to get the message out and you've got to use all of them. You can't look to one to get the message out to the entire SME population. DR. POJE: Tom Lawrence? MR. LAWRENCE: Jordan, how long have you been working on Y2K? MR. CORN: Company or as an individual? MR. LAWRENCE: Both. MR. CORN: We started our process control program in early 1997. We started our company program I guess in early 1996. I have been involved since the fall of last year. MR. LAWRENCE: Okay. MR. ANDERSON: Jordan, how long do you think it would take to share that information with everybody else? MR. CORN: It is all on our Web. It could actually be shared very well. MR. VIEDERMAN: Again, in terms of trying to get at the question of denial. We have heard a lot of reasons as to why people aren't looking at this, particularly the SME's. Within the banking industry at the moment, and whether it is relevant at all I have no idea, it is clear that the small banks are not prepared. And one of the assumptions being made is that they are assuming that they are going to be bought up by large banks and that therefore they don't have to worry about it. Now particularly in this era of mega-mergers, is it at all possible that there is some of this? Are people assuming that some of that is going to happen and then the Y2K problem is somebody else's problem and not their's? DR. POJE: Harry West? DR. WEST: Actually, it is the reverse. About ten years ago, there were 30 or 40 people operating offshore in the Gulf of Mexico and now there are 500. Why is it? Because the big firms take the old stuff they don't want to deal with and ship it off. MR. VIEDERMAN: I withdraw my observation. DR. WEST: In Houston, we call them the Des Moines doctor deals. We call them the Des Moines doctor deals because physicians and dentists from Des Moines owned an off-shore platform and never saw it. Secondly, the larger chemical companies are selling off little bitsy pieces of their companies that are recognized high hazard. How do I get insurance? I don't want to tell our friends over there from the big insurance companies, but I go down to the Cayman Islands and get some kind of a piece of paper that says I have insurance for a flooring company in Wilkesbarre, Pennsylvania. They don't go to Industrial Risk Insurers (IRI). That is the part that I worry about, and also Angela. DR. MILLAR: In trying to think about all the different ways that you could get to individuals and create a wake-up, maybe Norm or Erik could help with this. Isn't it the case that we are just coming into a period where 55,000 water companies have to prepare a customer confidence report where they have to tell their customers what kind of toxics is in the water? Wouldn't this be a mechanism, since this is going to go to zillions of households? And, could this be a vehicle where we would alert people about Y2K? Somebody mentioned IRS earlier, but it seems to me that this water mailing or something might be another avenue. When does that start? MR. OLSON: That is supposed to start now and the first round is supposed to finish in October of next year. DR. MILLAR: So it is too slow. DR. POJE: Norm Dean? MR. DEAN: Dan made a comment earlier, partly I think in jest, but that I think raises a serious issue. You were talking about the IBM and its strikes me that one of the ways in this country in which we have reached lots of people fast at the grassroots level, whether it is small or medium companies or individuals is to use the mass media. And maybe what we need are the kind of folks who put together advertising campaigns for IBM to put their head to this issue along with the czar of the federal program and come up with some mass media effort to reach small and medium-size companies and individual operators. MR. DALEY: Really what I was thinking of was a tax write-off. Actually what I was thinking of was a two for one tax write-off. For every dollar that you spend on Y2K that you would get a write-off. DR. POJE: Jack Weaver? DR. WEAVER: I suspect that we have three or four dozen organizations -- professional societies, trade associations, many represented here today. If we had a common message we would get it out very quickly on their Websites. There are companies that could do that, right? And the unions and all the different groups. And it seems to me that one of the things that might come out of this effort today, and we referred to it before -- is that we can come up with a common message, a common checklist, a common protocol or kind of a process and lay it out. If there is something we can do, at least let's have a common message that we could use uniformly and share quickly. That might be worthwhile. DR. POJE: The board will be trying to organize and produce a report from this workshop and get broader discourse about chemical safety and Y2K. We also welcome anybody else to start the ball rolling in their domain. Our sister agencies have already begun an effort on that. That could be shared more broadly with the non-governmental representatives in this room. I would argue for nothing more than a month's time to develop a common theme and a common message that we would all want to embrace as a statement about preparedness for this issue. Andrea? DR. TAYLOR: My concern is it is okay to have a common protocol to get the information out through trade associations. The problem that I still foresee is how do you get companies to actually respond. How particularly will you talk about small and medium-size enterprises that may not have a Website or some other issues may become barriers. How do you get Y2K to be an issue for them so that they will respond? And this issue goes back to whether there is a lever that would regulate or require some sort of action. I just don't see it happening or envision it happening without it. DR. POJE: I wouldn't want to posit that this was the only proposal to answer all of the questions. I also heard many earlier comments. But, this proposal might provide a common ground for additional efforts in which others are or could be engaged. DR. TAYLOR: No, I am not saying that it is an answer. I know how companies do not like regulation. But again, they don't like regulation, but they don't act if they don't have the regulation in many cases. So what do we do to get smaller companies to move forward? DR. WEAVER: It would seem to me that part of what I had in mind was something to get their attention first. In other words, not just how to do it. Not just, here is the form and here is how you do it, but some real attention getters as we have talked about today of what might happen if you don't do it. Now that is short of regulation, but it is a way to try to get their attention, the wake-up call that we talked about. And if we could get that out plus some guidelines on how to proceed or how to go about it, it would be helpful. UNIDENTIFIED SPEAKER: You mentioned before that SBA sponsored a Y2K action meeting in October. They are planning on doing another one. It will be the first week of March. That is the information that I have received so far. The first week was on awareness. They are going to go to the next phase, which will be testing. And that is a good vehicle for you guys to jump on to get information about other activities around that week. DR. POJE: Ken Brock? MR. BROCK: I'd like to follow-up on Andrea's comment about how do you get people to do something. If you are talking about small business, sometimes they are strapped for cash. They have to find ways to fund change, whether it is change in process safety management or other change. And I think we ought to at least have Congress consider either tax credits or tax incentives or small business loans or other things specifically for helping remediate the Y2K problems. That will get their attention faster than another regulation that requires them to do something. DR. POJE: Irv Rosenthal? DR. ROSENTHAL: I agree with what Ken is saying. There has been a lot of analysis on how do you shift -- you will never get perfect compliance with anything. A company doesn't do it with calculators, but there is a utility fund in which the chances of getting caught and having a loss are mirrored against the present value of the resources that you are committing, which when you commit them you have opportunity costs. If a business is short of cash and short of time, it can't manage it. That is the character of a small business. It is not running there with a luxury. It doesn't have a board of directors to call you and you don't exist. So you have to find some way of getting across the thing that Phil Cogan said. What does it mean to me in the first place? Does it have a serious impact to me? And secondly, compared to all the other serious impacts, is this highest on my list? Is this the alligator closest to a vital part? If we are going to talk about changing behaviors in small and medium enterprises -- it is a group of measures which the Senate has to consider, and they are very expert in dealing -- this is not the only problem they have in dealing with motivating businesses to do something. What we are saying is we don't know the extent of the problem in small or medium enterprises. We really don't. We suspect that it may be large, but based on the large ones, we don't know. We have to get information -- first, there is no information. When we get the information perhaps by a special emphasis program which can collect data, then we have to find out what is it that we can do to motivate small businesses in the fact of all the other difficulties they face to attack this problem. I would ask another thing. Is this really the most important problem that we want the material on? MR. COGAN: Just to follow up on what Irv said. Again, I will refer to the experience we had at FEMA in working with small and medium-size businesses. As you probably know or you may have heard of a program called Project Impact, which Director James Lee Witt has been successful in getting implemented around the country. That is a mitigation program. We conducted focus groups while I was at FEMA with small and medium-size businesses to find out why they wouldn't prepare for disasters. We are talking about preparing for a disaster. I sat on the other side of these one-way mirrors and listened to people. They didn't know they were talking to a government agency, they just knew they were in a focus group. The small and medium-size businesses wouldn't prepare for tornadoes, hurricanes, floods, you name it, unless, number one, they got a tax incentive; number two, they were required by regulation; or number three, they got an insurance break. Absent those things, they had to be convinced that it was going to cost them money and that there was a high likelihood that things would go south on them. That was repeated all over the country -- Seattle, Baltimore, Atlanta. It was a universal theme that we found. You have to convince them. If you are not going to give them financial incentives, you have to convince them that it is a financial incentive to prepare because something bad is going to happen that is going to cost them money or interrupt their business or damage their reputation or whatever it is. But it is going to go south and it is going to hurt them. DR. POJE: Mark Frautschi. MR. FRAUTSCHI: Mark Frautschi. I want to acknowledge that the awareness phase at the highest level of the organization is key. And what happens frequently after that is that there is an acceptance phase. Like, okay, now I am aware but resources and action has not been taken, so the reality of the impact has not been accepted. I think that the social dynamic is about to change in many ways. The nation is ahead of the government in terms of knowledge and awareness on this issue, unlike perhaps any other issue, and that as that accelerates, the acceptance phase may contract. So that what I am saying is that what we need to consider is that the social dynamic may change very rapidly next year and that whatever outreach we have or intend needs to be able to accommodate that. We may be able to telescope some things that we wouldn't otherwise. DR. POJE: Bob Smerko. DR. SMERKO: To follow up on Irv's recommendation, gathering data on what the problem is, is a real good place to start. Irv, we need to define the problem for sure. I would like to recommend that the board ask the chemical trade associations, and I don't know how many companies that will cover, but I think it will cover an awful lot, plus those users of the chemicals that we know about of chlorine across the country at water-treatment plants to bring in AWWA and WEF into that, and OSHA and EPA and talk about -- what was the name of the program, Irv, you talked about? DR. ROSENTHAL: Special emphasis. DR. SMERKO: A special emphasis program to talk about that and at least get everybody surveying their members like we are currently doing and like CMA has done and start counting some beans here to see where we are. DR. TAYLOR: I am confused. AWAA and the other one -- what was the other one? DR. SUMMERS: Water Environment Federation. DR. TAYLOR: Okay. DR. SMERKO: And I would be more than happy to talk that up among my colleagues that we get on the track of getting some data. DR. POJE: The clock is striking 4:00PM. I would like to finish earlier rather than later. Our goal was to get recommendations. A number of recommendations have emerged. We will be working with Sam Mannan, Jerry Bradshaw and Charles Isdale and the staff of the board in trying to complete the process. But I will also make a special appeal to you to alert me to your views on the other topics that we could not cover. It is difficult to draw boundaries between the issues of small and medium-size enterprises and risk management and then responsive communication among stakeholders. We merged a number of those topics. But are there other issues about which you have special knowledge and could provide deeper insights? Are there other tools that could be employed to more effectively alert people and motivate on this issue and promote the exchange of information they are gathering with each other? For the next 15 minutes to think about some summary remarks that you would like to make about this meeting, about this forum, about this process. I have been very appreciative of your generosity of time, energy and effort. People went out of their way to poll membership and assess the situation from the stakeholder group that they belong to. They braodcast e-mail messages announcing the meeting and seeking a broader perspective. Clearly it is our intention as a board to move from this meeting to a broader communication strategy with you and with those other stakeholders. Clearly we have the charge to reply back to Senators Bennett and Dodd about the outcome of this meeting. I would like you to think about how you would summarize this workshop and describe its utility. I would also like you to bear in mind that we didn't expect that every question would get asked, issue raised, gap identified, recommendation generated in a one-day meeting. However, I think we have created something quite useful amongst this workgroup that may serve as a model for future efforts. Hearing Gerry Scannel announce that he is going to mobilize his committees means that synergy has occurred. Y2K and safety activities were begun even before we got here. Others will continue to happen after we leave. The board would like to get more input from you. So for the next 15 minutes offer any summary comments, but then we will finish so that you can get off to your next destinations and hopefully off to a safe holiday. David Hart. MR. HART: One major point is a lot of the companies I deal with, are really beginning to see that it is more of a business issue rather than technical issue. From a technical standpoint, you just go through all the code and fix all the dates that can cause a problem. But we don't have time for that anymore. And many issues that were brought up with small and medium business emphasize that they need to consider incentives. Whether it is they are afraid that they are going to lose some revenue or go bankrupt or whatever the case may be. So if we could focus more on risk management, like we were talking about, or the assessment of risk and allow organizations to focus more on specifics rather than taking a broad approach, gathering the information that would show them where the risks are. Many companies that I talk to, even large companies, where we are assessing code, ask me for examples where they will fail or create a safety hazard. Right away we can develop a useful approach for many of those medium companies or small companies, if we could provide examples first and then create the tools which we had talked about, maybe by gathering information from large organizations and putting it in a very grounded level. This I think will induce companies to ask quickly for information, I mean the ones that aren't involved, if they understand their needs based on how we explain the risks. DR. POJE: It sounds like that is quite consonant with the charge from Phil Cogan about moving on that pathway of motivation towards action. Paul Hunter? MR. HUNTER: If I could just follow up on that. What exactly response do you give to a company when they say show me? MR. HART: Well, we do a couple of different things. It depends on the company. But what we will try to do is borrow from some of the experiences we have seen from all our customers. If one company doesn't think it is going to cause any problem and we agree, for example -- in some cases, we will talk to an R&D department of a customer of ours and we will explain things that have happened with other customers. Just little glitches. A lot of times it is in reporting of information, reports that will be erroneous. Other times it can stop systems and do things of that nature. MR. HUNTER: Let me ask from this point of view. I would think that they would want hard evidence from what you are saying. So it can't be just theoretically that if this system stops then A, B and C. So do you get in a situation where you have problems with non-disclosure agreements with some of your clients? You can represent an intermediary at times between clients. MR. HART: Sometimes when I am talking to a company particularly or I am giving a seminar, I will talk in generalities. I will talk about something that I found in code. It may be with a customer that I wouldn't say the name or I wouldn't say exactly what it would cost so they could imply who the customer is, but I will do it in generalities. Or a lot of times when you look at Y2K issues, it is not just the fact that you may shut down, but it is taking a prudent approach, which has been talked a little bit about here. There is a risk if you do nothing and you go down and then, of course, you have to explain why you didn't do anything. What we try to do is give hard evidence. But the fact is, and it has been brought up a couple of times, there are not a whole bunch of problems out there. It is like looking for a needle in a haystack sometimes. That is why what I am suggesting is, especially with a medium or small-size company, if you expect them to go out and just with a shotgun approach looking at everything, they are going to say, hey, this is just -- it is too much. I mean, I will go broke spending the money to do that, let alone trying to reduce my risk. So if we can show specific instances where there is a high risk, then they can maybe pinpoint on those things and plus see that there is a value to them right here and now. DR. POJE: Jordan Corn of Rohm & Haas. MR. CORN: I have a follow-up on that. One of the more effective things I have seen -- actually, it would have been highly effective had it not been someone preaching the choir, was an automation consultant who traveled with a PC that ran a fairly common control package. He set the time to 11:59:30, and we sat there and watched and sure enough at midnight it failed. It failed fairly irrevocably. You couldn't really get at the system to run the machine. Now if I had not had a Y2K remediation program running at my company or was unconvinced that there was a problem, this would have been a fairly convincing demonstration. And perhaps some sort of a traveling kit like that with a real system that really fails would deliver a wake-up. MR. FRAUTSCHI: May I add a ball to your follow-up? Mark Frautschi. Tava Technologies is a leading embedded systems provider, and they have got a 5 or 7 megabyte PowerPoint file which you might be able to get from them if you contact Bill Heermann. It has got a screen capture video animation. It is the most awesome PowerPoint I have ever seen where you can watch a system fail on the screen and then they will circle, this is what we are talking about and then they will point to it. So you can -- that is in principle, exportable. At Tava Technologies, talk to Bill Heermann. Beg him for it. Maybe he will give it to you and maybe he won't. Bill Heermann. I will get you his e-mail address. I think it is bheerman@tavatech.com. DR. POJE: As a reminder, you all have each other's e-mails and phone numbers and we will transmit a corrected list to you. Norm Dean? MR. DEAN: By way of concluding thoughts that I have had, it struck me that when we voted, there were really four issues that almost were equally weighted by the group and we have only addressed two of them. And I would hope that in some way the board or this group or subsets of this group could address items 17 and 18, which are the crucial issue of how the various stakeholders come together on this question in a constructive rather than an adversarial way. And second, the crucial link between the operation of utilities and chemical safety. The third comment I would offer is I think it is important for us to remember how urgent this problem is, and that while it is good to go back and suggest ideas for Congress to act upon, I would think that to the extent that we can get John Koskinen to shortcut the Paperwork Reduction Act, for example, we would be far better off than trying to get something through Congress, which as we all know may be distracted for some time to come. Anyway, this has been a terrific session, and I want to thank the board for conducting it. DR. POJE: Just to follow up on that remark, all of you have contributed to this agenda. Let's set a deadline of Tuesday, December 22, 1998 close of business, via e-mail to me, poje@CSB.gov with your thoughts and comments on the subject. The shorter, more succinct and on point, the better they will be. If you write them on your way home, the better off you will be. Because we have a quick turnaround, please submit them by close of business on Tuesday. Adrian Sepeda? MR. SEPEDA: I too echo the appreciation of the board. And as I said earlier -- and maybe from a 10,000 foot overview level, it seems to me that there are a couple of steps that perhaps we should treat as challenges. The first step is to foster awareness of why it is important, whether it is important to a big business, an individual, a community, or a small business. We have got to figure out how we can transfer the message of importance to a select audience. And then once we have their attention, it will die unless we are able to supply a tool to satisfy their need to do something about it. So I see two steps. In implementing those two steps of describing importance and then giving a tool to do something about it, we don't have a lot of time, as Jack pointed out. So I believe we have got to use the resources that are immediately available, as scattered and as varied as they are. Bring a message and then deliver a product that says this is how, to the best of our knowledge at this time, that you may be able to use this information to make it better. And we hope that by the time it gets really important and when the crucial date gets here that you are able to have mitigated, reduced or eliminated the majority, if not all, of the problems that are out there. UNIDENTIFIED SPEAKER: Are you saying, Adrian, that you are going to make some of your checklist available? MR. SEPEDA: I don't know. Smerko has on his bulletin board right now a Y2K paper that explains the concept of it and what you are supposed to do. We have made presentations here available. Jerry has asked if these could be made available electronically in the virtual world and that probably will happen. We have had questions where we have said, yes, we are using this consultant. People have called us and asked us how do you do this, and we say we handle the IT systems by using this consultant. Here is a contact, call that person and they will set you up. So until you take the personal resource of going into another company and doing some of the things, there is just so far you can go. But, yes, we will do the best we can to share information and we will probably do more. DR. POJE: Bob Smerko? DR. SMERKO: Regarding the meeting, I would like to echo the thoughts that Norm made about the value of the meeting to him. And I would like to say it is of particular value to me to hear from the public interest groups that are here and also the unions that are here to see what your concerns are about this Y2K program. I am certainly going to take back the thoughts that I heard around the table from these groups and see how that can factor into what we are doing and what we are thinking about, not only on the Y2K problem but on the RMP problem as well. So that was the value for me, Jerry. DR. POJE: And just to follow up on your remarks, Phil has designed our Website to have enormous capacity to serve as a clearinghouse. So the board is not limited to the amount of information that we can put up there. I welcome your help with that opportunity. Paris? DR. STAVRIANIDIS: I guess a couple of the things I wanted to say have already been said. I think risk management is very important. The elements, for example, of both presentations relied on the pace that they needed. You have to inventory and prioritize. So risk management elements are very important. The second thing I wanted to say is that we don't have to reinvent the wheel. People have done it. The agency has a very nice site. So people can rely on that. The last thing I wanted to say is that there is something that big companies can do to help the small companies. You have manufacturers of original equipment that say that their equipment is geared to Year 2000 compliance. You have some big companies validating that piece of equipment. Why couldn't they share that on the CSB Website so that smaller companies that perhaps use the same piece of equipment, they can just basically say, okay, the manufacturer says it is okay. Somebody did validate it. They don't have to say necessarily have to say that it was Rohm & Haas that did the validation. I mean that is something that can help small business with limited resources. DR. POJE: Erik Olson? MR. OLSON: Yes. Erik Olson with NRDC again. I wanted to just also thank the board and Jerry in particular for so much work on this in putting it together and bringing together such an interesting group. I wanted to just speak to one issue that we didn't get to, which I consider one of the Achilles heels of the whole issue, which are the utilities. We can do everything in our power to make sure that all of the chemical plants themselves are Y2K compliant, but if they are not getting electricity or they are not getting water or waste water, that may certainly trigger other problems. In particular, I hope that at some point we will be able to talk about what the chemical industry can do to survey their utilities -- survey their electrical providers, survey their water providers and their sewer providers. Because when we have asked a lot of those utilities what kind of compliance programs they have, often it is either denial that there is any problem or it is simple false reassurances in my view that everything has been taken care of and don't worry. MR. KURLAND: We have had many of the same responses. We have asked those questions and get the same stuff. DR. ROSENTHAL: That is certainly an area of focus, then. DR. POJE: Fred Millar? DR. MILLAR: Jerry, I also found the meeting very valuable. It occurs to me to mention that it seems to me that we have talked about what the regulatory agencies might do and what the professional associations might do and so forth. I am just glad that this is an example of what the board can do in terms of its capacity, not only to be immediately investigating accidents but also focusing on some special research problem and pursuing it. So I would like to encourage you to think about that and think about possibly that given that we don't have any kind of a national commission on Y2K, that the board itself might be actually one of the better places to have a white paper come out of that would summarize some of the themes that we have talked about here. I think the board should feel empowered and feel that they have the technical capabilities with their consultants and so forth to actually help people in this country understand the ramifications of the problem. That would include the possibilities of accidents, as we have thought about, the link between the petrochemical industries and the utilities, what kind of prudent contingency planning is going on in the better companies. Templates for exchanging information among companies with each other and with utilities are needed. The board has an intellectual role they can play here that would be extremely helpful to other people in the country, partly for the dearth of that existing in terms of any other public commission or public forum and with some recommendations to Congress and to Koskinen's group about what needs to be done. There is an urgency, and a board white paper is something that could be available to people and it might have a really enormous impact in terms of helping people focus and helping people see what kind of recommendations might make sense. So I would like to thank you, but also to encourage you to keep up that kind of work and help people learn how to communicate based on some of the intellectual stuff that you all can pull together. DR. POJE: Just to follow up on that, this isn't the only effort that we have conceptualized at the board. Y2K is very important, but there are other issues that we are grappling with. Dr. Rosenthal will say just a few remarks about his efforts. DR. ROSENTHAL: I think that the staff at the agency and Chairman Paul Hill and the board members have realized that workshop participants for the most part are a resource. And so the staff has been looking at a number of issues and developing a general understanding that there are important policy issues whose analysis and recommendations ought to operate in the fashion of this expert workshop. We ought to get inputs of stakeholders before we reach conclusions. Among these urgent issues is the issue of accident investigation . Bob Brant is sitting across the table with limited resources and a mandate to investigate any accident which has the potential -- not necessarily the actuality but the potential to affect the public. We can't even be sure what the number is, but we know it is very large. How do we decide which accidents we ought to investigate to do two things -- one, to meet our legal mandate, and two, to do what we are supposed to do, which is prevent future accidents. We are not in the business of investigating accidents to investigate accidents. There is no profit in that. There is only profit if we can learn from them to prevent future accidents. How do we rate this? What are the factors we consider? We think stakeholder inputs are vital and the members of the agency, like Bob and Phil Cogan and our counsel, have all asked us and the board and others to work together in getting your inputs in coming up with a mode of operation. There is also a question of how should we investigate accidents. What type of accident protocol should we use? We have a whole host of issues, and Jerry is to be congratulated with the support of staff for starting this first exposure of a mode of operation which will incorporate the stakeholder inputs into our policy decisions. Andrea has been looking at the question of data -- do we have adequate data to characterize the types of accidents we have. So you will be getting a lot more invitations to help us out. We are doing the best job we can with the resources made available. DR. POJE: Joe Anderson? MR. ANDERSON: I would like to thank Jerry and the Board -- Jerry specifically. He has heightened awareness of this Y2K situation within the union community just by his general description and discussion about that. I can say that I thought it was a wonderful meeting in the sense that I got to share information and ideas with folks and colleagues that I am not used to doing that with, and I appreciated that opportunity. I can say to you that I am considering -- and I will reiterate my comment before that it is my experience, probably because of what I do being a health and safety director of the Oil Chemical and Atomic Workers Union, that I see a lot of incidents and accidents and unfortunately worse than that, and the Chemical Board is aware of many of them. So anything that adds to that accident potential always raises my concern. And I can tell you otherwise then Y2K raises that potential in my mind and I would like to reemphasize that it is important to integrate workers into these processes as well as the community from the planning end into the application end. And I would hope that you would all keep that in mind and I will write Jerry and ask him to do that. DR. POJE: Mike Sprinker? MR. SPRINKER: Michael Sprinker at International Chemical Workers Union. I am a colleague of Joe's -- different unions, but we get along. I am glad to hear -- I expect the home cloning kit to come in the mail one of these days so we can help Irv and the board out with coming to more of this. This was extremely valuable. But speaking of home cloning kits, one of the things that I would love to be able to do and hopefully will be able to do before too long is at least get a list of 20 questions or whatever out to my members so they can start to know what questions to ask back in the plants. However, just as we talked about training employers, the one thing that really has to go along with that, is training employees. A trained workforce will know when they get an answer back of don't worry, whether they should worry about controllers and other device because they know that other plants have seen such and such problems with that. I will be writing Jerry to suggest how can we involve the workers in the plants and how can we train them. We have already trained a few thousand people a year through the chemical workers and I know OCAW does the same and other unions do. So that is a very good potential route to get to. Other than that, as I said, it has been a great meeting and we will see what we can do. Although again, time is of the essence, and I know if I don't get something out before the end of March, it may be too late to have a big effect on planning. DR. POJE: Jack Weaver? DR. WEAVER: Jerry, when I came in this morning and saw the size of the group and how wide open the topic was, I wasn't sure where we were going to end up. But I think that what you have done today is remarkable. And how I would characterize it is the convergence that the group has had. I am not sure why exactly, but I think it is probably because the group has shared some common experiences before they came here. But when you look at the four votes, the four top ones, and see how many there were on those four and how we converged around those, I think that is remarkable, and then we went to work on a couple of them. I think we achieved quite a bit. The CPPS group is going to continue to be supportive and have this on our agenda for all the meetings during 1999 and do whatever we can with the small companies to get the word out. DR. POJE: And as Phil Cogan has told me, because of the way we were trying to pick up everybody's voices at this meeting, we also would offer that as a service that the board would provide. Please alert your association members or your unions or whomever, that some of this expert workshop will be available in the real time audio. Anyone can listen to what was going on at this meeting, hear some of the discourse and focus on the issues. Hopefully more people will have access to it. Mark Frautschi? MR. FRAUTSCHI: I think it was back in April I read a GAO report that said -- the title I thought framed things really well. It said that the Year 2000 computer crisis calls for new leadership and new partnerships. And when I first read that, I was very cynical about it. But actually I think in the diversity and the unity in the people and the groups that are represented here, I think we are seeing new partnerships. I have never seen anything like this. And I think, Jerry, you are an example of the new leadership. What I like about this is that whatever happens, whatever the recovery period is on the other side, I think that we will have this as a structure for doing business in the future, something that we didn't have before. DR. POJE: Lois Epstein? MS. EPSTEIN: Jerry, I will lend my voice in thanking you for bringing us all together. But I will also add an observation, something I don't think we had the time to focus on as completely as probably would be helpful, and maybe we could all think about it a little more in the future. It is how to set priorities, both among company sectors and within companies, because I think that is a particularly tough challenge for small businesses, unless they have the buy-in of the top staff, they are not going to set priorities in an effective way. And I also want to add that the risk management plans that are going to be available middle of this year are going to be a useful tool and a rich data source for setting priorities. So that is something to keep in mind. DR. POJE: We are almost at 4:30PM. Angela? Maybe one other comment and then we will let everybody out of the room. DR. SUMMERS: I read a press release earlier this week that the Y2K issue was a real issue because Barbara Streisand had canceled her New Year's Eve concert. What I do want to say is we have identified that it is real and we have also identified that small and medium-size enterprises don't have the resources to do it. And I would strongly encourage the Chemical Safety Board and anyone else to try to put pressure on the Senate and the government to provide some financial resources through tax incentives or other efforts in order to make it possible for them to have people go through and do assessments, remediation and validation. DR. POJE: Thank you one and all. Please have a safe journey home. We appreciate it. (Whereupon, at 4:29 p.m., the workshop was concluded.) 97 U.S. Chemical Safety and Hazard Investigation Board Expert Workshop on: "The Year 2000 Technology Problem and Chemical Safety" December 18, 1998