For Upstream + Midstream + Downstream Operators
Oil and gas operators face the densest US safety + environmental + cybersecurity regulatory stack of any sector. PHMSA 49 CFR 192/195. OSHA PSM 14-element program. EPA RMP for chemical thresholds. API RP 1173 SMS. TSA pipeline-security directives. BSEE SEMS offshore. RiskWatch handles all of it as one survey-based assessment platform sized for HSE, integrity, and process-safety teams.
Trusted by upstream + midstream + downstream operators managing PHMSA, OSHA PSM, EPA RMP, TSA security directives, and API standards across drilling, production, gathering, transmission, processing, refining, and marketing assets.
Why HSE + Integrity Teams Pick RiskWatch
RiskWatch runs API RP 1173 SMS, OSHA PSM, EPA RMP, PHMSA pipeline regs, TSA security directives, and BSEE SEMS as one program on one platform, scored against the same controls library, and tracked through a single inspection-ready evidence trail. Built for operators where one HSE + integrity team covers every regulator, every asset class, and every audit cycle, without enterprise-bank GRC overhead.
PSM 14 elements + API 1173 SMS plan + EPA RMP program elements cross-mapped. PHA, MOC, MOC-PSSR, mechanical integrity, and incident investigation share evidence, no parallel binders.
SD-Pipeline-2021-02C + the cybersecurity-focused successors are tracked as overlays. Operations + IT + OT cybersecurity controls map to the same access-review and patch-management evidence already captured for API 1173.
VP HSE + integrity manager + PSM coordinator share one platform. Pre-built libraries cut prep time. White-glove implementation in 30 days, not 6 months.
The Oil + Gas Regulatory Landscape
The TSA Pipeline Security Directive arrived after Colonial Pipeline (May 2021). PHMSA inspection enforcement collected $5M+ in 2024 civil penalties. OSHA PSM 14 elements have not changed since 1992 but still drive most refinery audit findings. EPA's amended RMP rule (Safer Communities by Chemical Accident Prevention) took effect in 2024. Each regulator wants its own evidence package.
Three Domains, One Platform
RiskWatch covers all three. Each domain has a dedicated workflow, scoring model, and remediation queue. They share data so a single management-of-change event satisfies PSM §1910.119(l), API 1173 §6.4, MOC-PSSR, and EPA RMP §68.75 simultaneously.
Survey-based risk assessment across PHA, mechanical integrity, asset register, and process-hazard scoring, aligned to API 1173 SMS + PSM + RMP.
PHMSA 49 CFR 192/195, OSHA 1910.119 PSM, EPA 40 CFR Part 68 RMP, BSEE SEMS, API standards in one cross-mapped library.
TSA Pipeline Security Directives, ANSI/API 780 security risk assessment, IT/OT cybersecurity, and physical security across every asset.
The Coverage Gap
EHS platforms cover incident reporting + leading indicators. Pipeline integrity vendors cover MAOP + ILI tracking. PSM specialty tools cover the 14 elements. TSA-directive specialty cover cyber. Each does one job. HSE + integrity teams still operate four parallel programs.
| Platform Category | API 1173 | OSHA PSM | EPA RMP | PHMSA | TSA SD | Multi-asset |
|---|---|---|---|---|---|---|
| EHS PlatformsSphera, Enablon, Intelex | Partial | Yes | Partial | · | · | Yes |
| Pipeline IntegrityPODS, ESRI APR, Bentley OpenFlows | Partial | · | · | Yes | · | Partial |
| PSM Specialty ToolsPHA-Pro, BowtieXP | · | Yes | · | · | · | · |
| TSA Pipeline CyberDragos, Claroty, Nozomi | · | · | · | · | Yes | · |
| Internal Audit / ERMWorkiva, AuditBoard | Partial | Partial | Partial | · | · | · |
| Spreadsheets & Email | · | · | · | · | · | · |
| RiskWatchThe unified inspection-ready platform | Yes | Yes | Yes | Yes | Yes | Yes |
RiskWatch is the only platform covering all six oil and gas compliance domains: API RP 1173 SMS, OSHA PSM 14 elements, EPA RMP, PHMSA 49 CFR 192/195, TSA Pipeline Security Directives, and multi-asset coordination. EHS platforms cover incident reporting. Pipeline integrity vendors cover MAOP + ILI. PSM specialty tools cover the 14 elements. Each does one job. RiskWatch unifies all six in one survey-based assessment workflow.
How It Works
RiskWatch is a survey-based assessment platform. The work is structured around questionnaires that capture process-safety, integrity, environmental, and cybersecurity posture in a consistent format, then scored against every framework you align to.
For oil and gas, that workflow runs continuously across API RP 1173 SMS, OSHA PSM 14 elements, EPA RMP three program levels, PHMSA inspection cycles, TSA pipeline security directives, and BSEE SEMS audits. A single MOC record scores against PSM §1910.119(l), API 1173 §6.4, EPA RMP §68.75, and the operator's own change-control SOP simultaneously.
The same platform runs all of it, surfaces gaps before regulator arrival, assigns remediation owners, and tracks completion. Replace the four parallel tools and the spreadsheet bridge between them.
Built For Your Role
Owns enterprise-wide HSE program, board-level safety performance, and PSM/RMP regulator-facing posture.
API RP 1173 SMS scoring continuous. PSM + RMP audit-ready. Board metrics + leading indicators surface from the same vault.Owns 49 CFR 192/195 inspection cycles, MAOP, ILI program, and PHMSA-facing integrity evidence.
PHMSA inspection ready. Integrity management plan scored continuously. Threat assessment + assessment-frequency intervals tracked.Owns OSHA PSM 14 elements + 5-year compliance audits + contractor PSM responsibilities.
All 14 PSM elements scored. PHA backlog visible. MOC + MOC-PSSR cycle time tracked. 5-year audit captured continuously.Owns PHA / LOPA / Bowtie analysis, mechanical integrity inspection cycles, and process-hazard register.
PHA + LOPA evidence captured. Recommendations tracked to closure. Mechanical integrity backlog visible.Owns TSA Pipeline Security Directive compliance, OT cybersecurity, control-system protection, and IT/OT boundary.
TSA SD-Pipeline evidence captured year-round. OT incident-response plan tested + tracked. Quarterly TSA reports built from live data.Owns multi-regulator program (PHMSA + OSHA + EPA + TSA + state), CCPS Process Safety Beacon adoption, and regulator-facing correspondence.
Regulator-by-regulator dashboards live. Submission-ready evidence packages on demand. Cross-regulator overlap surfaced rather than duplicated.Built For Your Segment
Onshore + offshore drilling and production operators under BSEE SEMS (30 CFR 250 Subpart S) + state oil-gas commission rules.
Gas + liquid pipeline operators under PHMSA 49 CFR 192/195 + TSA Pipeline Security Directives + API RP 1173 SMS.
Refineries + petrochemical plants under OSHA PSM (1910.119) + EPA RMP (40 CFR 68) + state-specific PSM analogs (e.g., California PSM).
Local distribution companies under PHMSA 49 CFR 192 + state PUC + DIMP (Distribution Integrity Management Program).
Underground gas storage (PHMSA 192 Subpart J), liquid terminals, and LNG facilities under federal + state oversight.
Drilling, completions, well-servicing, and integrity-services firms under client-imposed contractor management programs.
Frameworks We Cover
RiskWatch ships with pre-built libraries for every major US oil and gas regulation + recommended practice + industry standard. Map controls once. Score against the framework that matters this audit cycle.
Trusted across oil + gas operators
We had three program owners running PSM, integrity, and TSA cyber on three different tools. Now it's one platform. PSM 14-element scoring, API 1173 SMS plan, PHMSA integrity program, and TSA SD-Pipeline overlay all run from the same evidence vault. Our last PHMSA inspection produced two notices of probable violation instead of nine.
Resources
Upstream · Midstream · Downstream
30-minute walkthrough of the oil + gas library, your asset + regulator inputs, and the single evidence-trail output. No slideware, no consulting upsell.
Or call US: +1 401 884 5236
