The most dangerous document in your facility might be the one nobody’s updated since 2019.
Walk into the engineering department of a mid-size refinery today and you’ll likely find the same system that’s been running for twenty years: a shared drive full of Word documents and PDFs, a master list of standards in Excel, and a manual tracking process that depends entirely on whoever took ownership at the last staff transition.
This isn’t a criticism. It’s the reality of how industrial engineering standards management works at the majority of facilities that don’t have a $2 million/year regulatory compliance IT budget. The majors have enterprise systems. Everyone else has Excel and tribal knowledge.
The problem is that the regulatory environment stopped tolerating this approach in 2024.
What RAGAGEP Actually Requires
OSHA’s Process Safety Management standard has always required facilities to follow “Recognized and Generally Accepted Good Engineering Practices” — RAGAGEP. What RAGAGEP means in practice is that your facility must comply not just with the version of the standard you used when you designed the process, but with the current version of the applicable codes.
ASME, API, NFPA, and CCPS publish revisions on rolling schedules. A standard you referenced in your 2018 PHA may have had two major revisions since then. If your facility is still operating against the 2018 basis and OSHA conducts a PSM inspection, the gap between your document and the current standard is a citation.
The maximum OSHA fine for a willful violation is $165,514 per citation (2025 inflation-adjusted figure). A single PSM inspection at a facility with stale standards can generate dozens of individual citations. The math is not subtle.
The EPA Just Made the Problem Bigger
In March 2024, EPA finalized the most significant changes to the Risk Management Program rule in decades. The rule is effective May 10, 2024, with a three-year compliance runway.
That means May 2027 is the hard deadline.
Program 3 facilities — the petroleum refining and chemical manufacturing sectors — are now required to include a Safer Technology and Alternatives Analysis (STAA) in every PHA. This isn’t a checkbox. It requires documentation of inherently safer technology alternatives, justification for decisions not to implement them, and integration with the existing PHA basis.
EPA estimated the annualized industry cost of STAA compliance at $168–205 million at current discount rates. The majority of that cost is analysis work — the kind of work that, under current manual processes, takes 3–4 weeks per document.
For a facility with 15–20 covered processes, do the math on what a full STAA program costs in engineering hours under the current workflow.
Why Excel Fails Here Specifically
The Excel-and-shared-drive approach fails at three specific points in the standards management lifecycle:
Tracking revisions in real time. ASME B31.3 was revised in 2022. API 570 in 2023. NFPA 70E in 2024. Most facilities have no automated mechanism to flag when a standard referenced in their PHA basis documents has been superseded. The revision happens, and the gap opens silently.
Running gap analysis efficiently. When a facility does perform a standards review — typically ahead of a compliance audit or after a near-miss — the process is manual: pull the current standard, pull the facility’s document, compare section by section. A single complex standard takes a week. A full PSM element review takes a month. The work is both critical and completely unscalable.
Generating defensible documentation. OSHA and EPA don’t just want evidence that you performed the analysis. They want to see the analysis itself — what you compared, what gaps you found, what you decided to do about each one, and why. Excel doesn’t produce that kind of audit-ready documentation naturally.
What the Gap Costs in Practice
Industry data points to PSM compliance consulting running $8,500–$25,000 per engagement for a focused gap analysis. Enterprise compliance platforms like Intelex or Cority start at enterprise pricing that’s inaccessible to independent operators and small refineries.
The facilities that fall between those two options — too large to run entirely on judgment and too lean to deploy enterprise software — typically absorb the gap analysis cost as internal engineering time. That internal time is not free. It’s pulled from the same engineers who are supposed to be running the facility.
When an OSHA inspection finds what that internal analysis missed, the math changes considerably. Twenty citations at a willful violation level is a $3.3 million exposure. That’s not hypothetical — the PSM enforcement record includes multi-million-dollar penalty packages at facilities that had active compliance programs. They just hadn’t kept the standards current.
There’s a Better Workflow
NORMEX Standards AI was built specifically for the facility that can’t afford a four-week consulting engagement every time a standard is revised.
The workflow is straightforward: upload your existing standard as a PDF, specify the applicable RAGAGEP references, and the system runs a structured gap analysis — identifying obsolete sections, flagging OSHA PSM and EPA RMP alignment gaps, cross-referencing current codes, and generating an updated draft in the same format as the original document.
The gap analysis that takes a consulting team three weeks runs in 3–5 days. The output is a working document, formatted to industrial standards style, ready for technical review by your engineering team — not a summary that still requires someone to do the actual writing.
NORMEX runs locally on Windows. No cloud storage. No data leaves your network. For facilities with confidentiality requirements around process information, that matters.
The May 2027 STAA deadline isn’t far. Facilities that start their PHA revision cycles now have time to do it right. Facilities that wait until 2026 will be choosing between rushed internal work or expensive emergency consulting.
The tool exists to give engineering teams a third option.
If you want to see NORMEX run on one of your actual documents, book a walkthrough here. We’ll run your document through a live gap analysis during the session so you can evaluate the output quality before making any decision.
Timothy Porritt is founder of Porritt Inc., building AI-powered tools for heavy industry including NEXUS CAD and NORMEX Standards AI. A petroleum engineer by training, Timothy writes about the intersection of industrial engineering, AI, and entrepreneurship.
