2020 Performance Highlights

• Reduced the number of serious events, process safety events, environmental spills and injuries compared to 2019.
• Strong focus on human performance and learning organization concepts.
• Utilizing Life Saving Rules and Process Safety Fundamentals to control work and mitigate serious events in the field.
• Crisis management teams employed globally and cross-functionally to safely run the business and protect personnel during the coronavirus pandemic.

Safety

SPIRIT Values — Safety, People, Integrity, Responsibility, Innovation and Teamwork — inspire our actions and confirm that safety is core to how we operate. We consistently promote safe work practices and are focused on control of work. Read our Health, Safety and Environmental Policy.

A Learning Organization

Our vision is to increase operational reliability and resiliency, and we believe that begins with learning. By being curious about how work is done, mindful of risks and committed to predicting errors, we can minimize or eliminate the likelihood of unexpected events.   

We define human performance as the way people, equipment, work processes and culture interact as a system. By introducing human performance concepts and enhancing leadership behaviors that promote learning, we are reenergizing our existing HSE processes and tools. We are specifically focused on reducing the outcome of human error by improving the interaction between individuals, critical controls and systems, by recognizing error-likely situations, and by applying safeguards to reduce the likelihood of error. View more about safety leadership in the Bakken.

By applying a learning mindset and human performance concepts, we are increasing our capacity to safely manage work and critical activities. Across our operations, we take learnings from past events or near misses and use them to improve our procedures, training, maintenance programs and designs. Understanding how people work enhances our ability to identify potential risks and verify safeguards to mitigate them. 

We have processes in place to encourage candid dialogue on the work being done and to share ideas that promote operational reliability and resilience. Learning teams are facilitated sessions in which the team and facilitator discuss successful work or an unplanned event to better understand the context of how the work was done. Our Opportunity to Learn process enables information to be shared quickly following an incident or near miss so learnings can be recognized and applied to other applicable locations to prevent repeat incidents.

This approach is reinforced through additional activities such as verification of personal and process safety safeguards, and meaningful leadership engagement with field operations. 

Process Safety

Process safety is achieved by using special precautions, or barriers, to keep our facilities safe and our products safely contained, eliminating potential impact to people, property or the environment. An unplanned or uncontrolled release of any material is considered a process safety incident. We have consistent practices and processes for the prevention, control and mitigation of process safety incidents. Effective precautions, or barriers, can be active, passive or procedural, and can involve equipment and/or people. We utilize multiple barriers to achieve redundant safeguards depending on the severity of the potential hazard.

We seek to continually improve our process safety culture and performance across the entire company. A global network of process safety experts meets regularly to share knowledge and discuss best practices for continuous improvement. To strengthen our process safety performance:

• Engineers design safer systems with new knowledge and technologies.
• Trained operations staff performs routine maintenance to mitigate process hazards and ensure asset integrity.
• Process safety experts analyze events and share knowledge globally.

Enhancing process safety awareness and competency across our company is one of our key objectives. Our Process Safety Fundamentals are simple, actionable, good operating practices developed to improve process safety awareness. Over time, people naturally become desensitized to the risks they face, making errors more likely. Recognizing this, the Process Safety Fundamentals are intended to increase focus on critical tasks.

In our Norway business unit (BU), risk-based assessments and a robust asset integrity process contributed to an impressive safety year in 2020. For the fifth year in a row, there were zero significant or high-risk incidents and, for the sixth consecutive year, zero significant hydrocarbon spills occurred. Additionally, the BU’s total recordable rate (TRR) of 0.09 is one of the best on record. With an emphasis on systematic operating integrity, the BU focused on key risk areas including process isolations, work on wells and lifting operations. A daily permit to work process was established for Life Saving Rules verification planning, selecting key risk activities and emphasizing the relevant rules. These efforts allowed the team to execute safe operations offshore and at the Teesside terminal, despite the pandemic.

Personal Safety

Our Life Saving Rules are visual reminders with easy-to-follow minimum requirements to keep our workforce safe during high-risk operations. They are part of our safe work cycle that includes planning, execution, verification and correction. Our Life Saving Rules reinforce our strong culture of safety and contribute to our long-term decline in high-consequence events, process safety events, hydrocarbon spills and personal injuries. 

ConocoPhillips employs extensive COVID-19 mitigation efforts which often exceed the local standards and requirements. However, we did experience instances of workplace transmission in 2020. Including lost workday cases related to COVID-19, our 2020 total recordable rate (TRR) was 0.21. Excluding COVID-19 cases, our TRR was 0.12, a new company best.

We compare our TRR to oil and gas peers and to other industries. Our 2020 workforce TRR of 0.12 excluding COVID-19, is industry leading.

HSE Management System

Our corporate HSE Management System Standard helps ensure that business activities are consistently conducted in a safe, healthy, environmentally and socially responsible manner across the globe. Our corporate standard aligns with, and is based on, industry standards such as ISO 45001, OHSAS 18001, ISO 14001 and ISO 9001.  In accordance with the corporate standard, each business unit maintains an HSE Management System to assess and manage the local operational risks to the business, employees, contractors, stakeholders and the environment.  

All our business units periodically review their HSE management systems against the corporate standard and are responsible for integrating HSE and sustainability issues into day-to-day operations, project development and decision making. They analyze current status, identify areas for potential improvement, and then implement key activities to reduce risk and further improve HSE performance. They are held accountable through an annual performance assessment.  

Objectives, targets and deadlines are set and tracked annually to improve our HSE performance. Targets and progress are reported to our Executive Leadership Team and the Board of Directors.  

Corporate HSE audits manage and maintain a process to provide an independent, objective and consistent assessment for global company-wide operations. Business units have auditing processes to provide an assessment of compliance with applicable HSE legal requirements and conformance with ConocoPhillips HSE policies, standards and practices.  

Results of closure on corrective actions from audits and other risk improvement items are annually reported through a process designed to ensure items are communicated through all levels of company management and driven to appropriate resolution in a timely manner.  

Read more about our Sustainable Development risk management process.

Emergency Preparedness

The complex nature of our business means we must be prepared to respond to a range of possible disruptions such as major accidents, political instability or extreme weather. Preventing incidents through good project planning, design, implementation and leadership is our primary objective. However, if a spill or other unplanned event occurs, we have plans and processes in place to respond effectively. We also conduct thorough investigations of all significant incidents to understand the root cause, and we share lessons learned to prevent future incidents. We report on our spill performance annually.

Preparedness Policies

Our corporate Crisis and Emergency Management Plan outlines the framework used to manage our response to significant incidents of all types. A Crisis Communications Functional Support Plan outlines how we will communicate with internal and external stakeholders, including emergency responders, regulatory agencies and community members, should an incident occur. Each business unit maintains emergency response plans specific to each asset’s potential risks. Response plans are available to all employees, contractors and designated suppliers.

We have a comprehensive tiered response framework to efficiently mobilize the appropriate teams in an emergency. A Tier 1 response is fully managed at the business unit level. If the response exceeds the capabilities of an individual business unit, the Crisis Management Support Team and Global Incident Management Assist Team (GIMAT) would be activated as part of our Tier 2 and Tier 3 response frameworks. The Crisis Management Support Team provides functional, strategic and/or tactical support to the affected business unit during a significant incident or crisis. The GIMAT is comprised of subject matter experts from different BUs and functions who have undergone extensive emergency response training. In a Tier 3 response scenario, the Crisis Manager would provide direct access and updates to the Executive Leadership Team.

Training

We develop effective emergency responders by conducting multiple emergency response training events and exercises each year for our global operations in compliance with company standards and local regulatory requirements, including the U.S. Oil Pollution Act. 

In 2020, we conducted virtual crisis-response training for our Montney asset area in British Columbia, Canada. The drill was designed to audit the response plan and optimize collaboration between local staff and virtual GIMAT participants in an exercise that included a hypothetical tank farm fire and explosion, resulting in a major highway closure and nearby community evacuation. Scenario training and drill exercises provide an opportunity to evaluate BU, regional and corporate incident management systems. Lessons learned and best practices from key exercises are shared within our internal emergency response community and with external response partners and vendors to further enhance our capabilities.

24/7 Monitoring

Our Crisis Management Notification Process is anchored by a hotline — staffed 24 hours per day, 7 days per week — that allows stakeholders to report emergencies. The number is publicly available and is included in product transport paperwork. If assistance is required, a ConocoPhillips representative will coordinate the activation and/or mobilization of corporate resources as necessary.

Occupational Health and Industrial Hygiene

The goal of our Occupational Health and Industrial Hygiene program is to protect the health of workers and the neighboring community through the identification, evaluation and control of potential workplace exposures.  Each business unit develops and implements an Exposure Assessment Plan that identifies potential chemical and nonchemical exposures and implements controls to prevent worker or community exposures. Health assessments are conducted to ensure that control measures are protecting the health of potentially exposed workers. 

Read more about employee benefits and wellness. 

Security and Cybersecurity

The security and protection of our people, assets, information and reputation are cornerstones of our business. While risk can never be eliminated, we continuously strive to mitigate it by prudently anticipating, preventing and responding to internal and external security incidents.

As an operator of critical infrastructure and facilities in challenging locations worldwide, we work closely with governmental agencies, nongovernmental organizations, our peers and local communities on initiatives to identify, deter, prevent and mitigate a range of potential threats to company personnel, facilities and operations. Our facilities are compliant with national and international security regulations including:

• U.S. Customs-Trade Partnership Against Terrorism standards
• Department of Transportation
  • Transportation Worker Identification Credential (TWIC)
  • Hazmat Transportation Security requirements
• Chemical Facility Anti-Terrorism Standards
• International Ship and Port Facility Security Code
• Maritime Transportation Security Act
• Maritime Transport and Facilities Security Regulations (Australia)
• Bureau of Land Management
• All other applicable governmental security requirements

We maintain a “Tier III” status in the Customs-Trade Partnership Against Terrorism program by demonstrating effective security that exceeds the minimum program criteria. Our program ensures categories of company procedures intended to maintain the integrity and security of the international supply chain. This effort is conducted through our partnership with U.S. Customs and Border Protection who assess the overall effectiveness of our security processes.

We remain an active, participating member of the U.S. State Department Overseas Security Advisory Council (OSAC), the Domestic Security Alliance Council (DSAC), Voluntary Principles on Security and Human Rights (VPSHR) and other national and international security organizations.

Cybersecurity

Our business has become increasingly dependent on digital technologies, some of which are managed by third-party service providers on whom we rely to help us collect, host or process information. Among other activities, we rely on digital technology to estimate oil and gas reserves, process and record financial and operating data, analyze seismic and drilling information and communicate with employees and third parties. As a result, we face various cybersecurity threats including:

• Attempts to gain unauthorized access to, or control of, sensitive information about our operations and our employees.
• Attempts to render our data or systems (or those of third parties with whom we do business) corrupted or unusable.
• Threats to the security of our facilities and infrastructure as well as those of third parties with whom we do business.
• Attempted cyberterrorism.

The Information Technology Security, Strategy and Planning team is responsible for cybersecurity strategy and planning. The team reports to the Chief Information Officer who reports to the Senior Vice President, Strategy and Technology. Information security requirements for all employees, contractors and partners are detailed in the ConocoPhillips Information Security & Protection policy, which is approved by senior leaders. Our ongoing information security management strategy is to align the company’s program with the NIST Cybersecurity Framework.

While our management team is responsible for the day-to-day management of risk, the board of directors has broad oversight responsibility for our risk-management programs. In order to maintain effective board oversight across the entire enterprise, the board delegates certain elements of its oversight function to individual committees. The Audit and Finance Committee (AFC) assists the board in fulfilling its oversight or enterprise risk management regarding the effectiveness of information systems and cybersecurity. In addition, the board delegates authority to the AFC to manage the risk oversight efforts of the various committees. As part of this authority, the AFC regularly discusses ConocoPhillips’ enterprise risk-management policies and facilitates appropriate coordination among committees to ensure that our risk-management programs are functioning properly.

To minimize the likelihood of cyberattacks, employees and contractors are required to complete information security training annually, and we frequently communicate with our workforce about best practices to avoid cyberthreats. We revised internal security awareness training in 2020 to reflect current security challenges and the company's security objectives. Each employee was required to complete the annual training.

Although we have experienced occasional breaches of our cybersecurity, we continue to modify or enhance our protective measures and investigate and remediate any vulnerabilities detected. During 2020, none of these breaches had a material effect on our business, operations or reputation and do not meet the criteria to be deemed a reportable incident per SEC reporting requirements. For example, ConocoPhillips is one of many customers of SolarWinds, a major U.S. information technology firm. In December 2020, SolarWinds was subject to a cyberattack that spread to its clients, including ConocoPhillips. Upon learning of the cyberattack, both from U.S. Cybersecurity & Infrastructure Security Agency advisories and SolarWinds’ vulnerability notification, ConocoPhillips promptly initiated actions. Our coordinated response activities included a comprehensive review and analysis which did not identify any compromising activity and we continue to review emergent data against our environment.