Information Advisory CER IA 2022-001 – 2021-22 CER Contaminated Site Management Audits: Lessons Learned

Information Advisory CER IA 2022-001 – 2021-22 CER Contaminated Site Management Audits: Lessons Learned [PDF 131 KB]

File OF-Surv-Gen11 01
19 July 2022

All Companies under the Jurisdiction of the Canada Energy Regulator
Canadian Association of Petroleum Producers
Provincial and Territorial Regulators
  • Information Advisory CER IA 2022-001
    2021-22 CER Contaminated Site Management Audits: Lessons Learned

Please find attached the Information Advisory CER IA 2022-001.

The Canada Energy Regulator (CER) has issued the attached information advisory to provide clarity regarding the CER’s interpretation and expectations regarding one of the audit topics assessed in 2021/22; specifically, the assessment of a company’s contaminated site management.

CER-regulated companies are expected to review the deficiencies noted and confirm they do not exist in their own management system. The CER will incorporate these learnings into its compliance and oversight activities and in future audits.

If you require any further information or clarification, please contact the Director of Audit, Enforcement and Investigation through our toll-free number at 1-800-899-1265.

This, and other advisories are published on the CER Safety and Environment website.

Best regards,

Signed by

Gitane De Silva
Chief Executive Officer


Information Advisory
CER IA 2022-001
July 2022

2021-22 CER Contaminated Site Management Audits: Lessons Learned

Basis for Issuance

The Canadian Standards Association (CSA) recently published and released to the general public CSA Z662:23, the latest version of CSA Z662, Oil and Gas Pipeline Systems.


As part of its ongoing oversight activities, the CER’s 2021/22 compliance audit program focused primarily on contaminated site management, which is an area related to effective management system function. Four companies ranging from small to medium size were selected for the audits, all of which were chosen based on the CER oversight risk identification and prioritization model.

The objectives of the audits were to verify that each company’s contaminated site management program as a component of its environmental protection program, meets the requirements of the OPR and the company has the necessary processes, procedures, and work instructions in place to fulfil the requirements of section 6 of the OPR.

Management System Learning Areas

Common deficiencies from the Audit Reports are summarized in this Information Advisory (IA) in order to promote learning and improvement across all CER-regulated companies.

Setting Objectives and Specific Targets

The Auditors found that requirements related to section 6.3 (and its six section 55 programs) and paragraph 6.5.1(a) of the OPR with respect to setting objectives and targets were not met due to a lack of specificity and a lack of alignment with corporate goals. The CER expects environmental protection programs to include objectives and targets that relate to preventing, identifying, and managing contaminated sites in alignment with corporate policies and goals.

Performance Measures

The OPR requires companies to set program level objectives and targets designed to achieve corporate goals, and performance measures to enable a company to monitor its success. Some companies demonstrated they had set objectives and targets at the environmental protection program level, but they had not set measures to evaluate their performance. Other companies had performance measures, but they were not designed to demonstrate continual improvement in the management of contaminated sites.

Hazard Identification and Management

Among other requirements, companies must have processes for identifying and analyzing hazards and potential hazards, evaluating the risks, and identifying the possible existence of contaminated sites. Companies must also be able to demonstrate that they are actively reducing the risk of contaminated sites. Given the nature of oil and gas pipeline activities, companies must assess where past historical practices and current operational activities could have resulted in some form of contamination.

Some companies stated that they had not yet identified a contaminated site on their systems even though they were operating pipelines that had been in place for years. Some of these companies did not have any processes, procedures, or work instructions in place designed to identify and manage a contaminated site if they happened to encounter one.

Training, Competency and Evaluation

Identifying and managing a contaminated site requires specific competencies and training. Without appropriate staff and contractor competencies, a company might overlook a contaminated site that could impact human or ecological health. There is also the potential to mismanage contaminated land, once discovered.

Contamination, once identified, needs to be fully delineated and have the potential hazards and risks it poses to receptors assessed. While the CER is aware that companies often rely on third party contractors to perform these tasks, the company is still required to recognize if the contractor is properly managing a contaminated site. Some companies had not adequately defined the competency and training requirements in their documented processes.


Managing contaminated sites involves effective internal and external communications with all potentially affected persons, including communities, Indigenous peoples, and stakeholders. This communication serves to make everyone aware of the location of contamination, its source, delineation, hazards, risks, and potential liabilities. Effective communication is also needed to convey the actions being taken to reduce and minimize the risks involved. Several companies did not have the required documented processes to describe the procedural steps for effective internal and external communications to clearly indicate when communication is necessary, its content, who is responsible, and to whom it should be directed.

Operational Control

A company must be able to demonstrate that it has adequate oversight over the work being performed to ensure the safety of workers, the security of the pipeline and the protection of the environment. When managing work around contaminated sites, companies must have processes in place to ensure the operational activities of its employees and contractors are planned, coordinated, and controlled and that employees and other people working with or on behalf of the company are made aware of the activities of others.

Some companies did not have well-defined, documented processes in this area. One company had the necessary process, but it had not yet been fully implemented at the time of the audit (e.g., it could not be demonstrated that it had been in use for a minimum of 90 days).

Correcting Deficiencies

The CER expects companies to have a quality assurance (QA) program, which should monitor the status and condition of contaminated sites, as well as reporting on the presence of new ones. These should be reported to senior management through the management review process and put into the company’s annual report. Any deficiencies identified by the company’s quality assurance activities must lead to preventive and corrective actions. Some companies did not have functioning QA programs designed to accomplish this.

Remediation Process Guide

The CER’s Remediation Process Guide (RPG) supports OPR requirements and provides the framework for companies to demonstrate that they are effectively anticipating, preventing, managing, and mitigating the adverse effects of contamination related to their facilities.

The RPG was originally produced in 2011 and updated in 2020. The updated version clarifies CER expectations with respect to identifying and managing contamination at facilities regulated by the CER and provides guidance for companies to review and incorporate into their management system-based environmental protection program to maintain compliance with CER requirements.

While the deficiencies noted indicate inadequate management system processes, the CER auditors were able to verify, through interviews and inspection of documents and records, that the companies were conducting activities to provide oversight over safety and protection of the environment. For these four auditees, corrective and preventive action plans are currently underway to bring them into compliance with the regulations.

To assist companies in the CER’s expectations, the CER has published updated operations audit protocols and an associated guidance document on the CER’s external website. These documents can be used by companies to understand how to achieve and demonstrate compliance to the various regulatory requirements in the OPR.

Next Steps

CER-regulated companies are expected to review and address the deficiencies noted and confirm they do not exist in their management systems. The CER will incorporate these learnings into its future compliance and oversight activities, which may target the same companies with the same or other compliance verification activities to ensure better performance in this area. Other companies may also be audited in the near future.

Date modified: