5 Things You Need to Know About Compliance Audits and CalARP
Introduction
California’s Accidental Release Prevention (CalARP) program sets one of the highest benchmarks for process safety compliance in the United States. While modeled after state OSHA PSM and EPA RMP requirements, CalARP includes additional layers of oversight and detailed expectations that facilities must understand and implement.
Among the core requirements is the CalARP Compliance Audit, which facilities must perform every three years. This audit serves as a formal review of whether CalARP-mandated procedures and practices are both adequate and properly implemented.
Here are five essential things you need to know about CalARP compliance audits.
1. CalARP Is Built on a Robust State Regulatory Framework
Unlike federal OSHA and EPA programs that are implemented uniformly across the United States, CalARP is enforced at the state and local levels. The program is governed by the California Health and Safety Code (Chapter 6.95, Article 2) and implemented through CCR Title 19, Sections 5050.1 to 5160.1. Oversight is shared between:
- CalEPA at the state level, and
- Certified Unified Program Agencies (CUPAs) or Participating Agencies (PAs) at the local level.
These agencies are responsible for enforcing CalARP requirements at “stationary sources,” or facilities that handle regulated substances in quantities exceeding the threshold.
Because enforcement is localized, interpretation and application of the audit requirements can vary slightly by jurisdiction. Facilities should maintain open communication with their CUPA or PA to stay aligned with local expectations.
2. CalARP Requires a Self-Performed Audit Every Three Years
A CalARP Compliance Audit must be completed at least once every three years as dictated by the state. This is a self-audit conducted by the facility to evaluate whether prevention program elements are in place and effectively implemented.
Unlike a regulatory inspection, this audit is performed by the facility itself, but it must be taken just as seriously. Audit findings must be documented, deficiencies addressed, and reports retained for review by regulators and employees.
Audit Team Requirements
The audit team must include at least one person who is knowledgeable in the process being audited and the CalARP regulatory requirements. Many facilities include:
- Internal process safety personnel
- Operations and maintenance supervisors
- External third-party experts (often used for impartiality or complex processes)
The key is to ensure that the team has both technical expertise and a thorough understanding of the regulations.
3. The Audit Must Cover All CalARP Prevention Program Elements
The CalARP Compliance Audit must evaluate all applicable elements of the Prevention Program. This includes, but is not limited to:
- Process Safety Information (PSI)
- Process Hazard Analysis (PHA)
- Operating Procedures
- Training and Employee Participation
- Mechanical Integrity
- Incident Investigation
- Management of Change (MOC)
- Emergency Response and Coordination with Local Agencies
Audit Execution Steps
A typical audit process includes:
- Preparation – Gather relevant documentation (previous audits, training logs, inspection records, etc.).
- Program and Record Review – Verify completeness, accuracy, and currency of all written procedures and safety data.
- Personnel Interviews – Interview employees and contractors to assess understanding and participation.
- Physical Inspections – Walk down systems and equipment to verify that practices align with procedures.
- Findings and Recommendations – Identify document gaps, propose improvements, and assign responsibility.
- Closing Meeting and Report – Review preliminary findings with key personnel, then issue a formal written audit report.
4. CalARP Sets Specific Rules for Corrective Actions and Records
One of the features that distinguishes CalARP compliance audit from state PSM/RMP is its emphasis on documentation and follow-through.
Corrective Action Requirements
Facilities must develop and implement corrective actions for all audit findings. The process must include:
- Clear timelines
- Assigned responsibilities
- Written responses to employee comments within 60 days, if applicable
Corrective actions are not optional. They must be documented and tracked until resolution is achieved.
Record Retention Requirements
Facilities are required to retain the three most recent compliance audit reports, and these must be made available:
- To CUPA/PA inspectors during routine or for-cause inspections
- To employees and employee representatives, upon request
This documentation supports transparency, regulatory compliance, and continuous improvement.
5. CalARP Requirements Exceed Federal Standards in Several Areas
While CalARP is based on the federal PSM and RMP rules, there are several important differences that facilities operating in California must be aware of.
For example, CalARP applies to a broader list of substances and includes state-specific risks, such as seismic activity. It also emphasizes the importance of public participation, particularly in communities near high-risk facilities.
Common Deficiencies and Best Practices
Common Deficiencies Found in CalARP Compliance Audits
- Audits not performed within the required three-year interval
- Missing or outdated PHAs or PSI
- Inadequate documentation of employee participation
- Failure to resolve findings from previous audits
- Incomplete training records or MOC documentation
Best Practices for Maintaining Compliance
- Plan audits in advance and maintain an audit calendar
- Use comprehensive CalARP compliance audit checklists based on CCR Title 19 requirements
- Involve employees in the audit process for better visibility into real-world practices
- Document everything, from interview notes to corrective action plans
- Retain reports in a centralized, easy-to-access system
- Engage third-party auditors if internal expertise is limited or if an impartial review is needed
- Coordinate with your CUPA to understand local expectations and avoid surprises
Conclusion
The CalARP Compliance Audit is a central part of California’s process safety and risk management requirements. While it aligns with federal standards, CalARP includes additional expectations related to documentation, employee participation, and coordination with local agencies. These audits are not just regulatory exercises. They are essential for identifying weaknesses, improving systems, and protecting people and the environment.
Facilities that complete CalARP audits on time, resolve findings promptly, and maintain clear records are well-positioned to meet state expectations and prevent serious incidents.
At Saltegra, we help companies prepare for and complete CalARP Compliance Audits with confidence. Our team provides support in audit planning, execution, and post-audit follow-up to ensure that your facility meets California’s high standards for safety and compliance. With the right systems and a focus on continuous improvement, organizations can meet regulatory requirements and build safer operations for the long term. Contact us today!
