Reduce risk by elimination of bypass events.
• Select safeguards that would not typically need bypassing for start-up.
- Automate the temporary inhibit of safeguards, following required permissives, during start-up to eliminate need for manual bypassing. Include a timing function that automatically reverts the interlock to full operation after a specified period of time.
• Avoid protection strategies that would use the same safeguard device in conflicting states (e.g., one hazardous event requires a valve to close while a different hazardous event would require the same valve to be opened).
• Use redundancy in safeguard architecture so that each malfunc-tioning safeguard device can be repaired without defeating the entire safeguard function.
Use controlled and auditable means of access restriction for bypasses.
• Install locks on root valves used to bypass devices and control ac-cess to the keys.
• Use passwords to control bypasses of programmable devices.
Manage risk during the bypass of a safeguard.
• Identify and implement compensating measures sufficient to address any risk gap created by the bypass.
Design safeguards to be tested during a turnaround or outage.
• Use redundancy in safeguard architecture so that planned testing can be performed during facility outages when process equipment will be isolated in an inherently safe state.
Understand operational status. Recognize changes in process conditions.
• If the plant, or a portion thereof, is unstable and a potential to initiate a hazardous event exists, caution should be exercised be-fore issuing Bypass permits.
Ensure resources to adequately assess safe work activities.
• Time pressure and/or task complexity stresses placed on authoriz-ing personnel to get permits issued can compromise the safety process through the adoption of a “seems OK to proceed” mind-set. These situations are associated with a higher frequency of process breakdowns and the introduction of additional risks.
• Specify degree of operator presence, consistent with magnitude of identified hazards.
Clear identification of equipment on the plant
• Ensure that the equipment to be worked on is correctly identified and labelled so that only the intended device will be bypassed.
Use of Bypass permits to manage activities, specify controls, manage simultaneous operations and communicate to others.
• Avoid using bypass procedures simultaneously with non-routine process changes.
Ensure that all workers are competent to execute their responsibilitiesEnsure compensating measure equipment is in good condition
• All automation devices used in pre-identified bypass compensat-ing measures should be included in the facility automation asset integrity program.
• Any automation device used in a bypass compensating measure that is identified and approved immediately prior to the bypass event should be inspected and verified to be properly functioning prior to the bypass being used.
Ensure compensating measure equipment is in good condition
(Compensating Measure - planned and documented means for managing risk during periods of process operation with known failures or problems, resulting in increased risk)
- All automation devices used in pre-identified bypass compensating measures should be included in the facility automation asset integrity program.
- Any automation device used in a bypass compensating measure that is identified and approved immediately prior to the bypass event should be inspected and verified to be properly functioning prior to the bypass being used
Communication is essential between the control room, the Operating personnel and the people conducting the work.
• Communication with the control room at all times is essential.
• If the compensating measure for bypass use is dependent on ad-ministrative control (e.g., local monitoring for hazardous condition with manual control response), the administrative control proce-dure should include clear instructions on the immediate action(s) to take should an emergency alarm be sounded