Manage Overrides of Safety Critical Systems

Image © EPSC


Insufficient safeguards are in place when a safety critical system is not working properly or is bypassed.

When Important

  • Failure of or unreliable safety systems.
  • Testing of interlocks.
  • Turnaround or maintenance work.
  • Commissioning, start-up & shutdown.

Challenges in the Field

  • Consequences are unknown.
  • Safety systems that prevent start-up.
  • Lack of knowledge of procedure.
  • Absence of authorizers.

Options to Get it Right

  • Understand the safety critical systems and identify them in the field.
  • Every bypass/override needs a formal authorization based on a risk assessment (a special permit to work for bypass can help).
  • Define the criticality of the system to bypass like the SIL level.
  • Authorisation level needs to be inline with criticality.
  • Identify solid interim protection measures and put them in action.
  • The bypasses must be registered in a bypass log accessible in the control room.
  • Discuss active bypasses during shift handover.
  • Determine process units that require shutdown when safety critical systems are unavailable.
  • Limit bypass duration, initiate a formal MOC for long term bypasses.
  • Protect safety interlocks against easy bypassing in the field.
  • Review bypassed functions daily (typically in the morning meeting).
  • Review statistics on bypassed equipment.

This page only summarises the guidance – refer to the EPSC website for further information.

For more information on our Process Safety Fundamentals (or other) playing cards please contact us.