In almost every PHA I have done since 2000, we find safety critical valves or instrumentation with a built-in bypass around them. I understand the need for a bypass WHEN IT IS FOR MAINTENANCE of the device, but in no sane world do we put a bypass around a safety-critical device so that the process can run if that safety device fails in the CLOSED position. NO WAY IN H_LL will I accept that.
When we have these bypasses around safety-critical devices, we MUST have “Temporary Operating” procedures that explain how process safety will be maintained while the process train passes through the bypass and around a safety-critical device.
I always required a Temporary MOC, and/or I would car seal the bypass valves CLOSED, forcing the unit to document their DEVIATION to OPEN via the administrative control of the car seal program. However, we do it; we MUST inform everyone that the bypass around this safety-critical device has rendered that device useless, AND what we are doing to ensure process safety is NOT compromised.
NOTE: The image of the P&ID has been blacked out to protect the process’s identity; the red box shows the “emergency shutdown valve” with the bypass built around it.