Imagine having a pressure vessel that has a MAWP of 300 psi and yet there is no high-pressure alarm before 300 psi is reached. How would an operator know he/she is approaching their consequence limit? As I wrote about earlier this year, a well-designed process will have both alarms – BEFORE the safe upper/lower operating limit is achieved so that the operator(s) can “AVOID the deviation” and another layer of alarms once the safe upper/lower limit is reached so that the operator(s) can “CORRECT the deviation”. Some processes may even have a 3rd layer of alarm(s) with an interlock or some other type safety system just in the case the operator(s) were unable to respond in a “timely manner” for whatever reason(s). For example, using “pressure” as our critical process parameter…