Safety Interlocks: P&ID Example

Safety Interlocks in Chemical Plants: P&ID Example

Safety interlocks are among the most critical decisions in chemical and process safety engineering.
Usually, safety interlocks define the conditions under which a process must be brought to a safe state, in order to protect people, equipment, and the environment.

On paper they appear simple: “if X happens, then do Y.”
In a real plant, with multiple operating modes, utilities, maintenance activities and pressure-relief devices, interlocks become one of the most delicate engineering decisions, because they must be placed exactly where the risk analysis shows that escalation can be prevented.

This article uses a simplified P&ID to illustrate how engineers analyse the process and determine where safety interlocks must act, especially in systems that involve heating and rupture discs.

What Is a Safety Interlock?

A safety interlock is an automatic logic that places the process in a safer state when specific abnormal conditions occur.
It is more than a basic control action: it is a predefined protective response, designed to prevent escalation during process deviations.

Typical examples in a chemical plant include:

• shutting off the energy input when pressure rises
• preventing two valves from being open at the same time
• stopping a pump when downstream equipment is blocked or full
• interlocking utilities (steam, nitrogen, cooling water) to ensure safe startup sequences

Safety interlocks may be implemented in the BPCS (such as a DCS or PLC), or — when higher reliability and independence are required — in a Safety Instrumented System (SIS).

P&ID Example: Hot Water Heating and Rupture Discs

In Fig. 1, the jacketed vessel RX-101 is heated by hot water through the control valve KV-01, which regulates the thermal input to the process.
Hot water circulates through the jacket from the upper inlet to the lower outlet, providing the duty required for operations such as distillation or evaporation.

The system operates at slight positive pressure, similar to an evaporator or concentration unit for aqueous mixtures.
Vapors generated in RX-101 flow to a second vessel, T-101, which functions as a receiver and condensate collection drum. A condenser (HE-102) removes process vapors; it is not designed for vacuum operation.

The two vessels are connected by a DN150 vapor line, sized to balance pressure and route non-condensable gases to the condenser.

Why the Two Rupture Discs Have Different Set Pressures

Each vessel is protected by a rupture disc:

• RD-01 on RX-101 (set at 3 barg)
• RD-02 on T-101 (set at 2 barg)

Because T-101 has a lower design pressure, its rupture disc is intentionally set to open first.
This establishes the system’s protection philosophy:

1. T-101 is the weaker vessel and must relieve first.
2. This protects T-101 from overpressure, but also shields RX-101 by providing an immediate venting path.
3. The sequence ensures a controlled relief arrangement for unexpected vapor surges.

A non-return valve is installed on the vent header downstream of the vessels to prevent backflow from the emergency catch tank or from other equipment connected to the same relief network.

Both rupture discs discharge to an emergency catch tank, ensuring that any relief flow cannot return to process lines.

At this point, the key concept is:

A rupture disc is a last-resort protection layer. If it activates, the process has already reached a critical condition.

And this is exactly why safety interlocks must intervene before reaching the burst pressure.

This concept is strictly linked to the choice between a pressure safety valve and a rupture disc, which determines how the system responds before reaching its last protection layer.

Why Safety Interlocks Must Act Before the Rupture Disc

In this system, the rupture discs represent the last protection layer.

Interlocks are designed to act upstream of mechanical relief. Their purpose is to remove the driving force (energy input) before the system approaches the rupture disc set pressure.

If RD-02 opens, it means vapor generation is excessive or condensation insufficient.
If RD-01 opens, all upstream protections have already failed.

Neither event should ever be the first indication of a problem.

The only place where escalation can be stopped is at the source of energy:
the heating system, specifically the opening of KV-01.

Therefore, interlocks must be designed to close KV-01 early—long before the rupture disc reaches its set pressure.

The abnormal conditions that must trigger early shutdown include:

• high pressure in either vessel
• high temperature in RX-101
• low cooling-water flow to HE-102
• vent line blockage or condenser malfunction
• burst detection (if a rupture disc opens)

Each of these deviations corresponds to a clear operating risk identified in a HAZOP study (“High Pressure”, “High Temperature”, “No Flow”, “Blocked Vent”).

Their function is simple:

Stop the heating before the process approaches a dangerous threshold.

Conclusion

Defining interlocks is a process-driven decision: it depends on understanding equipment limits, relief philosophy, and how deviations propagate through the system.

The example in this article illustrates a broader principle in process safety:
interlocks must act early enough to prevent escalation, long before the process reaches its last protection barrier.

When we read a P&ID with this mindset, its symbols stop being drawings and become a map of how the process behaves under stress.
Interlocks are not graphic elements; they are the moment where engineering judgment directly prevents an accident.

Ing. Ivet Miranda

Follow me on LinkedIn

Other Articles You May Find Useful

• What-If Analysis vs HAZOP in Process Safety.
• Vent Header Design: Why Top Tie-Ins Are Safer.
• Rupture Disc Activation in Process Safety.
• ATEX Zone Classification: Gas, Vapour & Mist.
• Unit Operations: A Practical Introduction for Engineers.
• LOPA & SIL: Practical Examples

⬆️ Back to Top

FAQ