Burner Management System Codes and Standards Update

Presenter Introduction
Michael Scott, PE, CFSE VP Process Safety; General Mgr AK 24 Years Experience ISA Committees - S84, WG6 Chair, WG3 Core Team Member IEC61511 Past ISA Safety Division BMS Chairman ISA Course Developer / Instructor Past PIP Safety System Task Team Member BSME, University of Maryland ME, University of South Carolina

Presentation Overview
Understand industry direction with respect to BMS designs
API 556 - Instrumentation, Control, and Protective Systems for Fired Heaters and Steam Generators 2011 Edition NFPA 87 Recommended Practice for Fluid Heaters 2011 Edition

API 556
API 556 - Instrumentation and Controls for Fire Heaters and Steam Generators Latest revision 2011 Incorporates concepts from ISA BMS Technical Report Invokes concepts of Safety Instrumented Systems

Provides guidance on hazards and associated shutdown functions

API 556
Covers instrument, control, and protective function installations for gas fired heaters and steam generators in petroleum refinery, hydrocarbon processing, petrochemical and chemical plants.

Does NOT cover

Oil fired and combination fired heaters Water tube boilers designed for utility operation HRSG Ovens / furnaces used for incinerating (NFPA 86)

Water bath or oil bath indirect fired heaters

CO boiler, ethylene furnace and other specialty heaters

API 556
Includes guidance on the following:

Protective function (interlock) requirements with background material on hazards being mitigated against
Process safety time requirements Application of instrumentation pros / cons

Process Control air / fuel ratio, charge flow, firebox draft control
P&IDs

API 556
Includes guidance on the following:

Cause & Effects

Safe State Table

Alarm Summary with basis for alarm and operator action requirements
Startup sequence documentation for natural draft, force draft and balanced draft heaters

API 556
Does not provide guidance on:

SIL Selection
Logic Solver Requirements

API 556

API 556

API 556

NFPA 87
Covers - A fluid heater is considered to be any thermal fluid heater or process heater with the following features: Fluid is flowing under pressure Fluid is indirectly heated Release of energy from combustion of a liquid or gaseous fuel or an electrical source within the unit

Invokes concepts of Safety Instrumented Systems

NFPA 87
Covers - A fluid heater is considered to be any thermal fluid heater or process heater with the following features: Fluid is flowing under pressure Fluid is indirectly heated Release of energy from combustion of a liquid or gaseous fuel or an electrical source within the unit

Invokes concepts of Safety Instrumented Systems

NFPA 87
Does NOT cover
Boilers

Ovens / furnaces used for incinerating (NFPA 86)

Refinery process heaters Reformers, furnaces or cracking furnaces Space heaters LP-Gas Vaporizers

Coal or other solid fuel firing systems

Listed equipment with heat input less than 150,000 BTU/hr

NFPA 87
Includes guidance on the following:
Interlock requirements
Provides NO background material on hazards being mitigated against Generic process safety time requirements Process Control limited guidance P&IDs

NFPA 87
Includes guidance on the following:
Guidance on leakage criteria for safety shutoff valves

NFPA 87

NFPA 87

NFPA 87
Does not provide guidance on:
SIL Selection

However does provide extensive prescriptive guidance on Logic Solver Requirements

NFPA 87 Logic Solver Requirements

Allows use of 5 types of logic solvers:
Hardwired System Listed Safety Relays Listed PLCs None Exist in Marketplace at this time

Non-Listed PLCs
Safety PLC implemented per ISA S84

NFPA 87 Logic Solver Requirements

Non-Listed PLC Requirements:
i. PLC should detect the following conditions: 1. Failure to execute any program or task containing safety logic 2. Failure to communicate with any safety input or output

3. Changes in software set points of safety functions

4. Failure of outputs related to safety functions 5. Failure of timing related to safety functions ii. A shutdown condition should occur within 3 seconds of detecting the above conditions.

NFPA 87 Logic Solver Requirements

Non-Listed PLC Requirements:
iii. A dedicated PLC output should initiate a safety shutdown for faults detected by the PLC.
iv. The following devices and logic should be hardwired external to the PLC as follows: Manual emergency switch, Combustion safeguards, Safe start checks Ignition transformers, Trial for ignition periods, Excess temperature controllers, 1400 DegF bypass controller, Valve proving systems

v. Memory that retains information on loss of system power should be provided for software

NFPA 86 / 87 Logic Solver Requirements

Non-Listed PLC Requirements:
vi. The PLC should have a minimum MTBF of 250,000 hours. vii. Only one safety device should be connected to a PLC input or output

viii. Output checking should be provided for PLC outputs controlling fuel safety shutoff valves
ix. Access to the PLC and its logic should be restricted to authorized personnel x. The following power supplies should be monitored: 1. PLC inputs and outputs that control furnace safety functions 2. Pressure and flow transmitters

NFPA 87 Logic Solver Requirements

Non-Listed PLC Requirements:
xi. If power supply fails, the dedicated PLC output should be de-activated. Xii. If the power supply voltage is detected outside the manufacturers recommended range, the dedicated PLC output above should be de-activated. xiii. PLCs that do not comply with the above should comply with the following: 1. PLC should not perform required safety functions 2. PLC should not interfere with or prevent the operation of the safety interlocks 3. Only isolated PLC contacts should be used in the required safety circuits

NFPA 86 / 87 Logic Solver Requirements

Non-Listed PLC Requirements:
xiv. Where PLC uses flow transmitters in place of flow switches and pressure transmitters in place of pressure switches for safety functions, the following should apply: 1. The transmitter should be listed, possess a MTBF of 250,000 hours or possess a safety integrity level rating of SIL 2. 2. Upon transmitter failure the PLC should detect the failure and initiate a safety shutdown

3. The transmitter should be dedicated to safety service unless listed for simultaneous process and safety service.

NFPA 87 Logic Solver Requirements

5th Approved Type of Logic Solver:
Furnace controls that meet the performance-based requirements of standards such as ANSI/ISA 84.00.01 Application of Safety Instrumented Systems for the Process Industries, can be considered equivalent. The determination of equivalency involves complete conformance to the safety lifecycle including risk analysis, safety integrity level selection, and safety integrity level verification, which should be submitted to the authority having jurisdiction.

BMS OEM Supplied Logic Solvers

Typically a BMS includes at least one SIL 2 rated Safety Instrumented Function Most OEM logic solvers will not be capable of meeting SIL 2

Thus, if you plan to select Safety Integrity Levels associated with your BMS, the OEM provide logic solver is often considered unacceptable
This invokes budget, schedule and warranty issues on the project Early involvement of appropriate Technical Authorities with the project team is required to prevent project woes!!!!

Before

After

Questions & Answers

Providing the Highest Value in Automation