Burner Management System

Codes and Standards Update

Michael Scott, PE, CFSE
VP Process Safety; General Mgr AK
24 Years Experience
ISA Committees - S84, WG6 Chair, WG3
Core Team Member
IEC61511
Past ISA Safety Division BMS Chairman
ISA Course Developer / Instructor
Past PIP Safety System Task Team
Member
BSME, University of Maryland
ME, University of South Carolina
Presenter Introduction
Understand industry direction with respect to BMS
designs
API 556 - Instrumentation, Control, and Protective
Systems for Fired Heaters and Steam Generators 2011
Edition
NFPA 87 Recommended Practice for Fluid Heaters
2011 Edition
Presentation Overview
API 556
API 556 - Instrumentation and Controls for Fire
Heaters and Steam Generators
Latest revision 2011
Incorporates concepts from ISA BMS Technical
Report
Invokes concepts of Safety Instrumented Systems
Provides guidance on hazards and associated
shutdown functions
API 556
Covers instrument, control, and protective function
installations for gas fired heaters and steam
generators in petroleum refinery, hydrocarbon
processing, petrochemical and chemical plants.
Does NOT cover
Oil fired and combination fired heaters
Water tube boilers designed for utility operation
HRSG
Ovens / furnaces used for incinerating (NFPA 86)
Water bath or oil bath indirect fired heaters
CO boiler, ethylene furnace and other specialty heaters
API 556
Includes guidance on the following:
Protective function (interlock) requirements with
background material on hazards being
mitigated against
Process safety time requirements
Application of instrumentation pros / cons
Process Control air / fuel ratio, charge flow,
firebox draft control
P&IDs

API 556
Includes guidance on the following:
Cause & Effects
Safe State Table
Alarm Summary with basis for alarm and
operator action requirements
Startup sequence documentation for natural
draft, force draft and balanced draft heaters

API 556
Does not provide guidance on:
SIL Selection
Logic Solver Requirements
API 556
API 556
API 556
NFPA 87
Covers - A fluid heater is considered to be any thermal
fluid heater or process heater with the following features:
Fluid is flowing under pressure
Fluid is indirectly heated
Release of energy from combustion of a liquid or
gaseous fuel or an electrical source within the unit
Invokes concepts of Safety Instrumented Systems

NFPA 87
Covers - A fluid heater is considered to be any thermal
fluid heater or process heater with the following features:
Fluid is flowing under pressure
Fluid is indirectly heated
Release of energy from combustion of a liquid or
gaseous fuel or an electrical source within the unit
Invokes concepts of Safety Instrumented Systems

NFPA 87
Does NOT cover
Boilers
Ovens / furnaces used for incinerating (NFPA 86)
Refinery process heaters
Reformers, furnaces or cracking furnaces
Space heaters
LP-Gas Vaporizers
Coal or other solid fuel firing systems
Listed equipment with heat input less than 150,000
BTU/hr
NFPA 87
Includes guidance on the following:
Interlock requirements
Provides NO background material on hazards being
mitigated against
Generic process safety time requirements
Process Control limited guidance
P&IDs

NFPA 87
Includes guidance on the following:
Guidance on leakage criteria for safety shutoff valves

NFPA 87
NFPA 87
NFPA 87
Does not provide guidance on:
SIL Selection
However does provide extensive prescriptive
guidance on Logic Solver Requirements
NFPA 87 Logic Solver Requirements
Allows use of 5 types of logic solvers:
Hardwired System
Listed Safety Relays
Listed PLCs None Exist in Marketplace at this time
Non-Listed PLCs
Safety PLC implemented per ISA S84

NFPA 87 Logic Solver Requirements
Non-Listed PLC Requirements:
i. PLC should detect the following conditions:
1. Failure to execute any program or task containing safety logic
2. Failure to communicate with any safety input or output
3. Changes in software set points of safety functions
4. Failure of outputs related to safety functions
5. Failure of timing related to safety functions
ii. A shutdown condition should occur within 3 seconds of
detecting the above conditions.
NFPA 87 Logic Solver Requirements
Non-Listed PLC Requirements:
iii. A dedicated PLC output should initiate a safety shutdown for
faults detected by the PLC.
iv. The following devices and logic should be hardwired
external to the PLC as follows:
Manual emergency switch, Combustion safeguards, Safe
start checks
Ignition transformers, Trial for ignition periods, Excess
temperature controllers, 1400 DegF bypass controller,
Valve proving systems
v. Memory that retains information on loss of system power
should be provided for software
NFPA 86 / 87 Logic Solver Requirements
Non-Listed PLC Requirements:
vi. The PLC should have a minimum MTBF of 250,000 hours.
vii. Only one safety device should be connected to a PLC input or output
viii. Output checking should be provided for PLC outputs controlling fuel
safety shutoff valves
ix. Access to the PLC and its logic should be restricted to authorized
personnel
x. The following power supplies should be monitored:
1. PLC inputs and outputs that control furnace safety
functions
2. Pressure and flow transmitters
NFPA 87 Logic Solver Requirements
Non-Listed PLC Requirements:
xi. If power supply fails, the dedicated PLC output should be
de-activated.
Xii. If the power supply voltage is detected outside the
manufacturers recommended range, the dedicated PLC output
above should be de-activated.
xiii. PLCs that do not comply with the above should comply with
the following:
1. PLC should not perform required safety functions
2. PLC should not interfere with or prevent the operation of the
safety interlocks
3. Only isolated PLC contacts should be used in the required
safety circuits
NFPA 86 / 87 Logic Solver Requirements
Non-Listed PLC Requirements:
xiv. Where PLC uses flow transmitters in place of flow switches and
pressure transmitters in place of pressure switches for safety functions,
the following should apply:
1. The transmitter should be listed, possess a MTBF of 250,000
hours or possess a safety integrity level rating of SIL 2.
2. Upon transmitter failure the PLC should detect the failure and
initiate a safety shutdown
3. The transmitter should be dedicated to safety service unless listed
for simultaneous process and safety service.
NFPA 87 Logic Solver Requirements
5
th
Approved Type of Logic Solver:
Furnace controls that meet the performance-based
requirements of standards such as ANSI/ISA 84.00.01
Application of Safety Instrumented Systems for the Process
Industries, can be considered equivalent. The determination of
equivalency involves complete conformance to the safety
lifecycle including risk analysis, safety integrity level selection,
and safety integrity level verification, which should be submitted
to the authority having jurisdiction.
Typically a BMS includes at least one SIL 2 rated
Safety Instrumented Function
Most OEM logic solvers will not be capable of meeting
SIL 2
Thus, if you plan to select Safety Integrity Levels
associated with your BMS, the OEM provide logic
solver is often considered unacceptable
This invokes budget, schedule and warranty issues on
the project
Early involvement of appropriate Technical Authorities
with the project team is required to prevent project
woes!!!!
BMS OEM Supplied Logic Solvers
Before
After

Questions
&
Answers
Providing the Highest Value in Automation