Burner Management System

Codes and Standards Update

Presenter Introduction

Michael Scott, PE, CFSE

VP Process Safety; General Mgr AK
24 Years Experience
ISA Committees - S84, WG6 Chair, WG3
Core Team Member
IEC61511
Past ISA Safety Division BMS Chairman
ISA Course Developer / Instructor
Past PIP Safety System Task Team
Member
BSME, University of Maryland
ME, University of South Carolina

Presentation Overview
Understand industry direction with respect to BMS
designs
API 556 - Instrumentation, Control, and Protective
Systems for Fired Heaters and Steam Generators 2011
Edition
NFPA 87 Recommended Practice for Fluid Heaters
2011 Edition

API 556
API 556 - Instrumentation and Controls for Fire
Heaters and Steam Generators
Latest revision 2011
Incorporates concepts from ISA BMS Technical
Report
Invokes concepts of Safety Instrumented Systems

Provides guidance on hazards and associated

shutdown functions

API 556
Covers instrument, control, and protective function
installations for gas fired heaters and steam
generators in petroleum refinery, hydrocarbon
processing, petrochemical and chemical plants.

Does NOT cover

Oil fired and combination fired heaters
Water tube boilers designed for utility operation
HRSG
Ovens / furnaces used for incinerating (NFPA 86)

Water bath or oil bath indirect fired heaters

CO boiler, ethylene furnace and other specialty heaters

API 556
Includes guidance on the following:

Protective function (interlock) requirements with

background material on hazards being
mitigated against
Process safety time requirements
Application of instrumentation pros / cons

Process Control air / fuel ratio, charge flow,

firebox draft control
P&IDs

API 556
Includes guidance on the following:

Cause & Effects

Safe State Table

Alarm Summary with basis for alarm and

operator action requirements
Startup sequence documentation for natural
draft, force draft and balanced draft heaters

API 556
Does not provide guidance on:

SIL Selection
Logic Solver Requirements

API 556

API 556

API 556

NFPA 87

Covers - A fluid heater is considered to be any thermal

fluid heater or process heater with the following features:

Fluid is flowing under pressure

Fluid is indirectly heated

Release of energy from combustion of a liquid or

gaseous fuel or an electrical source within the unit

Invokes concepts of Safety Instrumented Systems

NFPA 87

Covers - A fluid heater is considered to be any thermal

fluid heater or process heater with the following features:

Fluid is flowing under pressure

Fluid is indirectly heated

Release of energy from combustion of a liquid or

gaseous fuel or an electrical source within the unit

Invokes concepts of Safety Instrumented Systems

NFPA 87
Does NOT cover
Boilers

Ovens / furnaces used for incinerating (NFPA 86)

Refinery process heaters
Reformers, furnaces or cracking furnaces
Space heaters
LP-Gas Vaporizers

Coal or other solid fuel firing systems

Listed equipment with heat input less than 150,000
BTU/hr

NFPA 87
Includes guidance on the following:
Interlock requirements
Provides NO background material on hazards being
mitigated against
Generic process safety time requirements
Process Control limited guidance
P&IDs

NFPA 87
Includes guidance on the following:
Guidance on leakage criteria for safety shutoff valves

NFPA 87

NFPA 87

NFPA 87
Does not provide guidance on:
SIL Selection

However does provide extensive prescriptive

guidance on Logic Solver Requirements

NFPA 87 Logic Solver Requirements

Allows use of 5 types of logic solvers:
Hardwired System
Listed Safety Relays
Listed PLCs None Exist in Marketplace at this time

Non-Listed PLCs
Safety PLC implemented per ISA S84

NFPA 87 Logic Solver Requirements

Non-Listed PLC Requirements:
i. PLC should detect the following conditions:
1. Failure to execute any program or task containing safety logic
2. Failure to communicate with any safety input or output

3. Changes in software set points of safety functions

4. Failure of outputs related to safety functions
5. Failure of timing related to safety functions
ii. A shutdown condition should occur within 3 seconds of
detecting the above conditions.

NFPA 87 Logic Solver Requirements

Non-Listed PLC Requirements:
iii. A dedicated PLC output should initiate a safety shutdown for
faults detected by the PLC.
iv. The following devices and logic should be hardwired
external to the PLC as follows:
Manual emergency switch, Combustion safeguards, Safe
start checks
Ignition transformers, Trial for ignition periods, Excess
temperature controllers, 1400 DegF bypass controller,
Valve proving systems

v. Memory that retains information on loss of system power

should be provided for software

NFPA 86 / 87 Logic Solver Requirements

Non-Listed PLC Requirements:
vi. The PLC should have a minimum MTBF of 250,000 hours.
vii. Only one safety device should be connected to a PLC input or output

viii. Output checking should be provided for PLC outputs controlling fuel
safety shutoff valves
ix. Access to the PLC and its logic should be restricted to authorized
personnel
x. The following power supplies should be monitored:
1. PLC inputs and outputs that control furnace safety
functions
2. Pressure and flow transmitters

NFPA 87 Logic Solver Requirements

Non-Listed PLC Requirements:
xi. If power supply fails, the dedicated PLC output should be
de-activated.
Xii. If the power supply voltage is detected outside the
manufacturers recommended range, the dedicated PLC output
above should be de-activated.
xiii. PLCs that do not comply with the above should comply with
the following:
1. PLC should not perform required safety functions
2. PLC should not interfere with or prevent the operation of the
safety interlocks
3. Only isolated PLC contacts should be used in the required
safety circuits

NFPA 86 / 87 Logic Solver Requirements

Non-Listed PLC Requirements:
xiv. Where PLC uses flow transmitters in place of flow switches and
pressure transmitters in place of pressure switches for safety functions,
the following should apply:
1. The transmitter should be listed, possess a MTBF of 250,000
hours or possess a safety integrity level rating of SIL 2.
2. Upon transmitter failure the PLC should detect the failure and
initiate a safety shutdown

3. The transmitter should be dedicated to safety service unless listed

for simultaneous process and safety service.

NFPA 87 Logic Solver Requirements

5th Approved Type of Logic Solver:
Furnace controls that meet the performance-based
requirements of standards such as ANSI/ISA 84.00.01
Application of Safety Instrumented Systems for the Process
Industries, can be considered equivalent. The determination of
equivalency involves complete conformance to the safety
lifecycle including risk analysis, safety integrity level selection,
and safety integrity level verification, which should be submitted
to the authority having jurisdiction.

BMS OEM Supplied Logic Solvers

Typically a BMS includes at least one SIL 2 rated

Safety Instrumented Function

Most OEM logic solvers will not be capable of meeting

SIL 2

Thus, if you plan to select Safety Integrity Levels

associated with your BMS, the OEM provide logic
solver is often considered unacceptable

This invokes budget, schedule and warranty issues on

the project

Early involvement of appropriate Technical Authorities

with the project team is required to prevent project
woes!!!!

Before

After

Questions
&
Answers
Providing the Highest Value in Automation