Burner Management System

Codes and Standards Update

Presenter Introduction

• Michael Scott, PE, CFSE

• VP – Process Safety; General Mgr AK
• 24 Years Experience
• ISA Committees - S84, WG6 Chair, WG3
Core Team Member
• IEC61511
• Past ISA Safety Division BMS Chairman
• ISA Course Developer / Instructor
• Past PIP Safety System Task Team
Member
• BSME, University of Maryland
• ME, University of South Carolina
 Presentation Overview

• Understand industry direction with respect to BMS

designs
• API 556 - Instrumentation, Control, and Protective
Systems for Fired Heaters and Steam Generators 2011
Edition
• NFPA 87 – Recommended Practice for Fluid Heaters
2011 Edition
 API 556

• API 556 - Instrumentation and Controls for Fire

Heaters and Steam Generators
• Latest revision 2011
• Incorporates concepts from ISA BMS Technical
Report
• Invokes concepts of Safety Instrumented Systems
• Provides guidance on hazards and associated
shutdown functions
 API 556

• Covers instrument, control, and protective function

installations for gas fired heaters and steam
generators in petroleum refinery, hydrocarbon
processing, petrochemical and chemical plants.
• Does NOT cover
• Oil fired and combination fired heaters
• Water tube boilers designed for utility operation
• HRSG
• Ovens / furnaces used for incinerating (NFPA 86)
• Water bath or oil bath indirect fired heaters
• CO boiler, ethylene furnace and other specialty heaters
 API 556

• Includes guidance on the following:

• Protective function (interlock) requirements with
background material on hazards being
mitigated against
• Process safety time requirements
• Application of instrumentation – pro’s / con’s
• Process Control – air / fuel ratio, charge flow,
firebox draft control
• P&ID’s
 API 556

• Includes guidance on the following:

• Cause & Effects
• Safe State Table
• Alarm Summary with basis for alarm and
operator action requirements
• Startup sequence documentation for natural
draft, force draft and balanced draft heaters
 API 556

• Does not provide guidance on:

• SIL Selection
• Logic Solver Requirements
API 556
API 556
API 556
 NFPA 87

• Covers - A fluid heater is considered to be any thermal

fluid heater or process heater with the following features:
• Fluid is flowing under pressure
• Fluid is indirectly heated
• Release of energy from combustion of a liquid or
gaseous fuel or an electrical source within the unit
• Invokes concepts of Safety Instrumented Systems
 NFPA 87

• Covers - A fluid heater is considered to be any thermal

fluid heater or process heater with the following features:
• Fluid is flowing under pressure
• Fluid is indirectly heated
• Release of energy from combustion of a liquid or
gaseous fuel or an electrical source within the unit
• Invokes concepts of Safety Instrumented Systems
 NFPA 87

• Does NOT cover

• Boilers
• Ovens / furnaces used for incinerating (NFPA 86)
• Refinery process heaters
• Reformers, furnaces or cracking furnaces
• Space heaters
• LP-Gas Vaporizers
• Coal or other solid fuel firing systems
• Listed equipment with heat input less than 150,000
BTU/hr
 NFPA 87

• Includes guidance on the following:

• Interlock requirements
• Provides NO background material on hazards being
mitigated against
• Generic process safety time requirements
• Process Control – limited guidance
• P&ID’s
 NFPA 87

• Includes guidance on the following:

• Guidance on leakage criteria for safety shutoff valves
NFPA 87
NFPA 87
 NFPA 87

• Does not provide guidance on:

• SIL Selection

• However does provide extensive prescriptive

guidance on Logic Solver Requirements
 NFPA 87 Logic Solver Requirements

Allows use of 5 types of logic solvers:

• Hardwired System
• Listed Safety Relays
• Listed PLCs – None Exist in Marketplace at this time
• Non-Listed PLCs
• Safety PLC implemented per ISA S84
 NFPA 87 Logic Solver Requirements

Non-Listed PLC Requirements:

i. PLC should detect the following conditions:
1. Failure to execute any program or task containing safety logic
2. Failure to communicate with any safety input or output
3. Changes in software set points of safety functions
4. Failure of outputs related to safety functions
5. Failure of timing related to safety functions
ii. A shutdown condition should occur within 3 seconds of
detecting the above conditions.
 NFPA 87 Logic Solver Requirements

Non-Listed PLC Requirements:

iii. A dedicated PLC output should initiate a safety shutdown for
faults detected by the PLC.
iv. The following devices and logic should be hardwired
external to the PLC as follows:
Manual emergency switch, Combustion safeguards, Safe
start checks
Ignition transformers, Trial for ignition periods, Excess
temperature controllers, 1400 DegF bypass controller,
Valve proving systems
v. Memory that retains information on loss of system power
should be provided for software
 NFPA 86 / 87 Logic Solver Requirements

Non-Listed PLC Requirements:

vi. The PLC should have a minimum MTBF of 250,000 hours.
vii. Only one safety device should be connected to a PLC input or output
viii. Output checking should be provided for PLC outputs controlling fuel
safety shutoff valves
ix. Access to the PLC and its logic should be restricted to authorized
personnel
x. The following power supplies should be monitored:
1. PLC inputs and outputs that control furnace safety
functions
2. Pressure and flow transmitters
 NFPA 87 Logic Solver Requirements

Non-Listed PLC Requirements:

xi. If power supply fails, the dedicated PLC output should be
de-activated.
Xii. If the power supply voltage is detected outside the
manufacturer’s recommended range, the dedicated PLC output
above should be de-activated.
xiii. PLCs that do not comply with the above should comply with
the following:
1. PLC should not perform required safety functions
2. PLC should not interfere with or prevent the operation of the
safety interlocks
3. Only isolated PLC contacts should be used in the required
safety circuits
 NFPA 86 / 87 Logic Solver Requirements

Non-Listed PLC Requirements:

xiv. Where PLC uses flow transmitters in place of flow switches and
pressure transmitters in place of pressure switches for safety functions,
the following should apply:
1. The transmitter should be listed, possess a MTBF of 250,000
hours or possess a safety integrity level rating of SIL 2.
2. Upon transmitter failure the PLC should detect the failure and
initiate a safety shutdown
3. The transmitter should be dedicated to safety service unless listed
for simultaneous process and safety service.
 NFPA 87 Logic Solver Requirements

5th Approved Type of Logic Solver:

Furnace controls that meet the performance-based
requirements of standards such as ANSI/ISA 84.00.01
Application of Safety Instrumented Systems for the Process
Industries, can be considered equivalent. The determination of
equivalency involves complete conformance to the safety
lifecycle including risk analysis, safety integrity level selection,
and safety integrity level verification, which should be submitted
to the authority having jurisdiction.
 BMS OEM Supplied Logic Solvers

• Typically a BMS includes at least one SIL 2 rated

Safety Instrumented Function
• Most OEM logic solvers will not be capable of meeting
SIL 2
• Thus, if you plan to select Safety Integrity Levels
associated with your BMS, the OEM provide logic
solver is often considered unacceptable
• This invokes budget, schedule and warranty issues on
the project
• Early involvement of appropriate Technical Authorities
with the project team is required to prevent project
woes!!!!
Before
After
 Questions
&
Answers

Providing the Highest Value in Automation