• VP – Process Safety; General Mgr AK • 24 Years Experience • ISA Committees - S84, WG6 Chair, WG3 Core Team Member • IEC61511 • Past ISA Safety Division BMS Chairman • ISA Course Developer / Instructor • Past PIP Safety System Task Team Member • BSME, University of Maryland • ME, University of South Carolina Presentation Overview
• Understand industry direction with respect to BMS
designs • API 556 - Instrumentation, Control, and Protective Systems for Fired Heaters and Steam Generators 2011 Edition • NFPA 87 – Recommended Practice for Fluid Heaters 2011 Edition API 556
• API 556 - Instrumentation and Controls for Fire
Heaters and Steam Generators • Latest revision 2011 • Incorporates concepts from ISA BMS Technical Report • Invokes concepts of Safety Instrumented Systems • Provides guidance on hazards and associated shutdown functions API 556
• Covers instrument, control, and protective function
installations for gas fired heaters and steam generators in petroleum refinery, hydrocarbon processing, petrochemical and chemical plants. • Does NOT cover • Oil fired and combination fired heaters • Water tube boilers designed for utility operation • HRSG • Ovens / furnaces used for incinerating (NFPA 86) • Water bath or oil bath indirect fired heaters • CO boiler, ethylene furnace and other specialty heaters API 556
• Includes guidance on the following:
• Protective function (interlock) requirements with background material on hazards being mitigated against • Process safety time requirements • Application of instrumentation – pro’s / con’s • Process Control – air / fuel ratio, charge flow, firebox draft control • P&ID’s API 556
• Includes guidance on the following:
• Cause & Effects • Safe State Table • Alarm Summary with basis for alarm and operator action requirements • Startup sequence documentation for natural draft, force draft and balanced draft heaters API 556
• Does not provide guidance on:
• SIL Selection • Logic Solver Requirements API 556 API 556 API 556 NFPA 87
• Covers - A fluid heater is considered to be any thermal
fluid heater or process heater with the following features: • Fluid is flowing under pressure • Fluid is indirectly heated • Release of energy from combustion of a liquid or gaseous fuel or an electrical source within the unit • Invokes concepts of Safety Instrumented Systems NFPA 87
• Covers - A fluid heater is considered to be any thermal
fluid heater or process heater with the following features: • Fluid is flowing under pressure • Fluid is indirectly heated • Release of energy from combustion of a liquid or gaseous fuel or an electrical source within the unit • Invokes concepts of Safety Instrumented Systems NFPA 87
• Does NOT cover
• Boilers • Ovens / furnaces used for incinerating (NFPA 86) • Refinery process heaters • Reformers, furnaces or cracking furnaces • Space heaters • LP-Gas Vaporizers • Coal or other solid fuel firing systems • Listed equipment with heat input less than 150,000 BTU/hr NFPA 87
• Includes guidance on the following:
• Interlock requirements • Provides NO background material on hazards being mitigated against • Generic process safety time requirements • Process Control – limited guidance • P&ID’s NFPA 87
• Includes guidance on the following:
• Guidance on leakage criteria for safety shutoff valves NFPA 87 NFPA 87 NFPA 87
• Does not provide guidance on:
• SIL Selection
• However does provide extensive prescriptive
guidance on Logic Solver Requirements NFPA 87 Logic Solver Requirements
Allows use of 5 types of logic solvers:
• Hardwired System • Listed Safety Relays • Listed PLCs – None Exist in Marketplace at this time • Non-Listed PLCs • Safety PLC implemented per ISA S84 NFPA 87 Logic Solver Requirements
Non-Listed PLC Requirements:
i. PLC should detect the following conditions: 1. Failure to execute any program or task containing safety logic 2. Failure to communicate with any safety input or output 3. Changes in software set points of safety functions 4. Failure of outputs related to safety functions 5. Failure of timing related to safety functions ii. A shutdown condition should occur within 3 seconds of detecting the above conditions. NFPA 87 Logic Solver Requirements
Non-Listed PLC Requirements:
iii. A dedicated PLC output should initiate a safety shutdown for faults detected by the PLC. iv. The following devices and logic should be hardwired external to the PLC as follows: Manual emergency switch, Combustion safeguards, Safe start checks Ignition transformers, Trial for ignition periods, Excess temperature controllers, 1400 DegF bypass controller, Valve proving systems v. Memory that retains information on loss of system power should be provided for software NFPA 86 / 87 Logic Solver Requirements
Non-Listed PLC Requirements:
vi. The PLC should have a minimum MTBF of 250,000 hours. vii. Only one safety device should be connected to a PLC input or output viii. Output checking should be provided for PLC outputs controlling fuel safety shutoff valves ix. Access to the PLC and its logic should be restricted to authorized personnel x. The following power supplies should be monitored: 1. PLC inputs and outputs that control furnace safety functions 2. Pressure and flow transmitters NFPA 87 Logic Solver Requirements
Non-Listed PLC Requirements:
xi. If power supply fails, the dedicated PLC output should be de-activated. Xii. If the power supply voltage is detected outside the manufacturer’s recommended range, the dedicated PLC output above should be de-activated. xiii. PLCs that do not comply with the above should comply with the following: 1. PLC should not perform required safety functions 2. PLC should not interfere with or prevent the operation of the safety interlocks 3. Only isolated PLC contacts should be used in the required safety circuits NFPA 86 / 87 Logic Solver Requirements
Non-Listed PLC Requirements:
xiv. Where PLC uses flow transmitters in place of flow switches and pressure transmitters in place of pressure switches for safety functions, the following should apply: 1. The transmitter should be listed, possess a MTBF of 250,000 hours or possess a safety integrity level rating of SIL 2. 2. Upon transmitter failure the PLC should detect the failure and initiate a safety shutdown 3. The transmitter should be dedicated to safety service unless listed for simultaneous process and safety service. NFPA 87 Logic Solver Requirements
5th Approved Type of Logic Solver:
Furnace controls that meet the performance-based requirements of standards such as ANSI/ISA 84.00.01 Application of Safety Instrumented Systems for the Process Industries, can be considered equivalent. The determination of equivalency involves complete conformance to the safety lifecycle including risk analysis, safety integrity level selection, and safety integrity level verification, which should be submitted to the authority having jurisdiction. BMS OEM Supplied Logic Solvers
• Typically a BMS includes at least one SIL 2 rated
Safety Instrumented Function • Most OEM logic solvers will not be capable of meeting SIL 2 • Thus, if you plan to select Safety Integrity Levels associated with your BMS, the OEM provide logic solver is often considered unacceptable • This invokes budget, schedule and warranty issues on the project • Early involvement of appropriate Technical Authorities with the project team is required to prevent project woes!!!! Before After Questions & Answers