Specification of Safety-Integrated Burner Management Systems
Burner Management Systems (BMS) are one of the most widespread process safety applications. Historically, there has not been much guidance on the use of automation systems for BMS, and industry standards left much to interpretation; this changed with the release of International Society for Automation’s (ISA) technical report ISA-TR84.00.05-2010, Guidance on the Identification of Safety Instrumented Functions (SIF) in Burner Management Systems (BMS). Those with an understanding of the basic requirements of ANSI/ISA-84.00.01-2004 and other good engineering practices applicable to BMS are the audience for this report.
BMS are known by a wide range of names in the industry: Burner Safety Systems, Burner Control Systems, Combustion Safeguard ETC, Flame Safeguard Systems, Safety Shutdown Systems, Furnace Safeguard Systems, Boiler Safety Systems, and Emergency Shutdown Procedures. The traditional definition of a BMS is “a system to monitor and control fuel burning equipment during all startup, shutdown, operating, and transient conditions.” The principal purposes of BMS are:
- To protect against startup when unsafe conditions exist.
- To protect against unsafe operating conditions and admission of improper quantities of fuel to the furnace.
- To provide the operator with status information.
- To initiate a safe operating condition or shutdown procedure if an unsafe condition exists.
In brief, an effective BMS should provide everything to monitor, control, diagnose, and maintain the various aspects of fuel burning equipment, including the ability to initiate a safe operating condition or shutdown procedure if an unsafe condition exists.
A number of major standards currently or previously played a significant role in determining the safety requirements of a BMS, including NFPA 85, NFPA 86, NFPA 87, OSHA 29 (CFR 1910.119), FM 7605, ISA S84.01, IEC61508, and IEC 61511. Of these, the most influential have been those from the National Fire Protection Agency (NFPA) typically used to cover very large pieces of equipment that are not mass-produced.
With the advent of microprocessor-based controls in BMS, functional safety requirements need to be considered in meeting these key NFPA standards. Responding to the evolving regulatory landscape, vendors have begun making single-source systems to meet virtually every plant need, from simple basic burner management to high-end equipment that includes redundancy. In particular, a series of solutions from Siemens Industry is intended to help operating personnel monitor, operate, diagnose, and maintain all aspects (startup, steady-states, and shutdown) of plant combustion assets safely and reliably while achieving compliance with all applicable standards.
Siemens Burner Management Solutions have been designed in accordance with all the technical requirements listed in both NFPA 85 and 86 standards of programmable logic solvers (section 4.11 of NFPA 85 and section 8.3 of NFPA 86). In addition, all critical BMS functions are managed via IEC 61508 compliant components up to SIL 3, thereby ensuring the relevant safety metrics are met (although some standards specify that the BMS systems need to meet only SIL2). Moreover, these systems are compliant with ISA S84.00.01-2004 and IEC 61511.
The Road to Modern Solutions
Before the early 2000s, NFPA standards frowned on the use of a Safety PLC-based BMS. Building a compliant system was difficult and complicated. The governing prescriptive-based codes spelled out detailed design practices, but did not explain how to ensure BMS performance. Further, compliance typically meant adding external devices to ensure safety and achieve required diagnostics.
Within the past few years, however, standards and guidelines were created that embrace a more performance-oriented philosophy. Foremost among them was ANSI/ISA 84.00.01: Functional Safety: Safety Instrumented Systems for the Process Industry Sector. This document from the ISA was designed to help facilitate the use of new technologies and ensure their safe application. An outgrowth of that standard is ISA-TR84.00.05-2010, which applies performance-based practices to the BMS and includes guidance on how to identify safety functions within a system. Although this technical report contains only recommendations and has no regulatory power, it effectively explains how to design a safety system by quantifying the performance of the system, risk reduction levels, and device failure rates.
Today, with its recent updates, even NFPA 85:201—Boiler and Combustion Systems Hazards Code, and NFPA 86:2011—Standard for Ovens and Furnaces, have moved toward acknowledging the performance-based approach, incorporating at least some of the guidelines of the ISA technical report into the standards. Taken together, these revised standards and practices have facilitated the design of the BMS and enabled the development of a Safety PLC-based BMS that complies with all relevant codes and standards.
These developments have been instrumental in paving the way for the introduction of certified, Safety PLC based BMS, such as the series of solutions recently introduced by Siemens Industry. Such systems make use of the added latitude and flexibility of performance-based standards and guidelines to meet the needs of large and small installations alike.
The Advantages of Prepackaged Design
Benefits and features of a Safety-PLC based BMS approach include:
Reduced complexity. The BMS design can be optimally scaled to meet the process. Design is based on a TÜV-certified Safety PLC and related fail-safe I/O (and can include the TÜV-certified burner blocks). Sample configurations give the manufacturer a defined starting point, right from a sample Bill of Material (for e.g. for a single burner, single fuel system) on the hardware side and the basic programming, including templates and sample screens, and providing easy access for modification on the software side. These systems comply with all updated standards and recommendations including NFPA 85 and 86, ANSI/ISA TR84, IEC 61506, and IEC 61511.
Improved operations and maintenance. Availability of a local HMI to provide a combination of operation and maintenance capabilities, such a design also includes extensive diagnostics. Advanced security mechanisms help prevent inadvertent and unauthorized access.
Increased safety and availability. The Safety-PLC based BMS solutions offer up to SIL 3 compliance without the need to add any external diagnostic devices to improve safety or meet performance standards. For larger BMS systems Siemens also offers a DCS type (PCS 7) solution offering flexible redundancy schemes and which also support safety critical communications. Consequently, Safety-PLC based BMS solution offers significant improvements, among them the ability to save weeks of design and programming time. Siemens offers three system design levels that allow the application of the prepackaged approach to a near-infinite variety of process safety applications.
Advanced features include a TÜV-certified BMS block library for those who wish to implement their own BMS program based on conventional function block designs. The logic blocks consider all current, relevant, regulatory requirements and compliance standards, easing the certification burden for the designer, who simply assigns parameters to the blocks to achieve desired functionality. All diagnostics are integrated into the display for easy accessibility.
Finally, being able to incorporate a Safety PLC for control into the BMS gives the user the flexibility to connect, monitor, and control the BMS using any brand of field sensors. Only the control system needs to be changed out, making a retrofit as cost effective an option as a new installation. Overall, the Safety PLC approach moves BMS design a step into the future by achieving compliance with industry standards in a modular and flexible system. It is an innovative concept that harnesses dynamic, state-of-the-art technology to help users customize their BMS to meet specific requirements, maintain regulatory compliance while reducing life cycle costs, and, most importantly, ensure safety.Have an Inquiry for Siemens about this article? Click Here >>