Guidelines for a Safety Instrumented BMS Design
by Shahid Saeed, CFSE
Fired equipment such as industrial boilers, incinerators, process furnaces, and fluid heaters are used everywhere. They are a crucial, complex, and integral part of the industrial operations and therefore require a meticulous approach to the design, operation, and maintenance of their associated safety systems.
Although some detailed and prescriptive guidelines for designing safety systems, such as a Burner Management System (BMS) for combustion safety of fired equipment, have been around for many years, the rate and degree of adoption varies significantly within the industry. Most operating companies have their own practices, which may vary from facility to facility or even within the same facility. In addition, for each installation, it is not unusual for adjacent fired equipment built two years apart to have a different BMS design, simply because either they are obtained from different Original Equipment Manufacturers (OEMs), or different engineering contractors built them. With increasing government legislation and regulations, as well as mounting lawsuits for accidents, these inconsistencies can become a challenge for operations and maintenance personnel to operate their fired equipment safely and reliably. One solution is to standardize the BMS design for combustion safety of the fired equipment.
The standardization for BMS design, operation, and maintenance of the fired equipment requires a holistic approach considering all aspects of combustion safety, including compliance with applicable National Fire Protection Association (NFPA) or American Petroleum Institute (API) prescriptive codes/standards (NFPA 85, 86, 87, or API 556), performance criteria for achieving design objectives, fuel train, field devices, logic solver platform, control panel, startup sequences & shutdown interlocks logic, Human Machine Interface (HMI) displays, Combustion Control System (CCS) interaction, training, operation and maintenance procedures. A brief description of these aspects is given below:
1. Perform a compliance check for the BMS of fired equipment (specifically brownfield) against applicable prescriptive codes/standards (NFPA 85, 86, 87, or API 556). The compliance check needs to look at all applicable requirements, for example, manual emergency shutoff valve at a safe location, manual equipment isolation valve, sediment trap (drip leg), filter (Y-strainer), separation as well as location of vents, proof of closure switches and means for leakage testing of safety shutoff valves, etc. which will help in standardizing the fuel train and field devices for different fired equipment using the same type of fuel and burner draft configuration (i.e., natural draft, forced draft, induced draft, and balanced draft).
2. Treat the BMS for the fired equipment as a Safety Instrumented System (SIS) application and apply the SIS safety lifecycle concepts following the industry consensus performance-based standard (ANSI/ISA 61511:2018 or IEC 61511) for achieving the BMS design objectives. A Safety Instrumented-BMS (SI-BMS) design process involves the following steps:
a) Perform a Process Hazard Analysis (PHA) such as Hazard and Operability (HAZOP) study to identify the potential hazards related to the fired equipment operation.
b) Apply Layers of Protection Analysis (LOPA) commonly used risk assessment technique to determine existing Independent Protection Layers (IPLs) in preventing the potential hazards. It will also identify whether there are deficiencies in the existing design requiring new IPLs for closing the determined risk level gaps between the current risk and the tolerable risk of the potential hazards.
c) Identify Safety Instrumented Functions (SIFs) and select their target Safety Integrity Level (SIL) to close the LOPA gaps of the hazardous scenarios.
d) Perform SIL verification calculations of SIFs using approved & certified SIS logic solver, field devices, and desired test interval to calculate the achieved SIL and verify that it meets the target SIL of each SIF.
e) Develop Safety Requirements Specification (SRS) to provide SIF integrity and functional requirements, including cause & effect diagram, sequential function charts, and BMS instruments list.
f) Develop Proof Test Procedures (PTPs) for performing regular functional testing of the SIFs based on the desired test interval.
g) Perform Functional Safety Assessment (FSA) at specified stages of the SIS safety lifecycle.
The above activities and corresponding deliverables can be standardized for different fired equipment having common hazardous scenarios. For example, loss of flame due to inadequate air-fuel ratio and inadequate purge during startup are typical common hazards applicable to single, fuel gas-fired, and forced draft burners used in different fired equipment.
3. Standardize the fuel train & field devices based on client’s approved, IEC 61508 certified (SIL rated) and/or listed for combustion safety service to achieve a consistent BMS solution for different fired equipment.
4. Select BMS logic solver platform certified to IEC 61508 for SIL 2 or greater and approved by the client for the BMS control panel to achieve a standard BMS for different fired equipment.
5. Implement BMS logic related to startup sequences and shutdown interlocks (SIFs & non-SIFs) using standard and approved function blocks to achieve BMS logic consistency for different fired equipment.
6. Develop standard HMI displays with ease of use providing all required information for the startup, normal operation, shutdown, and troubleshooting of the BMS for different fired equipment.
7. Implement seamless CCS interaction and required control for proper functioning of the startup sequences and shutdown interlocks using typical interface signals (e.g., Purge Request) for BMS of different fired equipment.
8. Conduct trainings for operation and maintenance personnel on startup, normal operation, shutdown, and troubleshooting of the standard BMS
9. Update and/or develop operation and maintenance procedures to achieve consistency regarding BMS operation and maintenance
By standardizing a BMS design, operations and maintenance personnel can translate their skills and knowledge about combustion safety of one fired equipment to multiple types of fired equipment installed within the same facility or different facilities. This can drive consistent practices and improve the quality of work (e.g., by minimizing human factors), resulting in safer and more reliable operations. It is also more sustainable in the sense that the extent of training may be reduced – operators may not need to be trained on every individual fired equipment with consideration to differences in design and procedure, and the standardization would provide greater clarity to newly hired employees. Maintenance costs could also be minimized if there are common spare parts for the instrumentation & logic solver of the standard BMS, rather than needing separate spare parts for the non-standard BMS of the fired equipment. There are multiple levels of safety benefits, operational efficiencies, and cost savings.
Despite the possible benefits, there can be resistance to changing a fired equipment’s existing BMS to a standardized BMS design. Operating companies may contend that they have been operating the fired equipment for many years without any incidents or issues, but that should not necessarily suggest it is safe. There could be unknown issues that simply have not been revealed or identified yet. Brownfield fired equipment needs to be evaluated against latest industry codes/standards to reveal potential gaps, accompanied by proactive steps to ensure the fired equipment is properly operated and maintained. Some existing instrumentation and logic solvers of the BMS are becoming unavailable as manufacturers go out of business or no longer produce obsolete parts, so proactive replacement measures may prevent aging components from failing. In addition, the existing BMS instrumentation and logic solver lack built-in diagnostics, alerts, and functionalities essential for the safe operation and maintenance of the fired equipment. Operating companies might also believe that their operations and maintenance personnel are already trained on the existing BMS and procedures, but this may not be the case with older systems that are poorly documented. The benefits of standardizing BMS design for fired equipment are a worthwhile investment to avoid potential future safety incidents and related financial impacts.
Standardizing BMS for combustion safety of the fired equipment has both short and long-term benefits. In the short term, standardization can drive consistency and save on training, operational, and maintenance costs. In the long term, applying the SIS safety lifecycle concepts to standardize the combustion safety via the SI-BMS approach ensures that fired equipment follows Process Safety Management (PSM) regulations as defined by Occupational Safety and Health Administration (OSHA) and ultimately provides operating companies with safe, reliable, and resilient industrial operations.
Biomass station image used: Bava Alcide57 at English Wikipedia, CC BY-SA 3.0