T10 - Standards Review - Burner
Management and Combustion Control
Rev 5058-CO900E
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Industrial Combustion Team Overview
Background and Industry Experience
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
RA’s IC&PG Team History
The Story of Rockwell Automation’s
Industrial Combustion and Steam Generation Team
 Rockwell Automation acquired Electronic Corporation of America (ECA) in the mid
‘80’s, who owned FIREYE
 The FIREYE ‘Systems’ Team merged into Rockwell Automation’s solutions
business
 Have many years experience working with agencies like FM, NFPA, IEC, etc.
 Since this initial merger Rockwell Automation has complimented this team with
highly skilled individuals who have brought many years experience working for
companies like ABB Bailey, Foxboro, Babcock & Wilcox, Combustion Engineering,
Riley Stoker, Modicon, Cleveland Electric Illuminating, North American
Manufacturing, Forney and others.
 Over 900 systems provided worldwide in a wide variety of combustion applications.
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
RA’s IC&PG Team Expertise

4
 Extensive experience working with Factory Mutual
 Extensive Knowledge of Safety Standards and Guidelines
 NFPA 85 Boiler & Combustion Code
 NFPA 86 Furnace & Ovens
 NFPA 87 Fluid Heaters (Chem. Plant Oil Heaters,
vessels, etc.)
 FM (7605) Approval Standard for PLC based BMS
 CSA B149.3 (Canada)
 BLRAC Recommended Good Practices
 ANSI/ISA S84.00.011/IEC 61511 SIL Ratings for
Systems
 IEC 61508 SIL Ratings for Hardware
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Combustion Control & Burner Management
Burner Management (BMS):
- Combustion “SAFETY” and operator assistance in safely starting,
monitoring and stopping the fuel fired burners
- Used in conjunction with a combustion control system in any fossil
fuel fired “industrial” combustion application.
Industrial
Combustion and
Power Generation
Combustion Control (CCS):
- Regulates air/fuel ratio for stable flame and energy optimization
- Used in conjunction with a burner management system in any fossil
fuel fired “industrial” combustion application.
Balance of Plant (BOP):
- A “catch-all” for common activities in a powerhouse that excludes,
burner management and combustion control
- ESP, Plant Master, demineralizer control, feedwater control, coal/ash
handling, scrubber control, soot blower control, etc.
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Definitions






NFPA – National Fire Protection Association
FM Factory Mutual – Insurance Underwriter
SIL – Safety Integrity Level
Critical Input – Any Input that if lost will cause a trip
Critical Output – Any Outputs that drive fuel delivery devices
Fail Safe System – Inputs & Outputs - High is Normal / Low is Trip
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
6
Rockwell Automation IC&PG SIL
Certification
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Industrial Steam Generation
 Large Central Power House
(i.e. –
Paper Mill or Large Industrial Complex)
 Boiler Steam Generation

Burner Management Systems

Combustion Control Systems

Balance of Plant Systems
 Multiple Burners / Fuels including:

Natural Gas

Oil

Black Liquor

Bark/Wood Chips/Sawdust

Coal

Others
PUBLIC INFORMATION
8
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Industrial & Process Heating
 Any Industrial facility where steam or heat
is used in the manufacturing process
 Burner Management & Combustion
(Temperature) Control Systems
 Industrial Boilers
 Non-Boiler Applications including:
- Furnaces
- Ovens
- Dryers
- Kilns
- Heaters
- Oxidizers
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Safety Codes and Application Highlights
Survey of Applicable Codes for Fired Equipment
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
NFPA Standards
 NFPA 85 – Boiler and Combustion Systems Hazards Code
(2011 Edition) (2015 due out in Jan)
 NFPA 86 – Standards for Ovens and Furnaces (2015 Edition)
 NFPA 87 – Recommended Practice for Fluid Heaters
(2015 Edition)
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Copyri
NFPA 85 Key Highlights
 “The burner management system (BMS) shall be provided with
independent logic, independent logic solving hardware, independent
input/output systems, and independent power supplies and shall be
functionally and physically separate device from other logic systems.”
 “The BMS safety functions shall include, but shall not be limited to,
purge interlocks and timing, mandatory safety shutdowns, trial timing for
ignition, and flame monitoring.”
 “Diagnostics shall be included in the BMS design to monitor processor
logic function.”
 “Logic shall be protected from unauthorized changes.”
 “Logic shall not be changed while the associated equipment is in
operation.”
 “No single component failure within the logic system shall prevent a
mandatory master fuel trip”
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Copyri
NFPA 86 Key Highlights
 Programmable logic controller-based systems listed for combustion
safety service shall be used…..”
 “Safety devices shall not be bypassed electrically or mechanically.”
 “Output checking shall be provided for PLC outputs controlling fuel
safety shutoff valves and oxygen safety shutoff valves.”
 Only isolated PLC contacts shall be used in the required safety circuits.”
 Flow and pressure “transmitters” can be used in place of pressure
switches if the transmitter is dedicated to safety service.
 “Access to the PLC and it’s logic shall be restricted to authorized
personnel.”
 “An excess temperature limit controller shall be provided and interlocked
into the combustion safety circuitry…..”
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Copyri
NFPA 87 Key Highlights
 “Does not apply to fired heaters in petroleum refineries and
petrochemical facilities that are designed and installed in accordance
with API560, Fired Heaters for General Refinery Service, API RP 556
Instrumentation and Controls for Fired heaters and Steam Generators,
and API RP2001 Fire Protection in Refineries.”
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Copyri
NFPA Equivalency Clause
 NFPA 85, 86 and 87 will allow variations to it’s published codes and
standards through it “Equivalency” paragraph which states:
“Nothing in this standard is intended to prevent the use of systems,
methods, or devices of equivalent or superior quality, strength, fire
resistance, effectiveness, durability, and safety over those prescribed by
this standard.”
Local authority having jurisdiction has final say over what is acceptable
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Copyri
IEC Safety Standards
PROCESS SECTOR
SAFETY
INSTRUMENTED
SYSTEM
STANDARDS
Manufacturers &
Suppliers of Devices
Safety Instrumented
Systems Designers,
Integrators & Users
IEC 61508
IEC 61511
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Copyri
IEC 61508
 17

This is a Basic International Standard that defines the requirement
that Electric/Electronic/Programmable Electronic devices must meet
when used in Safety applications.

Performance based Standard

Includes all activities related to the Safety Life Cycle

Covers possible hazards caused by Failure of the Safety Functions

Does not cover SIS with SIL requirements less than 1
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Copyri
IES 61511

A Process Sector Specific International Standard covering
Functional Safety for Safety Instrumented Systems

It defines the requirements that users must meet when designing,
implementing and maintaining a Safety Instrumented System in
Process Plants.

Performance based Standard

The document differentiates between Safety certified devices and
off the shelf general purpose devices.
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Copyri
ISA/ANSI S84.01
 The Americanized version of IEC 61511.
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Copyri
IEC - Safety Integrity Levels (SIL) for
Safety Instrumented Systems (SIS)
 Safety integrity is the probability that an SIS will perform its safety function(s) when the
process demands it.
 Safety Integrity is specified as a discrete level, from 1 to 4 or Safety Integrity Level (SIL).
DEMAND MODE OF OPERATION
Safety Integrity
Level (SIL)
Target Average
Probability of Failure on Demand
Target Risk Reduction
4
-5
-4
 10 to <10
>10,000 to  100,000
3
-4
-3
 10 to <10
>1000 to  10,000
2
-3
-2
 10 to <10
>100 to  1000
1
-2
-1
 10 to <10
>10 to  100
CONTINUOUS MODE OF OPERATION
PUBLIC INFORMATION
Safety Integrity
Level (SIL)
Target Frequency of
Dangerous Failures to perform the
safety instrumented function (per
hour)
4
-9
-8
 10 to <10
3
-8
-7
 10 to <10
2
-7
-6
 10 to <10
1
-6
-5
 10 to <10
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Copyri
SIL Determination
 .
P2
P1
1
0
0
0
1
1
1
3
1
2
3
2
3
5 >4
3
4
6
5
P3
D1
1
A1
2
E1
A2
3
D2
A1
4
E2
A2
E1
0
E2
7
2
2
1
3
2
5
3
3
6
4
D - Extent of Damage
D1: slight injury
D2: severe irreversible injury to one or more
persons or death of a person
D3: death of several persons
D4: catastrophic consequences, multiple
deaths
E - Exposure Time
E1: seldom to relatively frequent
E2: frequent to continuous
1
3
7
4
1
0
4
6
8
1
1
4
D4
B
0
1
3
D3
B
0
0
0
4
2
Risk Parameters:
3
A - Hazard Avoidance/Mitigation
A1: possible under certain conditions
A2: hardly possible
P - Occurrence Probability
P1: very low probability
P2: low probability
P3: relatively high probability
DIN EN
IEC
DIN VDE-19250 (AK) Fundamental safety aspects for measurement and control
equipment
IEC 61508 (SIL) Functional safety of programmable electronic systems (PES)
EN-954 (Category) Safety of machinery - Safety related parts of control systems
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
21
Summary
 At Rockwell Automation the IC&PG Team uses the NFPA standards as
our base system design.
 The code issue can be very confusing and are open a lot of different
interpretations.
 The customer needs to advise what specific codes/standard that they
require to be applied to their application.
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Copyri
Burner Management System (BMS)
 Description: Burner Management System

A BMS is a SAFETY SYSTEM

A BMS is only for the safe start-up, monitoring and shutdown of a
combustion system.
 Special Requirements:

Monitoring and testing of inputs and outputs

Boilers - NFPA 85 Standard

Ovens, Dryers, Furnaces, etc. - NFPA 86 Standard

Fluid Heaters – NFPA 87 Recommend Practices

Recovery Boilers - BLRBAC
Safety response – Fail-Safe Control of purge, ignition, shutdown
 Factory Mutual Approval Standard (FM 7605) for PLC Based Burner
Management Systems
 ANSI/ISA S84.00.01/IEC 61511 - provides procedure for how to implement
the SIL standards
 Customer specific standards

PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Burner Management System Value

24
A new burner management system can
 Improve availability by increasing the operator’s trouble-shooting
capability and accessibility of system information through enhance
diagnostics
 Reduce normal startup time
 Protects your combustion product equipment against damage
 Uses standard Rockwell Automation hardware thus reducing or
eliminating the need for additional spare parts for existing RA
Clients.
 Potential increase in overall safety
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Design Documents (Non-SIL)
NFPA 85 for Boilers
NFPA 86 for Ovens and Furnaces
NFPA 87 for Fluid Heaters
Factory Mutual (FM)
 IEC 7605 Approval Standard for Programmable Logic Control (PLC)
Based Burner Management Systems
 BLRBAC (Recovery Boilers Only)
 Customer Standards and Specifications




PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Design Documents for SIL
 All of the applicable non SIL documents
 IEC 615011 Functional Safety Instrument Systems
 IEC 61508 Functional Safety of Electrical / Electronic / Programmable
Electronic Safety Related Systems
 1756-RM001 Applying ControlLogix in SIL 2 Applications
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
What Makes a BMS Unique





Input Testing
Output Monitoring
External Watchdog
Hardwired Trip Circuit
No Online Edits system is operating
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Burner Management Design Features
 A system watchdog, completely independent of the programmable controller, continually
verifies the controller’s timing function, as well as its ability to execute logic and control outputs
 Input channels on each l/O module are periodically tested to verify their ability to detect
field device state changes to the “fail-safe” position.
 Critical outputs are monitored by feeding back the status of the output as a separate input
signal and comparing it to the state demanded by system logic.
 The use of software interlocks help guard against unauthorized modification of the
controller’s program.
 A hardware trip circuit which allows the operator or the system watchdog to initiate a main
fuel trip
 Start-up, first out, and system alarm/diagnostic messages.
 Communication with other Rockwell programmable automation controllers or operator
terminals
 Adaptable to any fossil fuel combustion applications with single or multiple burners
PUBLIC INFORMATION

28
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
BMS Functions






Input Testing
Output Monitoring
External Watchdog
Hardwired Trip Circuit
Timer Preset Locking
No Online Edits
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Input Testing
 Detects Input Card Failure
 Detects Input Circuit Shorted to Power
 Detects Forced Inputs
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Input Test Wiring
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
BMS Functions






Input Testing
Output Monitoring
External Watchdog
Hardwired Trip Circuit
Timer Preset Locking
No Online Edits
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Output Monitor




Critical Outputs are wired to Inputs
Typical Outputs are to Fuel Valves & Ignition Transformer
Alarms if monitoring input Disagrees With Command
May Initiate Trip
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Output Monitor Wiring
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
BMS Functions






Input Testing
Output Monitoring
External Watchdog
Hardwired Trip Circuit
Timer Preset Locking
No Online Edits
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
External Watchdog Trips
 Processor Failure
 MFT Relays Fail To De-energize
 Processor Not In Run Mode (Controllogix)
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
External Watchdog Wiring
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
BMS Functions






Input Testing
Output Monitoring
External Watchdog
Hardwired Trip Circuit
Timer Preset Locking
No Online Edits
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Hardwired Trip Circuit
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
BMS Functions






Input Testing
Output Monitoring
External Watchdog
Hardwired Trip Circuit
Timer Preset Locking
No Online Edits
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Timer Preset Locking
 Timer Presets can not be changed while the processor is running.
 All Timer Preset Changes Must Be Made In Program Mode
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
BMS Functions






Input Testing
Output Monitoring
External Watchdog
Hardwired Trip Circuit
Timer Preset Locking
No Online Edits
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Online Programming
 NFPA does not allow program changes to be made to the processor while
the equipment is operating
 If the processor is switched out of RUN mode, the System will MFT.
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
Procedure to Make Program Changes




Switch Processor to Program Mode
Make all Changes
Store Program to Non-volatile Memory (If installed)
Switch Processor Back To Run Mode
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
44
Rockwell Automation
Questions?
PUBLIC INFORMATION
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
45