SIL
3
RM/EC 7800 Burner Controller
SAFETY MANUAL
Edition 11.19 · 320023101 · EN
1 Scope and Purpose of the
Document
This document provides an overview of the user responsibil-
ities for installation and operation of the Honey well 780 0
Series Relay Modules in order to maintain the designed safety
level. Items that will be addressed are proof testing, repair and
replacement of the device, reliability data, lifetime, environmental and application limits, and parameter settings.
This Safety Manual is limited to Models: RM7800, RM7823,
RM7830, RM7838, RM7840, RM7845, RM7850, RM7865,
RM7885, RM7888, RM7890, RM7895, RM7896, RM7897,
RM7898, EC7820, EC7823, EC7830, EC784 0, EC7850,
EC7890, EC7895 with one of the following Flame Detectors
and Flame Amplifiers:
Table 1. 7800 Series Burner Controller Models and Series
MODEL SERIES MODEL SERIES MODEL SERIES MODEL SERIES
RM780 0
RM7823
RM7830
RM7838
RM784 0*
RM7845
*NOTE: RM7840E1016, RM78 40L1018 and RM7840L1026
MODEL SERIES
R78 47B 5
R7852B 1
R78 47C 5
R7851C 2
R7861A 2
R7886A 2
9
6
5
9
8
3
RM7850
RM7865
RM7885
RM7888
RM7890
5
4
5
5
9
RM7895
RM7896
RM7897
RM7898
6
EC7820
6
EC7823
6
EC7830
6
EC784 0
EC7850
EC7890
EC7895
are Series 5
Table 2. R78xx Flame Amplifier Models and Series
7
4
6
5
6
5
5
Table 3. C7xxx Flame Sensor Models and Series
MODEL SERIES
C7008A 1
C7009A 1
C7915A 1
C7012E 1
C7012F 1
C7061A 1
C7061F 1
C7076A 1
C7076D 1
C7961E 1
C7961F 1
CONTENTS
1 Scope and Purpose of the Document ....................1
2 Using the Honey well 7800 Series Relay Modules ........2
2.1 Safety Function .............................................2
2.2 Fail Safe State ...............................................2
2.3 Safety Response Time ......................................2
2.4 Diagnostic Response Time .................................2
2.5 Maximum Achievable SIL ...................................2
2.6 Model Selection and Specification of Honeywell 7800
Series Relay Modules .......................................2
2.7 Installation .................................................3
2.8 Required configuration settings........................... 3
2.9 Reliabilit y data .............................................3
2.10 Lifetime limits.............................................. 4
2.11 Proof Testing ...............................................4
2.12 Repair and replacement ................................... 4
2.13 Firmware update ........................................... 4
2.14 Environmental and EMC based limits ..................... 4
3 Definitions and Abbreviations ...........................5
3.1 Definitions ................................................. 5
3.2 Abbreviations .............................................. 5
4 Status of the document ..................................5
4.1 Releases ................................................... 5
4.2 Open issues ................................................6
4.3 Future enhancements of the document .................. 6
Capable
RM/EC 7800 Burner Controller Safety Manual
2 Using the Honeywell 7800 Series
Relay Modules
2.1 Safety Function
The 7800 Series provides automatic burner flame sequencing
and flame supervision with protection against loss of flame.
2.2 Fail Safe State
The Safety Shutdown (Lockout) mode is the failsafe state for
the Honey well 780 0 Series Relay Modules where all safety
critical terminals (main and pilot valves, and ignition transformer) are de-energized and a manual reset is required to
return to normal operation.
2.3 Safety Response Time
The Honeywell 780 0 Series Relay Modules (all models except of EC7823 and RM7823) will respond to loss of flame
by means of shutting of f all safety outputs and transitioning
to the Safety Shutdown (Lockout) state within the published
Flame Failure Response Time (FFRT) for the selected Flame
Amplifier and Flame Sensor.
EC7823 and RM7823 will respond to loss of flame by means
of shutting off the safet y outputs and transitioning to the
Idle state within the published Flame Failure Response Time
(FFRT) for the selected Flame Amplifier and Flame Sensor.
Safety Shutdown (Lockout) state is not entered and manual
reset action is not needed in this case.
2.6 Model Selection and Specification of
Honeywell 7800 Series Relay Modules
The Honeywell 780 0 Series Relay Modules and optional components for certified SIL applications shall only be selected
and specified for applications consistent with the guidelines
presented in the Installation Instructions document and additional technical literature released for the specific model
available at web site https: //customer.honeywell.com and
further restricted to the certified Flame Amplifiers and Flame
Detectors identified in section 1 of this Safety Manual.
2.4 Diagnostic Response Time
The Honeywell 780 0 Series Relay Modules will report a detectable internal failure within 3 seconds for faults to the main
7800 Relay Module and within 15 seconds for faults to the
Flame Detector / Flame Amplifier.
2.5 Maximum Achievable SIL
The 7800 Relay Modules, Flame Amplifiers and Flame De-
tectors covered by this safety manual are suitable for use in
both high and low demand mode of operation Safety Integrity
Functions (SIF) up to SIL 3 in simplex (1oo1) configurations.
The achieved SIL for a particular SIF needs to be verified by
PFH or PFDavg calculation for the entire SIF including the
failure rates of the associated sensors and actuators that are
also part of the SIF.
Use of the Honeywell 7800 Series Relay Modules in a redundant (1ooN) configurations is not supported.
The 7800 Series Burner Controller System is classified as a
1
Type B
fault tolerance of 0.
1 Type B element: “Complex” element (using micro controllers or
element according to IEC 61508, having a hardware
programmable logic); for details see 7.4.4.1. 3 of IEC 61508-2, ed,
2010
32-00231-01 2
RM/EC 7800 Burner Controller Safety Manual
Q7800
SELECTABLE CONFIGURATION JUMPERS
2.7 Installation
The Honeywell 780 0 Series Relay Module sub-base must be
installed, wired and the “Final Wiring Check” and “Static
Checkout” procedures successfully completed according
to the guidelines published in the Installation Instructions
document for the specific model available at web site
https://customer.honeywell.com. The Static Checkout procedure must be successfully per formed prior to installation of
the relay module on the sub-base.
For RM7823 and EC7823 models, in SIL 3 applications, both
sets of COMN.O. outputs (terminals 8, 9 and 13, 15) must
be wired in series, i.e. terminal 9 must be tied to terminal 13.
The N.C. outputs (terminals 10 and 14) can’t be used in SIL 3
applications.
G
L2
3
4
5
(L1)1314
12
15
16
COMMON
6
NORMALLY
OPEN
33
2.8 Required configuration settings
The following user settable options need to be properly configured for the individual application in order to provide the
designed safety integrity for that application. Jumpers JR1
through JR3 site-configurable jumpers come factor y installed
for one configuration and must be selectively clipped out to
select the actual desired configurations as documented on
the warning label adjacent to the jumper positions as shown
in Figure 1 below. Note that the actual jumper configuration
setting may differ by product model number.
RUNTEST SWITCH
5
3
COMMON
NORMALLY
OPEN
6
FLAME DETECTOR
4
120V, 50/60 HZ (RM7823); 220-240V, 50/60 Hz (EC 7823) POWER SUPPLY. PROVIDE
1
DISCONNECT MEANS AND OVERLOAD PROTECTION AS REQUIRED.
DO NOT CONNECT ANY WIRES TO UNUSED TERMINALS
2
OUTPUTS SHOWN ARE WHEN THE DEVICE DOES NOT SEE FLAME.
3
SEE FLAME DETECTOR INSTALLATION INSTRUCTIONS FOR CORRECT WIRING.
4
TERMINALS 9 AND 13 MUST BE WIRED TOGETHER
5
(BOTH COM-N.O. RELAY OUTPUTS ARE WIRED IN SERIES)
TERMINALS 10 AND 14 MUST NOT BE USED.
6
NOTE: FOR EC7823, A 220/240V TO 120V,
10 VA, STEP-DOWN TRANSFORMER IS REQUIRED.
Fig. 1. RM7823 and EC7823 wiring for SIL 3 applications
6
7
8
9
10
F
17
2
18
19
20
21
22
L1
(HOT)
MASTER
SWITCH
L2
1
NOTE: CONFIGURATION JUMPERS SHOWN FOR RM7800G/7840G
Fig. 2. Site-configurable jumpers
Note that the cut jumper condition is the safest setting so that
failure to cut a jumper during installation can result in a configuration that does not meet the requirements for the particular application.
In addition, many models require the use of a factory preset Purge Timer Card configures the 7800 Module for the
required purge time (between 2 seconds and 30 minutes).
These cards are preset to a par ticular purge time at the factory
and must be ordered according to the needs of the particular
application.
2.9 Reliability data
A detailed Failure Mode, Effects, and Diagnostics Analysis
(FMEDA) report is available from Honeywell Thermal Solutions with all failure rates and failure modes for use in SIL verification.
Note that the failure rates of the associated sensors and actuators need to be accounted for in the SIF level PFH / PFDavg
calculation.
3 32-00231-01
RM/EC 7800 Burner Controller Safety Manual
2.10 Lifetime limits
The expected lifetime of the Honeywell 7800 Series Relay
Modules is approximately 10 years. The reliability data listed
in the FMEDA report is only valid for this period. The failure
rates of the Honey well 7800 Series Relay Modules may increase sometime after this period. Reliability calculations
based on the data listed in the FMEDA repor t for lifetimes beyond 10 years may yield results that are too optimistic, i.e. the
calculated Safety Integrity Level may not be achieved.
2.11 Proof Testing
The objective of proof testing when used in low demand mode
of operation is to detect failures within Honeywell 7800 Series
Relay Module and its associated sensors and actuators that
may not be detected by the normal self-diagnostics. Of main
concern are undetected failures that prevent the safety instrumented function from performing its intended function.
The frequency of the proof tests (or the proof test interval ) is
to be determined in the reliability calculations for the safety
instrumented functions for which the Honeywell 7800 Series
Relay Modules is applied. The actual proof tests must be performed at least as frequently as specified in the calculation in
order to maintain required safety integrity of the safety instrumented function.
The following tools may be needed to be available to perform
proof testing
• Voltmeter (1M Ohm minimum input impedance) set on
the 0300 Vac scale.
• Two jumper wires; no. 14 wire, insulated, 12 inches
(304.8 mm) long with insulated alligator clips at both
ends.
The person(s) performing the proof test of the Honey well
7800 Series Relay Modules should be a trained, experienced,
flame safeguard service technician, trained in Honeywell
7800 Series Relay Modules maintenance and company man-
agement of change procedures.
The following tests need to be specifically executed when a
proof test is performed. The results of the proof test need to
be documented and this documentation should be part of a
plant safety management system. Failures that are detected
should be reported to Honey well Thermal Solutions.
7. Remove any remaining bypasses and restore normal operation.
8. Press reset and verify return to normal operation..
When all the tests listed above are executed a proof test coverage of 36% can be claimed.
2.11.2 Test (7823 models only)
Functional test:
1. Remove the 7823 Module from the wiring sub-base
2. Perform the “Static Checkout” procedure documented in
the Installation Instructions and verify proper response to
all test conditions
3. Reinstall the 7823 Module to the wiring sub-base.
4. While in “Run” sequence interrupt the flame signal by
either manually blocking the fuel supply or blocking the
sensor input from “seeing” the flame and verify unit goes
to Standby state and all safety critical terminals become
de-energized.
5. Restore fuel supply or visibility of flame sensor to the flame
and verify return to the normal operation.
When all the tests listed above are executed a proof test coverage of 13% can be claimed.
2.12 Repair and replacement
In the unlikely event that the Honeywell 7800 Series Relay
Modules has a failure, the failures that are detected should be
reported to Honeywell Thermal Solutions.
When replacing the Honeywell 7800 Series Relay Modules
power should be removed and the procedure in the installation manual should be followed.
The person(s) performing the repair and / or replacement of
the Honey well 780 0 Series Relay Modules should be a trained,
experienced, flame safeguard service technician.
2.13 Firmware update
In case firmware updates are required they will only be performed at factory where proper replacement procedures are
in place. The user is not permitted to perform any firmware
updates.
2.11.1 Test (except 7823 models)
Functional test:
1. Remove the 7800 Module from the wiring sub-base
2. Perform the “Static Checkout” procedure documented in
the Installation Instructions and verify proper response to
all test conditions
3. Reinstall the 7800 Module to the wiring sub-base.
4. While in “Run” sequence interrupt the flame signal by
either manually blocking the fuel supply or blocking the
sensor input from “seeing” the flame and verify unit goes
to Safety Shutdown (Lockout) state.
5. Restore fuel supply or visibility of flame sensor to the
flame.
6. Power cycle the unit and verify unit returns to Safety Shutdown (Lockout) state upon reapplication of power.
32-00231-01 4
2.14 Environmental and EMC based limits
The environmental and EMC based limits of the Honey well
7800 Series Relay Modules are specified in the user installation manual [32 00143 Rev 1217].
RM/EC 7800 Burner Controller Safety Manual
3 Definitions and Abbreviations
3.1 Definitions
Safety Freedom from unacceptable risk of
harm
Functional Safety The abilit y of a system to carry out
the actions necessary to achieve or to
maintain a defined safe state for the
equipment / machinery / plant / apparatus under control of the system
Basic Safety The equipment must be designed and
manufactured such that it protects
against risk of damage to persons by
electrical shock and other hazards and
against resulting fire and explosion.
The protection must be effective under
all conditions of the nominal operation
and under single fault condition
Verification The demonstration for each phase of
the life-cycle that the (output) deliverables of the phase meet the objectives
and requirements specified by the
inputs to the phase. The verification is
usually executed by analysis and / or
testing
Validation The demonstration that the safety-re-
lated system(s) or the combination of
safety-related system(s) and external
risk reduction facilities meet, in all
respects, the Safety Requirements
Specification. The validation is usually
executed by testing
Safety Assessment The investigation to arrive at a judg-
ment - based on evidence - of the safety achieved by safety-related systems
Further definitions of terms used for safety techniques and
measures and the description of safety related systems are
given in IEC 615084.
3.2 Abbreviations
FMEDA Failure Mode, Effects and Diagnostic Analysis
BPCS Basic Process Control System
SIF Safety Instrumented Function
SIL Safety Integrity Level
SIS Safety Instrumented System
SLC Safety Lifecycle
4 Status of the document
4.1 Releases
Version: V3
Revision: R4
Version
History:
V3, R4 Dec 6,
V3, R3 Nov 15,
V3, R2 Oct 2,
V3, R1 Oct 2,
V3, R0 Sep 24,
V2, R0 Nov 14,
V1, R0 June 2,
V0, R3 May 28,
V0, R2 May 27,
V0, R1: April 3,
V0, R0: March 15,
Review: V0, R3 reviewed by Michael Medoff (exida)
Release status: Reviewed and released
Date Author Changes
Radomir
2019
2019
2019
2019
2019
2019
2019
2019
2019
2019
2019
V0, R1: review by client and Michael
Svoboda
Radomir
Svoboda
Radomir
Svoboda
Radomir
Svoboda
Radomir
Svoboda
John Grebe Updated OS models,
John Grebe Added Safety Func-
John Grebe Update Diagnostic
John Grebe Make client re-
John Grebe Clean up to more
John Grebe Draft
Medoff (exida)
Series numbers of
R78xx Flame Amplifier corrected
Document title updated to show 7823
Flame switch separately. Model table
split to three tables
to list modules, amplifiers and sensors
separately. Safety
function split to
address 7823 flame
switch differences.
Remaining references to 7824 system removed (not in
scope)
Added a proof test
specific to 7823
Added RM7823 and
EC7823 models
(flame switch)
company name, and
changed to released
status
tion section 2.1 and
changed to released
status
Response Time
based on Fault Injection Tests
quested changes
to product model
numbers
clearly represent
products
5 32-00231-01
RM/EC 7800 Burner Controller Safety Manual
4.2 Open issues
None
4.3 Future enhancements of the document
None anticipated
For More Information
The Honeywell Thermal Solutions family of products includes Honeywell
Combustion Safety, Eclipse, Exothermics, Hauck, Kromschröder and
Maxon. To learn more about our products, visit ThermalSolutions.
honeywell.com or contact your Honeywell Sales Engineer.
Honeywell Process Solutions
Honeywell Thermal Solutions (HTS)
1250 West Sam Houston Parkway
South Houston, TX 77042
ThermalSolutions.honeywell.com
® U.S. Registered Trademark
© 2019 Honeywell International Inc.
32-00231-01 Edition 11.19
Printed in United States
Loading...