Siemens Burner Management Systems User Manual

White Paper

Improving safety compliance and cost-effectiveness of Burner Management Systems

Abstract

Regardless of the industry, safety must be a foremost concern wherever fuel is burned – furnaces, ovens, kilns, dryers, boilers and other kinds of facilities. Explosions can be deadly, costly and disruptive. 2015 revisions in U.S. National Fire Protection Association (NFPA) standards raised burner safety minimums. At the same time, integrations of safety PLCs into burner management systems – at nearly the same cost as regular PLCs – have boosted safety levels even further to meet SIL 2 and SIL 3 requirements. In addition, these advanced systems can offer improved operating efficiency, plus visibility via data feeds to higher-level DCS systems and easy-to-use, human-machine interfaces (HMIs), accessed remotely via tablets and even smartphones. These are among the key benefits upgrading to these systems can provide.

Author

Ron Sustich

Automation Consultant (BMS) Siemens Industry, Inc.

usa.siemens.com/safety

White paper | Safety Compliance and Cost-effectiveness

Burner Management Systems: An introduction

prevent accidents, operating conditions must be monitored at all times. If a malfunction does occur,

One of the most widespread process safety applications used throughout the chemical, petrochemical and oil and gas industries is a burner management system (BMS). These systems are used in all boiler designs – water-tubes, ﬁre-tubes and ﬂex-tubes –

operators need quick, safe and reliable ways to shut down the furnace or boiler operation. Then they must have the means to diagnose and ﬁx problems as quickly as possible, in order to minimize process, production or heating disruptions.

and in furnaces, ovens and kilns as well as ﬂares. Wherever a ﬂame is present in an industrial environment, safety standards today require a BMS.

The purpose of a BMS is to prevent explosions and to control the combustion process in a productive, cost-effective and safe manner. Compared to older systems, an advanced BMS will provide operators and maintenance personnel with a great deal of relevant information about operating conditions and diagnostics. Newer systems also provide higher levels of safety and system security as well as traceability.

According to research from the AIS Forensic Testing Laboratory, Inc., the top three causes of boiler accidents are, in order: maintenance (61.2%); operations (22.4%); and design (8.2%). What these data suggest is that accidents can be avoided if these facilities are properly operated and maintained, assuming the BMS is designed properly in the ﬁrst place. Advanced BMS designs will incorporate safety PLCs, which, along with built-in safety features, can provide a wide range of operating data, including predictive maintenance. Safety PLCs will be covered in greater detail in the next few pages.

In 2015 the National Fire Protection Association (NFPA) released its ﬁre safety standard, NFPA 86, that covers furnaces and allows the use of safety PLCs. Related to NFPA 86 are two other standards: NFPA 85 for boilers; and NFPA 87 for thermal ﬂuid heaters.

Burner management vs. combustion control. What’s the difference between

burner and combustion controls? Burner management control monitors the safety devices, such as pressure switches, low gas pressure, high gas pressure, water level and so on, and controls the safety shut-off valves like the pilot valves, main gas valves and oil valves. Combustion controls, on the other hand, manage the fuel and air mixture controls as well as the water controls in the case of boilers.

A brief history of Burner Management Systems

Early BMSs were called “Light, Observe

Wherever a ﬂame is present in an industrial environment, safety standards today require a BMS. Examples include boilers – water-tubes, ﬁre-tubes and ﬂex tubes – and furnaces, ovens and kilns as well as ﬂares.

Top three causes of boiler accidents. BMS safety is paramount because, in many ways, furnace and boiler ﬁres are explosions waiting to happen. To

and Pray” systems. That meant an operator would light a torch, put it in the furnace to light the ﬁre and then everyone prayed that all should go well. Not surprisingly, explosions and related injuries were common in those days.

Next came BMSs with ﬂame scanners. These early systems used relays and timers. They were simple systems and

provided very little information regarding system shutdowns or troubleshooting information. Fireye and Honeywell were among the ﬁrst branded types of these systems.

Early BMSs were called “Light, Observe and Pray” systems.

The next generation of systems were microprocessor-based systems. These systems include basic single- or twoline operator displays. Their displays, however, only provided limited amounts of operating information and not the diagnostics available with today’s human-machine interfaces (HMIs) or even some of the three-line or multi-line displays. They used simple burner management logic and had limited capability and ﬂexibility. Although they complied with safety codes at that time, those codes were not so rigorous as they are today. These systems are used today mostly in the ﬁre-tube boiler market, but they are limited in their capabilities. Their display modules show sequences of events, indicating their operational stages, such as the light-off sequence and current status.

For simple types of boilers and fuelburning systems, these BMS solutions may be a good approach. However, if a BMS requires non-standard features, such as special-limit devices or safety devices, then pre-packaged systems are limited in what capabilities they can provide. For example, they are not usually appropriate for multi-burner applications or for redundancy requirements. They also cannot easily communicate with other systems such as building management systems or manufacturing execution systems.

White paper | Safety Compliance and Cost-effectiveness

Finally, many of the operating strategies and capabilities required to accommodate various options that water-tube boilers need cannot be accommodated with these types of BMSs.

Comparison of microprocessor and PLC-based BMS solutions

Microprocessor-based BMS…

• Provides limited flexibility

• Is not appropriate for multi-burner systems

• Has a single flame scanner

• Yields limited information regarding status and shutdowns

• Difficult networking communications

PLC-based BMS…

• Provide great flexibility

• Extend communications capabilities dramatically

• Have both single- and multiple-burner capability

• Provide diagnostics, if programmed into the PLC

• Are much easier to troubleshoot

• Allow use of various flame scanners

The rise of the PLC-based BMS

Of all BMS designs, PLC-based systems offer the most capabilities and beneﬁts, especially implementation ﬂexibility. When these systems ﬁrst debuted, they replaced relays and timers, which helped reduce wiring, and could be programmed. Early PLCbased BMS solutions often came with panel indicator lights, push-buttons and selector switches instead of today’s sophisticated HMIs.

Typically in these early PLC-based BMSs, if another function was required, then another indicator light had to be added to the panel. This meant that if an application needed many safety devices or options, then it would have a multitude of lights and operator switches. The problem with these kinds of systems is that operators have to watch for the indicator lights to go on or off. If they overlook the indicators because they’re not present or distracted, an operating issue can turn critical, leading to an accident. Today’s HMIs, in contrast, offer much more information to operators and

maintenance personnel via speciﬁc software packages or ﬂat-panel computers whichever they may prefer.

Among the main advantages of a PLCbased BMS is more ﬂexibility, especially in designing systems for speciﬁc applications. In water-tube boilers, for example, customers typically require a wide variety of features and also want their BMS to connect with existing systems, such as a building management system, a manufacturing execution system, distributed control system, or to other parts of their plant.

PLC-based BMS solutions can control single burners or multiple burners, while providing much more operating information and diagnostics. For example, they can indicate whether a speciﬁc damper is not open or not closed, or if particular valves are functioning as they should. BMS designers can choose ﬂame scanners from any manufacturer. For redundancy, they can use more than one ﬂame scanner. As one of the examples, when coupled with special voting logic in the PLC, this redundancy can provide the basis for high integrity systems that eliminate unnecessary shutdowns due to faults in an I/O circuit or ﬁeld device. Predictive maintenance can be programmed into the systems, while diagnostics make them much easier to troubleshoot.

Safety standards governing BMS design

Many standards govern BMS design, among them are the NFPA, ISA, and TÜV as previously described. Equipment standards also apply, such as the Underwriters Laboratories (UL) that govern the components that are in such a system, as well as approvals from FM and IRI organizations. Most of these standards refer to what is called “as listed,” a term used frequently. But what’s not common is a piece of equipment that’s standards-listed as a whole. Altogether, many standards have roles in deciding BMS safety requirements.

In the U.S., implementation is governed by the NFPA. NFPA 85 applies to boilers, while NFPA 86 applies to furnaces and ovens. The 2015 revision updated many parts of these standards. NFPA 85 allows the use of safety PLCs, when SIL 3 capable, for both BMS and combustion (process) control in single burner boilers. It does require that multiburner boilers feature a master fuel trip (MFT) relay, which is an electromechanical relay used to trip all required system components, including the fuel shutoff valves, in case of unsafe conditions. It also mandates that a hard-wired connection exist between the MFT relay and a ﬂame safeguard. This can shut down the boiler’s fuel supply, if sensors indicate that its ﬂame has failed.

In contrast, NFPA 86 does not require an MFT relay, providing for direct valve control of fuel gas or oil. It also removes the hard-wired connection requirement of the ﬂame safeguard. This allows the use of safety-rated PLCs in BMS and combustion control system designs. (NOTE: While this implies that safety PLCs can only be used on NFPA 86 applications, they can be used equally well with NFPA 85 and 86. In fact, we have used them on boilers.)

In NFPA 86-2015, for example, ratings of the Safety Integrity Levels (SILs) of an overall system design depend on the lowest (less safe) SIL level of a system component – the lowest common denominator. So, if a system incorporates a safety PLC with a SIL 3 rating, but the sensors and limit switches are wired in a way that achieves a SIL 1 rating, the overall system will be rated SIL 1.

NFPA 86-2015 speciﬁcally deﬁnes key terminology as related to furnace applications. Most important is the deﬁnition of a ﬂame safeguard. It’s a safety control device that responds to ﬂame properties, senses a ﬂame and indicates if a ﬂame is present in a burner.

+ 5 hidden pages