Siemens Burner Management Systems
Safety PLCs used for burner management really don’t care about your furnace or boiler
One of the most confusing issues for those looking to upgrade old burner management systems (BMS) from relay or solid-state control to programmable technology (i.e. PLC) is what kind of information does the designer need to know about your process?
Eventually they’ll need to know all of the important operating parameters about your particular unit (to program it), but in order for them to quote you a price, they’ll be more interested in basic stuff like type and quantity of IO, redundancy requirements for the CPU and communications and how you want the HMI (you know, the stuff they need to eventually figure out how to build it).
Asking the designer if they’re Safety PLC can handle 15psig steam header pressure, or that it’s a 100HP unit, or that it will fire both oil and gas is like asking if a laptop salesman if their laptop can do e-mail (sure, as long as it has the software, and the network connections).
Safety PLCs differ from that of a general purpose PLC by the simple fact that if and when they fail, their failure mode will be on the ‘safe’ side as opposed to the ‘dangerous’ side. A simple comparison is that a general purpose PLC safe failure mode is generally 50%, while a Safety PLC failure mode is typically much greater than 90%. This simple known fact regarding how general purpose PLCs fail is why for over 20 years NFPA standards have always required external devices (relays, watchdog timers, etc.) to be used with general purpose PLCs.
This has all changed now with the 2011 edition of the three main NFPA standards that cover burner management systems (NFPA 85 for boilers, NFPA 86 for ovens and NFPA 87 for heaters). All three standards now have included provisions that recognize the differences between a PLC and a Safety PLC and more importantly the concept of adopting the performance based safety lifecycle. It is finally down to a very common sense approach, know how bad your hazards are and implement the right amount of safety to protect against it. In the safety world we call that performance based.
From NFPA 85 - 4.11* Burner Management System Logic.A.4.11 Utilizing the equivalency provision in Section 1.5, an alternative design to meet the requirements of the code can be accomplished where all the following are provided:
(1) Approval of the authority having jurisdiction.
(2) A documented hazard analysis that addresses all the requirements of this code.
(3) A documented life-cycle system safety analysis that addresses all requirements of this code and incorporates the appropriate application-based safety integrity level (SIL) for safety instrumented systems (SIS). One methodology for achieving a life-cycle system safety analysis is to use a process that includes SIL determination and a SIS design and implementation consistent with the ISA 84 standard series.
The designer or designers have the responsibility to ensure that all the hazards identified in this code are adequately addressed in the alternative design.
From NFPA 86 and 87 - 8.3* Logic Systems.
A.8.3 Furnace controls that meet the performance-based requirements of standards such as ANSI/ISA 84.00.01, Application of Safety Instrumented Systems for the Process Industries , can be considered equivalent. The determination of equivalency will involve complete conformance to the safety life cycle including risk analysis, safety integrity level selection, and safety integrity level verification, which should be submitted to the authority having jurisdiction.