Siemens Worldwide

Siemens Global Weblogs




Siemens Burner Management Systems

  • Charles Fialkowski 01/06/2015

    Fialkowski to teach ISA boiler control course at the 58th POWID symposium

    On June 11th, I"ll be in Kansas city, MO at the ISA POWID (power industry division) symposium, teaching the 1-day ISA boiler control course (ES 15C). 

    Preparing now, as the original instructor some how felt that 200 slides was appropriate for a 1-day course.  

    If anyone is interested in the material, let me know I"ll be happy to share the outline of the course.

  • Charles Fialkowski 14/04/2014

    Separation requirements for your BMS at sites with mulitple boilers?

    For years, I have always driven for complete seperation and independence for all PLC based burner management systems (BMS) as per my own personal interpetation (per NFPA 85 requirements).  Below is an excerpt from the current NFPA 85 standard.  I"m NOT talking about seperation between the control layer and the safety layer, rather, what to do when your plant has multiple boilers on site? 

     4.11.7* Requirement for Independence. Except as noted in, the burner management
    system shall be provided with independent logic, independent
    logic solving hardware, independent input/output systems,
    and independent power supplies and shall be a device functionally
    and physically separate from other logic systems

    I was starting to question my own interpertation as beeing possibly too conservative.

    We have been seeing a number of plants that have MULTPLE small package boilers (single burner, single fuel), looking to upgrade their existing BMS (PLC) to utilized safety PLC technology.  The IO counts are small (less than 100), but based on the interpretation above, we continue to quote MULTIPLE SIL-rated, PLC based BMS systems to be compliant.

    I posted this issue with some of my top consultants, and the responses were not very comforting?   Meaning, I didn"t receive any consistency on their interpertations/opinions either? 

    I"d be interested in what others are considering when they are looking at updating their automation for multiple units?

  • Charles Fialkowski 08/01/2014

    Fialkowski to Present on NFPA equivalency clause at Instrumentation Symposium

    If you"ve ever wondered how you can acheive compliance on your BMS to the prescribed requirements in the NFPA standards (85, 86 or 87) you should attend my presentation on Tuesday, January 21st @ 3:20pm at the 69th Annual Instrumentation Symposium for the Process Industries, January 21-23, 2014 - Memorial Student Center, Texas A"M University, College Station, Texas.

     This paper was a great collaborative effort between myself, Michael Polagye, FM Global and Mike Scott, AEsolns.

    The program, registration and exhibitor information is online at:

    . In addition to my presentation, there will be many other safety related presentations.

    If you have any specic BMS or SIS questions, feel free to look me up at the LARGE Siemens booth!


  • Charles Fialkowski 19/09/2013

    What SIL level should your burner management system achieve

    A few weeks ago I attended a technical conference in Alaska where Mr. Mike Scott from AEsolutions was a presenter.  Mike"s presentation title was "Safety Instrumented BMS" which of course I was extremely interested in hearing someone else"s take on this.  Mike talked about the potential risks associated with any application with a flame (boilers, heaters, thermal oxidizers, process heaters, etc..) and in summary he concluded that all the applications he sees would require a SIL 2 BMS to reduce the risks to a tolerable level. 

    Ok, let"s think about that.  Most prescriptive standards (i.e. NFPA) define a BMS protection layer that should provide the minimal level of performance required to manage the risks.  This might be SIL 1 or maybe SIL 2, but it"s just not very clear.  

    I liked Mike"s point of designing towards SIL 2, and stop weaseling around with the prescribed standards that might or might not provided the amount of Risk reduction that your company requires. 

    I"d be happy to hear from Mike on this.....(stay tuned)   

  • Charles Fialkowski 09/08/2013

    How to invoke the equivalency clause in NFPA standards

    When dealing with a prescriptive standards such as the NFPA 85, NFPA 86 or NFPA 87 standards, there are a number of prescribed requirements that often conflict with using modern performance based equipement (i.e. using an external watchdog timer for a Safety PLC, using hardwired relays,etc).

    I have challenged these concepts since the start of my career in Industrial automation as I worked for a major manufacturer of combustion equipment and believed there had to be a better way.....

    All NFPA standards employ the not so well known..."equivalency" clause, putting the responsibility on the designer to provide the technical argumentation to go outside the intent of the NFPA standards.

    I"m proud to announce that I just recieved acceptance for my paper titled “Invoking the Equivalency Clause in NFPA Standards for Designing Compliant Burner Management Systems” will be presented at the 69th Annual Instrumentation Symposium for the Process Industries.  The Symposium will be held January 21-23, 2014 in College Station, Texas. 

  • Charles Fialkowski 02/08/2013

    Understand the mysterious Proof Test for Safety PLCs

    I"ve posted about this topic before, but I still see much confusion on the topic.  So please.....let me explain....

    In order to "predict" the level of "safety" your PLC would provide, one would need to know 3 key variables:

    • Dangerous failure rate

    this value will vary per manufacturere, is usually refered to as "lamda dangerous" (or simply ....lamda D)

    • Manual Proof Test

    can be adjusted per the enduser, and typically starts at 1 year. 

    • Architecture

    The redundancy scheme that your PLC is designed will impact its ability to tolerate a potentially dangerous failure and still be able and capable to perform (we often here about 1oo1, 1oo2, 2oo2, 2oo3, etc....)


    When it comes to determining the manual proof test of your PLC.  What are you supposed to do?  Most PLC manufactures claim that their system has high levels of diagnostics (some upto 99%).  Meaining that the PLC will automatically run internal diagnostics with extremely high success.

    I"m all for using the PLC to conduct tests on your field devices (sensors and final elements), but what I"m questioning is blindly taking credit for testing your PLC that its automatic diagnostics aren"t already testing for...


    I presented my paper at the AICHE Global Congress on Process safety, and if your interested the presentation was recorded and can be viewed at (note they do charge a fee to view the presentation:




  • Charles Fialkowski 11/07/2013

    Siemens BMS 400F Live demo July 17 in Houston TX

    If your in the Houston area next week, register to attend a 1-day Safety Instrumented System (SIS) seminar.  Not only will you learn about the ISA 84 safety standard, you"ll also get a chance to have a first hand review of Siemens BMS 400F (A SIL 3 rated BMS solution).

    The event is being hosted by Cimation, a local solution/engineering firm.  The seminar will be lead by Siemens Process Safety and BMS expert Mr. Luis Garcia.  More information on the event and to register please go to:

  • Charles Fialkowski 18/06/2013

    Claim equivalency for applying new technology in NFPA Burner Management Standards

    Over the past several weeks, I"ve mentioned "gaps" in NFPA standards (NFPA 85, 86 and 87) regarding burner management systems. 

    The problem (as I see it) is that prescriptive standard committees such as NFPA are slow to adopt new (and proven) techniques and technologies. That"s the fact, and there is nothing we can do about it.....but there is a way to get around it. 

    All NFPA (BMS related) standards have an equivalency section (Section 1.5) that allows one to provide an equivalent (and/or superior) design that may not be accurately covered in current NFPA issues. 

    The problem is, that most folks don"t feel competent enough to provide the technical documentation (and arguements) to prove their design is superior.

    When it comes to functional safety, the CFSE program is conidered the “gold standard” for functional safety personnel competency demonstration. 

    I"ll be using my CFSE credentials to provide the technical documentation against one of my pet peeve areas where the NFPA 86 standard actually limits the use of a Safety PLC over the selection of non-certified hardwired equipment. 

    If you"d like to see what it takes to gain CFSE status, exida is offering a free webinar tomorrow...

  • Charles Fialkowski 10/04/2013

    Stop the guess work on when and how to test your BMS (or SIS)

    This topic has been hitting the safety wire for some time now, and is the topic of my paper that I will present on April 30, at the  AIChE pring Meeting and Global Congress on Process Safety in San Antonio. 

    Attend the Siemens presentation: Take the Guess Work Out of Testing Your Safety Instrumented System


    Process Safety expert, Charles Fialkowski, will present his paper, Tuesday, April  30, at 10:15am that questions on-line testing of highly automated systems and its impact for improving risk reduction performance. Charles will also discuss the gaps with current testing philosophies along with many misunderstandings regarding diagnostics and redundancy, and the myths that follow.


  • Charles Fialkowski 29/01/2013

    Safety PLCs used for burner management really don’t care about your furnace or boiler

    One of the most confusing issues for those looking to upgrade old burner management systems (BMS) from relay or solid-state control to programmable technology (i.e. PLC) is what kind of information does the designer need to know about your process?


    Eventually they’ll need to know all of the important operating parameters about your particular unit (to program it), but in order for them to quote you a price, they’ll be more interested in basic stuff like type and quantity of IO, redundancy requirements for the CPU and communications and how you want the HMI (you know, the stuff they need to eventually figure out how to build it).


    Asking the designer if they’re Safety PLC can handle 15psig steam header pressure, or that it’s a 100HP unit, or that it will fire both oil and gas is like asking if a laptop salesman if their laptop can do e-mail (sure, as long as it has the software, and the network connections).   


    Safety PLCs differ from that of a general purpose PLC by the simple fact that if and when they fail, their failure mode will be on the ‘safe’ side as opposed to the ‘dangerous’ side.  A simple comparison is that a general purpose PLC safe failure mode is generally 50%, while a Safety PLC failure mode is typically much greater than 90%.  This simple known fact regarding how general purpose PLCs fail is why for over 20 years NFPA standards have always required external devices (relays, watchdog timers, etc.) to be used with general purpose PLCs.


    This has all changed now with the 2011 edition of the three main NFPA standards that cover burner management systems (NFPA 85 for boilers, NFPA 86 for ovens and NFPA 87 for heaters).  All three standards now have included provisions that recognize the differences between a PLC and a Safety PLC and more importantly the concept of adopting the performance based safety lifecycle.  It is finally down to a very common sense approach, know how bad your hazards are and implement the right amount of safety to protect against it.  In the safety world we call that performance based.


    From NFPA 85 - 4.11* Burner Management System Logic.

    A.4.11 Utilizing the equivalency provision in Section 1.5, an alternative design to meet the requirements of the code can be accomplished where all the following are provided:


    (1) Approval of the authority having jurisdiction.


    (2) A documented hazard analysis that addresses all the requirements of this code.


    (3) A documented life-cycle system safety analysis that addresses all requirements of this code and incorporates the appropriate application-based safety integrity level (SIL) for safety instrumented systems (SIS). One methodology for achieving a life-cycle system safety analysis is to use a process that includes SIL determination and a SIS design and implementation consistent with the ISA 84 standard series. 



    The designer or designers have the responsibility to ensure that all the hazards identified in this code are adequately addressed in the alternative design.



    From NFPA 86 and 87 - 8.3* Logic Systems.


    A.8.3 Furnace controls that meet the performance-based requirements of standards such as ANSI/ISA 84.00.01, Application of Safety Instrumented Systems for the Process Industries , can be considered equivalent. The determination of equivalency will involve complete conformance to the safety life cycle including risk analysis, safety integrity level selection, and safety integrity level verification, which should be submitted to the authority having jurisdiction.