Safety Instrumented Systems Applications

in Boilers and Fired Equipment Edgar A. Delgado P. Eng., CAP, CFSE

Diversified Process Solutions Inc.

Calgary, April 6 2011

Part 2 a

Basic concepts

• Functional Safety part of the overall safety relating to the process and the BPCS which

depends on the correct functioning of the SIS and other protection layers

• Basic Process Control System (BPCS) system which responds to input signals from the process, its associated equipment, other programmable systems and/or an operator and generates output signals causing the process and its associated equipment to operate in the desired manner but which does not perform any safety instrumented functions with a claimed SIL ≥ 1

• Safety Instrumented System (SIS) instrumented system used to implement one or more safety instrumented functions. An SIS is composed of any combination of sensor (s), logic solver (s), and final element(s)

Taken from IEC-61511-1, 2003

BPCS vs. SIS

BPCS SIS

Basic concepts cntd.

• Safety Instrumented Function (SIF) safety function with a specified safety integrity level which is necessary to achieve functional safety and which can be either a safety instrumented protection function or a safety instrumented control function

• Safety Integrity Level (SIL) discrete level (one out of four) for specifying the safety integrity requirements of the safety instrumented functions to be allocated to the safety instrumented systems. Safety integrity level 4 has the highest level of safety integrity; Safety integrity level 1 has the lowest

• Safety Life Cycle necessary activities involved in the implementation of safety instrumented function(s) occurring during a period of time that starts at the concept phase of a project and finishes when all of the safety instrumented functions are no longer available for use

Taken from IEC-61511-1, 2003

SIS Safety Life-Cycle

Taken from IEC-61511-1, 2003

Protection Layers

Taken from IEC-61511-1, 2003

Why SIS in Boilers and Fired Heaters

There are a number of consequences when a combustion equipment is not operated correctly. These include: • Physical explosion in the steam drum and piping • Possible vapour cloud explosion of fuel gas or coal dust • Possible pool fire of fuel oil • Possible implosion of the furnace itself.

Depending on circumstances, there are possible human injuries, human death, environmental consequences and severe economic consequences.

Causes of Furnace Explosions Statistics indicate Human Error is a contributing factor in the majority of fired equipment explosions, errors are the Result of: • Lack of understanding of, or failure to use proper operating

procedures, safeguards and equipment • Unfavourable operating characteristics

of equipment or control • Lack of functional coordination of the

various components of the steam generating system and its components

These failures justify the use of automatic light-off

Burner Management System (BMS)

• Old NFPA85 definition: System to monitor/control the FUEL BURNING EQUIPMENT during all start-up, shut-down, operating and transient conditions.

• Definition as per NFPA85 (2007): The control system dedicated to COMBUSTION SAFETY AND OPERATOR ASSISTANCE in the starting and stopping of fuel preparation and burning equipment and for preventing misoperation of and damage to fuel preparation and burning equipment.

Alternate Names – Burner Safety Systems – Burner Control Systems – Combustion Safeguards – Flame Safeguard System – Safety Shutdown Systems – Furnace Safeguard Systems – Boiler Safety Systems – Emergency Shutdown Procedures

BMS Industry Standards Studies of fired equipment explosions often point to human error as a contributing factor. While there were a number of reasons for this, most international and national combustion safety standards now require automatic start-up and ignition of combustion equipment.

• BLRBAC – Instrumentation Checklist and Classification Guide for

Instruments and Control Systems Used in the Operation of Black Liquor

Recovery Boilers – Oct 1999

• FM 7605 - Approval Standard for Programmable Logic Control (PLC)

Based Burner Management Systems – Dec 1999

• API 556 - Instrumentation and Controls for Fire Heaters and Steam

Generators – draft Oct 2004

• TR84 – The application of ANSI/ISA84.01-2003 (IEC 61511) for Safety

Instrumented Functions (SIFs) in Burner Management Systems

• B149.3-10- Code for the field approval of fuel-related components on

appliances and equipmant – January 204

Standards evolution Prescriptive vs. Performance based

• IEC 61508 - Functional Safety: Safety-Related Systems

• IEC 61511 - Functional Safety: Safety Instrumented Systems for the

Process Industry Sector

• NFPA 85 – Boiler and Combustion Systems Hazard Code 2007

Edition

• ANSI / ISA S84.01 – Application of Safety Instrumented Systems

for the Process Industries

• NFPA 86 – Standard for Ovens and Furnaces 2007 Edition

Safety Life cycle application in BMS

Based on IEC-61511

Hazardous Event

• Firebox fills with unburned hydrocarbons

• Finds ignition source

• Explosion

Initiating Event

• Fuel Instabilities

• Mechanical Failure (burner, blower, etc…)

• Tube leak or rupture

• Fuel Valves leaking on start up

• Slug flow

• Supply regulator or control valve failure

• Instrumentation or DCS failure

• Operator Error

Consequences

• Operators in Area?

• Furnace/Heater or other equipment Damage

• Loss of Production

• Environmental release

• Corporate/Social Image.

PHA

PHA Methods: • Checklist • What If? • HAZOP • FMEA • Fault Tree Analysis

Risk Assessment

Qualitative

• Risk Matrix

Quantitative

• LOPA (Layers of Protection Analysis)

SIS Required? • NO.

• Yes, Start SIS design.

Define SIL Target

• SIL Assessment. Define a SIL target for each SIF based on your residual RISK (PHA)

Taken from IEC-61511-1, 2003

Safety Requirement Specification

• What is it? specification that contains all the requirements of the safety

instrumented functions that have to be performed by the safety instrumented systems

• Shall Include: 1. General Requirements

2. SIS Safety Requirements

SIS Conceptual Design

• Select Platform/Architecture

• Select Hardware (Instrumentation/Controllers/Valves)

• Design HW

• Design SW

• Verify compliance with SRS

Execute Detail Design • Build Cabinets

• Program controllers

• Install instrumentation

• Verify / Test

SIL Verification

• Verify that Design achieves the target SIL selected.

• Different methods (Simplified equations, Probabilistic Calculation, other)

• Guided by IEC-61511-3

• Automated Software: ExSILentia, SILcore, others.

Verification And Validation

• Hardware Acceptance Test

• Factory Acceptance Test

• Costumer Acceptance Test

• Government Approval

• Commissioning and Start Up

Operational Phase

• Operate • Maintain • Proof Test • Change • Decommission

Typical BMS automated Sequence

• All permissives satisfied • Push Reset Button • Purge Permissives Clear • Push Start Purge • Purge time elapsed • Purge complete • Light Pilots (1 within 15 minutes

and 50% within 60 minutes) • All main header permissives satisfied • Ignite main burners • Release to automatic (SIF armed and

monitor the Process)

Control Panel Screens Examples

Conclusions

• A fired equipment control system (BMS) implementation shall follow de engineering best practices and standards.

• Execute sound risk assessment to determined the need for an SIS approach to BMS implementation.

• Safety life cycle approach to safety provides best incident prevention performance.

Thank you

Questions ?

Diversified Process Solutions Inc.