Performance based

approach to Burner
Management
System
Shirish Ratnaparkhi, CFSE
(BMS)
Emerson Process Management
International Safety Conference October 12-13
IIT Gandhinagar

Boiler Safety is the oldest topic!

Handled since 17th Century, much before other

major industries existed!

NFPA, ASME codes evolved to address boiler

safety in 1896, followed by Safety Standards
ANSI / IEC / ISA codes in 1989 until 2001.

Process Safety Management was practiced, but

mostly based on prescriptive standards.

There is a thin line difference.

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 2

A thin line difference

Process Safety Management (PSM) is a major

change in approach it introduced a Risk
Assessment.

However, though almost a correct approach, it is

not complete in itself, since it was still based on
established prescriptive standards.

It can not demonstrate the performance of the

Safety System implied.

There is a thin line difference between PSM and

FSM! Functional Safety Management..

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 3

Functional Safety Management

At first place, nobody ever asked a question How

much safety do I need?

Safety Life Cycle (SLC) approach as per IEC / ANSI /

ISA standards was first introduced coupled with
numeric evaluation of everything

It addressed Random failures for the equipment

and Systematic failures for design, engineering,
and commissioning processes! Again very much
numerically..

FSM is the great way to go ahead in coming

future.. Also for Boiler Safety.

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 4

Chemical, Life Sciences, Oil & Gas and Refining

sectors world-over have picked up FSM by now to
a great and noticeable extent.
They are on the way to master it.
Now is the time that Boiler Safety be based on the
same techniques.
Will have to deal with the myths.

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 5

Accidents in boilers

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 6

Major attributes

Operational mistakes and system allowed it to

happen !

Manual override / bypasses.

Inadequate specifications while engineering the

Safety Systems

Over emphasis on redundancy of Safety

Controller and lack of attention to field devices

PSM is followed, however performance unknown

Incomplete hazard analysis and underestimation

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 7

Traditional way of FSSS / BMS

Pre-defined prescriptive architectures like TMR-DMRQMR. Its time to come out.
Specifications still suggest fixed ALL-THREE
combinations.
Three transmitters, three Input cards, three processors,
three output cards, three relays and sets of contacts,
and surprisingly a single valve.
Suppliers are obliged to provide ALL-THREE
combinations without any analysis.
With all this implemented, no-one is sure what SIL
has been achieved! Or what was wanted at first
place..

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 8

What was actually needed?

A Safety Instrumented System
(SIS) optimally designed with
a known Risk Reduction
configured SIF by SIF in
accordance with Functional
Safety Management in place
as per IEC 61508 / 61511

Optimum Safety
could be achieved
[File Name or Event]
Emerson Confidential
27-Jun-01, Slide 9

Furnace Safeguard and Supervisory

Systems (FSSS)

Boiler protection system (BPS)

Emergency shutdown to create MFT

Shutdown of one fuel / section
SIFs are identified after thorough HazOp and SIL
assigned, performance known.

Burner Management System (BMS)

Safety critical interlocks: Permissive and Trips
Entire sequencing by SIS
Performance evaluation of these BMS Safety
Functions is possible

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 10

Its all about APPROACH!

SAFETY
Words versus OPTIMUM
Numbers.!!!!!!!

So far the rules and guidelines were described

in words.

They are important but not enough.

Performance of a Safety instrumented function

can be calculated and gives a TRUE picture
than a prescribed function.

Think OPTIMUM SAFETY

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 11

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 12

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 13

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 14

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 15

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 16

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 17

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 18

Complete Numerical approach.

Probable Loss of Life

Device Failure Rate

Probable Injuries

Diagnostic Coverage

Unmitigated Risk

Diagnosis Frequency

Risk Target

Safe Failure Fraction

RRF

Proof Test Interval

SIL

Common cause Factor

Mission Time

HW Fault Tolerance

Start-up Time

Test Coverage factor

Repair Time

Demand Frequency

PFDavg on demand

ROI

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 19

A special note on BMS: Option-1

Consider wiring the common IOs between BMS and BPS to BMS system.
If the BMS system is capable of executing the Sequence logic, it is highly
recommended that this should be preferred.

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 20

A special note on BMS: Option-2

Consider wiring only those signals to BMS, which contribute into the Startpermissive and the trips as per the HAZOP. Engineer the Sequence control
in BPCS and a Safety critical sequence monitoring in BMS.

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 21

Conclusions

Boiler Safety is critical. It followed the established

standards so far and new methods of performance based
standards are available.

BMS can also be analyzed SIF by SIF and the SIL ratings
can be allocated and obtained. This way, optimum safety
and availability can be realized.

Inadvertent cost due to lack of numerical analysis can be

saved and the Optimum Safety can be obtained.

Experts from various fields in Process Industry can

contribute a lot towards fulfillment of establishing best
practices using Performance based standards for BMS
and boiler safety.

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 22

References

Wisconsin Boilers Inspectors Association: Accident tracking site for

worldwide accident events in Boilers.

http://www.thewbia.com/membership_info.php

Report on the investigation of the starboard boiler explosion resulting

in one fatal and one serious injury on board the Liquid Natural Gas
tanker Hilli, Grand Bahama Shipyard, Freeport, Grand Bahama. 10
October 2003.

www.maib.gov.uk/cms_resources/Hilli.pdf

ISA-TR84.00.05-2009, Guidance on the Identification of Safety

Instrumented Functions (SIF) in Burner Management Systems
(BMS): ISBN: 978-1-936007-41-7

[File Name or Event]

Emerson Confidential
27-Jun-01, Slide 23

Thank you.

Take home:
Optimum Safety for BMS