View
221
Download
0
Category
Preview:
Citation preview
7/28/2019 Controls Instruments Polagye
1/29
SIS and BMSAn Insurance Carriers Perspective
ABMA Annual MeetingPresented by M. C. Polagye, January 14, 2006
7/28/2019 Controls Instruments Polagye
2/29
Boiler Safety Systems
Burner Management System (BMS)prevent fuel
explosions
Low Water Protectionprevent dry firing
Over-pressure Protectionprevent steam/water
explosions
7/28/2019 Controls Instruments Polagye
3/29
Current Boiler Safety Codes & Standards
ASME Boiler & Pressure Vessel Code, Sections I & IV NFPA 85, Boiler and Combustion Systems Hazards
Code ASME CSD-1, Standard for Controls and SafetyDevices for Automatically Fired Boilers
National Board Inspection Code Others
ANSI Z21.13/CSA 4.9, Gas-Fired Low PressureSteam and Hot Water Boilers
Insurance RecommendationsFM Global PropertyLoss Prevention Data Sheets
7/28/2019 Controls Instruments Polagye
4/29
These standards tell:
What needs to be done for safe boiler operation.
Some prescriptive guidance on how to do it.
Reliance is placed on the competent engineer to designa system that meets the intent of the standards/codes.
7/28/2019 Controls Instruments Polagye
5/29
BMS
Prescriptive Guidance/Requirements
A hardwired/separately wired system from operatingcontrols.
Input checking Separate transmitter for safety system
Exception for some signals such as drum level,furnace pressure, and air flow.
No intermittent trip signals to SSOVs Functional test at installation, annually, and following
maintenance or upgrades/changes.
7/28/2019 Controls Instruments Polagye
6/29
When a PLC is used for BMS Logic Fail safe design External watchdog timer
Output checking
Internal diagnostics
Redundancy
Logic is protected from unauthorized changes
No logic changes performed while on-line
Quick response to trip conditions
Independent of other logic systems
Logic is non-volatile
Independent Hardwired manual emergency shutdownswitch
7/28/2019 Controls Instruments Polagye
7/29
Performance Based Standards IEC 61508, Functional safety of electrical/electronic/
programmable electronic safety-related systems
IEC 61511, Functional safety - Safety instrumentedsystems for the process industry sector
ANSI/ISA-84.00.01, Functional Safety: SafetyInstrumented Systems for the Process Industry Sector ISA-TR84.00.02, Safety Instrumented Functions
(SIF)Safety Integrity Level (SIL) Evaluation
Techniques ISA-TR84.00.05(Draft), The Application of
ANSI/ISA 84.00.01 for Safety InstrumentedFunctions (SIFs) in Burner Management Systems
7/28/2019 Controls Instruments Polagye
8/29
Performance Based Criteria
No prescriptive rules apply Identify the undesirable event
Look at the damage/consequence if the event occurs
Look at the likelihood of occurrence if no safety system
is provided Look at the available independent layers of protection
Determine if a Safety Instrumented Function (SIF) isrequired
Determine the required Safety Integrity Level (SIL)appropriate for the risk the event presents
Design a Safety Instrumented System (SIS) to achievethe SIL
7/28/2019 Controls Instruments Polagye
9/29
The undesirable event
BMSExcess combustible vapors in the furnaceenclosure
Low Water Protection SystemLoss of water in boilersteam drum
Overpressure Protection SystemExcessive pressurein steam drum/boiler
7/28/2019 Controls Instruments Polagye
10/29
Consequence
BMSDevelopment of explosive mixture, contact withan ignition source, explosion causing mechanical
damage to boiler with possible injury to nearbypersonnel
Low Water Protection SystemMechanical damage toboiler (one or more tube ruptures) with possible injuryto nearby personnel
Overpressure ProtectionPressure part failure,possible failure of steam drum, with possible injury tonearby personnel
7/28/2019 Controls Instruments Polagye
11/29
Likelihood if no safety system is provided
Fuel explosionhigh
Dry firingmoderate to high
Overpressurelow (safety valves)
7/28/2019 Controls Instruments Polagye
12/29
Independent Layers of Protection
7/28/2019 Controls Instruments Polagye
13/29
Independent Layers of Protection
Fuel explosionnone
Dry firingmay have two
Low level alarm and operator interventionLow-low level alarm with operator manual shutdown
Overpressuremay have three
Safety valvesHigh pressure alarm with operator interventionHigh-high pressure alarm with operator manual
shutdown
7/28/2019 Controls Instruments Polagye
14/29
Is a SIF required?
Fuel explosionYes, no independent layers ofprotection.
Dry firingYes, even at constantly attended boilers,operators may not be available when needed to performthe required shutdown.
OverpressureYes, unnecessary popping of safetyvalves increase probability of leakage and maintenancecosts.
7/28/2019 Controls Instruments Polagye
15/29
Safety Integrity Level (SIL)
7/28/2019 Controls Instruments Polagye
16/29
SIL
Fuel Explosion
Moderate damage
High probability
No independent layers ofprotection
SIL 3
7/28/2019 Controls Instruments Polagye
17/29
SIL
Dry Firing
Minor to severe damage
High probability
Up to two independent layersof protection
With two layers SIL N/A
With no layers SIL = 2 or 3
7/28/2019 Controls Instruments Polagye
18/29
SIL - Overpressure
Minor to sever damage
High probability ofoccurrence
One to three independentlayers of protection
Three layers SIL N/AOne layer SIL = 1 or 2
7/28/2019 Controls Instruments Polagye
19/29
Designing to Achieve Required SIL
7/28/2019 Controls Instruments Polagye
20/29
Approach to Calculating SIL
Sensor
Transmission to processor
Input module
Processor
Output module
Transmission to final element Final element (SSOVs)
Determine the probability offailure of each component
Evaluate impact of commonfailures
Determine system probability
of failure on demand for eachSIF
7/28/2019 Controls Instruments Polagye
21/29
Component Probability of Failure
Safe detected
Safe undetected
Dangerous detected
Dangerous undetected
7/28/2019 Controls Instruments Polagye
22/29
SIFs for BMS (Gas Firing)
Low fuel gas pressure (igniter or pilot) High fuel gas pressure (igniter or pilot)
Low fuel gas pressure (main burner) High fuel gas pressure (main burner) Purge air flow adequate Igniter flame proven within trial for ignition period
Main flame proven within trial for ignition period Low air flow Loss of flame Loss of control system power (air and/or electric)
7/28/2019 Controls Instruments Polagye
23/29
Determining Probability of Failure on Demand
Complex process
Evaluation Techniques (ISA-TR84.00.02)SIL of SIF
Equations
Fault tree analysis
Markov analysisPFD of Logic solvers
Markov analysis
7/28/2019 Controls Instruments Polagye
24/29
Prescriptive Design Requirements
Advantages
Easy to determine ifrequirements are met.
The same design/logic appliesregardless of manufacturer/components.
Standardized design.
Disadvantages
Restrictive of technology.
Requires labor intensivewiring and cables.
No real measure ofeffectiveness/reliability.
7/28/2019 Controls Instruments Polagye
25/29
Performance Based Design
Advantages
Allows latest technology to beused.
A separate stand-alone PLC isnot required.
Reliability can be quantified.
Disadvantages
Each system is unique andre-invents the wheel.
The analysis is complex.
Data on probability of failureor mean time to failure isoften not available.
Each time a differentcomponent is selected, theanalysis has to be rerun.
7/28/2019 Controls Instruments Polagye
26/29
Performance Based Design Results
Anecdotal evidence that SIL reliability requirementsresult in systems that are more complex with moreredundancy than that commonly found in prescriptivesystems.
7/28/2019 Controls Instruments Polagye
27/29
FM Global 10 Year Boiler Loss History
Peril/Event Number ofLosses
%
Loss Amounts%
Fire 5 3
Explosion 11 67
Electrical 1 Nil
Mechanical Breakdown 6 6
Pressure Failure 77 24
7/28/2019 Controls Instruments Polagye
28/29
Other Observations
With programmable systems, the most common losscause has been software/programming errors.
With each installation re-creating logic, the chancesfor these errors increase.
Some of the most dramatic losses have been the resultof DCS lock-up.
7/28/2019 Controls Instruments Polagye
29/29
FM Global Supports use of SIL for SIS DS 7-45, Instrumentation and Control in Safety
Applications
Approval Standard 7605, Approval Standard forProgrammable Logic Control (PLC) Based BurnerManagement Systems
For BMS both prescriptive and performance basedsystems will be accepted
Recommended