The NFPA (National Fire Prevention Association) standards 85, 86, and 87 cover burner management systems (BMS) used on boilers, ovens and furnaces, and fluid heaters. The use of these standards is prevalent in North America, and even in some other parts of the world. Historically, these standards have been very prescriptive. For example, for decades fuel trains have required dual block and vent valves, logic solvers have required a master fuel trip relay (a secondary means of de-energization), and more.
Other industry standards, such as the ISA (International Society of Automation) 84, and IEC (International Electrotechnical Commission) 61511 standards for safety instrumented systems in the process industry are performance oriented. They do not mandate technologies, levels of redundancy, or specific manual test intervals. They essentially state ‘the greater your level of risk, the better the systems you need to control it’.
As of 2015, NFPA 85, 86 and 87, all now include direct references to ISA 84 / IEC61511, although in many instances the references related to safety systems have been done in a prescriptive manner. They include an equivalency statement saying “nothing in this code is intended to prevent the use of systems, methods, or devices of equivalent or superior quality, strength, fire resistance, effectiveness, durability, and safety over those prescribed by this code.” Therefore, it would be acceptable under NPFA 85, 86, and for an end user to propose an alternate burner management system design with different sensors / voting arrangements, different valves / voting arrangements, different logic solver designs, etc. As long as one can demonstrate conformance to ISA 84 / IEC 61511, and has the approval of the appropriate authority having jurisdiction (AHJ), the design can be considered acceptable.
For an end user with brownfield legacy burner management systems designs who wishes to justify that existing designs are acceptable as-is, this can be quite helpful. However, for new equipment, this provides added flexibility that many original equipment manufacturers (OEM) may struggle with for a variety of reasons. (For example, the OEM cannot determine the level of tolerable risk for their users; there is no uniform globally accepted set of risk criteria, and each application and location is unique.)
NFPA 85 (for boilers) states that for a single burner boiler, the combustion control and burner management systems may be combined in a single SIL (safety integrity level) 3 safety-rated PLC (programmable logic controller). There are several areas of concern that still need to be addressed with such a design. Such a combined system is not allowed for a multi-burner boiler.
NFPA 86 (for ovens and furnaces) states that SIL 2 rated safety PLCs may be used, albeit with a variety of design restrictions. NFPA 87 (for fluid heaters) states that the PLC should be certified for use in SIL 3 or greater. (Note: there are no software based systems certified for use beyond SIL 3.) Both 86 and 87 even go so far as to state that where transmitters are used, they should be SIL 2 capable.
Invoking the concept of a Safety Instrumented – Burner Management System in all three of the NFPA standards is a significant milestone for industry. In 2002 when the ISA S84 committee first began developing technical report TR84.00.05 “Guidance on the Identification of Safety Instrumented Functions (SIF) in Burner Management Systems (BMS)”, none of the NFPA standards recognized the concept of a safety instrumented system, nor did they reference ISA or IEC standards. This issue directly contributed to schedule delays in the development process of the technical report, which ultimately resulted in pushing the final publication of the report out to December of 2009.
However, there are a number of potential shortcomings and concerns in just how the NFPA standards now call out for safety rated equipment. Simply purchasing 3rd party SIL certified logic solvers and transmitters alone is not enough to satisfy the requirements of the standards. Combining both control and safety functions is a single controller (as now allowed in NFPA 85) is fraught with problems that are discussed in ISA 84 / IEC 61511. When implementing a safety instrumented system, it is important to follow the entire lifecycle covered in the standards (84 / 61511). Failing to do so could actually result in a system that may not meet the requirements in any of the standards.
Learn more about the latest updates and concerns with the NFPA standards in this 16-page white paper recently presented by Mike Scott, PE, CFSE, at the 2016 Texas A&M University Instrumentation Symposium for the Process Industries.