Autopro Blog

Burner Management Systems and IEC 61511 : What to Know When Using Fired Equipment

January 10, 2019


It has been brought to my attention through recent discussions about the hazards associated with the fuel trains of fired equipment, that these types of equipment are not always evaluated using the risk assessment process. The primary reason given is that the equipment is “certified” and that no further action is required. Even though this is true, are risks being properly identified and managed without a risk assessment?

Safety Standards and IEC 61511

As with any code, there is a minimum standard that must be met by a broad range of equipment, in a broad range of environments, in order to be deemed safe. By skipping the hazard assessment, questions may remain unanswered with respect to the risks associated with fired appliances and the potential impact to your facility.
For example, a heater in the heart of a facility will have different risks associated with it than one isolated in the far corner of the same lease. When evaluating the CSA B149.3 code, it does not necessarily consider anything outside of the skid boundary, such as the impacts to the identified risk receptors which could include safety, environment, reputation, production, etc. In most cases, the application of the code is enough to meet the risk targets of a Layers of Protection Analysis (LOPA) study, however in some circumstances, these targets require some additional Independent Protection Layers (IPLs), above and beyond the code.

The 2018 edition of the Canadian Electrical Code, now in effect in Saskatchewan, will also be coming into effect next month for Alberta, and is pending for BC. Within Appendix A, the IEC 61511 standard is now (or will be) a normative requirement. The interpretation of the inclusion of IEC 61511 is that all installations will be required to perform a risk assessment, which includes a Hazard and Operability Study (HAZOP)/LOPA (or similar) hazard identification process even if there are no Safety Instrumented Functions (SIFs). This is being interpreted as the new minimum standard  though adoption of the 2018 Canadian Electrical Code by the Provincial Authorities .

For those installations that have identified SIFs, the remainder of the IEC 61511 standard will apply in addition to CSA B149.3. This is where things can get a little daunting, as two major standards apply to the same installation. There are provisions in the CSA B149.3 to permit the Authority Having Jurisdiction to allow only the IEC 61511 standard to apply, but I have not personally seen this in practice.

HAZOPs and Burner Management Systems

In most cases, both CSA B149.3 and IEC 61511 standards are applied and the Burner Management System (BMS) is treated as a Safety Instrumented System (SIS) even though a vast majority of the trips have been assessed lower than Safety Integrity Level (SIL) 1. CSA B149.3 requires that all trips are to be included in the BMS/SIS, regardless of any potential SIL rating. In some cases, SIFs and other IPLs have been identified by the LOPA study to meet the risk targets, requiring the installation go beyond the CSA B149.3 code.

Often, general-purpose Programmable Logic Controllers (PLCs) are used as the logic solver for BMS applications. While there is nothing wrong with this approach, it does add complexity to both the physical and logical configurations in the form of required critical I/O monitoring, which is accomplished through additional I/O modules and programmed logic.

An alternative tactic is to use a SIL class logic solver. As these requirements are embedded into the hardware design; no additional modules or logic are required. While changes are rarely made to programs after the field certification process is complete, the program is still used to troubleshoot and diagnose problems and the complexity makes determining causes more difficult to find. In short, the best solutions are often the simplest ones.

Risk Management with Certified Equipment

Identifying and managing risks associated with certified equipment answers several questions including:

• How can we be sure that all hazards are controlled according to our corporate risk standards?
• Are we in compliance with the law if we don’t put this appliance through a risk assessment process?
• What are the issues surrounding subjecting this appliance to our risk assessment process?

Implementing solutions that utilize both the CSA B149.3 and IEC 61511 standards may seem daunting or complicated, and it is with this in mind that Autopro engages experts with vast experience in this area and are able to execute the needed processes with ease and efficiency. These efficiencies are realized from the outset of a project conception making the risk assessment process as simple as possible. The result is equipment that meets both the regulatory requirements of both the CSA B149.3 and the Canadian Electrical Code, as well as the corporate risk requirements.

Autopro Can Help

As a vendor-independent service provider, Autopro is able to offer cost-effective turnkey solutions to support the full scope of our clients’ requirements. By removing the need for multiple service suppliers, we minimize risk of costly scope changes and schedule delays. With desirable locations, Autopro’s offices are well-situated to our clients’ facilities. We provide local staff and flexible, cost-effective solutions.

For more information on this and our other services,
please contact us:
+1 (888) 539-2450