-
Specification for a Burner Management System
Table of Contents 1 Instructions to Bidders
...........................................................................................................42
Scope of Work
.......................................................................................................................63
Process Equipment
Overview................................................................................................74
Burner Management System Overview
.................................................................................9
4.1 Applicable Codes and Standards
...................................................................................94.2
Preliminary Layout Diagrams
.........................................................................................94.3
Preliminary I/O Count
...................................................................................................104.4
Interfaces to Other Systems
.........................................................................................10
5 Safety Requirements Overview
...........................................................................................115.1
IEC 61508 Certified
CPU..............................................................................................115.2
IEC 61508 Certified I/O
Modules..................................................................................115.3
BMS and Control System
Separation...........................................................................115.4
Safety
Manual...............................................................................................................115.5
External System Watchdog
..........................................................................................115.6
Safety
Functions...........................................................................................................125.7
Master Fuel Trip Relay
.................................................................................................125.8
Emergency Stop
Switches............................................................................................125.9
Bypass Functions
.........................................................................................................125.10
Alarms
..........................................................................................................................12
6 Environmental Specification Requirements
.........................................................................136.1
Heat
..............................................................................................................................136.2
Humidity........................................................................................................................136.3
Mechanical Shock and Vibration
..................................................................................136.4
Electrical Noise Immunity
.............................................................................................13
6.4.1 Electro-Static
Discharge........................................................................................136.4.2
Radio Frequency
Interference...............................................................................136.4.3
Fast Transients (Burst Pulses)
..............................................................................136.4.4
Power Line
Surge..................................................................................................13
7 Electrical
Requirements.......................................................................................................147.1
Electrical Area Classification
........................................................................................147.2
Electromagnetic Compatibility (CE Compliance)
..........................................................147.3
Wiring and Cabling
.......................................................................................................147.4
Cabinet and Workstation Grounding
............................................................................147.5
Module Hot-Swap Capability
........................................................................................14
8 Hardware
Requirements......................................................................................................15
Page 1 of 30
-
Specification for a Burner Management System
8.1 CPU
..............................................................................................................................158.1.1
IEC 61508 Certification
.........................................................................................158.1.2
Support for BPCS and Combustion Control
..........................................................158.1.3
Redundancy
..........................................................................................................158.1.4
Memory
.................................................................................................................158.1.5
Diagnostics............................................................................................................158.1.6
System Power
.......................................................................................................168.1.7
Scan
Rate..............................................................................................................168.1.8
Voting of Inputs and
Outputs.................................................................................16
8.2 I/O Modules
..................................................................................................................168.2.1
Technology............................................................................................................168.2.2
IEC 61508 Certification
.........................................................................................168.2.3
Redundancy
..........................................................................................................168.2.4
Diagnostics............................................................................................................178.2.5
Online
Modification................................................................................................17
8.3 Cabinets
.......................................................................................................................178.4
Field Terminations
........................................................................................................178.5
Emergency Stop
Switches............................................................................................188.6
Human Machine
Interfaces...........................................................................................18
8.6.1 Local Operator Station
..........................................................................................188.6.2
Control Room Stations
..........................................................................................188.6.3
PC
.........................................................................................................................188.6.4
Monitors.................................................................................................................19
9 Communication and Networking Requirements
..................................................................209.1
Safety
Fieldbus.............................................................................................................209.2
Communication between BMS systems
......................................................................209.3
Communication to field
devices....................................................................................209.4
Communication Between the BMS and BPCS
.............................................................209.5
Communication Between the BMS and Other Safety
Systems....................................209.6 Communication
Between the BMS and Third-Party Systems
......................................209.7 Communication Between
Field Devices
.......................................................................21
10 Application Software Requirements
.................................................................................2210.1
IEC 61508 Certified Function Block
Library..................................................................2210.2
Program
Security..........................................................................................................2210.3
Configuration Tools
......................................................................................................23
10.3.1 Configuration Languages
......................................................................................23
Page 2 of 30
-
Specification for a Burner Management System
10.3.2 Function Blocks
.....................................................................................................2310.3.3
Sequential Function Charts
...................................................................................2410.3.4
Cause and Effect Programming
............................................................................24
10.4 Configuration Management
..........................................................................................2510.4.1
General Requirements
..........................................................................................2510.4.2
Version Management
............................................................................................2510.4.3
Comparison Tool (Version Cross Manager)
..........................................................2510.4.4
Show Changes Prior to Download
........................................................................2510.4.5
Change
Log...........................................................................................................25
10.5 Integrated Historian
......................................................................................................2610.5.1
Backing Up the
Database......................................................................................26
10.6 Alarm System
...............................................................................................................2610.6.1
Alarm Message
Display.........................................................................................2610.6.2
Alarm Priorities
......................................................................................................2610.6.3
Alarm
Acknowledgement.......................................................................................2710.6.4
Alarm Suppression
................................................................................................2710.6.5
Alarm Response Procedures
................................................................................27
10.7 Human Machine
Interfaces...........................................................................................2710.7.1
Security
.................................................................................................................2710.7.2
Displays.................................................................................................................2710.7.3
Display
Navigation.................................................................................................2710.7.4
Trend Displays
......................................................................................................2810.7.5
Bypass Switches
...................................................................................................2810.7.6
Configuration Capabilities
.....................................................................................2810.7.7
Screen Composition Favorites
..............................................................................28
10.8 Revisions
......................................................................................................................2910.9
Licensing
......................................................................................................................29
11 Terms and Conditions
......................................................................................................30
Page 3 of 30
-
Specification for a Burner Management System
1 Instructions to Bidders The information provided in Table 1
provides basic instructional information for submittal of the
bid.
General Project Information
Project Name
Location of Jobsite City, State, Country ( if not USA )
Estimated Project Start Date mm/dd/yy
Required Project End Date mm/dd/yy
General Bid Information
Bid Due Date and Time mm/dd/yy
hh:mm ( specify time zone )
Number of Proposal Copies Required
Name
Title
Mailing Address
Person to Receive Bid
Email Address
Name
Title
Mailing Address
Email Address
Primary Contact for Supplemental Commercial Information
Phone Number
Name
Title
Mailing Address
Email Address
Primary Contact for Supplemental Technical Information
Phone Number
Table 1: Instructions to Bidders
The proposal must contain the information listed below, at a
minimum, to allow for a comprehensive and fair evaluation of the
proposal:
Page 4 of 30
-
Specification for a Burner Management System
List of standard system documentation provided System
architecture drawing showing the quantity and functional
arrangement of major
system components. Bill of material for all major system
components including quantities, make, model and
part numbers. Product specifications for each item on the bill
of material. List of all technical and commercial clarifications
and exceptions to the specification
referenced to the appropriate section of the specification.
Note: Major system components include processors, I/O modules,
power supplies, operator interfaces at a minimum.
Page 5 of 30
-
Specification for a Burner Management System
2 Scope of Work This specification defines the minimum mandatory
requirements for a burner management system (BMS) and associated
software and support services. This specification excludes basic
process control system hardware and software for combustion
control, field instrumentation, auxiliary systems, and management
information systems. It also excludes all application software
configuration, job-site assembly and installation services for the
BMS.
Page 6 of 30
-
Specification for a Burner Management System
3 Process Equipment Overview Table 2 provides an overview of the
fired equipment the burner management system will be responsible
for controlling.
General
Equipment name
Equipment number
Location Inside, outside uncovered, outside covered
Type of fired equipment Furnace ( select NFPA class A, B, C, or
D )
Oven ( select NFPA class A, B, C, or D )
Thermal Oxidizer
Single Burner Boiler
Multiple Burner Boiler
Duct Burner
Fluidized Bed Boiler
Stoker
Pulverized Fuel System
Heat Recovery Steam Generator ( HRSG )
Type of draft Natural, forced, induced, balanced
Environment
Ambient Temperature (Min / Max)
Ambient Humidity (Min / Max)
Additional Comments
Fuel
Burner fuel #1 Fuel oil, fuel gas, natural gas, pulverized
fuel
Burner fuel #2 Fuel oil, fuel gas, natural gas, pulverized fuel
( if applicable )
Burner fuel #3 Fuel oil, fuel gas, natural gas, pulverized fuel
( if applicable )
Will the equipment fire dual fuels simultaneously ?
yes / no
Pilot fuel #1 Fuel oil, fuel gas, natural gas
Pilot fuel #2 Fuel oil, fuel gas, natural gas ( if applicable
)
Burners
Page 7 of 30
-
Specification for a Burner Management System
Number of burners for fuel #1
Number of burners for fuel #2 ( if applicable and uses different
burners than fuel #1)
Number of burners for fuel #3 ( if applicable and uses different
burners than fuel #1 or #2 )
Burner Atomization Medium Used Steam, air, mechanical, none
Pilots
Number of pilots for fuel #1
Number of pilots for fuel #2 ( if applicable and uses different
pilots than fuel #1)
Pilot Atomization Medium Used Steam, air, mechanical, none
Igniters
Number of burner igniters
Class of burner igniters Class I, II, III, III Special
Number of pilot igniters
Class of pilot igniters Class I, II, III, III Special
Flame Scanners
Number of flame scanners
Combustion Air
Number of blowers
Number of dampers automatically actuated
Pulverized Fuel System
Number of feeders
Number of pulverizers
Number of air dampers
Pulverizer inerting system type ( if applicable )
Auxiliary Systems
Flue gas recirculation ? yes / no
Combustion air preheat ? yes / no
Reburn Fuel ? yes / no
Selective Catalytic Reduction ( SCR ) ? yes / no
Flue Gas Path Auxiliary System ? yes / no Table 2: Process
Equipment Overview
Page 8 of 30
-
Specification for a Burner Management System
4 Burner Management System Overview
4.1 Applicable Codes and Standards At a minimum, the burner
management system shall comply with the latest edition of the
following codes and standards:
Item # Document # Document Title N1 ANSI/ISA 84.00.01: 2004
(IEC
61511: Mod) Functional Safety: Safety Instrumented Systems for
the Process Industry Sector
N2 ISA-TR84.00.05: 2009 Guidance on the Identification of Safety
Instrumented Functions (SIF) in Burner Management Systems (BMS)
N3 IEC 61508: 2000 Parts 1 to 7 Functional Safety of
Electrical/Electronic/Programmable Electronic Safety-Related
Systems
N4 IEC 61131-3:2003 Programmable controllers - Part 3:
Programming languages
N5 NFPA 85: 2007 Boiler and Combustion Systems Hazard Code N6
NFPA 86: 2007 Standard for Ovens and Furnaces N7 NFPA 87: 2011
Fluid Heaters N8 NFPA 70: 2011 National Electrical Code (NECr) N9
ANSI / API RP 556: 1997 Instrumentation and Control Systems for
Fired
Heaters and Steam Generators Table 3: Applicable Codes and
Standards
4.2 Preliminary Layout Diagrams Preliminary diagrams detailing
the typical physical arrangement of the burner management system
major components shall be supplied. Note: Major system components
include processors, I/O modules, power supplies, operator
interfaces at a minimum.
Page 9 of 30
-
Specification for a Burner Management System
4.3 Preliminary I/O Count Table provides the anticipated I/O
count for the burner management system.
Type of Signal Number of Signals
AI
DI
AO
DO
Total Table 4: Preliminary I/O Count
I/O for all BMS safety critical functions shall be SIL 3 rated.
End User Note: The I/O count should include all I/O associated with
both field-mounted devices and operator interface devices. It
should also include any spare capacity required.
4.4 Interfaces to Other Systems The BMS will interface to other
control systems. Table provides information regarding these
interfaces.
System 1 System 2 System 3 Connection type
( RS-232, RS-422, Modbus, Ethernet, PROFIBUS, OPC,
etc. )
Number of soft inputs to be read by BMS CPU
Number of soft outputs to be written by BMS CPU
Table 5: Interfaces to Other Systems
To ensure interoperability and reliability all interface
components shall be supplied by the BMS manufacturer.
Page 10 of 30
-
Specification for a Burner Management System
5 Safety Requirements Overview
5.1 IEC 61508 Certified CPU Since the BMS will most likely
contain safety instrumented functions, the CPUs provided shall be
IEC 61508 certified to be SIL 3 capable as required by the ANSI/ISA
84.00.01: 2004 (IEC 61511: Mod) standard.
5.2 IEC 61508 Certified I/O Modules Since the BMS will most
likely contain safety instrumented functions, the I/O modules
provided shall be IEC 61508 certified to be SIL 3 capable as
required by the ANSI/ISA 84.00.01: 2004 (IEC 61511: Mod)
standard.
5.3 BMS and Control System Separation The NFPA 85 and 86
standards require the BMS to be independent and physically separate
from the combustion basic process control system ( BPCS ). Since
the BMS will most likely contain safety instrumented functions, the
ANSI/ISA 84.00.01: 2004 (IEC 61511: Mod) standard will also require
this independence and separation.
5.4 Safety Manual The ANSI/ISA 84.00.01: 2004 (IEC 61511: Mod)
standard requires equipment manufacturers to provide safety manual
for all IEC 61508 certified equipment. Therefore, a safety manual
must be provided for all IEC 61508 certified equipment provided as
part of this project.
The safety manual for hardware must define how the equipment can
be safely applied and clearly list the limitations of use
applicable to the equipment. For application software, the safety
manual must comply with the requirements of section 12.4.4.7 of the
ANSI/ISA 84.00.01: 2004 (IEC 61511: Mod) standard:
The safety manual shall address the following items as
appropriate:
a) use of diagnostics to perform safe functions; b) list of
certified/verified safety libraries; c) mandatory test and system
shutdown logic; d) use of watchdogs; e) requirements for, and
limitations of, tools and programming languages; f) safety
integrity levels for which the device or system is suitable .
Each safety manual shall be provided in either electronic or
hard copy format.
5.5 External System Watchdog NFPA 85 and 86 requirements for
monitoring the logic solver for failure shall be met by providing a
watchdog circuit that is external to the CPU. This external system
watchdog circuit shall meet the following:
independently monitor the CPUs and trip the MFT relay if a CPU
failure is detected.
Page 11 of 30
-
Specification for a Burner Management System
be SIL 3 rated.
5.6 Safety Functions The standards referenced in Section 4.1
require the BMS to be capable of providing the following safety
functions:
Purge interlocks and timing Flame proving and monitoring Safety
shutdowns
Function blocks that have been IEC 61508 certified to SIL 3
shall be provided for use in configuring these safety
functions.
5.7 Master Fuel Trip Relay .The BMS system shall support
inclusion of a Master Fuel Trip Relay as necessary for compliance
with NFPA 85. End User Note: NFPA 85 requires a master fuel trip (
MFT ) relay that is an electromechanical relay utilized to trip all
required equipment simultaneously when a master fuel trip is
initiated. So, if the equipment to be controlled by the BMS is a
boiler, duct burner, thermal oxidizer, stoker, or HRSG, the BMS
must include this MFT relay.
5.8 Emergency Stop Switches The system shall include a
hardwired, guarded, self-latching e-stop pushbutton, mounted and
wired to the front of the cabinet This emergency stop switch shall
initiate a MFT. The ANSI/ISA 84.00.01: 2004 (IEC 61511: Mod), NFPA
85 and NFPA 86 standards all require the operator be provided with
a manually operated emergency stop switch that is independent of
the BMS logic solver.
End User Note: NFPA 85 section 4.6.3.2.4 requires the emergency
stop switch to actuate the master fuel trip relay independently and
directly. So, if the equipment to be controlled by the BMS is a
boiler, duct burner, thermal oxidizer, stoker, or HRSG, the
emergency stop switch must meet this additional requirement.
5.9 Bypass Functions The ANSI/ISA 84.00.01: 2004 (IEC 61511:
Mod) standard states all bypass switches shall be protected by key
locks or passwords to prevent unauthorized use. All bypass
functions provided with this system including from the local HMI
panel must meet this requirement.
5.10 Alarms The NFPA standards require the cause of each MFT to
be alarmed to the operator. This first-out alarming logic shall be
configured in the application software. The HMI shall provide
dedicated displays and icons within the HMI for representing the
status of safety-critical alarms.
Page 12 of 30
-
Specification for a Burner Management System
6 Environmental Specification Requirements
6.1 Heat All safety rated components shall be capable of
operating in an environment ranging between the following
values:
Operating: 5 to 50C. Storage: -40 and 70C
6.2 Humidity All safety rated components shall meet IEC1131-2,
level RH-2
Operating: 5-95% relative humidity, non-condensing Storage:
5-95% relative humidity, non-condensing
6.3 Mechanical Shock and Vibration All safety rated components
shall be tested to and comply with the following shock and
vibration standards:
Vibration: IEC 68-2-6, constant acceleration: 58 - 500 Hz, 1 g,
10 times on each of 3 axes
Shock: IEC68-2-29: 10 g for 6 msec, 100 times on each of 3
axes
6.4 Electrical Noise Immunity
6.4.1 Electro-Static Discharge All safety rated components shall
be tested to meet or exceed the requirements of IEC 1000-4-2
severity level 3 for protection against electrostatic
discharge.
6.4.2 Radio Frequency Interference All safety rated components
shall be tested to meet or exceed the requirements of IEC 1000-4-3
severity level 3.
6.4.3 Fast Transients (Burst Pulses) All safety rated components
shall be tested to meet or exceed the requirements of IEC 1000-4-4
level 3 for protection against switch contact bounce, which
produces fast electrical pulses with a minimum of 2 kV.
6.4.4 Power Line Surge All safety rated components shall be
tested to meet or exceed the requirements of IEC 1000-4-5 severity
level 2 for surge withstand protection against power line
disturbances caused by load switching and lightning. For security
level 3 external protection circuits can be accepted.
Page 13 of 30
-
Specification for a Burner Management System
7 Electrical Requirements
7.1 Electrical Area Classification Buildings containing the
control equipment will be rated as electrically unclassified.
7.2 Electromagnetic Compatibility (CE Compliance) Equipment
shall meet all electromagnetic compatibility requirements of the
IEC 61000-4-2, 61000-4-3, and 61000-4-4 standards.
7.3 Wiring and Cabling PROFIBUS, Ethernet, and other
communication cables shall maintain a minimum separation of 75 mm
from any AC power cables. Fiber optic cables are excluded from this
requirement. Vendor installed cables shall be designed and
installed in such a way as to allow cable disconnection in order to
service the equipment. Cables shall not interfere with circuit
board removal. All wire insulation for cables carrying power shall
be rated for 600 volts.
7.4 Cabinet and Workstation Grounding AC Safety ground and
instrumentation circuit ground shall conform to the NEC, Article
250.
7.5 Module Hot-Swap Capability .System shall support hot
swapping of control, input/output, and communication modules
without requiring power-down of entire system. .
Page 14 of 30
-
Specification for a Burner Management System
8 Hardware Requirements All hardware shall be commercial
off-the-shelf (COTS) equipment. All hardware provided shall be
capable of supporting the I/O provided in Section 4.3.
8.1 CPU
8.1.1 IEC 61508 Certification The CPUs provided shall be capable
of meeting SIL3, (according to IEC 61508) without redundancy.
8.1.2 Support for BPCS and Combustion Control The system shall
include an auxiliary CPU that may be used for combustion control as
part of a basic process control system. This combustion control CPU
shall meet the physical separation and independence requirements of
NFPA 85 and 86 while being located within the same cabinet as the
BMS CPU. The combustion control CPU shall not share the same
backplane as the BMS CPU.
8.1.3 Redundancy The system provided shall be capable of
supporting redundant CPUs. Redundant CPUs shall be connected
together via fiber optic cables. The redundant CPUs shall operate
with a hot backup where both CPUS execute the identical step of the
user program in parallel. When a CPU error is detected, automatic,
bumpless (uninterruptible) switchover shall be initiated and
completed in 30 msec or less.
8.1.4 Memory Each CPU shall be provided with 10 to 15 percent
spare memory. CPU memory should have a battery backup so the
controller maintains its configuration and state information in the
event of an extended power outage. The controller shall have the
capability of storing a retrievable copy of the application program
on a replaceable memory card within the controller.
8.1.5 Diagnostics The CPU shall be capable of continuous,
automatic online diagnostics to detect system failures. Diagnostic
coverage greater than 99 % shall be achieved.
The following failure control measures should be implemented in
the CPU: a) Memory diagnostic to verify any data or code corruption
b) Time diagnostic shall be built-in and provide redundancy to the
external watchdog timer c) Self-test of BMS operations in each
cycle d) Logical program execution and data flow monitoring e)
Comparison of the diverse diagnostics in the CPU and I/O modules f)
Automatic, online self-tests to detect latent failures.
Page 15 of 30
-
Specification for a Burner Management System
This diagnostic capability shall be built-in and not require
additional application design from the user. These failures shall
be alarmed on each HMI.
8.1.6 System Power The system shall be powered from an external
115VAC power source. Redundant 24VDC power supplies with redundancy
management circuitry shall be provided. These power supplies shall
support 10A at 24VDC to power field devices outside of the BMS
cabinet. The sum of all DC power loads shall not exceed 80 percent
of the rated power supply. Separate, isolated and fused AC and DC
power distribution shall be provided. A fault contact shall be
available for connection to a discrete input channel. The fault
contact shall indicate the loss of power or a drop in voltage from
either of the redundant power supplies. Redundant power supplies
shall support 10A at 24VDC to power field devices outside of the
BMS cabinet. 8.1.7 Scan Rate The CPU should provide strict cyclic
program execution. To optimize control of critical processes, the
CPU shall support variable and configurable scan rates down to a
minimum rate of 10 msec. The system should have ability to run
parts of the user application at different cycle times (multiple
scan rates).
8.1.8 Voting of Inputs and Outputs The CPU shall support voting
of sensors as a means of providing the necessary safety integrity
and availability. The following architectures shall be
supported:
a) Single Sensor (1oo1) Voting b) Dual Sensor (1oo2) Voting c)
Dual Sensor (2oo2) Voting d) Triple Sensor (2oo3) Voting
8.2 I/O Modules
8.2.1 Technology All I/O modules shall be electrically isolated
from the communication backplane. All I/O modules shall have ON/OFF
indication for each I/O. This indication shall be located on the
front of each module.
8.2.2 IEC 61508 Certification Analog input, discrete input and
discrete output modules shall be capable of achieving SIL 3
availability according to IEC 61508.
8.2.3 Redundancy Single, dual and triple redundant I/O modules
shall be supported. To minimize the potential for common cause
failures, redundant I/O Modules must be able to be located in
physically separate racks. It is not permissible for redundant I/O
modules to share a common backplane. I/O redundancy shall be
independent of the controller redundancy.
Page 16 of 30
-
Specification for a Burner Management System
8.2.4 Diagnostics All I/O modules provided shall contain
self-diagnostics that detect any potentially dangerous component
failure. The diagnostic capabilities shall be verified with
extended diagnostic functions and fault injection testing.
At a minimum, the I/O modules shall report to the control module
the following diagnostic information:
a) Internal hardware faults b) Power lost c) Field wiring
diagnostics (e.g. open or short circuit) d) Communication Error e)
Discrepancy error (1oo2D evaluation) f) RAM, EPROM failure g)
Microprocessor failure
In case of loss of communication to the CPU, the I/O modules
shall automatically return to the safe sate by driving the outputs
of the I/O modules to the safe state.
8.2.5 Online Modification Online ( hot ) replacement of the
modules shall be possible without process interruption. Extending
the system with additional I/O modules must be possible without
shutting down the system (online modification).
8.3 Cabinets Pre-assembled, painted NEMA 12 cabinets shall be
provided. Control cabinets shall conform to CE standards for
electromagnetic compatibility with the EMC standard (IEC 61000),
and ensure protection against unauthorized access, mechanical
influences, contamination, and other environmental influences. The
standard cabinet shall conform to NEMA 12 and a cabinet upgrade to
a NEMA 4X (304 SS) shall be available. Cabinets shall be equipped
with interior lighting and a convenience outlet as well as options
for fans, AC and/or Vortex cooling. All internal cabinet wiring
shall be identified by fire-retardant, heat shrink sleeve labels.
All wire insulation shall be rated for 600 volts. The panel
assembly will be designed and inspected for Underwriters
Laboratories Standard for Safety of Industrial Control Panels (ICP)
"UL508A " . End user note: Indicate any physical space limitations
for each cabinet.
8.4 Field Terminations All I/O terminations shall be simple,
front panel terminal connections. Terminals shall be capable of
terminating wire of 16 AWG on typical 16 channel I/O modules.
Assemblies for marshalling terminations for larger systems shall be
available. Ability to connect directly to custom wiring schemes
using third-party terminal blocks shall be provided.
Page 17 of 30
-
Specification for a Burner Management System
8.5 Emergency Stop Switches A MFT push button shall be hardwired
to the MFT relay if so equipped, allowing an operator trip of the
equipment controlled by the BMS. A MFT push button shall be located
on the local operator station and support the ability to connect
additional MFT push buttons per customer requirements.. Each push
button shall be clearly labeled and designed to avoid inadvertent
actuation. Each MFT push button shall meet the requirements in
Section 5.8.
8.6 Human Machine Interfaces
8.6.1 Local Operator Station The system shall include a Local
Operator station with a color touch-screen operator interface and
keyboard. The Local Operator Station shall include the following
pre-engineered BMS graphic displays at a minimum:
a) Overview of Process / System b) Purge Cycle c) Burner Status
d) Ignitor Status e) Fan Control f) Master Fuel Trip Status
The pre-engineered screens shall be easily extendable /
customizable to represent the actual application via copy/paste.
All pushbuttons other than E-Stop shall be configured as soft push
buttons in the HMI.
8.6.2 Control Room Stations The system shall support connection
of optional remote control stations via Ethernet
8.6.3 PC The system shall include a rack-mounted compact
industrial PC housed in an all metal enclosure achieving degree of
protection IP 20. It shall include the capability to alarm on high
temperature and failure of device or power supply fan. It shall
include the following interfaces:
a) Flash Drive for Compact Flash Card b) 4 x USB ports c)
Ethernet Ports 2 x 10/100/1000 Mbit/s (RJ 45) d) Serial Port 1 x
COM1 (V.24) e) PROFIBUS (12Mbit/sec)
The PC shall be preloaded with the following components:
a) Engineering tools for configuration of the hardware b)
Engineering tools for configuration of the application software c)
SQL-based archiving system d) Human Machine Interface (HMI)
software for process visualization e) OPC Client / Server f)
Process Device Manager (Optional) - for managing
instrumentation
Page 18 of 30
-
Specification for a Burner Management System
8.6.4 Monitors The Monitor for the local operator station shall
be as designed for industrial applications meeting the following
requirements, at a minimum:
Flatscreen Color TFT touchscreen display Diagonal measurement 17
or 19 inches nominal Minimum Resolution: 1280 x 1024
Page 19 of 30
-
Specification for a Burner Management System
9 Communication and Networking Requirements All communication
and networking equipment and protocols shall be commercial
off-the-shelf (COTS) hardware or software. Communication networks
shall be designed to allow for system growth.
9.1 Safety Fieldbus Fieldbus communication must be capable of
sharing safety-related and non-safety-related devices and data. The
safety functionality of the SIF must not be impacted by the
non-safety related devices and data. It shall be interference-free.
If the fieldbus has to be extended no revalidation should be
necessary. It also must be possible to do these extensions online
without shutting down any system.
9.2 Communication between BMS systems Safety related
communication between independent safety-systems should exist on an
open communication network like Industrial Ethernet. This
communication shall implement an IEC 61508 compliant safety
protocol to ensure the required SIL.
9.3 Communication to field devices Fieldbus communication must
be available to field devices which includes I/O, sensors and final
elements. The fieldbus communications should support redundancy as
needed for high availability. The fieldbus communication shall
implement a IEC 61508 compliant safety protocol to ensure the
required SIL.
9.4 Communication Between the BMS and BPCS End user note: Delete
this section if the BMS system does not need to communicate with
the BPCS. A broadband communication network or fiber optic media
shall be used to integrate all subsystems into a single control
architecture, allowing direct communications between the control
and safety functions and direct access to the event and asset
management systems. The BMS shall include a built-in switch to
allow easy connection of multiple control systems. The BMS shall
support communication with the combustion control BPCS via
Industrial Ethernet for sharing of data in a read-only format.
9.5 Communication Between the BMS and Other Safety Systems End
user note: Delete this section if the BMS system does not need to
communicate with other safety systems. Communication between
independent safety systems shall exist on an open communication
network such as Industrial Ethernet. The communication network and
associated protocol shall be IEC 61508 certified to SIL 3 and shall
support deployment in redundant architectures. The communication
network and associated protocol shall be capable of detecting a
network failure in a ring architecture and rerouting communication
in 300 msec or less.
9.6 Communication Between the BMS and Third-Party Systems End
user note: Delete this section if the BMS system does not need to
communicate with other third-party systems.
Page 20 of 30
-
Specification for a Burner Management System
The system shall include a built-in OPC server to simplify
interfaces with third-party systems. The vendor shall also be
capable of providing a Modbus interface module for this
communication.
9.7 Communication Between Field Devices Embedded, failsafe
fieldbus communications shall be used to provide seamless
connectivity between the CPU and I/O. This fieldbus and associated
protocol shall be IEC 61508 certified to SIL 3. For redundant CPU
architectures, redundant fieldbus shall be used.
Page 21 of 30
-
Specification for a Burner Management System
10 Application Software Requirements All application software
shall be commercial off-the-shelf (COTS) software. All software
provided shall be capable of supporting the I/O provided in Section
4.3.
10.1 IEC 61508 Certified Function Block Library An IEC 61508
certified function block library shall be provided for all BMS
control functions. These blocks shall be easily distinguishable
from blocks used for process control and shall be capable of being
connected and and parametrized. The certified BMS application
library shall contain the following pre-engineered function
blocks:
a) Control and Monitor the ignition process for oil and gas
burners b) Valve Proving of Fuel Supply Valves c) Control position
of the air damper during ignition and purge d) Control and Monitor
oil program that must be blown out after shutoff e) Supervise the
position of the actuators for air and fuel supply f) Supervise the
temperature and air / fuel flow
10.2 Program Security Access to the controller database
(program) shall be supervised to limit user ability to modify the
program. The following layers of protection shall be implemented to
ensure security of configuration:
Application Program Password Protection - When attempting to
change the application program, the user shall be required to enter
a password that has been established during configuration. Program
downloads shall be password protected at the controller level using
a separate password.
Application Program Protection via authorization key Changes of
the application program shall only be possible, when a software
authorization key is installed on the engineering station. It
should be possible to upload and download this key from a external
data device.
Hardware Configuration Password Protection - When attempting to
change the F-CPU parameters, the user shall be required to enter a
password that has been established during configuration.
A definite checksum (signature) of the whole safety application
program shall be provided for documentation and certification of an
application program. For the seamless integration in the lifecycle
documentation, a comparison function for the safety program must be
part of the engineering tool. As minimal requirements it must
include follow comparison functions:
a) Overall signature
b) Individual signatures per function block/group
c) Parameter Values
d) Modified or deleted blocks and interconnections, etc.
Page 22 of 30
-
Specification for a Burner Management System
10.3 Configuration Tools The tool for hardware configuration and
the user application programming shall be of graphical type and
according to IEC 61131-3. The tool must support object oriented
design which helps the modeling and reuse of designed functions.
All I/O modules shall be configurable by this graphical engineering
tool.
10.3.1 Configuration Languages Numerous configuration languages
shall be offered that are traditionally associated with both a PLC
and DCS programming environment. These shall include, but not be
limited to the following:
a) Continuous Function Chart (CFC) b) Sequential Function Chart
(SFC) c) Structured Control Language (SCL) d) Ladder Logic (LAD) e)
Function Block Diagram ( FBD ) f) Instruction List (STL) g) Cause
and Effect Matrix
The engineering system shall support the creation of custom
function blocks from a high level (pascal-like) programming
language. For maximum flexibility, the high level programming
language provided by the system shall support the use of standard
mathematical functions in addition to allowing other function
blocks to be called directly from within the program.
10.3.2 Function Blocks To minimize engineering time, connecting
parameters between two different function blocks shall be possible
via two mouse clicks (auto routing). Manual drawing of lines shall
not be acceptable for connecting function block parameters. The
system shall prevent the user from connecting function block
parameters that have incompatible data types. For instance the
system should prevent the user from connecting a real value from
one function block to a Boolean value of another function block.
For ease of use and to minimize engineering costs, it shall be
possible to program device interlocks via simple point and click
operations between function blocks. All parameters contained in a
control module (composite of multiple function blocks) shall be
able to be directly connected to another control module without the
need for additional parameter function blocks. When a function
block instance name is modified, the system shall be capable of
automatically updating all references to the changed block within
the entire HMI application (pictures, scripts, faceplates etc) and
Historian database without requiring the user to manually search
and replace each reference.
Page 23 of 30
-
Specification for a Burner Management System
10.3.3 Sequential Function Charts The system shall support
Sequential Function Charts (SFC) as necessary for real-time control
of sequential processes. The SFC programming language shall include
the following features:
Access to process control and other database information. The
ability to modify the program logic while other sequences are
active. Support execution of the chart in Manual or Automatic Mode.
The ability to automatically connect SFC steps and transitions
during configuration,
based on their placement in the SFC chart, without requiring the
user to manually connect them.
The ability to configure multiple states within a single SFC
container. This allows for effective coordination of sequences
which have more than one mode (e.g. Heating and Cooling) or that
contain safe-state logic (e.g. Aborting or Holding Logic)
The ability to create master SFC elements which can be copied
and used throughout the configuration just like a function block.
Changes to a single instance of the SFC will result in automatic
updates to all other instances in the configuration.
The ability to automatically create displays for visualization
and control of the SFC directly from the controller
configuration.
The ability to configure the scan execution order for both
individual function blocks and for higher level modules consisting
of multiple function blocks.
The SFC editor shall include a test/debug mode which does not
write to the outputs
10.3.4 Cause and Effect Programming A tool for cause &
effect programming shall be available. It must include minimum
functionalities like:
Automatic generation of certified logic Automatic visualization
for HMI First failure detection (first out) Voting Alarm and trip
set points Sequence of events recording Operator event logging MOS
(Maintenance Override Switch) POS (Process Override Switch) Online
display of data and status Online limit changes (with security)
Integrated management of change (life cycle documentation)
Consistent view for design, documentation, test and monitoring.
Import function from external safety life cycle tools to
automatically generate C&E matrix
ensuring consistency of the data.
The configuration and programming tools shall run on standard PC
with Windows operating system.
Page 24 of 30
-
Specification for a Burner Management System
10.4 Configuration Management
10.4.1 General Requirements Configuration additions, changes,
and deletions shall automatically update all modules and tags
affected by the change. When configuration data are compiled or
downloaded to the system, invalid configuration entries shall be
identified and the parameters affected shall be indicated. It shall
be possible to change, delete, and add any independent loop in the
controller without affecting the other loops.
10.4.2 Version Management The system shall provide version
management capability allowing the user to catalog, manage, archive
and retrieve unique versions of entire projects, libraries, and
recipes. The following specific functions shall be provided:
Ability to add a comment to each version Automatic incrementing
of version numbering Ability to print out a copy of the version
history
10.4.3 Comparison Tool (Version Cross Manager) A tool shall be
available to perform a detailed comparison of two applications or
versions of an application. This tool shall use a MS Windows
Explorer-like interface to graphically highlight what elements of a
configuration are different (CFCs, SFCs, Function Block types, Scan
Rate Order etc). By selecting a flagged element, the user can dive
deeper to determine exactly what is different (such as an Alarm
Limit or Tuning Parameter). The comparison tool should be able to
identify differences in the following elements at minimum:
Application Program (Function Blocks, Charts, SFC, hierarchy /
layout) Hardware Configuration Communication / Network
Configuration Alarms SFC details (Steps, Transitions and
Properties)
10.4.4 Show Changes Prior to Download Configuration changes
shall follow a prompt-validation sequence requiring a final
acknowledgment step before the change is downloaded to the on-line
system. An option shall be provided to allow the user to view a
detailed report of changes as part of the download confirmation
process.
10.4.5 Change Log A tool shall be available for use on the
Engineering workstation to enforce user access control for
execution of protected actions (such as downloading a configuration
change to the controller) and to allow recording of comments
(detailed reason for change). Information will be recorded in a
change log file, which shall be continuously updated with each new
change. The change log shall be capable of being reviewed at a
later point in time.
Page 25 of 30
-
Specification for a Burner Management System
10.5 Integrated Historian The system shall include an integrated
high-performance archiving system based on MS-SQL server capable of
long-term archiving (at least one year) of alarms, events and
operator actions. The Operator Interface shall provide a complete
historical (archiving) subsystem providing the user the capability
to capture and analyze historical data. The system shall allow
selection of any point in the system to be added and configured for
archiving. The historical subsystem shall promote the visualization
of historical data in both tabular and graphical form.
10.5.1 Backing Up the Database The system shall supply tools for
automatically backing up the database to removable media or to an
alternate storage location. The backup utility shall execute the
database backups automatically based on either of the following
configurable criteria:
Time-based (e.g. every 24 hours) Based on the size of the
database (e.g. after the size reaches 1 Mbyte)
10.6 Alarm System The alarm system shall alarm any change of
state that the system detects including:
Any violation of limits First out indication of trips Any change
of state of a device connected to the system including all of its
peripherals The failure of any communications channel used by the
system The failure of systems hardware, which results in an
automatic fail-over of the systems
functions from the active to standby device.
10.6.1 Alarm Message Display The alarm system shall display
alarm messages in a manner to facilitate easy interpretation of the
current alarm status including but not limited to:
Different text color and background color for those points that
are in alarm, those that have been acknowledged, and those that are
no longer in alarm
Flashing of the current alarm message(s) in the alarm list
Alarms that have been automatically suppressed by the system or
manually by the
operator The ability to sort and filter the alarms that are
displayed The ability to segregate process alarms from system
diagnostic alarms into different
displays
10.6.2 Alarm Priorities To allow for segregation of alarms based
on criticality, the system shall support the assignment of
individual alarm conditions to one of up to 16 different alarm
priorities. A dedicated priority shall be reserved for assignment
to safety-critical alarms.
Page 26 of 30
-
Specification for a Burner Management System
10.6.3 Alarm Acknowledgement The alarm system shall provide
capability to acknowledge an alarm message when a data point enters
and / or exits alarm state. The system shall permit alarm
acknowledgement including but not limited to:
For an individual alarm from the Overview For a filtered
grouping of alarms from a Summary List From the device faceplate
From a process display (Screen Acknowledge)
10.6.4 Alarm Suppression To minimize the effects of nuisance
alarms and ensure that alarms are presented to the operator only
when they are relevant and meaningful, the system shall support
both alarm shelving (manual suppression by the operator) and
state-based suppression (designed suppression) as standard
features. A list of suppressed alarms shall be available as a
standard display.
10.6.5 Alarm Response Procedures To support effective operator
response to alarms, the system shall support making alarm response
information available to the operator through the HMI. Alarm
response guidelines shall be accessible to the operator from the
alarm list and/or faceplate.
10.7 Human Machine Interfaces The Human Machine Interface (HMI)
shall provide the following basic features:
Display Date, time and name of the logged in operator. Area
overview showing the status of alarms in underlying process areas
Message line for display of most recent alarm,or the alarm with the
highest priority. Working area for plant displays and movable
windows for faceplates, trends, messages,
etc.
10.7.1 Security Two levels of security shall be provided with
each HMI. An operator security level shall be accessed without
needing a password and shall provide all information required to
operate the BMS. A supervisor security level shall be accessed with
a password and shall provide both operation and maintenance
capabilities.
10.7.2 Displays A typical BMS graphical interface, including
standard faceplates and detail displays shall be provided.
Additionally, a CFC chart shall be provided to allow the operator
to step through the actions required to satisfy NFPA 85
requirements for manually lighting a burner system. All displays
provided shall be capable of customization by the end user.
10.7.3 Display Navigation The HMI shall provide the ability for
the operator to directly call up the process display with the
object which caused the fault, or its associated faceplate, via a
single mouseclick from the
Page 27 of 30
-
Specification for a Burner Management System
overview. The faceplate window can be anchored so that it
remains visible even when the display is changed.
10.7.4 Trend Displays The system shall support user defined sets
of trends so that commonly viewed historical information can be
defined in trends once and easily accessed by selecting a
pre-configured screen target incorporated in the graphic display.
Trends can be displayed as a full-size picture or as a window in
the working area, and printed directly. Selection of points to be
trended shall be menu driven. Historical trends shall support
seamless integration of both real-time and historical data within a
single trend window, with seamless movement between the two. It
shall be possible to call up new historic trends and configure them
online from the Operator Interface. Pre-configured real-time trends
shall be available from a faceplate. At runtime, operators can
compose their own trends, select them by process tag name, and save
them for reuse. It shall be possible to export data associated with
a currently displayed trend to a .csv file for viewing in MS
Excel.
10.7.5 Bypass Switches Capability to bypass each safety function
individually shall be provided by the application software. These
bypass switches must meet the requirements of Section 5.9.
10.7.6 Configuration Capabilities Standard Graphic Elements
Provided by the System The workstation shall be supplied with a
full library of process-oriented objects for the development of
process graphics including but not limited to: pipes, motors,
valves, pumps, tanks, fans, indicators, sensors, conveyors, and
electrical symbols. These objects shall be provided in various
formats (static, capable of being dynamically linked to the control
strategy, 2-D, and 3-D).The system shall provide pre-configured
smart control objects to represent clocks, gauges, tables,
application windows, alarm windows, and trend windows. Dynamic HMI
Symbols for the Control Library Pre-engineered graphics symbols
shall be provided for all process control elements in the library
These pre-engineered symbols shall be designed to call up their
associated faceplate and to represent the dynamic behaviors of the
underlying control element, without requiring any additional
configuration effort. The workstation shall allow the user to
create libraries of custom and composite symbols. Library
management shall be an integral part of the system. Global HMI
Symbols The system shall support the creation of global HMI symbols
for representation of process control elements. Edits to one
instance of a global symbol shall be propagated automatically via a
wizard to all other instances of the symbol in the application
without manual reconfiguration.
10.7.7 Screen Composition Favorites The system shall support the
operators ability to save specific screen compositions or layouts
for call up at a future time. A favorite screen composition can
consist of a process graphic with
Page 28 of 30
-
Specification for a Burner Management System
any number of specific device faceplates, trends etc. overlayed
on the screen and positioned in specific locations of the
display.
10.8 Revisions Application software shall not require
modifications in order to be able to run under new releases of the
system operating software. Any new release of system software shall
be backward compatible with files created using the previous
software releases.
10.9 Licensing The software licenses (both runtime and
engineering) shall be portable allowing the user to transfer
licenses from one PC to another without requiring intervention from
the vendor.
Page 29 of 30
-
Specification for a Burner Management System
Page 30 of 30
11 Terms and Conditions End User Note: All items of a legal or
contractual nature should be detailed in this section.
1 Instructions to Bidders2 Scope of Work3 Process Equipment
Overview4 Burner Management System Overview4.1 Applicable Codes and
Standards4.2 Preliminary Layout Diagrams4.3 Preliminary I/O
Count4.4 Interfaces to Other Systems
5 Safety Requirements Overview5.1 IEC 61508 Certified CPU5.2 IEC
61508 Certified I/O Modules5.3 BMS and Control System Separation5.4
Safety Manual5.5 External System Watchdog 5.6 Safety Functions5.7
Master Fuel Trip Relay5.8 Emergency Stop Switches5.9 Bypass
Functions5.10 Alarms
6 Environmental Specification Requirements 6.1 Heat6.2
Humidity6.3 Mechanical Shock and Vibration6.4 Electrical Noise
Immunity6.4.1 Electro-Static Discharge6.4.2 Radio Frequency
Interference6.4.3 Fast Transients (Burst Pulses)6.4.4 Power Line
Surge
7 Electrical Requirements 7.1 Electrical Area Classification7.2
Electromagnetic Compatibility (CE Compliance)7.3 Wiring and
Cabling7.4 Cabinet and Workstation Grounding7.5 Module Hot-Swap
Capability
8 Hardware Requirements 8.1 CPU8.1.1 IEC 61508
Certification8.1.2 Support for BPCS and Combustion Control8.1.3
Redundancy8.1.4 Memory8.1.5 Diagnostics8.1.6 System Power8.1.7 Scan
Rate8.1.8 Voting of Inputs and Outputs
8.2 I/O Modules8.2.1 Technology8.2.2 IEC 61508
Certification8.2.3 Redundancy8.2.4 Diagnostics8.2.5 Online
Modification
8.3 Cabinets8.4 Field Terminations8.5 Emergency Stop Switches8.6
Human Machine Interfaces8.6.1 Local Operator Station 8.6.2 Control
Room Stations8.6.3 PC 8.6.4 Monitors
9 Communication and Networking Requirements9.1 Safety
Fieldbus9.2 Communication between BMS systems9.3 Communication to
field devices9.4 Communication Between the BMS and BPCS9.5
Communication Between the BMS and Other Safety Systems9.6
Communication Between the BMS and Third-Party Systems9.7
Communication Between Field Devices
10 Application Software Requirements10.1 IEC 61508 Certified
Function Block Library10.2 Program Security10.3 Configuration
Tools10.3.1 Configuration Languages10.3.2 Function Blocks 10.3.3
Sequential Function Charts10.3.4 Cause and Effect Programming
10.4 Configuration Management10.4.1 General Requirements10.4.2
Version Management10.4.3 Comparison Tool (Version Cross
Manager)10.4.4 Show Changes Prior to Download10.4.5 Change Log
10.5 Integrated Historian10.5.1 Backing Up the Database
10.6 Alarm System10.6.1 Alarm Message Display10.6.2 Alarm
Priorities10.6.3 Alarm Acknowledgement10.6.4 Alarm
Suppression10.6.5 Alarm Response Procedures
10.7 Human Machine Interfaces10.7.1 Security10.7.2
Displays10.7.3 Display Navigation10.7.4 Trend Displays10.7.5 Bypass
Switches10.7.6 Configuration Capabilities10.7.7 Screen Composition
Favorites
10.8 Revisions10.9 Licensing
11 Terms and Conditions