How to Be Compliant With Your Burner Management System

Feb. 5, 2018
Fired equipment is dangerous and requires special attention, engineering knowledge, experience and training. What does a risk-based equivalent BMS design actually mean? And how can you be sure your equipment is safe?

Implementing a burner management system (BMS) requires a competent engineering team to design and deliver a compliant system that is safe to operate. Although the National Fire Protection Association (NFPA) offers three prescriptive sets of standards to help make your equipment safe, this can be easier said than done.

The standards (85 on Boiler and Combustion Systems Hazards Code, 86 on Standard for Ovens and Furnaces and 87 on Recommended Practice for Fluid Heaters) are easier to comply with for new units. If you have an older unit that has gone through upgrades and is no longer compliant to its vintage NFPA standard—or never complied with any NFPA standard to begin with—compliance to a current standard can be very challenging.

There are several ways a system can be non-compliant with respect to the NFPA standards:

  • Non-compliance on the logic solver prescriptive requirements
  • Instrumentation type and location in the design with respect to its service
  • Combining several fired equipment BMS logic solver systems
  • Flame proving scheme and its suitability to the unit’s design and application
  • Bypassing of the interlocks and shutdowns
  • Inability or not performing complete offline testing yearly
  • Online testing
  • Inadequate design or lack of atmospheric vents
  • Inappropriate BMS supervision of light-off conditions
  • Inadequate or poor purging

There are several other nuances that only a competent engineering team will generally pick up. All of these introduce unacceptable risks to people, business and operations. The authors of the NFPA standards recognized that, and allowed for a risk-based, or equivalent, design.

The first thing in a fired unit design (equivalent design or not) is to establish who your authority having jurisdiction (AHJ) is. This could be a governmental enforcement agency subject to your geographic location (state, county, etc.), insurance provider, corporate technical subject matter expert, authorized agent of the end-user company, or a combination of any of the above. Only the AHJ can accept and approve a fired equipment design and its operation.

After establishing who the AHJ is, a code of record (i.e., version of NFPA 85, 86 or 87) needs to be established for the fired equipment. That can be challenging for brownfield equipment that has been in service for a while. If you can’t prove the code of record, then the most current version is the code of record. It is time to have your fired equipment assessed against the code of record by competent engineers and document the gaps. For brownfield equipment, there almost always are gaps.

From here, the engineering exercise starts to evaluate the best path into compliance—one that not only meets the minimum bar set by the code of record, but also meets the acceptable risk criterion of the company. That criterion is defined by the company in its risk matrix. This risk tolerance criterion must be applied to a design through process hazard and risk assessment techniques such as process hazard analysis (PHA) or layer of protection analysis (LOPA) according to company standards. The identified gaps must be addressed in a manner so that gap closure doesn’t introduce further risks or render the fired equipment operationally useless—or both. Caution must be exercised against creative design of independent protection layers.

All of this is easier said than done. Fired equipment is dangerous and requires special attention, engineering knowledge, experience and training to engineer, maintain and operate. The dangers are often underestimated by engineering professionals, and at times owners and operators. Design equivalency should not be mistaken as license to disregard the code of record completely.

Every decision, every deviation from code of record, must be justified and backed up by sound engineering. The design must be defensible. It must be within recognized and generally accepted good engineering practices (RAGAGEP). All of it must be documented and approved by the AHJ before it can be implemented. Remember, if you can’t prove it, you are not compliant!

Usman Khan is a professional engineer in a leadership role at Applied Engineering Solutions Inc. (aeSolutions), a member of the Control System Integrators Association (CSIA). For more information about aeSolutions, visit its profile on the Industrial Automation Exchange.