My previous blog mentioned the fact that a Burner Management System (BMS) is unique, in that this instrumented layer is the last line of defense and may be the only protection layer in the case of a BPCS failure.
Have you ever performed an analysis to determine if the BMS installation reduces risk to a tolerable level? Are there any gaps regarding corporate risk guidelines?
When the risk analysis shows that we did not achieve risk reduction targets, we may need to turn to the experience of the prescriptive standard and implement the IEC 61511 Safety Lifecycle for our BMS to close the gap.
There may be scenarios where the BMS sequencing is just as important to risk reduction as a required SIF. If a scenario requires three orders of magnitude risk reduction and the BMS is the only independent source of protection, we may want to take credit for the “10-Second Trial for Ignition” in the Light-Off mode of operation. This will equate to taking risk reduction credit for the BMS sequencing, and the balance could come from a SIL 2 SIF.
These type scenarios require us to specify a logic solver capable of three orders of magnitude risk reduction. This will also aid in closing any gaps in tolerable risk based on corporate guidelines.
If you are interested in how to implement a performance-based Burner Management System and move away from the constraints of a prescriptive-based standard for safety function design, check out exida’s course, Applying IEC 61511 to Burner Management Systems.