Safety Symposium Houston, TX May 24, 2006

A Case Study: SAFETY

Standards Certification Education & Training Publishing Conferences & Exhibits

INSTRUMENTED BURNER MANAGEMENT SYSTEM (SI-BMS)

Mike Scott, PE, CFSE

VP, Process Safety with AE Solutions Registered Professional Engineer in AK, SC,GA & IL Certified Functional Safety Expert (CFSE) Author / presenter of numerous technical papers on process safety ISA Instructor
SI-BMS Webinar SI-FGS Webinar SI-BMS Class ISA SP84 Committee Member BMS Subcommittee member FGS Subcommittee co-chair ISA Safety Division BMS sub-committee chair

Bud Adler
Director, Business Development with AE Solutions Active in process instrumentation field for over 40 years Numerous sales, marketing and executive positions with instrumentation vendors Life Member of ISA Member of ISA SP84 Safety Committee
Member of the BMS Subcommittee Member of the FGS Subcommittee

Author of numerous technical papers related to process safety Frequent presenter at technical conferences and user seminars worldwide Director-elect of ISA Safety Division

Project Overview
Installation of two (2) new redundant Boilers
Single Burner Boiler (NFPA 85) Capable of firing natural gas, oil and / or waste gas 1365 PSIG steam at 310,000 lbs/hr

Client is fully S84 aware and has implemented numerous IEC61511 compliant projects Complex multiple entity project team

Project Team Organization Chart

Multiple sub-contractors Various degrees of SIS application knowledge Boiler OEM had primary PO for Boiler Burner OEM and SI-BMS contracts were subs to Boiler OEM

SIS Aware

Chemical Manufacturer

Semi-SIS Aware

Engineering Firm

NON-SIS Aware

Boiler OEM

NON-SIS Aware

Burner OEM

SIS Aware

SI-BMS Consultant

Construction Industry Institute

Front End Loading effort level directly affects the cost and schedule predictability of the project. As the level of FEL tasks increase:
The project cost performance from authorization decreases by as much as 20% The variance between project schedule performance versus authorization decreases by as much as 39% The plant design capacity attained and facility utilization improved by as 15% The project scope changes after authorization tend to decrease The likelihood that a project met or exceeded its financial goals increased

SIS FEL Package

HAZARD Identification
Conduct HAZOP

Risk Assessment
Perform LOPA Develop
SIF List SIS Design Basis Support Report

Safety Requirements Specification

Develop
Lifecycle Cost Analysis Interlock List Sequence of Operations

Conceptual Design Specification

Redline P&IDs Develop
System Architecture Diagram E-stop Philosophy SIS Logic Solver Specification Bill of Materials Approved Inst Vendor List / Procure Plan for SIS SIL Verification Report Control Panel Location Sketch Control Philosophy Specification

Summary Safety Report Construction Estimate, TIC (+/- 20 %)

Safety Lifecycle
Start Establish Operating & Maintenance Procedures Pre-Startup Safety Review Assessment SIS Startup, Operation, Maintenance, Periodic Functional Testing Modify or Decommission SIS?

Project Design Basis / Company Standards

Define Target SIL Develop Safety Requirements Specification

Conceptual Process Design

Define PHA Input /Output Requirements

SIS Conceptual Design, & Verify Compliance With SRS

Perform Process Hazards Analysis & Risk Assessment

Perform SIS Detail Design SIS Installation, Commissioning, and PreStartup Acceptance Test

Apply non-SIS Protection Layers to Prevent Identified Hazards or Reduce Risks No SIS Required? Yes

SIS Decommissioning

(Based on ISA-S84)

Initial Design P&ID NG & Bio Gas

SV 110

FO
SV 108 SV 109

Pilot Line
FC
SV 105

FC

Combustion Chamber
Igniter

FO
HV 103 HV 104

Flame Sensor
BS 102A

BN 102

Main Flame Main Flame Main Flame Pilot Flame

Natural Gas
FC

Main Gas Line

FC

BS 102B

BS 102C SV 105 PT 106A PT 106B PT 106C

PT 101A

PT 101B

PT 101C

BS 102C

FO
HV 103 HV 104

Bio Gas
FC

Bio Gas Line

FC

PT 107A

PT 107B

PT 107C

PT 111A

PT 111B

PT 111C

Initial Design P&ID - Oil

HV 203

HV 204

Combustion Chamber
FC
SV 305

No.2 Oil
FC

Main Oil Line

PT 201A

PT 201B

PT 201C

FO
HV 304

Steam

Atom Steam Line

FC

PT 301A

PT 301B

PT 301C

FT 309

10

Initial Design P&ID - Air

Clean Air
FT 501A FT 501B FT 501C

Combustion Chamber
PT 602A

ID Fan

STACK

PT 601B

PT 601C

FD Fan
Combustion Air

FGR Air

PDT 401A

PDT 401B

PDT 401C

11

Initial Design P&ID - Steam

PT 702A

PT 701B

PT 701C

Steam Drum
LT 801A

LT 801B

LT 801C

12

Economic & Safety Analysis

Start SIS Conceptual Design Architecture Options Perform SIL Calcs (PFDavg and MTTFS)

Calculate Benefit to Cost Ratio

No

B/C > 1.0

Yes
Calculate Lifecycle Cost

No

Lowest LCC?

Yes

13

Risk Analysis Results

Item
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

ID No.
I-001a
SIF-002a SIF-003a SIF-004a SIF-005a

Description
High steam drum pressure causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture Low steam drum level causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture Loss of combustion air flow causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture High furnace pressure causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Low instrument air pressure causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Flameout caused by low pressure natural gas causes Fuel Gas Trip. (1oo1) PT, (2oo3) BS Sensor Architecture High pressure natural gas causes Fuel Gas Trip. (1oo1) Sensor Architecture Low pressure biogas causes Biogas Trip. (1oo1) Sensor Architecture High pressure biogas causes Biogas Trip. (1oo1) Sensor Architecture Flameout caused by low fuel oil pressure causes Fuel Oil Trip. (1oo1) PT, (2oo3) BS Sensor Architecture Low atomizing steam pressure causes Fuel Oil Trip. (1oo2) Sensor Architecture Safe purge conditions must be satisfied prior to introducing an ignition source into furnace during pilot light-off. (3 groups of 1oo1 Sensors) Overall XooX Architecture Proof of no flame in firebox (by flame scanner) prior to initiating purge sequence. (2oo3) Sensor Architecture Manual ESD Emergency Boiler Shutdown causes Master Fuel Trip (MFT). Flameout (all other causes) results in Master Fuel Trip (MFT). (2oo3) Sensor Architecture Low Air to Fuel ratio results in a Master Fuel Trip (MFT)

Reqd SIL
A 2 2 2 1 1 1 A A 1 1 1 1 N/A 2 A

SIF-006a
SIF-007a I-005a I-006a SIF-010a SIF-011a SIF-012a

SIF-013a I-007a
SIF-015a I-008a

7 SIL 1; 4 SIL 2; 4 - SIL A; 1 - MPF

14

Is a BMS a SIS?
Yes, a BMS is a SIS if:
Risk Analysis determines additional risk reduction is required and a Safety Integrity Level of 1 or greater is assigned to a BMS Safety Instrumented Function

No, a BMS is not a SIS if:

Risk Analysis determines no additional risk reduction is required

15

SIL Verification Results

SIF 2 2a Description
Low steam drum level causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture Low steam drum level causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Loss of combustion air flow (or differential pressure) causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture Loss of combustion air flow (or differential pressure) causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture High furnace pressure causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture

Func Test 24 24

Reqd SIL 2 2

Achvd SIL 2 2

PFDavg 5.86E-03 7.10E-03

RRF 171 141

MTTFS (Years) 20.49 18.78

24

5.83E-03

172

20.41

3a

24

6.47E-03

155

18.01

4 4a 5 5a

24 24 24 24

2 2 1 1

2 2 2 2

5.84E-03 6.47E-03 6.42E-03 6.42E-03

171 155 156 156

20.52 20.3 18.09 18.09

High furnace pressure causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture
Low instrument air pressure causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Low instrument air pressure causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Flameout caused by low pressure natural gas causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture

24

5.83E-03

172

19.79

6a

Flameout caused by low pressure natural gas causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture
High pressure natural gas causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture High pressure natural gas causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture

24

5.85E-03

171

17.74

7 7a

24 24

1 1

2 2

5.84E-03 6.47E-03

171 155

20.52 20.3

16

SIL Verification Results

SIF
10

Description
Flameout caused by low fuel oil pressure causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture Flameout caused by low pressure natural gas causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture

Func Test
24

Reqd SIL
1

Achvd SIL
2

PFDavg
5.83E-03

RRF
172

MTTFS (Years)
19.79

10a

24

5.85E-03

171

17.74

11

Low atomizing steam supply (low flow) causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture
Low atomizing steam supply (low flow) causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Proof of gun in position signal is required prior to startup of fuel oil firing. (1oo1) Sensor Architecture Proof of gun in position signal is required prior to startup of fuel oil firing. (1oo1) Sensor Architecture Safe purge conditions must be satisfied prior to introducing an ignition source into furnace during pilot light-off. (2oo3) Sensor Architecture Safe purge conditions must be satisfied prior to introducing an ignition source into furnace during pilot light-off. (2oo2) Sensor Architecture Proof of no flame in firebox (by flame scanner) prior to initiating purge sequence. (2oo3) Sensor Architecture Proof of no flame in firebox (by flame scanner) prior to initiating purge sequence. (1oo1) Sensor Architecture

24

3.66E-02

27

14.48

11a

24

3.66E-02

27

14.48

12

24

3.09E-02

32

48.01

12a

24

3.09E-02

32

48.01

13

24

3.10E-02

32

1501.7

13a

24

3.15E-02

32

146.06

15

24

8.58E-06

116508

14.5

15a

24

2.30E-04

4345

28.54

17

Economic & Safety Analysis

Start SIS Conceptual Design Architecture Options Perform SIL Calcs (PFDavg and MTTFS)

Calculate Benefit to Cost Ratio

No

B/C > 1.0

Yes
Calculate Lifecycle Cost

No

Lowest LCC?

Yes

18

Benefit-to-Cost-Ratio

B-C Ratio =

FNo-SIS x EVNo-SIS - FSIS x EVSIS CostSIS + CostNT

B-C Ratio FNo-SIS FSIS EVNo-SIS EVSIS CostSIS CostNT

= Ratio of benefits to cost = Frequency of the unwanted event without a SIS = Frequency of the unwanted event with a SIS = Total expected value of loss of the event without a SIS = Total expected value of loss of the event with a SIS = Total lifecycle cost of the SIS (Annualized) = Cost incurred due to nuisance trips (Annualized)

19

B-C Ratio 2oo3 Architectures

SIF-002 SIF-003 SIF-004 SIF-005 SIF-006 SIF-007 SIF-010 SIF-011 SIF-012 SIF-013 SIF-015

EVSIS EVNo-SIS $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000

FNo-SIS (1/Yrs) 0.05555556 0.00546448 0.05555556 0.05555556 0.05555556 0.05555556 0.05555556 0.05555556 0.00546448 0.05555556 0.05555556

PFDAv g 5.86E-03 5.83E-03 5.84E-03 6.42E-03 5.83E-03 5.84E-03 5.83E-03 3.66E-02 3.09E-02 3.10E-02 8.58E-06

FSIS Nuisance Trip Rate (Yrs) (1/Yrs) 0.00032556 20.49 0.00003186 20.41 0.00032444 20.52 0.00035667 18.09 0.00032389 19.79 0.00032444 20.52 0.00032389 19.79 0.00203333 14.48 0.00016885 48.01 0.00172222 1,501.70 0.00000048 14.50

Cost NT ($/Yr) B-C Ratio $ 3,660 10.59 $ 3,675 1.04 $ 3,655 10.60 $ 4,146 10.40 $ 3,790 10.54 $ 3,655 10.60 $ 3,790 10.54 $ 5,180 9.71 $ 1,562 1.10 $ 50 11.94 $ 5,172 10.08

20

B-C Ratio 1oo1 Architectures

SIF-002a SIF-003a SIF-004a SIF-005a SIF-006a SIF-007a SIF-010a SIF-011a SIF-012a SIF-013a SIF-015a

EVSIS EVNo-SIS $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000 $5,125,000

FNo-SIS (1/Yrs) 0.05555556 0.00546448 0.05555556 0.05555556 0.05555556 0.05555556 0.05555556 0.05555556 0.00546448 0.05555556 0.05555556

PFDAv g 7.10E-03 6.47E-03 6.47E-03 6.42E-03 5.85E-03 6.47E-03 5.85E-03 3.66E-02 3.09E-02 3.15E-02 2.30E-04

FSIS Nuisance Trip Rate (Yrs) (1/Yrs) 0.00039444 18.78 0.00003536 18.01 0.00035944 20.30 0.00035667 18.09 0.00032500 17.74 0.00035944 20.30 0.00032500 17.74 0.00203333 14.48 0.00016885 48.01 0.00175000 146.06 0.00001278 28.54

Cost NT ($/Yr) B-C Ratio $ 3,994 13.28 $ 4,164 1.30 $ 3,695 13.48 $ 4,146 13.19 $ 4,228 13.15 $ 3,695 13.48 $ 4,228 13.15 $ 5,180 12.21 $ 1,562 1.44 $ 513 15.48 $ 2,628 14.29

21

Economic & Safety Analysis

Start SIS Conceptual Design Architecture Options Perform SIL Calcs (PFDavg and MTTFS)

Calculate Benefit to Cost Ratio

No

B/C > 1.0

Yes
Calculate Lifecycle Cost

No

Lowest LCC?

Yes

22

Lifecycle Cost Analysis

Lifecycle Costs
Procurement Costs
System Design Purchase Installation

Description
Engineering costs associated with Front End Loading and Detailed Design Cost of Equipment including Factory Acceptance Testing and Shipping Construction costs associated with SIS

Start-up

Commissioning, PSAT and Initial Functional Testing of SIS

Operating Costs
Engineering Changes

Description
Engineering costs associated with maintenance

Consumption
Maintenance

Power, spare parts, instrument air, etc.

Inspection, Functional Testing

Cost of MTTFS
Lost Production Asset Loss

Description
Cost of lost production Cost of lost equipment
23

LCC Analysis Results

SIF
2 2a

Description
Low steam drum level causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture Low steam drum level causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Loss of combustion air flow (or differential pressure) causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture Loss of combustion air flow (or differential pressure) causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture High furnace pressure causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture High furnace pressure causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Low instrument air pressure causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Low instrument air pressure causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Flameout caused by low pressure natural gas causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture Flameout caused by low pressure natural gas causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture High pressure natural gas causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture High pressure natural gas causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture

Life Cycle Cost Estimate $75K

$207,455

Delta Life Cycle Cost $75K

Life Cycle Cost Estimate $6K

$92,174

Delta Life Cycle Cost $6K

$17,156 $190,299 $64,524

$27,650

$207,946 $11,802

$92,213 $27,222

3a

$196,144

$64,991

4 4a 5

$207,272 $27,208 $180,064 $211,237 $15,724

$92,159 $28,454 $63,705 $80,665 $15,724

5a
6 6a 7

$195,513
$211,886 $13,573 $198,313 $207,272 $27,208

$64,941
$92,529 $27,364 $65,165 $92,159 $28,454 $63,705

7a

$180,064

24

LCC Analysis Results

SIF
10

Description
Flameout caused by low fuel oil pressure causes Master Fuel Trip (MFT). (2oo3) Sensor Architecture Flameout caused by low pressure natural gas causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Low atomizing steam supply (low flow) causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Low atomizing steam supply (low flow) causes Master Fuel Trip (MFT). (1oo1) Sensor Architecture Proof of gun in position signal is required prior to startup of fuel oil firing. (1oo1) Sensor Architecture Proof of gun in position signal is required prior to startup of fuel oil firing. (1oo1) Sensor Architecture Safe purge conditions must be satisfied prior to introducing an ignition source into furnace during pilot light-off. (2oo3 FT, 2oo3 PDT, 1oo1 ZSC) Sensor Architecture Safe purge conditions must be satisfied prior to introducing an ignition source into furnace during pilot light-off. (1oo1 FT, 1oo1 ZSC) Sensor Architecture Proof of no flame in firebox (by flame scanner) prior to initiating purge sequence. (2oo3) Sensor Architecture Proof of no flame in firebox (by flame scanner) prior to initiating purge sequence. (1oo1) Sensor Architecture

Life Cycle Cost Estimate $75K

$211,886

Delta Life Cycle Cost $75K

Life Cycle Cost Estimate $6K

$92,529

Delta Life Cycle Cost $6K

$13,573 10a $198,313 $65,165

$27,364

11

$246,614 $15,724

$83,495 $15,724
$67,771

11a

$230,890

12

$122,793 $15,724

$73,589 $15,724 $57,865

12a

$107,069

13

$83,860 $12,693

$82,287 $27,294 $54,993

13a

$71,167

15

$259,209 $115,658

$96,314 $35,530 $60,784

15a

$143,551

25

Final Results
SIF

Description

Life Cycle Cost Estimate $75K

Delta Life Cycle Cost $75K

Life Cycle Cost Estimate $6K

Delta Life Cycle Cost $6K

Option 1

2oo3 Architecture

$4,354,860

$1,940,226

$572,086

$553,008

Option 1A

1oo1 Architecture

$3,782,774

$1,387,218

26

Conclusion
Complex project team with multi-layered contractual arrangement Implementation of a SIS FEL saved project team cost and schedule Implementation of Safety Lifecycle reduced Risk associated with BMS Implementation of Economic Analysis coupled with Safety Availability requirements resulted in over $500K in savings

27

Conclusion

Proper Implementation of the Safety Lifecycle Can Reduce Cost of Ownership!

Make your money work for you!

28 28

Thank You!

Are There Any

Applied Engineering Solutions, Inc.

www.aesolns.com
29