Professional Documents
Culture Documents
BMS Specification Sheet
BMS Specification Sheet
Table of Contents
1 Instructions to Bidders ...........................................................................................................4
2
4.1
4.2
4.3
4.4
5.2
5.3
5.4
Safety Manual...............................................................................................................11
5.5
5.6
Safety Functions...........................................................................................................12
5.7
5.8
5.9
Heat ..............................................................................................................................13
6.2
Humidity........................................................................................................................13
6.3
6.4
6.4.1
Electro-Static Discharge........................................................................................13
6.4.2
6.4.3
6.4.4
Electrical Requirements.......................................................................................................14
7.1
7.2
7.3
7.4
7.5
Hardware Requirements......................................................................................................15
Page 1 of 30
CPU ..............................................................................................................................15
8.1.1
8.1.2
8.1.3
Redundancy ..........................................................................................................15
8.1.4
Memory .................................................................................................................15
8.1.5
Diagnostics............................................................................................................15
8.1.6
8.1.7
Scan Rate..............................................................................................................16
8.1.8
8.2
8.2.1
Technology............................................................................................................16
8.2.2
8.2.3
Redundancy ..........................................................................................................16
8.2.4
Diagnostics............................................................................................................17
8.2.5
Online Modification................................................................................................17
8.3
Cabinets .......................................................................................................................17
8.4
8.5
8.6
8.6.1
8.6.2
8.6.3
PC .........................................................................................................................18
8.6.4
Monitors.................................................................................................................19
9.1
Safety Fieldbus.............................................................................................................20
9.2
9.3
9.4
9.5
9.6
9.7
10
Page 2 of 30
Page 3 of 30
1 Instructions to Bidders
The information provided in Table 1 provides basic instructional information for submittal of the
bid.
mm/dd/yy
mm/dd/yy
General Bid Information
mm/dd/yy
hh:mm ( specify time zone )
Name
Title
Mailing Address
Email Address
Primary Contact for Supplemental Commercial Name
Information
Title
Mailing Address
Email Address
Phone Number
Primary Contact for Supplemental Technical Name
Information
Title
Mailing Address
Email Address
Phone Number
Table 1: Instructions to Bidders
The proposal must contain the information listed below, at a minimum, to allow for a
comprehensive and fair evaluation of the proposal:
Page 4 of 30
Note: Major system components include processors, I/O modules, power supplies, operator
interfaces at a minimum.
Page 5 of 30
2 Scope of Work
This specification defines the minimum mandatory requirements for a burner management
system (BMS) and associated software and support services.
This specification excludes basic process control system hardware and software for combustion
control, field instrumentation, auxiliary systems, and management information systems. It also
excludes all application software configuration, job-site assembly and installation services for
the BMS.
Page 6 of 30
General
Equipment name
Equipment number
Location
Type of draft
Burner fuel #2
Burner fuel #3
yes / no
Pilot fuel #1
Pilot fuel #2
( if applicable )
Auxiliary Systems
yes / no
yes / no
Reburn Fuel ?
yes / no
yes / no
yes / no
Page 8 of 30
At a minimum, the burner management system shall comply with the latest edition of the
following codes and standards:
Item #
N1
N2
Document #
ANSI/ISA 84.00.01: 2004 (IEC
61511: Mod)
ISA-TR84.00.05: 2009
N3
N4
IEC 61131-3:2003
N5
N6
N7
N8
N9
Document Title
Functional Safety: Safety Instrumented
Systems for the Process Industry Sector
Guidance on the Identification of Safety
Instrumented Functions (SIF) in Burner
Management Systems (BMS)
Functional Safety of
Electrical/Electronic/Programmable Electronic
Safety-Related Systems
Programmable controllers - Part 3:
Programming languages
Boiler and Combustion Systems Hazard Code
Standard for Ovens and Furnaces
Fluid Heaters
National Electrical Code (NECr)
Instrumentation and Control Systems for Fired
Heaters and Steam Generators
4.2
Preliminary diagrams detailing the typical physical arrangement of the burner management
system major components shall be supplied. Note: Major system components include
processors, I/O modules, power supplies, operator interfaces at a minimum.
Page 9 of 30
4.3
Table provides the anticipated I/O count for the burner management system.
Type of Signal
Number of Signals
AI
DI
AO
DO
Total
Table 4: Preliminary I/O Count
I/O for all BMS safety critical functions shall be SIL 3 rated.
End User Note: The I/O count should include all I/O associated with both field-mounted devices
and operator interface devices. It should also include any spare capacity required.
4.4
The BMS will interface to other control systems. Table provides information regarding these
interfaces.
System 1
System 2
System 3
Connection type
( RS-232, RS-422, Modbus,
Ethernet, PROFIBUS, OPC,
etc. )
Number of soft inputs to be
read by BMS CPU
Number of soft outputs to
be written by BMS CPU
Table 5: Interfaces to Other Systems
To ensure interoperability and reliability all interface components shall be supplied by the BMS
manufacturer.
Page 10 of 30
Since the BMS will most likely contain safety instrumented functions, the CPUs provided shall
be IEC 61508 certified to be SIL 3 capable as required by the ANSI/ISA 84.00.01: 2004 (IEC
61511: Mod) standard.
5.2
Since the BMS will most likely contain safety instrumented functions, the I/O modules provided
shall be IEC 61508 certified to be SIL 3 capable as required by the ANSI/ISA 84.00.01: 2004
(IEC 61511: Mod) standard.
5.3
The NFPA 85 and 86 standards require the BMS to be independent and physically separate
from the combustion basic process control system ( BPCS ). Since the BMS will most likely
contain safety instrumented functions, the ANSI/ISA 84.00.01: 2004 (IEC 61511: Mod) standard
will also require this independence and separation.
5.4
Safety Manual
The ANSI/ISA 84.00.01: 2004 (IEC 61511: Mod) standard requires equipment manufacturers to
provide safety manual for all IEC 61508 certified equipment. Therefore, a safety manual must
be provided for all IEC 61508 certified equipment provided as part of this project.
The safety manual for hardware must define how the equipment can be safely applied and
clearly list the limitations of use applicable to the equipment. For application software, the
safety manual must comply with the requirements of section 12.4.4.7 of the ANSI/ISA 84.00.01:
2004 (IEC 61511: Mod) standard:
The safety manual shall address the following items as appropriate:
a) use of diagnostics to perform safe functions;
b) list of certified/verified safety libraries;
c) mandatory test and system shutdown logic;
d) use of watchdogs;
e) requirements for, and limitations of, tools and programming languages;
f) safety integrity levels for which the device or system is suitable .
Each safety manual shall be provided in either electronic or hard copy format.
5.5
NFPA 85 and 86 requirements for monitoring the logic solver for failure shall be met by
providing a watchdog circuit that is external to the CPU. This external system watchdog circuit
shall meet the following:
independently monitor the CPUs and trip the MFT relay if a CPU failure is detected.
Page 11 of 30
5.6
Safety Functions
The standards referenced in Section 4.1 require the BMS to be capable of providing the
following safety functions:
Purge interlocks and timing
Flame proving and monitoring
Safety shutdowns
Function blocks that have been IEC 61508 certified to SIL 3 shall be provided for use in
configuring these safety functions.
5.7
.The BMS system shall support inclusion of a Master Fuel Trip Relay as necessary for
compliance with NFPA 85. End User Note: NFPA 85 requires a master fuel trip ( MFT ) relay
that is an electromechanical relay utilized to trip all required equipment simultaneously when a
master fuel trip is initiated. So, if the equipment to be controlled by the BMS is a boiler, duct
burner, thermal oxidizer, stoker, or HRSG, the BMS must include this MFT relay.
5.8
The system shall include a hardwired, guarded, self-latching e-stop pushbutton, mounted and
wired to the front of the cabinet This emergency stop switch shall initiate a MFT. The ANSI/ISA
84.00.01: 2004 (IEC 61511: Mod), NFPA 85 and NFPA 86 standards all require the operator be
provided with a manually operated emergency stop switch that is independent of the BMS logic
solver.
End User Note: NFPA 85 section 4.6.3.2.4 requires the emergency stop switch to actuate the
master fuel trip relay independently and directly. So, if the equipment to be controlled by the
BMS is a boiler, duct burner, thermal oxidizer, stoker, or HRSG, the emergency stop switch
must meet this additional requirement.
5.9
Bypass Functions
The ANSI/ISA 84.00.01: 2004 (IEC 61511: Mod) standard states all bypass switches shall be
protected by key locks or passwords to prevent unauthorized use. All bypass functions
provided with this system including from the local HMI panel must meet this requirement.
5.10 Alarms
The NFPA standards require the cause of each MFT to be alarmed to the operator. This firstout alarming logic shall be configured in the application software. The HMI shall provide
dedicated displays and icons within the HMI for representing the status of safety-critical alarms.
Page 12 of 30
Heat
All safety rated components shall be capable of operating in an environment ranging between
the following values:
Operating:
5 to 50C.
Storage:
6.2
Humidity
Operating:
Storage:
6.3
All safety rated components shall be tested to and comply with the following shock and vibration
standards:
6.4
Vibration:
axes
Shock:
IEC68-2-29:
Page 13 of 30
7 Electrical Requirements
7.1
7.2
Equipment shall meet all electromagnetic compatibility requirements of the IEC 61000-4-2,
61000-4-3, and 61000-4-4 standards.
7.3
PROFIBUS, Ethernet, and other communication cables shall maintain a minimum separation of
75 mm from any AC power cables. Fiber optic cables are excluded from this requirement.
Vendor installed cables shall be designed and installed in such a way as to allow cable
disconnection in order to service the equipment. Cables shall not interfere with circuit board
removal. All wire insulation for cables carrying power shall be rated for 600 volts.
7.4
AC Safety ground and instrumentation circuit ground shall conform to the NEC, Article 250.
7.5
.System shall support hot swapping of control, input/output, and communication modules
without requiring power-down of entire system.
.
Page 14 of 30
8 Hardware Requirements
All hardware shall be commercial off-the-shelf (COTS) equipment. All hardware provided shall
be capable of supporting the I/O provided in Section 4.3.
8.1
CPU
8.1.3 Redundancy
The system provided shall be capable of supporting redundant CPUs. Redundant CPUs shall
be connected together via fiber optic cables. The redundant CPUs shall operate with a hot
backup where both CPUS execute the identical step of the user program in parallel. When a
CPU error is detected, automatic, bumpless (uninterruptible) switchover shall be initiated and
completed in 30 msec or less.
8.1.4 Memory
Each CPU shall be provided with 10 to 15 percent spare memory. CPU memory should have a
battery backup so the controller maintains its configuration and state information in the event of
an extended power outage. The controller shall have the capability of storing a retrievable copy
of the application program on a replaceable memory card within the controller.
8.1.5 Diagnostics
The CPU shall be capable of continuous, automatic online diagnostics to detect system failures.
Diagnostic coverage greater than 99 % shall be achieved.
The following failure control measures should be implemented in the CPU:
a) Memory diagnostic to verify any data or code corruption
b) Time diagnostic shall be built-in and provide redundancy to the external watchdog timer
c) Self-test of BMS operations in each cycle
d) Logical program execution and data flow monitoring
e) Comparison of the diverse diagnostics in the CPU and I/O modules
f)
Page 15 of 30
8.2
I/O Modules
8.2.1 Technology
All I/O modules shall be electrically isolated from the communication backplane. All I/O modules
shall have ON/OFF indication for each I/O. This indication shall be located on the front of each
module.
8.2.3 Redundancy
Single, dual and triple redundant I/O modules shall be supported. To minimize the potential for
common cause failures, redundant I/O Modules must be able to be located in physically
separate racks. It is not permissible for redundant I/O modules to share a common backplane.
I/O redundancy shall be independent of the controller redundancy.
Page 16 of 30
8.2.4 Diagnostics
All I/O modules provided shall contain self-diagnostics that detect any potentially dangerous
component failure. The diagnostic capabilities shall be verified with extended diagnostic
functions and fault injection testing.
At a minimum, the I/O modules shall report to the control module the following diagnostic
information:
a) Internal hardware faults
b) Power lost
c) Field wiring diagnostics (e.g. open or short circuit)
d) Communication Error
e) Discrepancy error (1oo2D evaluation)
f) RAM, EPROM failure
g) Microprocessor failure
In case of loss of communication to the CPU, the I/O modules shall automatically return to the
safe sate by driving the outputs of the I/O modules to the safe state.
8.3
Cabinets
Pre-assembled, painted NEMA 12 cabinets shall be provided. Control cabinets shall conform to
CE standards for electromagnetic compatibility with the EMC standard (IEC 61000), and ensure
protection against unauthorized access, mechanical influences, contamination, and other
environmental influences. The standard cabinet shall conform to NEMA 12 and a cabinet
upgrade to a NEMA 4X (304 SS) shall be available.
Cabinets shall be equipped with interior lighting and a convenience outlet as well as options for
fans, AC and/or Vortex cooling. All internal cabinet wiring shall be identified by fire-retardant,
heat shrink sleeve labels. All wire insulation shall be rated for 600 volts.
The panel assembly will be designed and inspected for Underwriters Laboratories Standard for
Safety of Industrial Control Panels (ICP) "UL508A " .
End user note: Indicate any physical space limitations for each cabinet.
8.4
Field Terminations
All I/O terminations shall be simple, front panel terminal connections. Terminals shall be
capable of terminating wire of 16 AWG on typical 16 channel I/O modules. Assemblies for
marshalling terminations for larger systems shall be available. Ability to connect directly to
custom wiring schemes using third-party terminal blocks shall be provided.
Page 17 of 30
8.5
A MFT push button shall be hardwired to the MFT relay if so equipped, allowing an operator trip
of the equipment controlled by the BMS. A MFT push button shall be located on the local
operator station and support the ability to connect additional MFT push buttons per customer
requirements.. Each push button shall be clearly labeled and designed to avoid inadvertent
actuation. Each MFT push button shall meet the requirements in Section 5.8.
8.6
The pre-engineered screens shall be easily extendable / customizable to represent the actual
application via copy/paste.
All pushbuttons other than E-Stop shall be configured as soft push buttons in the HMI.
8.6.3 PC
The system shall include a rack-mounted compact industrial PC housed in an all metal
enclosure achieving degree of protection IP 20. It shall include the capability to alarm on high
temperature and failure of device or power supply fan. It shall include the following interfaces:
a) Flash Drive for Compact Flash Card
b) 4 x USB ports
c) Ethernet Ports 2 x 10/100/1000 Mbit/s (RJ 45)
d) Serial Port 1 x COM1 (V.24)
e) PROFIBUS (12Mbit/sec)
The PC shall be preloaded with the following components:
a) Engineering tools for configuration of the hardware
b) Engineering tools for configuration of the application software
c) SQL-based archiving system
d) Human Machine Interface (HMI) software for process visualization
e) OPC Client / Server
f) Process Device Manager (Optional) - for managing instrumentation
Page 18 of 30
8.6.4 Monitors
The Monitor for the local operator station shall be as designed for industrial applications meeting
the following requirements, at a minimum:
Flatscreen Color TFT touchscreen display
Diagonal measurement 17 or 19 inches nominal
Minimum Resolution: 1280 x 1024
Page 19 of 30
9.5
End user note: Delete this section if the BMS system does not need to communicate with other
safety systems.
Communication between independent safety systems shall exist on an open communication
network such as Industrial Ethernet. The communication network and associated protocol shall
be IEC 61508 certified to SIL 3 and shall support deployment in redundant architectures. The
communication network and associated protocol shall be capable of detecting a network failure
in a ring architecture and rerouting communication in 300 msec or less.
9.6
End user note: Delete this section if the BMS system does not need to communicate with other
third-party systems.
Page 20 of 30
9.7
Page 21 of 30
Control and Monitor the ignition process for oil and gas burners
Valve Proving of Fuel Supply Valves
Control position of the air damper during ignition and purge
Control and Monitor oil program that must be blown out after shutoff
Supervise the position of the actuators for air and fuel supply
Supervise the temperature and air / fuel flow
Application Program Protection via authorization key Changes of the application program
shall only be possible, when a software authorization key is installed on the engineering
station. It should be possible to upload and download this key from a external data device.
A definite checksum (signature) of the whole safety application program shall be provided
for documentation and certification of an application program. For the seamless integration
in the lifecycle documentation, a comparison function for the safety program must be part of
the engineering tool. As minimal requirements it must include follow comparison functions:
a)
Overall signature
b)
c)
Parameter Values
d)
Page 22 of 30
The engineering system shall support the creation of custom function blocks from a high level
(pascal-like) programming language. For maximum flexibility, the high level programming
language provided by the system shall support the use of standard mathematical functions in
addition to allowing other function blocks to be called directly from within the program.
Page 23 of 30
The configuration and programming tools shall run on standard PC with Windows operating
system.
Page 24 of 30
Page 25 of 30
Page 26 of 30
10.7.1 Security
Two levels of security shall be provided with each HMI. An operator security level shall be
accessed without needing a password and shall provide all information required to operate the
BMS. A supervisor security level shall be accessed with a password and shall provide both
operation and maintenance capabilities.
10.7.2 Displays
A typical BMS graphical interface, including standard faceplates and detail displays shall be
provided. Additionally, a CFC chart shall be provided to allow the operator to step through the
actions required to satisfy NFPA 85 requirements for manually lighting a burner system. All
displays provided shall be capable of customization by the end user.
Page 27 of 30
Page 28 of 30
10.8 Revisions
Application software shall not require modifications in order to be able to run under new
releases of the system operating software. Any new release of system software shall be
backward compatible with files created using the previous software releases.
10.9 Licensing
The software licenses (both runtime and engineering) shall be portable allowing the user to
transfer licenses from one PC to another without requiring intervention from the vendor.
Page 29 of 30
Page 30 of 30