Applicable Safety Rules

[tigebite 0]

I am new to the forum. For design guidlines for our industrial furnaces we follow NFPA 86. Under safety it talks about needing manual emergency switches to initiate a safety shutdown. It doesn't define what a safety shutdown must consist of, or what a manual emergency switch is other than the fact that it must be hardwired outside of the PLC. Does anyone know of a requirement/regulation that would govern how I need to wire the switch and how to physically wire the safety shutdown. I have been poking around the forum looking for sources (by searching safety and NFPA), but am getting burried. I have briefly looked in the viewable NFPA 70 (2005), as someone pointed out. I have NFPA 70 (Newest version) on the way. Is there an OSHA or ANSI code I should be following? Thanks for the help in advance.

[Ken Moore 23]

A safety shut down system, must bring the system to a safe state. So... depending on the system, shut off fuel, stop motors etc... as required. I recommend you use a "safety" rated relay. Wired in such a way that there must be current present to run, the various shut down 'buttons' break the circuit, or a broken wire will also shut down the system. I would consult with a safety specialist and or your insurance company.

[tigebite 0]

Thanks for the input. In order to bring the system down and not damage anything, things need to happen in a timed sequence. Would I be looking at a safety PLC at that point and not just a "safety" rated relay? Or, would the safety relay still be used but only to safely stop that which can be immediately and allow the PLC to bring the rest of the system down.

[paulengr 44]

Its a burner. It's not rocket science. And the industry consensus on these things is very mature. You hold it in your hands. It's NFPA 86. Only thing missing is it doesn't tell you what "safety rated" means. I've worked around these things now for almost 10 years. They're simple and reliable IF you do not monkey around trying to use stuff that hasn't withstood the test of time in the industry. I wouldn't even consider any of the "generic" recommendations about safety relays, SIL this or that, etc. Those codes are meant for protecting people from moving equipment and don't necessarily have anything to do with burners. They aren't mentioned in NFPA 86 for a reason. You can't mix the different ANSI safety codes, NFPA 70E, the NESC, etc., and come up with an answer either. This is exactly what you are suggesting and it is definitely going down the wrong path. The other post you received recommending this kind of stuff is a recipe for trouble. There is some harmonizing going on (hence the reason that the definition of "qualified person" in NFPA 70 has gone from suggesting that it's someone that knows the code to something a lot more loose) By the way, safety-rated PLC's ARE acceptable under NFPA 86. They've been acceptable since around 2004. NFPA 86 was a bit slow in recognizing them. I'm not 100% sure though which PLC's would qualify. For instance, an unmodified ControlLogix PLC can be "SIL 2" grade. The safety version can be "SIL 3". SIL ratings of course have nothing to do with the NFPA 86 requirements so that's another can of worms so don't assume that either one would be acceptable. In general, Factory Mutual sets the standards for NFPA 86. Equipment that is "FM approved" in the U.S. is acceptable. In Canada, you want to look for "CSA certified". I'm not sure what to do outside of those two jurisdictions. In the simplest terms without getting into the codes, here's the basics of what you are trying to do. If you cut off one of the 4 elements of the fire triangle (now fire tetrahedron) then you shut down the system. Due to the fact that oxygen can always creep back in there later, and heat and kinetics are not easily controlled, burner management systems are always designed to cut off the fuel. I've never seen any other version and I'm not entirely sure how you'd make it safe if you try to attack one of the other 3 elements, except with pulverizers that are often stuck with attacking the chemical kinetics since the fuel is so pervasive that you can't get rid of it. You can kill all the fans too but consider the consequence. Fans are providing cooling (of some sort) and unless it's a dire emergency or you lose power, you risk causing damage to the equipment (not a safety hazard as such...just inconvenient when you have to replace all your burner castings, refractory, and/or UV flame scanners if you are running that hot) if you don't leave the fans running. Plus you'll still have to run them later when you go to purge the system. And, if you leave them running, you very quickly reach the lower flammability limit where combustion becomes impossible whereas you have to wait for all the fuel to be consumed if you cut off both fuel and air at the same time. I do strongly recommend developing a shutdown sequence, and often more than one (a "hot idle" and "cool down" type mode) as far as your fans goes. This is above and beyond the burner management system. There is no real safety concern here other than the annoyance of shutting off the fans early and melting out the aforementioned equipment. So ordinary PLC's can control this part of the process. My standard arrangement is this. I start a timer once fuel is off if necessary but I prefer to monitor a thermocouple if available. Then if someone hits the stop button, I blink the power on light but don't shut down the fan immediately. It stays that way until the shutdown conditions (timer and/or thermocouple) are reached, and then shut down the fan. The blinking lights let everyone know that it "worked". I also left a bypass in place. Holding down the stop button for 10 seconds will initiate an override and shut down the fans anyways. This is there mostly as a maintenance function because the only reason to wait is if you are interested in protecting equipment. I do NOT automatically shut down fans as a general practice because there are just too darned many situations where it is preferable to leave them going. During startup, the danger is leaving residual fuel in the system or otherwise ending up in a situation where the air/fuel mixture could lead to an explosion. This is generally considered unacceptable so hence NFPA 86 requires at least enough purge air equal to 3 times the volume of the combustion chamber. The only exception is if you are currently still above the autoignition temperature of the fuel. In this case, as long as you have sufficient oxygen (verified by pressure/air flow sensors on the fans), you can skip purging and introduce fuel immediately. It will light off the refractory/air. Once purged, gaseous and liquid fuels will light immediately with any kind of decent pilot. On very large burners, a spark ignitor is not sufficient. In that case, you need a pilot to get them lit. With solid fuels (coal, coke), burners usually will not achieve a self-sustaining flame until the pilot gets the refractory up to autoignition temperature. In that case the standard procedure is to first run a pilot (often a very large one) to bring the refractory up to temperature. Once the refractory reaches autoignition temperature (1650 F for coal), then the solid fuel can be introduced and it will light right off safely. Usually the practice is to leave the pilot on for a while (wait for another 100-200 degrees) to be sure that the flame remains self-sustaining. Outside of this, NFPA 86 is pretty much silent. It has lots of specifications requiring for instance that you insure that the right gas pressure (both high and low pressure limit switches) is present, that you have sufficient air flow (usually verified multiple ways), etc. It's all right there in the P&ID diagrams in NFPA 86 and it's pretty much self-explanatory. If you have FM or someone similar (Baker is another?) as an insurance carrier, it certainly wouldn't hurt to get them involved in critiquing anything you do with burners. They are usually more than willing to give you all kinds of free advice. However, take their recommendations with a grain of salt. Often their recommendations are gross overkill, even by their own standards. There are industry accepted ways to do things, and then there's the FM way. Often FM throws out concepts and ideas that have not really been field tested, leading to trouble down the road when you find out that their recommendations are actually not actually feasible in practice. This is also the voice of experience. As to safety relays in particular, Honeywell makes a variety of safety relays and burner management devices that do the job. I honestly can't even name a competitor because Honeywell's burner relays have been on virtually every device I've ever seen from forced air heaters in my house to large metallurgical multiburner/multifuel burners. I haven't seen anyone else use anything else even in multiple companies that I've worked in, and I haven't used anything else either. I have not seen any of AB's "safety relays" carrying an FM approval sticker, so you probably need something else. If you even consider doing it, I'd talk to AB. They have an entire department that does burner management systems. I haven't ever seen a requirement for a "safety rated" push button other than the usual (red mushroom head type with NC contacts and some sort of detent to cause it to stay open once pressed). The newer ANSI/SIL type codes are much more picky about these things. I don't believe that NFPA 86 is nearly as stringent because every E-stop push button I've ever seen has been the basic type that I described without any sort of additional safety features associated with it. Almost every time, they are Allen Bradley 30 mm push buttons, not the newer IEC/European 22 mm stuff from the safety catalog. I strongly recommend you get in touch with a burner management company. I know AB advertises that they do this and I know you can get similar service from Honeywell, but personally I recommend North American Manufacturing (www.namfg.com). They are the best in the business I've found so far. One of their vice presidents (Ted) sits on the NFPA 86 board. We've had many discussions especially when about 2 years ago I had to put in a burner management system that definitely fell outside the purview of NFPA 86 (or any other safety code). If you follow their recommendations, I have had very minor startup issues which they were able to troubleshoot and fix. Once this was taken care of, the systems just run and run and run with little to no trouble. That alone is worth a lot to me. In addition, I know that North American in particular teaches classes on just about every aspect of burner management that you could ask for and is very supportive. As far as I know they are probably the oldest company in the business. If you're not really familiar with this stuff, I strongly recommend you contact them and get in on one of their classes. Based on the material they have supplied, I wouldn't hesitate to modify, troubleshoot, or maintain a burner system. Scratch that...that's exactly what I've done. I would still pay for their engineering support to actually design a system from scratch every time for anything bigger than a small single burner system with only one or two fuels. In this area of engineering, the cost of making a mistake or lack of peer review is just too great. You don't have to just take their word for it carte blanche though. It should be a joint effort all the way around so that you get good consensus on what you are doing. I have piles of notes where the process went back and forth both ways even when they were leading the design effort. If you want any other specific places to look or recommendations, I can even give you prints and manuals and lots of other details, feel free to PM me. I don't claim to be an expert in the subject but I certainly have contacts with people who are experts and I can certainly give you names and phone numbers.