Safety as standard

To comply with the functional safety standard IEC 61508, consultant Charter Tech has implemented a burner management system at Huntsman Group’s Middlesborough plant in Teesside, North England.

Companies such as Charter Tech, which are involved in the design and implementation of controlling hazardous processes, have been keeping a careful eye on the developing standard IEC 61508, from its initial days as a draft in the early to mid 1990s, to its current position as a fully harmonised European standard.

In broad terms, IEC-61508 uses a Safety Lifecycle Model to set out clearly defined tasks in achieving the goal of minimising risk when electrical, electronic or programmable electronic devices are used to control safety related functions. It is mainly concerned with personnel safety but recognises the financial and environmental costs when failures occur.

One of IEC-61508s basic requirements is the allocation of an applied Safety Integrity Level, the SIL level, for industrial projects. This uses four discrete levels to specify the safety integrity requirements. On the SIL scale, level one has the lowest required level of safety integrity and four the highest.

Whilst debating its approach to IEC 61508, Charter Tech was invited by Eutech Engineering Solutions, at that time the engineering and consultancy group of ICI, to put forward proposals for three sets of burner management systems (BMS) for ICI’s Olefins plant in Middlesborough. The plant was originally a joint venture project between ICI and British Petroleum, but is now owned and run by the USA-based Huntsman Group.

The scheme had to comply with IEC-61508 to SIL 2, which meant designing the BMS system and its associated devices to SIL 3 standard. The requisite documentation and review processes were easily accommodated and Charter Tech initially proposed a standard system solution, with enhancements to meet the specified SIL level.

Further discussions however revealed an end-user preference for Safety PLCs in hazardous applications. Safety PLCs have been designed from the outset to provide the highest degree of safety protection and are commonly found in fire and gas shut down systems, train protection and other significant risk applications. Their intrinsic reliability stems from techniques that virtually eliminate hazardous situations from occurring due to equipment failure. This is achieved using duplication/triplication of key devices and data paths, together with extensive self-testing of the CPU, firmware and input/output modules.

Charter Tech claims however, even though the controlling device may be intrinsically safe it is only through carefully considered integration that the overall process can be safely managed. Put more simply, says the company, just using a Safety PLC does not make the process safe.

The critical nature of the process-steam boilers in this ICI/Huntsman application required Charter Tech to put forward higher specification control systems including high availability Safety PLCs manufactured by Hima, with redundant I/O modules, redundant power supplies and two, dual-processor CPUs. Other aspects integrated into the project included Charter Tech’s standard Human Machine Interface and extended communication links to the site’s Honeywell TDC3000 DCS system.

However, to comply with IEC 61508, it must be demonstrated that each of the defined requirements has been met. The documentation forms an important and verifiable record that the tasks have been completed.Prior to Charter Tech’s involvement, Eutech, in co-operation with the plant user’s personnel, had already worked down from the Concept stage through to the Safety Requirements phase of the project, generating the required safety documents and presiding over safety reviews in the process. Charter Tech’s role as specialist system integrators with specific burner management expertise enabled it to provide essential control system documents for the Realisation stage, including functional design specifications (FDSs).

Even though a Safety PLC was selected to perform the central control task, a failure mode effects and critically analysis (FMEA) study was still carried out to ensure that the BMS control system, and its associated peripherals, didn’t contribute any additional hazards. Key review areas included burner management sequence and operations – interlocking, logic, I/O arrangements, key-switch overrides – power supplies and distribution arrangements, and software.

To support the FMEA study further documents were produced, including a complete audit of power requirements and distribution plus a fuse discrimination study.

Charter Tech Tel: +44 (0)1929 553000