john zink burner control & narratives

19
Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS Page 1 of 19 John Zink International Functional Design Specification For Boiler fitted with two dual fuel burners Burner Management Control System Charter Tech Document Number: P0661FDS RevA.doc Version Number: Rev. A Date: 20 th April 2010 Prepared By: Simon Hall Approval By: ___________________

Upload: atif010

Post on 23-Nov-2015

89 views

Category:

Documents


8 download

DESCRIPTION

descon boiler

TRANSCRIPT

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 1 of 19

    John Zink International

    Functional Design Specification

    For

    Boiler fitted with two dual fuel burners

    Burner Management Control System

    Charter Tech Document Number: P0661FDS RevA.doc Version Number: Rev. A Date: 20

    th April 2010

    Prepared By: Simon Hall Approval By: ___________________

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 2 of 19

    Document history: -

    Version Issue date Comment

    Org 20th April 2010 Draft issue for comment

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 3 of 19

    Contents: - 1 Safety Guidelines. ..................................................................................................................................4

    1.1 Product Application. ........................................................................................................................4 2 Scope .....................................................................................................................................................5 3 Applicable documents & abbreviations ..................................................................................................6

    3.1 Applicable documents.....................................................................................................................6 4 Overview of scheme...............................................................................................................................7 5 BMS PLC hardware ...............................................................................................................................8

    5.1 Introduction .....................................................................................................................................8 5.2 Control description ..........................................................................................................................8 5.3 Alarms.............................................................................................................................................8 5.4 BMS operator interaction ................................................................................................................8

    6 Alarm definition ......................................................................................................................................9 6.1 Alarm Philosophy ............................................................................................................................9 6.2 Conditional alarms ..........................................................................................................................9

    6.2.1 Automated valves ....................................................................................................................9 6.2.2 Fuel gas pressure low low .......................................................................................................9 6.2.3 Fuel gas pressure high high ....................................................................................................9 6.2.4 Pilot gas pressure high & low alarms ....................................................................................10 6.2.5 Fuel oil pressure low low .......................................................................................................10 6.2.6 Fuel oil temperature low low..................................................................................................10 6.2.7 Dark check.............................................................................................................................10 6.2.8 Furnace pressure low low......................................................................................................10

    6.3 Analogue alarm points ..................................................................................................................10 7 BMS/ESD Sequences ..........................................................................................................................11

    7.1 Furnace Purging ...........................................................................................................................11 7.1.1 Stand timer ............................................................................................................................11 7.1.2 Post purge .............................................................................................................................11

    7.2 Pilot Start Sequence .....................................................................................................................12 7.3 Burner Start Sequence on Gas.....................................................................................................13 7.4 Burner Start Sequence on Oil .......................................................................................................13 7.5 Burner Stop Sequence on Oil .......................................................................................................14 7.6 Double block and vent valve operation.........................................................................................14 7.7 Oil MFT operation .........................................................................................................................14 7.8 Air register operation.....................................................................................................................14

    8 Interlocks & Alarms ..............................................................................................................................15 8.1 Main Interlocks..............................................................................................................................15 8.2 Common valve status ...................................................................................................................16 8.3 Main gas interlocks .......................................................................................................................17 8.4 Main oil interlocks .........................................................................................................................18 8.5 Individual burner trips....................................................................................................................19

    8.5.1 Pilot flame failure ...................................................................................................................19 8.5.2 Gas flame failure....................................................................................................................19 8.5.3 Oil flame failure......................................................................................................................19

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 4 of 19

    1 Safety Guidelines. These safety guidelines are an important and integral part of this document. Failure to adhere to these guidelines may adversely affect system safety and/or render warranty and liability claims invalid. The burner management system (BMS) must be carefully designed to protect plant equipment and personnel. However, the purchaser or operator of the BMS must have due regard for the safety and operational requirements of that process. To ensure the BMS and the equipment connected to and used with it operates in a safe, predictable and correct manner, all applicable local and national codes that apply to its installation and operation must be understood and followed by competent, qualified personnel. Personnel responsible for the installation and operation of the system should carefully study all documentation and instructions associated with the equipment supplied. It is essential that the Purchaser's maintenance and operational staff are provided with adequate training, both in the design principles of the product and it's correct operation.

    1.1 Product Application.

    BMS are generally of a complex nature and require users and operators of those products to have a level of training and engineering skill compatible with the complexity of the equipment being operated. Where a BMS is designed around a fail safe programmable logic controller (PLC), the "user" must be aware that the control devices can fail to an unsafe condition. The BMS product will have been designed to limit such an eventuality by incorporating, where appropriate, specific electrical and electronic control standards and HSE guidelines. It is unlikely that Charter Tech will have full access to the technical and operational details of the process to which its product is to be applied and the "user" must, therefore, ensure that there is adequate protection to personnel and equipment. Any product produced using this documentation must be fully tested & checked to ensure that it complies with the user requirements, the applicable codes, and operates in a safe and appropriate manner.

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 5 of 19

    2 Scope The scope of the Functional Design Specification (FDS) is to identify and collate, all the information necessary to facilitate the design of the control system for the control scheme associated with the two burner dual fuel boiler.

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 6 of 19

    3 Applicable documents & abbreviations

    3.1 Applicable documents

    The following documents are to be referred to during the design of the control system: -

    Piping & Instrument Diagram

    BMS IO LIST

    Logic Flow diagramsP0661_LTxx The following abbreviations are used in this document: -

    Bool Boolean, single bit flag

    FDS Functional Design Specification

    PLC Programmable Controller

    Real Real or floating point variable

    SCADA Supervisory Control And Data Acquisition, logging and monitoring system

    URS User Requirements Specification

    VFC Volt Free Contact

    P&IDs Piping and Instrumentation Drawings

    BMS Burner management system

    PCS Process control system

    CCS Combustion control system

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 7 of 19

    4 Overview of scheme This document concerns the control system associated with the two burner boiler. The boiler is fitted with a pair of dual fuel burners. These burners are capable of firing fuel gas and/or oil. The boiler will be fitted with a SIL rated burner management system (BMS). This burner management system is designed to control the safe operation of the burner plant. Processes will include control of pre purge, burner light up sequences, burner shutdown sequences and safety interlocking. The operator interfaces with the control system via push buttons, lamps & HMI screens. Diagnostic and alarm information is also passed to the DCS. This document covers the specific aspects associated with the operation of the burner management system, and the effect of burner failure on other associated items of plant. Each burner is fitted with an oil gun, which can be controlled individually via dedicated oil, atomising steam and scavenge block valves. The gas is supplied to each burner via dedicated double block and vent arrangement, as is the pilot gas. Each burner is fitted with a pair of failsafe, self checking flame scanners. These scanners are arranged in a one out of two arrangement (1oo2) i.e. any one out of the two scanners must be sensing a flame to allow the burner to continue to operate. These flame scanners are used to detect the ignition flame, and the main flame. Both burners are supplied oil from a dedicated ring main, common to both burners, which is fitted with a MFT and a recirc valve, together with sensors for pressure and temperature. Gas is supplied from a dedicated header, common to both burners, fitted with a MFT and header vent valve, together with sensors for gas pressure. It should be noted that each burner can be started and stopped either by local pushbuttons or via remote control. For the first burner start, feedback from the fuel and air control devices are required to ensure that they are at the correct positions. Subsequent fuel and burner start firing rate is under the direct control of the combustion control system. This must ensure that the burner firing rate and airflow is appropriate for the selected fuel start and stop. According to NFPA standards, this combustion control function should be separate to the burner management function. This document will cover the operation of the BMS only.

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 8 of 19

    5 BMS PLC hardware

    5.1 Introduction

    The boiler plant is potentially a hazardous process and as such the control system selected for the BMS duty should take the hazardous nature of the process into account, and be suitable for this application.

    5.2 Control description

    The function of the BMS is to provide an independent, high integrity system that will monitor certain critical signals and take action in the event these signals breech preset thresholds. The BMS interfaces with the plant via its own dedicated hardware and software, thus eliminating as much as possible, any common cause failure modes. The BMS controls a number of valves around the process as well as various other items of plant. If conditions are present that dictate that the BMS should take action all the valves and critical outputs are tripped to their predetermined safe state, effectively isolating the plant from any other process on site. If the BMS is healthy, then the valves under its control are driven to their normal operating positions, dictated by the current operational conditions. The equipment under the control of the BMS is listed in the I/O schedule document.

    5.3 Alarms

    Alarms can signal that a device or process has ceased operating within acceptable, predefined limits, and can indicate breakdown, wear, or process malfunctions. Alarms are also used to indicate the approach of a hazardous or undesirable condition. Alarms are an important part of this control application. In this configuration, all interlock alarms are generated and latched within the PLC control system. This prevents any possibility of spurious events affecting the control system without raising an alarm i.e. the PLC will trap any spurious events and raise the appropriate alarm flag. It is then this alarm flag that will affect the action of the PLC. This trapped alarm event should also be transferred to the DCS for operator information and diagnostic purposes. By handling the control and alarm logic within the same controller, the likelihood of missing alarm events is eliminated, and is independent of the network communication update time. This configuration also allows the system to mask selected alarms under certain process conditions, and should thus reduce nuisance or standing alarms.

    5.4 BMS operator interaction

    The BMS will be operated from one of two locations:-

    Local Burner panel, via hardwired pushbuttons.

    Remote location. The system is also fitted with a remote/local selector switch. In local control the burners can be started from the local burner panel. In remote control the burners can be started from the remote system. It should be noted that the burner stop function will operate from any location regardless of mode of operation selected. There is also a hardwired emergency stop pushbutton, that will operate at all times and override any currently active sequences. The BMS should also communicate alarm and status information to the DCS. This information can be sent via a comms link if required. This information should include all hardwired input and output status information and all alarm information.

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 9 of 19

    The information transferred in this manner should be presented to the operator in a logical, clear concise manner to enable effective and efficient operation of the plant. Depending on site practices and procedures, it may be desirable to separate some of this information into an engineering area to aid engineering staff with fault diagnostics and to decrease the amount of information presented to the operator.

    6 Alarm definition

    The boiler and associated plant is constantly monitored by the control system. The actions taken by the

    control system depend on the alarm event.

    6.1 Alarm Philosophy

    Alarms associated with the boiler are generated and latched within the BMS. Generally alarms are at logic level one when in alarm and logic level zero when the alarm has cleared.

    Any alarm latched within the boiler control system is reset by the operation of an alarm reset push button. If

    the alarm-initiating event is still present then it will not be possible to reset the alarm.

    It has been recognised that the system should only generate genuine alarm conditions, and as such many of the alarms configured in the control system should be conditional. This technique greatly reduces the number of alarms that an operator is presented with in the event of an incident to only a few relevant points. It will also reduce the number of standing alarms present when the unit is not running.

    6.2 Conditional alarms

    6.2.1 Automated valves

    The automated valves are driven open and closed from the PLC. The valves are fitted with open and closed limit switches, which are also fed back into the PLC. The logic has been configured to allow (under normal operating conditions) sufficient time for the valves to prove open when instructed to open. If the valve fails to open within this preset time the system will raise a valve failed to open alarm, and take the action appropriate for the valve in question. Although valve opening times are subject to variations, sufficient time has been allowed to enable the valve to open without causing nuisance trips. The logic has also been configured to allow (under normal operating conditions) sufficient time for the valves to prove closed when instructed to close. If the valve fails to close within this preset time the system will raise a valve failed to close alarm and initiate the appropriate action. Although valve closing times are subject to variations, sufficient time has been allowed to enable the valve to close without causing nuisance trips.

    6.2.2 Fuel gas pressure low low

    In order to reduce the number of standing or nuisance alarms present on the system, a level of intelligence should be built into the alarm logic. Low gas pressure should, for example, only be active a short time period after the gas valves are instructed to open (typically 3 seconds). This alarm will then remain active all the time the valves are open. Coding the alarm in this way will prevent the alarms from activating when the burner is stopped and the gas line vented.

    6.2.3 Fuel gas pressure high high

    In order to reduce the number of standing or nuisance alarms present on the system, a level of intelligence should be built into the alarm logic. High gas pressure should, for example, only be active a short time period after the gas valves are instructed to open (typically 3 seconds). This alarm will then

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 10 of 19

    remain active all the time the valves are open. Coding the alarm in this way will prevent the alarms from activating when the burner is stopped and the gas line vented.

    6.2.4 Pilot gas pressure high & low alarms

    In order to reduce the number of standing or nuisance alarms present on the system, a level of intelligence should be built into the alarm logic. High & low pilot gas pressure should, for example, only be active a short time period after the main pilot gas valves are instructed to open (typically 3 seconds). This alarm will then remain active all the time the valves are open. Coding the alarm in this way will prevent the alarms from activating when the burner is stopped and the pilot gas line vented. It should also be noted that the pilot gas pressure high and low alarms will be alarm conditions only, and will alert the operator to possible causes of pilot ignition problems.

    6.2.5 Fuel oil pressure low low

    In order to reduce the number of standing or nuisance alarms present on the system, a level of intelligence should be built into the alarm logic. Low oil pressure should, for example, only be active a short time period after the oil valves are instructed to open (typically 3 seconds). This alarm will then remain active all the time the valves are open.

    6.2.6 Fuel oil temperature low low

    In order to reduce the number of standing or nuisance alarms present on the system, a level of intelligence should be built into the alarm logic. Low oil temperature should, for example, only be active if: - The oil MFT valve has been instructed to open for a preset time period (typically 60 seconds) Or The oil temperature is above the low low temperature threshold (for at least short time period to allow for short transients as the temperature rises) Once either of these conditions has been met, this alarm will then remain active all the time the valves are open. This alarm needs to be dealt with in this fashion to allow the oil sufficient time to circulate and to get up to correct operating temperature.

    6.2.7 Dark check

    If a flame is detected when one is not expected it could indicate that the flame sensing device is faulty or that an uncontrolled fire is present in the boiler. In both cases it would be extremely hazardous to continue to operate the plant. The dark check alarm is active all the time that the fuel valves are closed. It is also not active for a short period after the valves have closed to allow for the fuel pressure in the line to decay, and to take the flame drop out time inherent in the flame amplifiers into account.

    6.2.8 Furnace pressure low low

    In order to reduce the number of standing or nuisance alarms present on the system, a level of intelligence should be built into the alarm logic. Low furnace pressure should, for example, only be active if the furnace pressure remains low for a predetermined time period (typically 2 seconds).

    6.3 Analogue alarm points

    Some of the process parameters have alarm thresholds along with trip thresholds associated with them.

    Whilst this text generally refers to system trips, it should be noted that each trip would also raise a unique

    alarm, generated in DCS and outside the scope of this document. The alarm points should be configured

    such that they cause an alarm on the system before the trip function, allowing the operator time to react to

    the alarm and thus avoid a trip situation. The trip levels will be hard coded in software so that they cannot

    be changed in normal operation of the system.

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 11 of 19

    7 BMS/ESD Sequences The BMS/ESD system manages the trips, interlocks and safety critical sequences for the boiler through a dedicated safety PLC. The burners associated with the boiler are each fitted with an ignition pilot that is designed to fire intermittently. Before a burner can be started a furnace pre purge must be undertaken. Once a pre purge has been completed a burner can be started. The furnace pre purge is designed to purge the furnace of any un-burnt fuels or explosive gases. Stopping the last firing burner will initiate a post purge sequence. If a burner is said to be at normal stop, then by definition, it is not sequencing and is not tripped. If a burner is tripped, a reset needs to be operated before any further action can take place associated with the tripped burner.

    7.1 Furnace Purging

    The boiler furnace is purged both before light-off - a pre-purge - and after a shutdown - a post-purge. An operator requests a pre-purge by operating one of the purge start pushbuttons. A post-purge is initiated automatically when the last burner is stopped either by the operator or as a result of a master fuel trip. The pre purge should involve at least five volume changes of the boiler enclosure and a minimum of five minutes whilst the pre purge conditions are maintained. Conditions for pre purge are: -

    All main interlocks correct

    Air flow above purge flow rate

    All air registers open

    No burner sequences in progress (either pilot or main fuel start) When the above conditions are met, the BMS should start the pre purge timer. If the conditions fail at any point in the purge, the purge timer should reset, and a further full purge will be required. When the start purge pushbutton is operated, provided the boiler is at normal stop, the CCS is signalled to increase the airflow to purge settings. When the pre purge timer completes, the CCS is signalled to decrease the airflow to ignition settings. On completion of a pre-purge, the BMS removes the air to purge signal to CCS and sets the air to ignition signal to CCS. If the purge flow fails during the purge period, the BMS logic prevents any subsequent actions. When the purge flow is re-instated the timer is re-started. After the pre-purge period, the purge complete signal is energised. Once the ignition settings are achieved the fuel ready to start signal is energised. At this stage either of the burners can be started on either fuel.

    7.1.1 Stand timer

    Once a pre purge has completed, a ten minute stand timer is started. This is the maximum time that the pre purge will remain valid. If a burner start sequence is not initiated within this time period, a further pre purge will be required before a burner can be started.

    7.1.2 Post purge

    If the last burner in the boiler is stopped for any reason, a post purge will be initiated, which will open the air registers and allow the FD fan to purge the boiler for a pre determined time period. Initiating a pre-purge during a post-purge is permitted. There is no need to perform two purges if an immediate re-start is required.

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 12 of 19

    7.2 Pilot Start Sequence

    It should be noted that the BMS will precede the sequence detailed below with a pre purge. Only once the pre purge has completed successfully will the following sequence take place. The pilot start sequence is initiated as part of the main burner start routine (either oil or gas). The pilot start routine is also initiated as part of an oil burner normal stop gun purge. The BMS will:

    Check that the requested burner air isolation damper is open.

    For the first pilot to light, prove that there is no flame detected in any burner or pilot (dark check).

    Prove that the combustion airflow is at light-up

    Prove that the pilot header vent isolation valve is closed. If not, close it and prove it closed.

    Prove that the pilot header isolation valve is open. If not, open it and prove it open.

    Start the requested burner ignition transformer (4.5 seconds).

    Open the requested burner igniter gas isolation valve (for a 5 second period, after which the pilot flame must be detected for the valve to remain open).

    De-energise the transformer.

    Prove that the igniter flame is established via either one of the two flame scanners within the 5 second valve open time.

    Continue to prove that the igniter flame is established for the igniter flame stabilisation period . The pilot ignition sequence steps are time limited according to EN 746-2. Failure to achieve a step in the given time will cause a burner lockout and raise an alarm. If the ignition sequence fails, no ignition re-trial is permitted before the burner is locked out. A lockout condition will require a manual reset before any further actions can be taken with this burner. If ignition fails, and it is the only burner firing, then a re-purge will be required. If however another burner is firing, then the tripped burner can be reset and a further ignition attempt made. It should be noted that repeated ignition attempts of either the pilots or the main flame should not be attempted without first establishing and rectifying the cause of the failed attempts.

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 13 of 19

    7.3 Burner Start Sequence on Gas

    A gas start sequence is initiated by operating the gas start pushbutton (local or remote depending on control mode selection). A gas start sequence can only be initiated if a pre purge has completed, and no other sequence has been initiated and not completed e.g. a gas start cannot be initiated at the same time as an oil start. Operation of the gas start sequence, will first initiate the pilot start sequence, and once the pilot start sequence has successfully completed, the gas sequence will commence as detailed below. The BMS will:

    Prove that the pilot for the requested burner is on.

    Prove that the combustion airflow is at light-up.

    Prove that the fuel gas is at the required ignition position.

    Prove that the main gas header vent isolation valve is closed. If not, close it and prove it closed.

    Prove that the gas MFT valve is open. If not, open it and prove it open.

    Check that the main gas pressure is stable within the high and low pressure limits but include a timed override for the gas pressure interlock for the first burner to be started.

    Open the requested burner main gas block valves for a 5 second period, after which a main flame must be detected for the valve to remain open.

    Prove that the main flame is established via the flame detector.

    Continue to prove that the main flame is established for the main flame stabilisation period (20 seconds).

    Signal normal run after the flame stabilisation period has completed, and removes the to ignition signals to CCS.

    Main burner flame proving and stabilisation times are in accordance with EN 746-2 and burner vendor recommendations. Main burner re-trials are not permitted: main flame failure always results in a burner lockout and a re-purge for the first burner.

    7.4 Burner Start Sequence on Oil

    An oil start sequence is initiated by operating the oil start pushbutton (see local/remote control selection). An oil start sequence can only be initiated if a pre purge has completed, and no other sequence has been initiated and not completed e.g. an oil start cannot be initiated at the same time as another oil start or a gas start. Operation of the oil start sequence, will first initiate the pilot start sequence, and once the pilot start sequence has successfully completed, the oil sequence will commence as detailed below. The BMS will:

    Prove that the pilot for the requested burner is on. If not, start it as above.

    Prove that the oil supply MFT valve is open. If not, open it using the reset pushbuttons and allow the oil temperature and pressure to reach their operational levels.

    Prove that the oil is at the required ignition position.

    Prove that the combustion airflow is at light-up.

    Prove that the atomising steam scavenge valve is closed for the requested burner.

    Open the requested burner steam block valve.

    Prove that the atomising steam is at the correct pressure.

    Open the requested burner oil block valve for a 5 second period, after which a main flame must be detected for the valve to remain open.

    Prove that the main flame is established via either one of the two flame detectors & stop the pilot burner.

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 14 of 19

    Continue to prove that the main flame is established for the main flame stabilisation period (20 seconds).

    Signal normal run after the flame stabilisation period has completed, and removes the to ignition signals to DCS.

    Main burner re-trials are not permitted: main flame failure always results in a burner lockout and a re-purge for the first burner.

    7.5 Burner Stop Sequence on Oil

    If an oil burner is stopped normally i.e not under trip conditions, then it should carry out a gun purge. This will involve, closing the burner oil and atomising steam valves, and opening the steam crossover valve for a short period. It should be noted that the steam crossover valve should not be commanded to operate until the burner oil valve has proved closed. During the gun purge period (set to 20 seconds), in order for the pilot gas valve to remain open, the pilot gas flame must be present. Failure of the flame will result in the pilot gas valves closing.

    7.6 Double block and vent valve operation

    The double block and vent valves (or double block and bleed) should, under normal operating conditions operate in the manner described. On a double block and vent to open command, the vent valve should close, and once proved closed the block valves will be commanded to open. This sequence should only be active during normal valve operation. In the event of an interlock failure, the block valves and vent valve should operate as quickly as possible.

    7.7 Oil MFT operation

    When the main interlocks and the oil interlocks are both correct then the oil MFT should be instructed to open by the BMS. This will help maintain the temperature and pressure in the line. If should be noted that the oil temperature alarm is delayed for a time period to allow the oil to reach its operational temperature. If the oil fails to achieve the required temperature within this time period, the oil MFT will close. It can be re-opened by operation of the reset pushbutton. This will open the MFT and reset the oil temperature delay timer, to allow a further period for the oil to reach the correct temperature.

    7.8 Air register operation

    Each burner is fitted with an air register that prevents excessive amounts of air from passing through a non-firing burner. The air registers are automatically operated, and are fitted with open and closed limit switches. The open limit switch is used by the system, and trips the burner, if a burner is firing or requested to fire and the air register is not proven open. The closed limit switch is provided for information only. The air dampers are both requested to open during a pre purge. Once a purge has completed the air dampers are requested to close. If a burner is requested to start, the air damper associated with the starting burner is opened, and remains open all the time the burner is firing. The air dampers are moved by double acting actuators that require two BMS outputs to operate. One signal instructs the damper to open, the second instructs the dampers to close. Removal of both signals results in the damper remaining in its present position.

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 15 of 19

    8 Interlocks & Alarms The BMS will constantly monitor the current plant conditions, and in the event of an alarm or trip condition will take the appropriate action. The alarms and their actions are grouped into the appropriate categories. It should also be noted that the alarms should be configured as detailed in an earlier section of this document.

    8.1 Main Interlocks

    Failure of any of the main interlocks will result in a master fuel trip. This will have the effect of isolating all fuel supplies to the boiler and tripping any burners that are firing. A main interlock trip shall always take priority over any other sequence or alarm event. The main interlocks are constantly monitored, and failure of a main interlock will result in an immediate MFT. A main interlock alarm will be initiated by failure of any of the following: -

    Ref Description Tag

    1 Combustion air flow low low FALL-2100A

    2 Furnace pressure High PSH-1500A

    3 Instrument air pressure low low (2 out of three voted signal) PSL-1800/1/2

    4 Any E stop operated

    5 FD Fan stopped

    6 Combustion air pressure low PSL-2100A

    7 Burner 1 dark check failed

    8 Burner 2 dark check failed

    9 Stand timer failed

    10 Total loss of flame

    11 Pilot gas MFT failed to close ZAL-2010A

    12 Pilot gas header vent failed ZAL/H/P 2207A

    13 Oil MFT failed to close ZAL-2010A

    14 Gas MFT failed to close ZAL-2200A

    15 Gas header vent valve failed ZAL/H/P-2214A

    16

    17

    A master fuel trip isolates all fuels to the furnace by:

    Closing all individual burner isolation valves, closing the common header isolation valve and opening the header vent valve in the pilot gas system.

    Closing all individual burner isolation valves, closing the common header isolation valves and opening the header vent valve in the main fuel gas system.

    Closing all individual burner isolation valves, closing the common header supply and open the return isolation valves in the oil system.

    A master fuel trip does not stop the FD fan. A master fuel trip can be reset using the reset pushbuttons.

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 16 of 19

    8.2 Common valve status

    The status of all valves is constantly monitored by the BMS. Certain valve failure modes are considered non critical and result in an alarm only. Other Failure modes should be considered as safety critical and as a result are considered as a start interlock for all fuels. These critical valve failures associated with the burner are detailed in the table below: -

    Ref Description Tag

    1 Burner 1 air register failed to open ZAH-1806A

    2 Burner 1 oil gun block valve failed to close ZAL-2013A

    3 Burner 1 upstream gas block valve failed to close ZAL-2204A

    4 Burner 1 gas vent valve failed to open or close ZAL/H/P-2205A

    5 Burner 1 downstream gas block valve failed to close ZAL-2206A

    6 Burner 2 air register failed to open ZAH-1804A

    7 Burner 2 oil gun block valve failed to close ZAL-2012A

    8 Burner 2 upstream gas block valve failed to close ZAL-2201A

    9 Burner 2 gas vent valve failed to open or close ZAL/H/P-2202A

    10 Burner 2 downstream gas block valve failed to close ZAL-2203A

    11 Burner 1 upstream pilot gas block failed to close ZAL-2208A

    12 Burner 1 downstream pilot gas block failed to close ZAL-2210A

    13 Burner 1 pilot vent gas block failed to open or close ZAL/H/P-2209A

    14 Burner 2 upstream pilot gas block failed to close ZAL-2211A

    15 Burner 2 downstream pilot gas block failed to close ZAL-2213A

    16 Burner 2 pilot vent gas block failed to open or close ZAL/H/P2212A

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 17 of 19

    8.3 Main gas interlocks

    A main gas header trip is initiated when:

    Ref Description Tag

    1 Gas pressure low low PALL-2200A

    2 Gas pressure high high PAHH-2200A

    3 Burner 1 upstream gas block valve failed to close ZAL-2204A

    4 Burner 1 gas vent valve failed to open or close ZAL/H/P-2205A

    5 Burner 1 downstream gas block valve failed to close ZAL-2206A

    6 Burner 2 upstream gas block valve failed to close ZAL-2201A

    7 Burner 2 gas vent valve failed to open or close ZAL/H/P-2202A

    8 Burner 2 downstream gas block valve failed to close ZAL-2203A

    A main gas header trip isolates gas to the boiler by:

    Closing all individual burner isolation valves, closing the common header isolation valve and opening the header vent valve in the main fuel gas system.

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 18 of 19

    8.4 Main oil interlocks

    A main oil header trip is initiated when:

    Ref Description Tag

    1 Oil pressure low low PALL-2010A

    2 Oil temperature low low TALL-2010A

    3 Atomising steam pressure low low PALL-2310A

    4 Burner 1 oil gun block valve failed to close ZAL-2013A

    5 Burner 2 oil gun block valve failed to close ZAL-2012A

    A main oil header trip isolates oil to the boiler by:

    Closing all individual burner isolation valves, closing the common MFT valve and opening the common recirc valve in the main fuel oil system, closing the atomising steam valves and the atomising crossover valves.

    The oil temperature header trip is set so that the header valves can be open for up to 1 minute before it takes effect.

  • Functional Design Specification; Rev A Charter Tech Ltd Doc Ref: P0661FDS

    Page 19 of 19

    8.5 Individual burner trips

    In the case of all trips, the cause of the trip should be established and rectified before any further attempts at burner operation are made.

    8.5.1 Pilot flame failure

    If the pilot flame is not on when it should be all pilot gas to the burner is isolated. If the pilot flame failure is associated with the oil ignition sequence, then the oil, atomising steam and gun purge crossover valves are also closed.

    8.5.2 Gas flame failure

    If the gas main flame is not on when it should be the gas to the burner is isolated by closing the burner gas block valves and opening the burner gas vent valve. If the ignition sequence is in progress then the ignition gas block valves will also close, and the ignition gas vent will open. If no other burners are firing then the main fuel MFTs will also operate and the system will need to be reset and a pre purge carried out before it can be re-started. If another burner is firing, then the gas burner can be re-set and restarted without the need to pre purge first.

    8.5.3 Oil flame failure

    If the oil main flame is not on when it should be, the oil to the burner is isolated by closing the burner oil, atomising steam and scavenging block valves. If no other burners are firing then the main fuel MFTs will also operate and the system will need to be reset and a pre purge carried out before it can be re-started. If another burner is firing, then the oil burner can be re-set and restarted without the need to pre purge first.