With safety PLCs available now, is a conventional dual PLC system sufficient for safety protection of fired boilers worth contemplating? Requesting for information sharing in this regard, along with experience if any with both/any type of system.

 

For any implementation of Programmable Electronic System (i.e PLCs) for safety purposes in the process industries (like to protect Boilers) you should follow the IEC-61508, IEC-61511, ISA S84.01, and NFPA-85 standards.

If you are planning to use a PLC as part of your safety system for a fired boiler, one important question you have to answer is: What is the Safety Integrity Level (SIL) required for each Safety Instrumented Function (SIF) you are planning to implement in your PLC? There are four SIL levels, from 1 to 4, each SIL level is related to the probability of failure under demand (PFD) of each SIF, the higher the SIL 4, the lower the PFD. You have to demonstrate that the configuration, whether single, dual, triple, etc, of your entire Safety Instrumented System (SIS) for each SIF, achieve the required SIL level.

The PLC is not the only component you have to evaluate in terms of the safety system, you should also have to consider the sensors (Transmitters, limit switches, etc) and the actuators (Valves, relays).

Typically if you are going to implement a boiler protection using a PLC you should use a "Safety PLC". A safety PLC is defined as a Programmable Electronic System that have been certified by an independent organization (like TÜV) to be suitable to be used for SIL "X" applications.

If you are going to use the PLC for Burner Management (BMS), your insurance company might need that your system being certified by and independent authority (like Factory Mutual) to comply with the NFPA-85.

In summary, a dual PLC itself is neither not necessary nor sufficient to protect a fired boiler. You should consider all the above mentioned issues to define the best configuration for your solution.

If we can provide further assistance on this issue, do not hesitate to contact us.

Hope this help,

Juan Calderon
MCL Control S.A.
www.mclcontrol.com
Ph. +58(212)238.2996 Ext. 119
Fax. +58(212)232.1223

 

Normally when people refer to "conventional dual PLC system" they are talking about a "hot-standby" configuration. This type of configuration is basically oriented to improve the "fault tolerance" of the system, but it doesn't necessarily mean "safety". A truly safe dual PLC system using conventional technology would imply two completely redundant PLC including the I/O working in parallel and taking both control of the outputs at the same time connecting their circuits in series with the load. If any of the redundant legs fails then the whole loop should shut down (1oo2 Voting). This will result in a very safe application but expensive, complicated and higher probability of failure (fail-safe). If your risk analysis says that you need a SIS for a SIL 2 or higher I would say that you better go with the safety PLCs or PES.

However, I know that most of the big PLC manufacturers are trying to improve the diagnostic & reliability of their PLCs making them less conventional but suitable for safety application. They still need to get certifications and experience to be considered safety systems. If your PLC provider is one of these manufacturer, you have done a good job (good practice) in your system and have had good record using their products in your boiler (you have to have paperwork to demonstrate this) then the new standards might allow you to keep using the same solution.

Jonathan Jaramillo
Applications Manager
MCL Control USA, Inc.
Houston, TX
281-583.9378