John Zink Burner Control & Narratives

Functional Design Specification; Rev A
Charter Tech Ltd

Doc Ref: P0661FDS

Page 1 of 19

John Zink International

Functional Design Specification

For

Boiler fitted with two dual fuel burners

Burner Management Control System

Charter Tech Document Number: P0661FDS RevA.doc

Version Number: Rev. A

Date: 20
th
April 2010

Prepared By: Simon Hall

Approval By: ___________________

Charter Tech Ltd
Doc Ref: P0661FDS

Page 2 of 19
Document history: -

Version Issue date Comment
Org 20
th
April 2010 Draft issue for comment

Charter Tech Ltd
Doc Ref: P0661FDS

Page 3 of 19
Contents: -

1 Safety Guidelines. .................................................................................................................................. 4
1.1 Product Application. ........................................................................................................................4
2 Scope ..................................................................................................................................................... 5
3 Applicable documents & abbreviations .................................................................................................. 6
3.1 Applicable documents.....................................................................................................................6
4 Overview of scheme............................................................................................................................... 7
5 BMS PLC hardware ............................................................................................................................... 8
5.1 Introduction .....................................................................................................................................8
5.2 Control description..........................................................................................................................8
5.3 Alarms.............................................................................................................................................8
5.4 BMS operator interaction ................................................................................................................8
6 Alarm definition ...................................................................................................................................... 9
6.1 Alarm Philosophy............................................................................................................................9
6.2 Conditional alarms ..........................................................................................................................9
6.2.1 Automated valves ....................................................................................................................9
6.2.2 Fuel gas pressure low low.......................................................................................................9
6.2.3 Fuel gas pressure high high ....................................................................................................9
6.2.4 Pilot gas pressure high & low alarms ....................................................................................10
6.2.5 Fuel oil pressure low low .......................................................................................................10
6.2.6 Fuel oil temperature low low..................................................................................................10
6.2.7 Dark check.............................................................................................................................10
6.2.8 Furnace pressure low low......................................................................................................10
6.3 Analogue alarm points ..................................................................................................................10
7 BMS/ESD Sequences.......................................................................................................................... 11
7.1 Furnace Purging ...........................................................................................................................11
7.1.1 Stand timer ............................................................................................................................11
7.1.2 Post purge .............................................................................................................................11
7.2 Pilot Start Sequence .....................................................................................................................12
7.3 Burner Start Sequence on Gas.....................................................................................................13
7.4 Burner Start Sequence on Oil .......................................................................................................13
7.5 Burner Stop Sequence on Oil .......................................................................................................14
7.6 Double block and vent valve operation.........................................................................................14
7.7 Oil MFT operation .........................................................................................................................14
7.8 Air register operation.....................................................................................................................14
8 Interlocks & Alarms .............................................................................................................................. 15
8.1 Main Interlocks..............................................................................................................................15
8.2 Common valve status ...................................................................................................................16
8.3 Main gas interlocks .......................................................................................................................17
8.4 Main oil interlocks .........................................................................................................................18
8.5 Individual burner trips....................................................................................................................19
8.5.1 Pilot flame failure ...................................................................................................................19
8.5.2 Gas flame failure....................................................................................................................19
8.5.3 Oil flame failure......................................................................................................................19

Charter Tech Ltd
Doc Ref: P0661FDS

Page 4 of 19
1 Safety Guidelines.
These safety guidelines are an important and integral part of this document. Failure to adhere to these
guidelines may adversely affect system safety and/or render warranty and liability claims invalid.

The burner management system (BMS) must be carefully designed to protect plant equipment and
personnel. However, the purchaser or operator of the BMS must have due regard for the safety and
operational requirements of that process.

To ensure the BMS and the equipment connected to and used with it operates in a safe, predictable and
correct manner, all applicable local and national codes that apply to its installation and operation must be
understood and followed by competent, qualified personnel.

Personnel responsible for the installation and operation of the system should carefully study all
documentation and instructions associated with the equipment supplied.

It is essential that the Purchaser's maintenance and operational staff are provided with adequate training,
both in the design principles of the product and it's correct operation.

1.1 Product Application.
BMS are generally of a complex nature and require users and operators of those products to have a level
of training and engineering skill compatible with the complexity of the equipment being operated.

Where a BMS is designed around a fail safe programmable logic controller (PLC), the "user" must be
aware that the control devices can fail to an unsafe condition.

The BMS product will have been designed to limit such an eventuality by incorporating, where
appropriate, specific electrical and electronic control standards and HSE guidelines.

It is unlikely that Charter Tech will have full access to the technical and operational details of the process
to which its product is to be applied and the "user" must, therefore, ensure that there is adequate
protection to personnel and equipment.

Any product produced using this documentation must be fully tested & checked to ensure that it complies
with the user requirements, the applicable codes, and operates in a safe and appropriate manner.

Charter Tech Ltd
Doc Ref: P0661FDS

Page 5 of 19
2 Scope

The scope of the Functional Design Specification (FDS) is to identify and collate, all the information
necessary to facilitate the design of the control system for the control scheme associated with the two
burner dual fuel boiler.

Charter Tech Ltd
Doc Ref: P0661FDS

Page 6 of 19
3 Applicable documents & abbreviations
3.1 Applicable documents
The following documents are to be referred to during the design of the control system: -

Piping & Instrument Diagram
BMS IO LIST
Logic Flow diagramsP0661_LTxx

The following abbreviations are used in this document: -

Bool Boolean, single bit flag
FDS Functional Design Specification
PLC Programmable Controller
Real Real or floating point variable
SCADA Supervisory Control And Data Acquisition, logging and monitoring system
URS User Requirements Specification
VFC Volt Free Contact
P&IDs Piping and Instrumentation Drawings
BMS Burner management system
PCS Process control system
CCS Combustion control system

Charter Tech Ltd
Doc Ref: P0661FDS

Page 7 of 19
4 Overview of scheme

This document concerns the control system associated with the two burner boiler.

The boiler is fitted with a pair of dual fuel burners. These burners are capable of firing fuel gas and/or oil.
The boiler will be fitted with a SIL rated burner management system (BMS). This burner management
system is designed to control the safe operation of the burner plant. Processes will include control of pre
purge, burner light up sequences, burner shutdown sequences and safety interlocking.

The operator interfaces with the control system via push buttons, lamps & HMI screens. Diagnostic and
alarm information is also passed to the DCS.

This document covers the specific aspects associated with the operation of the burner management
system, and the effect of burner failure on other associated items of plant.

Each burner is fitted with an oil gun, which can be controlled individually via dedicated oil, atomising
steam and scavenge block valves. The gas is supplied to each burner via dedicated double block and
vent arrangement, as is the pilot gas.

Each burner is fitted with a pair of failsafe, self checking flame scanners. These scanners are arranged in
a one out of two arrangement (1oo2) i.e. any one out of the two scanners must be sensing a flame to
allow the burner to continue to operate. These flame scanners are used to detect the ignition flame, and
the main flame.

Both burners are supplied oil from a dedicated ring main, common to both burners, which is fitted with a
MFT and a recirc valve, together with sensors for pressure and temperature. Gas is supplied from a
dedicated header, common to both burners, fitted with a MFT and header vent valve, together with
sensors for gas pressure.

It should be noted that each burner can be started and stopped either by local pushbuttons or via remote
control. For the first burner start, feedback from the fuel and air control devices are required to ensure
that they are at the correct positions. Subsequent fuel and burner start firing rate is under the direct
control of the combustion control system. This must ensure that the burner firing rate and airflow is
appropriate for the selected fuel start and stop. According to NFPA standards, this combustion control
function should be separate to the burner management function. This document will cover the operation
of the BMS only.

Charter Tech Ltd
Doc Ref: P0661FDS

Page 8 of 19
5 BMS PLC hardware
5.1 Introduction
The boiler plant is potentially a hazardous process and as such the control system selected for the BMS
duty should take the hazardous nature of the process into account, and be suitable for this application.

5.2 Control description
The function of the BMS is to provide an independent, high integrity system that will monitor certain
critical signals and take action in the event these signals breech preset thresholds. The BMS interfaces
with the plant via its own dedicated hardware and software, thus eliminating as much as possible, any
common cause failure modes.

The BMS controls a number of valves around the process as well as various other items of plant. If
conditions are present that dictate that the BMS should take action all the valves and critical outputs are
tripped to their predetermined safe state, effectively isolating the plant from any other process on site. If
the BMS is healthy, then the valves under its control are driven to their normal operating positions,
dictated by the current operational conditions.

The equipment under the control of the BMS is listed in the I/O schedule document.

5.3 Alarms
Alarms can signal that a device or process has ceased operating within acceptable, predefined limits, and
can indicate breakdown, wear, or process malfunctions. Alarms are also used to indicate the approach of
a hazardous or undesirable condition. Alarms are an important part of this control application.

In this configuration, all interlock alarms are generated and latched within the PLC control system. This
prevents any possibility of spurious events affecting the control system without raising an alarm i.e. the
PLC will trap any spurious events and raise the appropriate alarm flag. It is then this alarm flag that will
affect the action of the PLC. This trapped alarm event should also be transferred to the DCS for operator
information and diagnostic purposes.

By handling the control and alarm logic within the same controller, the likelihood of missing alarm events
is eliminated, and is independent of the network communication update time. This configuration also
allows the system to mask selected alarms under certain process conditions, and should thus reduce
nuisance or standing alarms.

5.4 BMS operator interaction
The BMS will be operated from one of two locations:-
Local Burner panel, via hardwired pushbuttons.
Remote location.

The system is also fitted with a remote/local selector switch. In local control the burners can be started
from the local burner panel. In remote control the burners can be started from the remote system. It
should be noted that the burner stop function will operate from any location regardless of mode of
operation selected.

There is also a hardwired emergency stop pushbutton, that will operate at all times and override any
currently active sequences.

The BMS should also communicate alarm and status information to the DCS. This information can be
sent via a comms link if required. This information should include all hardwired input and output status
information and all alarm information.

Charter Tech Ltd
Doc Ref: P0661FDS

Page 9 of 19
The information transferred in this manner should be presented to the operator in a logical, clear concise
manner to enable effective and efficient operation of the plant.

Depending on site practices and procedures, it may be desirable to separate some of this information into
an engineering area to aid engineering staff with fault diagnostics and to decrease the amount of
information presented to the operator.

6 Alarm definition

The boiler and associated plant is constantly monitored by the control system. The actions taken by the
control system depend on the alarm event.

6.1 Alarm Philosophy
Alarms associated with the boiler are generated and latched within the BMS. Generally alarms are at
logic level one when in alarm and logic level zero when the alarm has cleared.

Any alarm latched within the boiler control system is reset by the operation of an alarm reset push button. If
the alarm-initiating event is still present then it will not be possible to reset the alarm.

It has been recognised that the system should only generate genuine alarm conditions, and as such
many of the alarms configured in the control system should be conditional. This technique greatly reduces
the number of alarms that an operator is presented with in the event of an incident to only a few relevant
points. It will also reduce the number of standing alarms present when the unit is not running.

6.2 Conditional alarms
6.2.1 Automated valves
The automated valves are driven open and closed from the PLC. The valves are fitted with open and
closed limit switches, which are also fed back into the PLC.

The logic has been configured to allow (under normal operating conditions) sufficient time for the valves
to prove open when instructed to open. If the valve fails to open within this preset time the system will
raise a valve failed to open alarm, and take the action appropriate for the valve in question. Although
valve opening times are subject to variations, sufficient time has been allowed to enable the valve to open
without causing nuisance trips.

The logic has also been configured to allow (under normal operating conditions) sufficient time for the
valves to prove closed when instructed to close. If the valve fails to close within this preset time the
system will raise a valve failed to close alarm and initiate the appropriate action. Although valve closing
times are subject to variations, sufficient time has been allowed to enable the valve to close without
causing nuisance trips.

6.2.2 Fuel gas pressure low low
In order to reduce the number of standing or nuisance alarms present on the system, a level of
intelligence should be built into the alarm logic. Low gas pressure should, for example, only be active a
short time period after the gas valves are instructed to open (typically 3 seconds). This alarm will then
remain active all the time the valves are open. Coding the alarm in this way will prevent the alarms from
activating when the burner is stopped and the gas line vented.

6.2.3 Fuel gas pressure high high
intelligence should be built into the alarm logic. High gas pressure should, for example, only be active a
short time period after the gas valves are instructed to open (typically 3 seconds). This alarm will then
Charter Tech Ltd
Doc Ref: P0661FDS

Page 10 of 19
remain active all the time the valves are open. Coding the alarm in this way will prevent the alarms from
activating when the burner is stopped and the gas line vented.
6.2.4 Pilot gas pressure high & low alarms
intelligence should be built into the alarm logic. High & low pilot gas pressure should, for example, only be
active a short time period after the main pilot gas valves are instructed to open (typically 3 seconds). This
alarm will then remain active all the time the valves are open. Coding the alarm in this way will prevent the
alarms from activating when the burner is stopped and the pilot gas line vented.

It should also be noted that the pilot gas pressure high and low alarms will be alarm conditions only, and
will alert the operator to possible causes of pilot ignition problems.
6.2.5 Fuel oil pressure low low
intelligence should be built into the alarm logic. Low oil pressure should, for example, only be active a
short time period after the oil valves are instructed to open (typically 3 seconds). This alarm will then
remain active all the time the valves are open.
6.2.6 Fuel oil temperature low low
intelligence should be built into the alarm logic.

Low oil temperature should, for example, only be active if: -

The oil MFT valve has been instructed to open for a preset time period (typically 60 seconds)
Or
The oil temperature is above the low low temperature threshold (for at least short time period to allow for
short transients as the temperature rises)

Once either of these conditions has been met, this alarm will then remain active all the time the valves are
open. This alarm needs to be dealt with in this fashion to allow the oil sufficient time to circulate and to get
up to correct operating temperature.
6.2.7 Dark check
If a flame is detected when one is not expected it could indicate that the flame sensing device is faulty or
that an uncontrolled fire is present in the boiler. In both cases it would be extremely hazardous to
continue to operate the plant. The dark check alarm is active all the time that the fuel valves are closed. It
is also not active for a short period after the valves have closed to allow for the fuel pressure in the line to
decay, and to take the flame drop out time inherent in the flame amplifiers into account.
6.2.8 Furnace pressure low low
intelligence should be built into the alarm logic. Low furnace pressure should, for example, only be active
if the furnace pressure remains low for a predetermined time period (typically 2 seconds).

6.3 Analogue alarm points
Some of the process parameters have alarm thresholds along with trip thresholds associated with them.
Whilst this text generally refers to system trips, it should be noted that each trip would also raise a unique
alarm, generated in DCS and outside the scope of this document. The alarm points should be configured
such that they cause an alarm on the system before the trip function, allowing the operator time to react to
the alarm and thus avoid a trip situation. The trip levels will be hard coded in software so that they cannot
be changed in normal operation of the system.

Charter Tech Ltd
Doc Ref: P0661FDS

Page 11 of 19
7 BMS/ESD Sequences

The BMS/ESD system manages the trips, interlocks and safety critical sequences for the boiler through a
dedicated safety PLC.

The burners associated with the boiler are each fitted with an ignition pilot that is designed to fire
intermittently. Before a burner can be started a furnace pre purge must be undertaken. Once a pre purge
has been completed a burner can be started. The furnace pre purge is designed to purge the furnace of
any un-burnt fuels or explosive gases. Stopping the last firing burner will initiate a post purge sequence.

If a burner is said to be at normal stop, then by definition, it is not sequencing and is not tripped. If a
burner is tripped, a reset needs to be operated before any further action can take place associated with
the tripped burner.

7.1 Furnace Purging
The boiler furnace is purged both before light-off - a pre-purge - and after a shutdown - a post-purge.
An operator requests a pre-purge by operating one of the purge start pushbuttons. A post-purge is
initiated automatically when the last burner is stopped either by the operator or as a result of a master fuel
trip.

The pre purge should involve at least five volume changes of the boiler enclosure and a minimum of five
minutes whilst the pre purge conditions are maintained. Conditions for pre purge are: -

All main interlocks correct
Air flow above purge flow rate
All air registers open
No burner sequences in progress (either pilot or main fuel start)

When the above conditions are met, the BMS should start the pre purge timer. If the conditions fail at any
point in the purge, the purge timer should reset, and a further full purge will be required. When the start
purge pushbutton is operated, provided the boiler is at normal stop, the CCS is signalled to increase the
airflow to purge settings. When the pre purge timer completes, the CCS is signalled to decrease the
airflow to ignition settings.

On completion of a pre-purge, the BMS removes the air to purge signal to CCS and sets the air to
ignition signal to CCS.

If the purge flow fails during the purge period, the BMS logic prevents any subsequent actions. When the
purge flow is re-instated the timer is re-started.

After the pre-purge period, the purge complete signal is energised.

Once the ignition settings are achieved the fuel ready to start signal is energised. At this stage either of
the burners can be started on either fuel.
7.1.1 Stand timer
Once a pre purge has completed, a ten minute stand timer is started. This is the maximum time that the
pre purge will remain valid. If a burner start sequence is not initiated within this time period, a further pre
purge will be required before a burner can be started.
7.1.2 Post purge
If the last burner in the boiler is stopped for any reason, a post purge will be initiated, which will open the
air registers and allow the FD fan to purge the boiler for a pre determined time period.

Initiating a pre-purge during a post-purge is permitted. There is no need to perform two purges if an
immediate re-start is required.
Charter Tech Ltd
Doc Ref: P0661FDS

Page 12 of 19

7.2 Pilot Start Sequence
It should be noted that the BMS will precede the sequence detailed below with a pre purge. Only once the
pre purge has completed successfully will the following sequence take place.

The pilot start sequence is initiated as part of the main burner start routine (either oil or gas). The pilot
start routine is also initiated as part of an oil burner normal stop gun purge.

The BMS will:

Check that the requested burner air isolation damper is open.
For the first pilot to light, prove that there is no flame detected in any burner or pilot (dark
check).
Prove that the combustion airflow is at light-up
Prove that the pilot header vent isolation valve is closed. If not, close it and prove it closed.
Prove that the pilot header isolation valve is open. If not, open it and prove it open.
Start the requested burner ignition transformer (4.5 seconds).
Open the requested burner igniter gas isolation valve (for a 5 second period, after which the pilot
flame must be detected for the valve to remain open).
De-energise the transformer.
Prove that the igniter flame is established via either one of the two flame scanners within the 5
second valve open time.
Continue to prove that the igniter flame is established for the igniter flame stabilisation period .

The pilot ignition sequence steps are time limited according to EN 746-2. Failure to achieve a step in the
given time will cause a burner lockout and raise an alarm.

If the ignition sequence fails, no ignition re-trial is permitted before the burner is locked out. A lockout
condition will require a manual reset before any further actions can be taken with this burner.

If ignition fails, and it is the only burner firing, then a re-purge will be required. If however another burner
is firing, then the tripped burner can be reset and a further ignition attempt made. It should be noted that
repeated ignition attempts of either the pilots or the main flame should not be attempted without first
establishing and rectifying the cause of the failed attempts.

Charter Tech Ltd
Doc Ref: P0661FDS

Page 13 of 19

7.3 Burner Start Sequence on Gas
A gas start sequence is initiated by operating the gas start pushbutton (local or remote depending on
control mode selection). A gas start sequence can only be initiated if a pre purge has completed, and no
other sequence has been initiated and not completed e.g. a gas start cannot be initiated at the same time
as an oil start.

Operation of the gas start sequence, will first initiate the pilot start sequence, and once the pilot start
sequence has successfully completed, the gas sequence will commence as detailed below.

The BMS will:

Prove that the pilot for the requested burner is on.
Prove that the combustion airflow is at light-up.
Prove that the fuel gas is at the required ignition position.
Prove that the main gas header vent isolation valve is closed. If not, close it and prove it closed.
Prove that the gas MFT valve is open. If not, open it and prove it open.
Check that the main gas pressure is stable within the high and low pressure limits but include a
timed override for the gas pressure interlock for the first burner to be started.
Open the requested burner main gas block valves for a 5 second period, after which a main flame
must be detected for the valve to remain open.
Prove that the main flame is established via the flame detector.
Continue to prove that the main flame is established for the main flame stabilisation period (20
seconds).
Signal normal run after the flame stabilisation period has completed, and removes the to ignition
signals to CCS.

Main burner flame proving and stabilisation times are in accordance with EN 746-2 and burner vendor
recommendations. Main burner re-trials are not permitted: main flame failure always results in a burner
lockout and a re-purge for the first burner.

7.4 Burner Start Sequence on Oil
An oil start sequence is initiated by operating the oil start pushbutton (see local/remote control selection).
An oil start sequence can only be initiated if a pre purge has completed, and no other sequence has been
initiated and not completed e.g. an oil start cannot be initiated at the same time as another oil start or a
gas start.

Operation of the oil start sequence, will first initiate the pilot start sequence, and once the pilot start
sequence has successfully completed, the oil sequence will commence as detailed below.

The BMS will:

Prove that the pilot for the requested burner is on. If not, start it as above.
Prove that the oil supply MFT valve is open. If not, open it using the reset pushbuttons and allow
the oil temperature and pressure to reach their operational levels.
Prove that the oil is at the required ignition position.
Prove that the combustion airflow is at light-up.
Prove that the atomising steam scavenge valve is closed for the requested burner.
Open the requested burner steam block valve.
Prove that the atomising steam is at the correct pressure.
Open the requested burner oil block valve for a 5 second period, after which a main flame must
be detected for the valve to remain open.
Prove that the main flame is established via either one of the two flame detectors & stop the pilot
burner.
Charter Tech Ltd
Doc Ref: P0661FDS

Page 14 of 19
Continue to prove that the main flame is established for the main flame stabilisation period (20
seconds).
Signal normal run after the flame stabilisation period has completed, and removes the to ignition
signals to DCS.

Main burner re-trials are not permitted: main flame failure always results in a burner lockout and a re-
purge for the first burner.

7.5 Burner Stop Sequence on Oil
If an oil burner is stopped normally i.e not under trip conditions, then it should carry out a gun purge. This
will involve, closing the burner oil and atomising steam valves, and opening the steam crossover valve for
a short period. It should be noted that the steam crossover valve should not be commanded to operate
until the burner oil valve has proved closed.

During the gun purge period (set to 20 seconds), in order for the pilot gas valve to remain open, the pilot
gas flame must be present. Failure of the flame will result in the pilot gas valves closing.

7.6 Double block and vent valve operation
The double block and vent valves (or double block and bleed) should, under normal operating conditions
operate in the manner described.

On a double block and vent to open command, the vent valve should close, and once proved closed the
block valves will be commanded to open.

This sequence should only be active during normal valve operation. In the event of an interlock failure,
the block valves and vent valve should operate as quickly as possible.

7.7 Oil MFT operation
When the main interlocks and the oil interlocks are both correct then the oil MFT should be instructed to
open by the BMS. This will help maintain the temperature and pressure in the line.

If should be noted that the oil temperature alarm is delayed for a time period to allow the oil to reach its
operational temperature. If the oil fails to achieve the required temperature within this time period, the oil
MFT will close. It can be re-opened by operation of the reset pushbutton. This will open the MFT and
reset the oil temperature delay timer, to allow a further period for the oil to reach the correct temperature.

7.8 Air register operation
Each burner is fitted with an air register that prevents excessive amounts of air from passing through a
non-firing burner. The air registers are automatically operated, and are fitted with open and closed limit
switches. The open limit switch is used by the system, and trips the burner, if a burner is firing or
requested to fire and the air register is not proven open. The closed limit switch is provided for information
only.

The air dampers are both requested to open during a pre purge. Once a purge has completed the air
dampers are requested to close.

If a burner is requested to start, the air damper associated with the starting burner is opened, and
remains open all the time the burner is firing.

The air dampers are moved by double acting actuators that require two BMS outputs to operate. One
signal instructs the damper to open, the second instructs the dampers to close. Removal of both signals
results in the damper remaining in its present position.

Charter Tech Ltd
Doc Ref: P0661FDS

Page 15 of 19
8 Interlocks & Alarms

The BMS will constantly monitor the current plant conditions, and in the event of an alarm or trip condition
will take the appropriate action. The alarms and their actions are grouped into the appropriate categories.
It should also be noted that the alarms should be configured as detailed in an earlier section of this
document.

8.1 Main Interlocks
Failure of any of the main interlocks will result in a master fuel trip. This will have the effect of isolating all
fuel supplies to the boiler and tripping any burners that are firing. A main interlock trip shall always take
priority over any other sequence or alarm event. The main interlocks are constantly monitored, and failure
of a main interlock will result in an immediate MFT.

A main interlock alarm will be initiated by failure of any of the following: -

Ref Description Tag
1 Combustion air flow low low FALL-2100A
2 Furnace pressure High PSH-1500A
3 Instrument air pressure low low (2 out of three voted signal) PSL-1800/1/2
4 Any E stop operated
5 FD Fan stopped
6 Combustion air pressure low PSL-2100A
7 Burner 1 dark check failed
8 Burner 2 dark check failed
9 Stand timer failed
10 Total loss of flame
11 Pilot gas MFT failed to close ZAL-2010A
12 Pilot gas header vent failed ZAL/H/P 2207A
13 Oil MFT failed to close ZAL-2010A
14 Gas MFT failed to close ZAL-2200A
15 Gas header vent valve failed ZAL/H/P-2214A
16
17

A master fuel trip isolates all fuels to the furnace by:

Closing all individual burner isolation valves, closing the common header isolation valve and
opening the header vent valve in the pilot gas system.
Closing all individual burner isolation valves, closing the common header isolation valves and
opening the header vent valve in the main fuel gas system.
Closing all individual burner isolation valves, closing the common header supply and open the
return isolation valves in the oil system.

A master fuel trip does not stop the FD fan. A master fuel trip can be reset using the reset pushbuttons.

Charter Tech Ltd
Doc Ref: P0661FDS

Page 16 of 19
8.2 Common valve status
The status of all valves is constantly monitored by the BMS. Certain valve failure modes are considered
non critical and result in an alarm only. Other Failure modes should be considered as safety critical and
as a result are considered as a start interlock for all fuels. These critical valve failures associated with the
burner are detailed in the table below: -

Ref Description Tag
1 Burner 1 air register failed to open ZAH-1806A
2 Burner 1 oil gun block valve failed to close ZAL-2013A
3 Burner 1 upstream gas block valve failed to close ZAL-2204A
4 Burner 1 gas vent valve failed to open or close ZAL/H/P-2205A
5 Burner 1 downstream gas block valve failed to close ZAL-2206A
6 Burner 2 air register failed to open ZAH-1804A
11 Burner 1 upstream pilot gas block failed to close ZAL-2208A
12 Burner 1 downstream pilot gas block failed to close ZAL-2210A
13 Burner 1 pilot vent gas block failed to open or close ZAL/H/P-2209A
14 Burner 2 upstream pilot gas block failed to close ZAL-2211A
15 Burner 2 downstream pilot gas block failed to close ZAL-2213A
16 Burner 2 pilot vent gas block failed to open or close ZAL/H/P2212A

Charter Tech Ltd
Doc Ref: P0661FDS

Page 17 of 19
8.3 Main gas interlocks
A main gas header trip is initiated when:

Ref Description Tag
1 Gas pressure low low PALL-2200A
2 Gas pressure high high PAHH-2200A

A main gas header trip isolates gas to the boiler by:

Closing all individual burner isolation valves, closing the common header isolation valve and
opening the header vent valve in the main fuel gas system.

Charter Tech Ltd
Doc Ref: P0661FDS

Page 18 of 19

8.4 Main oil interlocks
A main oil header trip is initiated when:

Ref Description Tag
1 Oil pressure low low PALL-2010A
2 Oil temperature low low TALL-2010A
3 Atomising steam pressure low low PALL-2310A

A main oil header trip isolates oil to the boiler by:

Closing all individual burner isolation valves, closing the common MFT valve and opening the
common recirc valve in the main fuel oil system, closing the atomising steam valves and the
atomising crossover valves.

The oil temperature header trip is set so that the header valves can be open for up to 1 minute before it
takes effect.

Charter Tech Ltd
Doc Ref: P0661FDS

Page 19 of 19

8.5 Individual burner trips
In the case of all trips, the cause of the trip should be established and rectified before any further attempts
at burner operation are made.
8.5.1 Pilot flame failure
If the pilot flame is not on when it should be all pilot gas to the burner is isolated. If the pilot flame failure is
associated with the oil ignition sequence, then the oil, atomising steam and gun purge crossover valves
are also closed.
8.5.2 Gas flame failure
If the gas main flame is not on when it should be the gas to the burner is isolated by closing the burner
gas block valves and opening the burner gas vent valve. If the ignition sequence is in progress then the
ignition gas block valves will also close, and the ignition gas vent will open. If no other burners are firing
then the main fuel MFTs will also operate and the system will need to be reset and a pre purge carried
out before it can be re-started. If another burner is firing, then the gas burner can be re-set and restarted
without the need to pre purge first.
8.5.3 Oil flame failure
If the oil main flame is not on when it should be, the oil to the burner is isolated by closing the burner oil,
atomising steam and scavenging block valves. If no other burners are firing then the main fuel MFTs will
also operate and the system will need to be reset and a pre purge carried out before it can be re-started.
If another burner is firing, then the oil burner can be re-set and restarted without the need to pre purge
first.

John Zink Burner Control & Narratives

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

John Zink Burner Control & Narratives

Uploaded by

Copyright:

Available Formats

Functional Design Specification; Rev A

Charter Tech Ltd

You might also like

John Zink Burner Control &amp; Narratives

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

John Zink Burner Control &amp; Narratives

Uploaded by

Copyright:

Available Formats

Functional Design Specification; Rev A

Charter Tech Ltd

You might also like

John Zink Burner Control & Narratives

John Zink Burner Control & Narratives