Using a Safety Relay with a Flame Detection Sensor

[robertmee]

I'm not an expert, but I do know SIL requirements do not allow any manufacturer to use their own interpretation of the specific requirements

Otherwise Bubba Mfg located in his brother's garage would be making SIL3 items for nuclear power plants

The issue is SIL is not a design element. It is an evaluation of risk and failure rates. Manufacturers define their own failure rates and risk for a device, so a SIL at the device level really means little, IMO. A good read, bit the below paragraph sums it fairly well.

"There is no such thing as an SIL-rated device or an SIL-rated control system. We don’t buy SIL-rated transmitters or SIL-rated control systems. Instead, we buy components with published failure rate values that are, therefore, “suitable for use in an SIL environment.”

Determine Safety Integrity Levels (SIL) For Process Applications

Determine Safety Integrity Levels (SIL) and quantify safety performance requirements for hazardous operations. Helping customers solve challenging applications since 1954 - Cross Company

www.crossco.com

 

[Jeev]

If you consider SIL2 as PLd then the "Single Channel" reference comes from the following. Category 2 using High MTTFd components with medium to high DC will achieve SIL2/PLd, but pragmatically this can be difficult to achieve due to the test requirement/test rate between safety function demands.

 

[lfe]

If it is about the safety of a burner you have to use an approved burner control equipment and connect its valves, flame detector, pressure switches, fan, etc. as the diagram indicates and that's all.

You don't have to invent your own security system, which will almost certainly never pass a compliance test about combustion equipment.

 

[g.mccormick]

i dont think this is a flame proving sensor. i read this as a flame detecting sensor, ie a flame is not supposed to be there and the sensor is to alarm if it detects a fire.

 

[kdcui]

I'm not an expert, but I do know SIL requirements do not allow any manufacturer to use their own interpretation of the specific requirements

Otherwise Bubba Mfg located in his brother's garage would be making SIL3 items for nuclear power plants

Devices should be IEC 61508 certified - if not, a bunch of effort has to be done to collect data to prove a device is suitable for the application (proven in use / prior use justification). Even if they are, the person designing the safety function needs to document and prove the entire "loop" meets the required safety rating. Buying "SIL2" certified devices alone is not enough to meet SIL2. There are systematic and device architectural requirements that must be met.

Exida has a good read on the subject

 

[kdcui]

i dont think this is a flame proving sensor. i read this as a flame detecting sensor, ie a flame is not supposed to be there and the sensor is to alarm if it detects a fire.

Correct. In this case, UV/IR detector detects a flame, and a shutdown function must be initiated.

 

[g.mccormick]

Are you protecting a process or what?

 

[rootboy]

I'm not an expert, but I do know SIL requirements do not allow any manufacturer to use their own interpretation of the specific requirements

Otherwise Bubba Mfg located in his brother's garage would be making SIL3 items for nuclear power plants

Exactly.

 

[kdcui]

Are you protecting a process or what?

Trying to, but the issue is flame detection is technically not preventative (ie. the hazard has already occurred), so it is a bit more complicated when we look at the overall process. We are going through a LOPA now.

If you consider SIL2 as PLd then the "Single Channel" reference comes from the following. Category 2 using High MTTFd components with medium to high DC will achieve SIL2/PLd, but pragmatically this can be difficult to achieve due to the test requirement/test rate between safety function demands.

Thanks - the issue is we are trying to follow IEC 61511 for a low demand process, PL and SIL levels per that architecture come from IEC 13849 and 62061 which are machine safety standards, so the methodology is a bit different. If we need to hit SIL2 I think I'm better off not using a relay in this case and instead using the 4-20mA output combined with something like this which is SIL2 capable, and I avoid having to worry about the single channel constraint

"There is no such thing as an SIL-rated device or an SIL-rated control system. We don’t buy SIL-rated transmitters or SIL-rated control systems. Instead, we buy components with published failure rate values that are, therefore, “suitable for use in an SIL environment.”

Robert is correct. Buying devices certified to a given SIL level only ensure there is some level of systematic control as to the manufacturing of the device. The reliability data provided needs to be input to a design verification where we use fancy software and/or formulas to prove that the design has reduced risk to a tolerable level (typically expressed as a probability). If you don't get certified devices, then it becomes much more difficult because the end-user needs to produce the data (referred to as proven in use, or prior use, per IEC 61511).