Approval Standard

for
Programmable Logic Control
(PLC) Based Burner
Management Systems

Class Number 7605

December 1999

©2002 FM Approvals LLC. All rights reserved.

 Foreword
The FM Approvals certification mark is intended to verify that the products and services described
will meet FM Approvals’ stated conditions of performance, safety and quality useful to the ends of
property conservation. The purpose of Approval Standards is to present the criteria for FM Approval
of various types of products and services, as guidance for FM Approvals personnel, manufacturers,
users and authorities having jurisdiction.

Products submitted for certification by FM Approvals shall demonstrate that they meet the intent of
the Approval Standard, and that quality control in manufacturing shall ensure a consistently uniform
and reliable product. Approval Standards strive to be performance-oriented. They are intended to
facilitate technological development.

For examining equipment, materials and services, Approval Standards:

a) must be useful to the ends of property conservation by preventing, limiting or not

causing damage under the conditions stated by the Approval listing; and

b) must be readily identifiable.

Continuance of Approval and listing depends on compliance with the Approval Agreement,
satisfactory performance in the field, on successful re-examinations of equipment, materials, and
services as appropriate, and on periodic follow-up audits of the manufacturing facility.

FM Approvals LLC reserves the right in its sole judgment to change or revise its standards, criteria,
methods, or procedures.
 TABLE OF CONTENTS

1. INTRODUCTION ..................................................................................................................................................................... 1
1.1 Purpose ................................................................................................................................................................................ 1
1.2 Scope ................................................................................................................................................................................. 1
1.3 Basis for Requirements ..................................................................................................................................................... 1
1.4 Basis for FM Approval ..................................................................................................................................................... 2
1.5 Basis for Continued Approval .......................................................................................................................................... 2
1.6 Effective Date .................................................................................................................................................................... 2
1.7 System of Units ................................................................................................................................................................. 3
1.8 Applicable Documents ...................................................................................................................................................... 3
1.9 Abbreviations Used in this Standard ................................................................................................................................ 3
2. GENERAL INFORMATION .................................................................................................................................................. 3
Approval Application Requirements ........................................................................................................................................ 3
3. GENERAL REQUIREMENTS ............................................................................................................................................... 4
3.1 Drawings/Plans/Specifications .......................................................................................................................................... 4
3.2 Physical, Structural, and Operational Requirements ........................................................................................................ 4
3.3 Markings ............................................................................................................................................................................ 5
3.4 Manufacturer’s Operation Instructions ............................................................................................................................. 6
3.5 Calibration ......................................................................................................................................................................... 6
4. PERFORMANCE REQUIREMENTS ................................................................................................................................... 6
4.1 Examination and Tests of Systems ................................................................................................................................... 6
4.2 Examination and Tests of Hardware ................................................................................................................................ 6
4.3 Examination and Assessment of Software ....................................................................................................................... 6
5. OPERATIONS REQUIREMENTS ......................................................................................................................................... 7
5.1 Demonstrated Quality Control Program ........................................................................................................................... 7
5.2 Demonstrated Management of Functional Safety ............................................................................................................ 8
5.3 Facilities and Procedures Audit (F&PA) .......................................................................................................................... 8
5.4 Installation Inspections ...................................................................................................................................................... 9
APPENDIX A: UNITS OF MEASUREMENT ......................................................................................................................... 10
APPENDIX B: APPROVAL MARKS ........................................................................................................................................ 11
APPENDIX C: APPLICATION SPECIFIC REFERENCES TO IEC 61508 ....................................................................... 12
December 1999 7605

1. INTRODUCTION

1.1 Purpose

1.1.1 This standard states FM Approval criteria for programmable logic control (PLC) based burner manage-
ment systems.

1.1.2 FM Approval criteria may include, but are not limited to, performance requirements, marking require-
ments, examination of manufacturing facility(ies), audit of quality assurance procedures, and a follow-up
audit program.

1.2 Scope

1.2.1 This standard sets Approval requirements for PLC based systems used in conjunction with safety controls
for commercial and industrial heating equipment. These systems incorporate programmable electronic
components. These electronic components use software and/or electronic hardware to set operating and
safety parameters, and to implement the operating and safety logic.

1.2.2 The management system shall provide safe start, safe operation, and safe shutdown under normal or
abnormal conditions.

1.2.3 The system may or may not be supplied with safety controls such as combustion safeguards, flame sensing
devices, pressure and temperature limit controls, and combustion airflow interlocks. If safety controls are
provided they shall be FM Approved. If controls are not provided, the system input/output modules shall
be compatible with FM Approved controls.
Note: If the manufacturer desires to provide currently un-approved safety controls, such equipment shall be required to conform to
Approval requirements for that equipment. Approval of such equipment shall be handled as a separate project.

1.2.4 The requirements of this Standard shall be used to measure and describe the performance of electronic
hardware and software in response to exposure from heat, cold, abnormalities, electromagnetic interfer-
ence, etc., under controlled laboratory conditions. The results of these controlled exposures shall not be
used to describe or appraise actual exposure conditions since such conditions will vary widely.

1.3 Basis for Requirements

1.3.1 The requirements of this Standard are based on experience, research and testing, or the standards of other
national and international organizations. The advice of manufacturers, users, trade associations, and loss
control specialists was also considered.

1.3.2 The requirements of this Standard reflect tests and practices used to examine characteristics of the subject
equipment for the purpose of obtaining FM Approval. Equipment having characteristics not anticipated by
this Standard may be Approved if performance equal, or superior, to that required by this Standard is
demonstrated, or if the intent of the Standard is met. Alternatively, equipment which meets all of the
requirements identified in this Standard may not be Approved if other conditions which adversely affect
performance exist or if the intent of this Standard is not met.

FM APPROVALS 1
7605 December 1999

1.4 Basis for FM Approval

FM Approval is based upon satisfactory evaluation of the product and the manufacturer in the following major
areas:

1.4.1 Examination and tests on production samples shall be performed to evaluate:

• the suitability of the product
• the performance of the product as specified by the manufacturer and required by FM Approvals; and as
far as practical,
• the durability and reliability of the product.

1.4.2 Compliance of the hardware and software to the requirements of IEC 61508 Standard on Functional Safety
of Programmable Electronic Systems

1.4.3 An examination of the manufacturing facilities and audit of quality control procedures is made to evaluate
the manufacturer’s ability to produce the product which was examined and tested, and the marking
procedures used to identify the product. These examinations are repeated as part of FM Approvals’ product
follow-up program.

1.5 Basis for Continued Approval

Continued Approval is based upon:

• production or availability of the product as currently Approved;
• the continued use of acceptable quality assurance procedures;
• satisfactory field experience;
• compliance with the terms stipulated in the Approval Agreement;
• satisfactory re-examination of production samples for continued conformity to requirements; and
• satisfactory Facilities and Procedures Audits (F&PAs) conducted as part of FM Approvals’ product
follow-up program.

Also, as a condition of retaining Approval, manufacturers may not change a product or service without prior
authorization by FM Approvals.

1.6 Effective Date

The effective date of an Approval standard mandates that all products tested for Approval after the effective date
shall satisfy the requirements of that standard. Products Approved prior to the publication of this standard shall
comply with the standard by the effective date or forfeit Approval.

The effective date of this Standard is the date of publication for compliance with all requirements.

2 FM APPROVALS
December 1999 7605

1.7 System of Units

Units of measurement used in this Standard are United States (U.S.) customary units. These are followed by their
arithmetic equivalents in International System (SI) units, enclosed in parentheses. The first value stated shall be
regarded as the requirement. The converted equivalent value may be approximate. Appendix A lists the selected
units and conversions to SI units for measures appearing in this standard. Conversion of U.S. customary units
is in accordance with ANSI/IEEE/ASTM SI 10-1997, ‘‘Standard for Use of the International System of Units
(SI).’’

1.8 Applicable Documents

The latest versions of the following standards, test methods, and practices are referenced in this standard:
A. FM Approvals Class 7610, Combustion Safeguards and Flame Sensing Systems.
B. IEC 61508, Standard on Functional Safety of Programmable Electronic safety-related systems.

1.9 Abbreviations Used in this Standard

ANSI American National Standards Institute

ASTM American Society for Testing and Materials
BMS Burner Management System
DIN German Industrial Standard
EEPROM Electronically Erasable Programmable Read Only Memory
EN European Norm
EPROM Erasable Programmable Read Only Memory
IEC International Electrotechnical Commission
IEEE Institute of Electrical and Electronics Engineers
PLC Programmable Logic Control
PrEN Provisional European Norm
PROM Programmable Read Only Memory

2. GENERAL INFORMATION

Approval Application Requirements

To apply for an Approval examination the manufacturer, or its authorized representative, should submit a request
to the Electrical Group Manager at FM Approvals, 1151 Boston-Providence Turnpike, PO Box 9102, Norwood,
MA 02062, U.S.A.

If the product has been issued certificates of compliance to any or all standards listed in Appendix C, Sections 2
and 3, FM Approvals should be so notified in the request letter.

FM APPROVALS 3
7605 December 1999

3. GENERAL REQUIREMENTS

3.1 Drawings/Plans/Specifications

The manufacturer shall provide assembly drawings, component drawings, evidence of functional safety,
materials lists, brochures, sales literature, specification sheets, etc. for FM Approvals examination. In addition,
drawings or samples of all labels and the FM Approval Mark, including information as to their location, shall
be provided. If FM Approval is granted, all controlled documentation, listed in the Documentation Section of the
Approval Report, shall state in bold print that any revisions require FM Approval prior to implementation. The
manufacturer’s specification shall include an emergency stop pushbutton, and master fuel trip relay. A master
fuel trip relay is defined as an electrical relay or group of relays whose purpose is to isolate power to critical
boiler end devices, such as the fuel shutoff valves, pilot gas valves and spark igniters.

The control hardware and software of the burner management system shall be so designed and implemented that
they are not affected by failures in the hardware or software of other systems (such as combustion control,
auxiliaries, etc.). The evidence for functional safety must demonstrate this degree of independence.

3.2 Physical, Structural, and Operational Requirements

3.2.1 PLC based burner management systems shall be available as complete and identifiable assemblies. They
shall perform in all respects to the manufacturer’s specifications.

3.2.2 The system shall conform at a specified Safety Integrity Level (SIL) to IEC 61508, Part 1, General
Requirements. The hardware architecture shall include self-checking firmware, external and internal
watchdog systems, redundant processors, and dual I/O cards as required to achieve the specified SIL.
Software architecture shall include communications drivers, fault handling, executive software, input/
output functions, and derived functions as required to achieve the specified SIL. Diverse design of
hardware and/or software may be used as a means to achieve the specified SIL.

3.2.3 The operating temperature range shall be at least 32°F (0°C) to 140°F (60°C).

3.2.4 Electrical contacts, terminals, and other vulnerable components shall be adequately protected from damage
and expected atmospheric conditions.

3.2.5 Redundant components shall be separated so as to reduce common cause failures.

3.2.6 Safety-related operating characteristics such as purge times, trial for ignition times, flame failure response
times, etc., shall not be readily accessible by the operator. These characteristics shall not be adjustable
when the safety system is online. These characteristics shall be located in a PROM, EPROM, EEPROM,
or other non-volatile memory. Provision shall be made to warn the operator if programming changes will
impact safety functions or add delays to scan rate timings.

3.2.7 Failure to satisfy, or loss of, permissives such as proof of purge air, combustion air, and closed fuel
valve(s); proper fuel pressure; and absence of a flame signal at startup, prior to the ignition cycle, shall
result in burner safety shutdown and burner lockout.
Burner shutdown is defined as the normal operating shutdown procedure for a burner or boiler to be taken
out of service by an operator. Burner safety shutdown is defined as the automatic emergency shutdown of
all fuel shutoff valves, pilot gas valves, and spark igniters. Burner lockout is defined to mean that the
system must be reset by an operator before the burner is permitted to re-start automatically.

4 FM APPROVALS
December 1999 7605

3.2.8 Failure to establish a pilot or main flame within the trial-for-ignition period shall result in burner safety
shutdown and burner lockout.

3.2.9 A single, automatic retrial for ignition is allowable if flame failure occurs during the normal firing cycle.
Automatic recycle is not allowed for gas burners with a fuel input greater than 2,500,000 Btu/hr (730 kW)
or oil burners with a fuel input greater than 2,800,000 Btu/hr (820 kW).

3.2.10 Flame sensing and combustion safeguard systems shall be immediately operable when the main power
to the burner management system is turned on. A combustion safeguard system is defined as a system
required by boiler drum level and combustion control systems to maintain stable burner flame and
operating conditions.

3.2.11 The control system, in conjunction with its flame sensor, shall react to flame failure within 4 seconds or
less.

3.2.12 The available trial-for-ignition period, for pilot flames, shall not exceed 10 seconds.

3.2.13 The available trial-for-ignition period, for main flames, shall not exceed the following:
A. Gas burners
1) 2,500,000 Btu/hr (730 kW) or less: 15 sec. (4 sec for direct electric ignition)
2) Greater than 2,500,000 Btu/hr (730 kW): 10 sec.
B. Oil burners
1) Less than 2,800,000 Btu/hr (820 kW): 15 sec.
2) 2,800,000 Btu/hr (820 kW) or more — No. 1 - No. 4 oil: 10 sec.
3) 2,800,000 Btu/hr (820 kW) or more — No. 5, 6 oil: 15 sec.

3.2.14 The equipment shall be capable, as a minimum, of operation at 85 and 110 percent of nominal rated input
voltage.

3.3 Markings

3.3.1 Approved burner management systems shall be permanently marked to include the name and location of
the manufacturer, distinctive type or model designation, electrical ratings, and operating temperature
range.

3.3.2 The FM Approval Mark (see Appendix B) shall be displayed visibly and permanently on the equipment.
The manufacturer shall not use this Mark on any other product unless such product is covered by separate
agreement with FM Approvals.

3.3.3 All hardware markings shall be legible and durable.

3.3.4 The software shall contain the following text: ‘‘FM Approvals certified for compliance to IEC 61508’’.
The software shall also contain a means of verifying its identity in order to ascertain that the software is
the same as that certified by FM Approvals. The software shall contain text describing the boiler and
burner particulars including the manufacturer(s), model numbers, site location, unit identification, design
pressure and temperature.

FM APPROVALS 5
7605 December 1999

3.4 Manufacturer’s Operation Instructions

The manufacturer shall provide detailed instructions and illustrations showing the correct method of installing
and testing the equipment for proper function. In addition, the manufacturer shall provide detailed operating and
upgrade procedures for this equipment. A parts/repair list shall be included together with required maintenance
instructions. The manufacturer shall make the BMS logic program available in a fully documented format as part
of the BMS package. The owner shall be able to view the BMS logic program either off-line in read only mode,
or on-line via communication link.

3.5 Calibration

All examinations and tests performed in evaluation to this Standard shall use calibrated measuring instruments
traceable and certified to acceptable national standards.

4. PERFORMANCE REQUIREMENTS
Note: Unless otherwise specified the examinations and tests noted below shall be conducted at the manufacturer’s facility or other mutually
agreed upon site.

4.1 Examination and Tests of Systems

Requirement and Test/Verification

Reference Appendix C for Industry Specific Requirements per IEC 61508.

4.2 Examination and Tests of Hardware

Requirement and Test/Verification

Reference Appendix C for Industry Specific Requirements per IEC 61508.

4.3 Examination and Assessment of Software

Requirement and Test/Verification

Reference Appendix C for Industry Specific Requirements per IEC 61508.

6 FM APPROVALS
December 1999 7605

5. OPERATIONS REQUIREMENTS
A quality assurance program is required to assure that subsequent burner management systems produced by the
manufacturer at an authorized location shall present the same quality and reliability as the specific systems
examined. Design quality, conformance to design, and performance are the areas of primary concern.
• Design quality is determined during the examination and tests, and is documented in the Approval
Report.
• Continued conformance to this Standard is verified by the Facilities and Procedures Audits (F&PA).
• Quality of performance is determined by field performance and as necessary by periodic re-examination
and testing.

5.1 Demonstrated Quality Control Program

5.1.1 The manufacturer shall demonstrate a quality assurance program which specifies controls for at least the
following areas:
• existence of corporate quality assurance guidelines;
• incoming quality assurance, including testing;
• in-process quality assurance, including testing;
• final inspection and tests;
• equipment calibration;
• drawing and change control;
• packaging and shipping; and
• handling and disposition of discrepant materials.

5.1.2 Documentation/Manual
There should be an authoritative collection of procedures/policies. It should provide an accurate descrip-
tion of the quality management system while serving as a permanent reference for implementation and
maintenance of that system. The system should require that sufficient records are maintained to demon-
strate achievement of the required quality and verify operation of the quality system.

5.1.3 Records
To assure adequate traceability of materials and products, the manufacturer shall maintain a record of all
quality assurance tests performed. This record shall be retained for a minimum period of two years from
the date of manufacture.

5.1.4 Drawing and Change Control

The manufacturer shall establish a system of product configuration control that shall allow no unautho-
rized changes to the product. Changes to critical documents, identified in the Approval Report, must be
reported to, and authorized by, FM Approvals prior to implementation for production.
The manufacturer shall assign an appropriate person or group to be responsible for, and require that,
proposed changes to Approved or Listed products be reported to FM Approvals before implementation.
The manufacturer shall notify FM Approvals of changes in the product or of persons responsible for
keeping FM Approvals advised by means of FM Approvals Form 797, Approved Product Revision Report
or Address/ Contact Change Notice.
Records of all revisions to all Approved products shall be maintained.

FM APPROVALS 7
7605 December 1999

5.2 Demonstrated Management of Functional Safety

5.2.1 Management of functional safety is required to assure that systems designed and developed by the
manufacturer shall have the required levels of safety. Areas of primary concern include, but are not limited
to, management of safety, safety life cycle, documentation, and assessment of safety.

5.2.2 Management of safety is determined by consideration of:

• management of safety requirements, including the process of allocating requirements to hardware and
software;
• assignment of responsibilities to appropriate organizations and individuals;
• selection of techniques and measures to ensure safety;
• procedures which ensure that hazardous incidents are analyzed, and that information is used to minimize
the probability of recurrence;
• procedures for analyzing operations and maintenance performance;
• requirements for periodic safety audits; and
• procedures for initiating modifications to safety related systems.

5.2.3 Safety life cycle is determined by the existence of clearly defined phases of activity, each with identified
inputs, outputs, and tasks to be performed. There are clear cut procedures for transition between phases.

5.2.4 Documentation is assessed by:

• the content of sufficient information required for the management of functional safety, organized so as
to be useful to those who need it;
• suitability to the purpose for which it is intended; and
• accessibility and maintenance.

5.2.5 Assessment of safety shall be determined by the manufacturer’s practices used, and the thoroughness
employed, to arrive at a judgement of the functional safety achieved by the safety related system.

5.3 Facilities and Procedures Audit (F&PA)

5.3.1 An audit of the design and manufacturing facility is part of the Approval investigation to verify imple-
mentation of the quality assurance program. Its purpose is to determine that the manufacturer’s equipment,
procedures, and quality program are maintained to ensure a uniform product consistent with that which
was tested and Approved.

5.3.2 These audits shall be conducted annually by FM Approvals or its representatives. Where jurisdictional
requirements so dictate, more frequent audits shall be conducted.

5.3.3 FM Approved products or services shall be produced or provided at or from the location(s) audited by
FM Approvals and as specified in the Approval Report. Manufacture of products bearing the FM Approval
Mark is not permitted at any other location without prior written authorization by FM Approvals.

8 FM APPROVALS
December 1999 7605

5.4 Installation Inspections

Field inspections may be conducted to review an installation. The inspections are conducted to assess ease of
application, and conformance to written specifications. When more than one application technique is used, one
or all may be inspected at the discretion of FM Approvals.

FM APPROVALS 9
7605 December 1999

APPENDIX A

UNITS OF MEASUREMENT

LENGTH: in. – ‘‘inches’’

(mm – ‘‘millimeters‘‘)

mm = in. × 25.4

ft – ‘‘feet’’;
(m – ‘‘meters’’)

m = ft × 0.3048

PRESSURE: psi – ‘‘pounds per square inch’’

(kPa – ‘‘kilopascals’’)

kPa = psi × 6.8948

bar – ‘‘bar’’;
(kPa – ‘‘kilopascals’’)
bar = kPa × 0.01

bar = psi × 0.06895

TEMPERATURE: °F – ‘‘degrees Fahrenheit’’

(°C – ‘‘degrees Celsius‘‘)

°C = (°F – 32) × 0.556

10 FM APPROVALS
December 1999 7605

APPENDIX B

APPROVAL MARKS

REPRODUCTION ART: FM Approval Marks

For use on nameplates, in literature, advertisements,

packaging and other graphics.

1) The FM Approvals diamond mark is acceptable

to FM Approvals as an Approval mark when
used with the word ‘‘Approved.’’

2) The FM Approval logomark has no minimum

size requirement, but should always be large
enough to be readily identifiable.

3) Color should be black on a light background or a

reverse may be used on a dark background.

For Cast-On Marks

4) Where reproduction of the mark described

above is impossible because of production
restrictions, a modified version of the diamond is
suggested. Minimum size specifications are the
same as for printed marks. Use of the word
‘‘Approved’’ with this mark is optional.

NOTE: These Approval marks are to be used only in conjunction with products or services that have been
FM Approved. The FM Approval marks should never be used in any manner (including advertising, sales or promotional
purposes) that could suggest or imply FM Approval or endorsement of a specific manufacturer or distributor. Nor should
it be implied that Approval extends to a product or service not covered by written agreement with FM Approvals. The
Approval marks signify that products or services have met certain requirements as reported by FM Approvals.

Additional reproduction art is available through

FM Approvals
P.O. Box 9102,
Norwood, Massachusetts 02062
U.S.A.

FM APPROVALS 11
7605 December 1999

APPENDIX C

APPLICATION SPECIFIC REFERENCES TO IEC 61508

The following are some Burner Management Applications Specific Safety Functions that FM Approvals will
review during the assessment of a PLC based Burner Management System.

Ref. Requirement Test Method

IEC 61508 Part 1 All clauses of this Review of the documentation for: (1.) Definition of EUC and environment. (2.)
part apply Overall safety requirements, (3.) Safety Requirements Allocation and Safety Integ-
rity Level (SIL) for each Safety Function (4.) Operation and Maintenance Plan
(5.) Installation Plan. (6.) Review of Quality Management
IEC 61508 Part 2 Clause 7.2.2 Review of documentation for E/E/PES safety requirements and software safety
requirements
Clause 7.3.2 Review of documentation for the safety validation plan
Clause 7.4.2 to 7.4.9 Review of the hardware design of the E/E/PES
Review of the FMEDA
Review of the Markov Model
Review of the PFD calculations for SIL determination
Clause 7.7.2 Combustion Safeguards:
1) Testing of the Combustion Safeguard in conjunction with a flame sensing
system
2) Testing for shut down and lock out if flame is detected prior to the ignition
cycle or upon failure to establish flame during the ignition cycle.
3) Proper response to loss of flame signal by opening the safety shutoff valve
circuit and, if so configured, shall attempt only one automatic retrial for igni-
tion
4) If applicable, the PLC shall shut down and lock out if safety interlocks for
airflow, pressure, temperature, and valve position are not in the proper state
either upon startup or during the burner operating cycle

IEC 61508 Part 2 Clause 7.7.2 Flame Sensing System:

Requirement: The flame detector (scanner) in a flame sensing system shall be
activated immediately upon application of power to the system.
Test: The detector shall be aimed at an actual or simulated flame. Power shall
then be applied to the system. The system shall immediately indicate presence
of flame by a signal light, meter indication, lockout, and/or activation of the
flame relay output circuit.
Requirement: The system shall operate properly in accordance with the manufac-
turer’s specifications for methods of flame detection (infra-red, rectification,
ultra-violet) and flame signal strength
Test: The detector shall be subjected to an actual or simulated flame that can be
varied in intensity, wavelength, or flicker frequency as applicable to the
particular detection method. The detector shall not indicate presence of flame or
activate the flame relay when subjected to signals outside of its specified
wavelength or frequency bandwidth or at a signal level below the specified
threshold value.
Requirement: Systems equipped with a self-checking provision shall lock out
and open the flame relay output circuit upon detection of an abnormal
condition. Self-checking is normally accomplished by periodically interrupting
the flame signal for a specified amount of time, either mechanically or
electronically
Test: The system shall lock out and open the flame relay output circuit when
the self-check feature is disabled.

12 FM APPROVALS
December 1999 7605

IEC 61508 Part 2 Clause 7.7.2 Flame Failure Response Time (FFRT):
Requirement: A combination safeguard and/or flame sensing system shall react
to loss of flame, within 4 seconds or less, by deactivating the flame relay output
circuit and/or opening the safety shutoff valve circuit.
Test: FFRT shall be measured for at least ten operational cycles. The average of
the ten measurements plus three standard deviations shall not exceed 4 seconds.
IEC 61508 Part 2 Clause 7.7.2 Trial for ignition (TFI):
Requirement: The trial for ignition period shall not exceed the limits specified
in Sections 3.2.11 and 3.2.12
Test: Trial for ignition shall be measured for at least ten operational cycles. The
average of the ten measurements plus three standard deviations shall not exceed
the aforementioned limits or 110 percent of the manufacturer’s specified trial
for ignition, whichever is less.
IEC 61508 Part 2 Clause 7.7.2 Purge Cycle:
Requirement: The actual purge cycle time, whether fixed or selectable, shall not
be less than the manufacturer’s specified value.
Test: Purge time shall be measured for at least ten operational cycles. The
average of the ten measurements, minus three standard deviations, shall not be
less than the specified value.
IEC 61508 Part 2 Clause 7.7.2 Durability:
Requirement: Output devices in the flame detection and/or safety shutoff valve
circuits shall be capable of enduring 100,000 operational cycles without undue
wear or failure.
Test: The output device(s) shall be subjected to a minimum of 100,000 opera-
tional cycles at rated voltage and maximum specified electrical load
{the above does not apply to equipment that uses solid state relays (switches) in
the flame and valve circuits}.
IEC 61508 Part 2 Clause 7.7.2 Voltage Variation:
Requirement: The combustion safeguard and/or flame sensing system shall
operate properly over a range of 85 to 110 percent of rated input voltage.
Test: Input voltage shall be varied from 85 to 110 percent of rated voltage.
There shall be no change in operating characteristics or any significant change
in FFRT, TFI, and purge times.
IEC 61508 Part 2 Clause 7.7.2 Electrical Insulation:
Requirement: All electrical components of this equipment shall be capable
of withstanding the high potential between input terminals and ground for
1 minute without arcing or breakdown.
Test: For an operating voltage of 60V or less, the potential of 500VAC shall be
applied between input terminals and the enclosure ground for 1 minute.
For an operating voltage greater than 60 V, the potential shall be 1000VAC plus
twice the rated voltage.
No arcing or breakdown shall occur. Leakage current shall not exceed 0.5 ma.
CAUTION: Some combustion safeguards may be equipped with voltage surge
protection or suppression. Application of a high potential may result in
disablement or a false indication of breakdown.
IEC 61508 Part 2 Clause 7.7.2 Ambient Temp. Effects:
IEC 68 Parts 1, 2, 3, Requirement: The equipment shall be capable of operating reliably and
14, 26, 30 consistently at temperatures ranging from 32°F (0°C) to 140°F (60°C).
Test: The combustion safeguard and/or flame sensing system shall be
conditioned, for a minimum of 4 hours at 32°F (0°C) to 140°F (60°C). The
equipment shall operate properly at these temperatures and upon return to room
temperature.
FFRT at these temperatures shall not increase more than 10 percent beyond the
actual value recorded previously and shall not exceed 4 seconds.

FM APPROVALS 13
7605 December 1999

IEC 61508 Part 2 Clause 7.7.2 Safety Related Operating Characteristics:

Requirement: Safety related operating characteristics such as purge times, FFRT,
TFI time, pressure limits, temperature limits, etc., shall not be readily accessible
or alterable by an operator.
Test: A programmable combustion safeguard shall be examined to determine
whether an operator can readily alter safety characteristics. Alteration by
manipulation of external adjustments or a keyboard is not acceptable.
Adjustments that require special tools, removal of external housing, or a special
program access code are generally considered acceptable.
IEC 61508 Part 3 Clause 6.2 Review functional safety planning with respect to software procurement,
development, integration, verification, validation, and modification.
Review software configuration management scheme.
IEC 61508 Part 3 Clause 7.1.2 Review safety life cycle, quality and safety assurance procedures satisfy figure
3 and table 1.
IEC 61508 Part 3 Clause 7.2.2 Review software safety requirements specification, if used.
IEC 61508 Part 3 Clause 7.3.2 Review software safety validation planning wrt modes of operation, technical
strategy, environment, and pass/ fail criteria.
IEC 61508 Part 3 Clause 7.4.2 to 7.4.8 Review software architecture
Review tools, languages, and coding standards
Review software design and development documentation
Review results of module testing
IEC 61508 Part 3 Clause 7.5.2 Review integration of software and hardware
IEC 61508 Part 3 Clause 7.6.2, and Review procedures for modification of software, and
7.8.2 Review any modifications that have been done
IEC 61508 Part 3 Clause 7.7.2 Review results of software safety validation
IEC 61508 Part 3 Clause 7.9.2 Review results of software verification
IEC 801 Parts 3, 4, 5, EMC for Industrial Review Documentation relating to the EMC testing and test results
6 Process Measurement
and control
IEC 61000 Parts 4-4, and EMC Review Documentation relating to the EMC testing and test results
4-6
EN 50081 EMC Emission Std. Review Documentation of test results
EN 55011 EMC Emission Review Documentation of test results
Power Line
ANSI/ Immunity, Power Review Documentation of test results
IEEE Line Surge
C62.41
ANSI/ Immunity, Elect. Fast Review Documentation of test results
IEEE Transients
C37.90
ANSI/ Corrosives Review Documentation of test results
ISA
S71.04
EMC EMC European std. Review Documentation of test results
Directive
89/336/
EEC
EN EMC — Immunity Review Documentation of test results
50082-1
72/23/ Low Voltage Review Documentation of test results
EWG Directive

14 FM APPROVALS
December 1999 7605

EN 61010 Safety Requirements Review Documentation of test results

Part 1 for Electrical
Equipment for mea-
surement, control and
laboratory use;
General Require-
ments
ANSI/ISA National Version If used, then Review Documentation of test results
S82 EN 61010 Part 1
NFPA Boiler Standard Review Documentation of test results
8502

IEC 61131 Part 1, 2, 3 PLC Design Documentation referencing recommended design practices outlined in this spec.
Standards

General National (German)

Standards Relevant to Approval of
BMS with programmable elements
Identification of Standard Description of Standard
DIN 31000 Concepts of safety technology;
Part 2 Basic concepts
DIN V 19250 Control technology, fundamental safety aspects to be considered for measurement and control equipment
DIN V VDE 0801 Principles for computers in safety related systems
Inc. Amendment A1
DIN V 19251 Process control technology — MC protection equipment — requirements and measures for safeguarded func-
tion

Application Specific
International and National
Standards Relevant to Approval
BMS with programmable elements
Identification of Standard Description of Standard
90/ 396/ EEC Gas Directive
DIN VDE 0116 Electrical equipment for furnaces
EN 230 Monobloc oil burner
Safety, control, and regulation devices, and safety times
EN 298 Automatic gas burner control systems for gas burners and gas burning appliances with or without fans
EN 60730 -1, -2, -5 Automatic electronic controls for household and similar use
PrEN 50156-1 Electrical equipment for furnaces; Requirements for design and installation
PrEN 676 Automatic forced draft burners for gaseous fuels
PrEN 746-2 Industrial thermoprocessing equipment
Safety requirements for combustion and fuel handling systems
PrEN 1954 Internal and external fault behavior of safety related electronic parts of gas appliances

Note: There is some duplication and overlap among these standards. The usual history is to write Standards A,
B, C, etc., with a mixture of very specific requirements and quite general requirements. Then the general
requirements are consolidated into Standard X. Eventually, Standard A will be revised to contain only the
specific requirements, and will refer to Standard X for the general requirements. However, Standard A
may not be revised for some time. In the mean while, there is duplication among standards.

FM APPROVALS 15