February 2026
Heat Exchange/Management
Trade-off analysis between fired heater safety logic and operability: Challenges of excessive safety instrumentation
This article details practical challenges in fired heater operation within the oil and gas industry in relation to the existing instrumentation logics. Fired heaters are essential in crude oil refining and chemical industries, supplying heat to process fluids via fuel combustion. While safety systems such as burner management systems (BMSs), flame detection and emergency shutdown (ESD) protocols have improved significantly, a chronic challenge remains: balancing rigid safety interlocks with operational flexibility. Overly stringent systems can lead to false trips during startup, often triggered by unreliable flame scanners, which may lead to disruption in downstream units and tempt operators to bypass safety protocols.
To address this, a multifaceted strategy is proposed, including dual flame scanners [ultraviolet (UV) and infrared (IR)] to improve detection accuracy and mitigate false shutdowns. Time delay extensions, aligned with API RP 556, help distinguish between transient fluctuations and actual flame loss. Combustion optimization—such as maintaining stack oxygen near 3%—enhances fuel efficiency and reduces coke formation. Adaptive ESD logic, configured to trigger shutdowns only at 50% flame loss, offers a balanced response. Regular maintenance, including scanner cleaning and fuel gas monitoring, is vital to ensure system reliability. These measures collectively foster a safer, more flexible operating environment.
Fired heaters overview. Following several safety-related incidents over several years, the industry has implemented improvements in BMSs, flame detection, air combustion and draft control, mechanical design and ESD integration. Fired heaters are essential in crude oil refining and chemical operations, supplying the necessary thermal energy for fluid-phase reactions and separation by combustion-driven heat transfer from different fuel sources. A simplified illustration of fired heater basics with instrumentation is shown in FIG. 1.
FIG. 1. Fired heater components and instrumentation control.
A typical fired heater consists of several key components: burners that combust a fuel–air mixture; radiant and convection sections where heat is transferred to the process fluid via radiation, where convection and conduction occurs; stack and draft control systems equipped with dampers and fans to manage flue gas and heat recovery; and instrumentation and control systems that monitor temperature, pressure and flow. In addition to these basic heater components, various safety instrumentations, and logic interlocks interlinked with trip mechanisms are part of the heater design, as well. They are basically designed to prevent any unsafe operational condition of the heater, including flame failure and improper combustion conditions by low oxygen content or fuel gas parameters, as highlighted in FIG. 2.
FIG. 2. A fired heater’s ESD components.
This article explores the tradeoff between safety and operational flexibility in fired heater systems, and proposes a framework for optimizing safety instrumentation without compromising reliability or responsiveness. Key strategies include redundant flame detection, adaptive trip logic, combustion parameter tuning and proactive maintenance practices. The goal is to enhance system resilience while maintaining compliance with industry standards such as API RP 556.
Basic control philosophy. Fired heater control philosophy includes a coordinated approach between two main pillars of control layers: BMS and distributed control system (DCS). Both layers work in tandem to play a crucial role in ensuring the safe operation of the heater.
The BMS governs safety-critical functions, including burner startup/shutdown, proper pre-ignition purges, controlling pilot and main burner ignitions, and flame monitoring via scanners. It also manages interlocks related to elevated stack temperatures, loss of flame and abnormal fuel gas pressure, initiating shutdowns when unsafe conditions are detected.
The DCS handles the process side requirements, such as adjusting fuel gas flow to meet heat duty requirements based on temperature feedback from the process stream. In parallel, it also maintains combustion efficiency by regulating the air-to-fuel ratio using oxygen analyzers and flow transmitter readings across the fuel and air intake. Meanwhile, the draft control also plays a role in ensuring system protection from any overheating or thermal damage resulting from excessive firing.
An important factor in fired heater control philosophy are the interlocks of trip logic for heater shutdown. Several interlock layers are configured to detect any unsafe operating conditions and implement remedial actions, without operator intervention, to initiate a partial or complete heater shutdown, depending upon the severity of the unsafe condition. These interlocks include but are not limited to fuel gas or pilot gas pressure loss, excessive tube and stack temperatures, and flame loss detection, among others. Similarly, during unit startup and shutdown, these logic interlocks mandate other automated sequences like purge time and main/pilot ignitions, with a flame detection system, to prevent the accumulation of flammable gas mixtures to ensure safe transitions.
Problem statement and impracticalities. Safety interlocks are essential for protecting personnel, equipment and the environment. However, overly rigid systems can limit an operator’s ability to respond effectively to changing operational conditions—particularly during startup. Inaccurate flame detection, unreliable scanner instrumentation or non-critical signal anomalies may delay ignition or trigger unnecessary shutdowns. These issues raise important concerns in heater design, where achieving a balance between operational flexibility and safety interlocks is critical.
Overly tight interlock thresholds can hinder a smooth and timely startup and operation of the unit, as unreliable flame scanners, combined with overly sensitive detection systems, may trigger shutdowns based on non-critical or unrealistic threats. In complex and integrated facilities, a single unit trip can cascade into multiple downstream unit shutdowns, where operators may feel forced to bypass or temporarily suppress alarms, undermining the effectiveness of safety systems and the value of their implementation. In the worst-case scenario, the repeated bypassing of interlocks can create a habit of unsafe practices, such as suppression of critical safety mechanisms. This creates a hazardous operating environment and increases the risk of major safety incidents.
Reliabilities of safety related instruments. The effectiveness of safety systems depends heavily on the reliability of instrumentation, including flame scanners, burner designs and combustion related sensors. In relation to flame scanners, UV sensors are commonly preferred for fuel gas applications due to their strong signal response; however, proper alignment is essential to accommodate varying flame profiles and ensure an accurate sight path, as highlighted in FIG. 3. Dual-scanner configurations combining UV and IR technologies further enhance detection accuracy across a range of fuel types, improving system reliability and reducing the risk of false shutdowns.
FIG. 3. A flame detection scanner’s sight path.
Several factors influence combustion flexibility and are therefore considered during the design of the burner, including the burner count, pilot/main configurations and fuel flexibility. Units with diverse fuel sources [e.g., liquefied petroleum gas (LPG), refinery offgas] require burners that can adapt to heating value fluctuations. Combustion parameters like excess oxygen levels, fuel gas dewpoint and air preheater efficiency directly impact flame quality. The overall configuration of the burner is crucial, as a poorly designed system can result in the blockage of burner tips and coke deposits, hindering the path of the flame scanner by blocking the sensor glass, as shown in FIG. 4.
FIG. 4. Coke formation on the burner’s tiles (left), and the flame scanner arrangement (right).
Continuous monitoring via oxygen analyzers, dewpoint sensors for optimum fuel gas adjustments, healthy flame scanners with proper air-to-fuel ratios, and clear sights for scanners with an adequate purging line flow to the scanner glass are critical for stable combustion. Moreover, maintenance practices also play a crucial role. Contaminated scanner lenses, degraded ionization rods, and/or clogged fuel gas strainers and combustion burner tips can compromise detection reliability, necessitating rigorous preventive maintenance.
Solutions. To harmonize operational flexibility with robust safety in fired heater systems, a multi-faceted approach is essential. Enhanced flame detection serves as a cornerstone, achieved by installing dual scanners (UV and IR) per burner to provide redundancy and mitigate false trips caused by transient flame variations. Calibrating detection time delays in accordance with API RP 556—extending thresholds from 1 sec to 4 sec—allows systems to distinguish between momentary instability and genuine flame loss, reducing unnecessary shutdowns.
Concurrently, combustion optimization is critical: maintaining stack oxygen levels around 3% ensures complete fuel combustion and minimizes coke formation, while coalescers and strainers remove liquid hydrocarbons and particulates from fuel gas to stabilize combustion dynamics. Adaptive ESD logic further bridges the gap between safety and operability. Industry benchmarks suggest adopting a 50% flame loss threshold for shutdowns, which balances sensitivity with tolerance for minor fluctuations, while integrating BMSs with the DCS enables real-time adjustments to air-to-fuel ratios, enhancing both efficiency and compliance.
Rigorous maintenance protocols underpin these strategies, including the scheduled cleaning of scanner lenses, ionization rod replacements, and the continuous monitoring of fuel gas composition and dewpoint to preempt combustion instability. Together, these measures—anchored in standards like API RP 556—ensure safety systems remain resilient without compromising operational agility.
Takeaways. The evolution of fired heater safety systems underscores the industry’s commitment to aligning risk mitigation with process efficiency. While instrumentation such as flame scanners and ESD logic are indispensable for preventing incidents, their design must adapt to real-world variability, including fluctuating fuel compositions and dynamic operational demands.
By embracing adaptive detection thresholds, redundant instrumentation and fuel-agnostic combustion strategies, operators can significantly reduce false trips and reliance on interlock bypasses. This fosters a culture where safety and flexibility coexist, enabling plants to achieve sustainable, reliable operations. As standards like API RP 556 continue to evolve, refineries and chemical plants must prioritize holistic assessments of heater systems, ensuring safety interlocks enhance—rather than constrain—process performance. The path forward lies in proactive engineering, rigorous maintenance and a steadfast commitment to harmonizing safety with operational excellence.
The Authors
is a Operation Engineer within Saudi Aramco’s Jazan Refinery Department, specializing in naphtha block hydroprocessing and reforming units. He is a professional chemical engineer with 12 yr of industry experience, and an active member in international engineering bodies such as Engineers Australia and IChemE, UK. He earned an MS degree in chemical engineering from the University of the Punjab in Lahore, Pakistan, and an MBA degree from Bahauddin Zakariya University in Multan, Pakistan.
Andres Rodriguez is a Process Engineering Manager at Saudi Aramco. He has more than 24 yrs of extensive experience in the oil and gas industry, with specialized knowledge in various refining units, including sulfur recovery, hydrodesulfurization, amine regeneration, sour water stripping, diesel hydrotreating and gasification processes. Throughout his career, Rodriguez has worked across multiple countries, including France, Canada, Mexico, the United Arab Emirates and Saudi Arabia. In the past decade, he has played a key role in the design, commissioning and startup phases of the Jazan refinery project. He has earned an MS degree in chemical refining and an MBA.
Muhammad R. Hafeez is a Lead Process Engineer with Saudi Aramco’s Engineering Department, specializing in crude and vacuum distillation, diesel hydrotreating and flare processes. He is a chemical engineer with 18 yrs of hands-on experience in refinery operations management and commissioning and startup of new facilities. He is a certified Taproot lead investigator and holds a NEBOSH certification in process safety management.
is an Operation Engineer within Saudi Aramco’s Jazan Refinery Department, specializing in naphtha hydroprocessing, reforming, and aromatics extraction and processing units. He is a chemical engineer with 10 yr of industrial experience in refining and petrochemicals facilities. Ghadeer earned a BS degree in chemical engineering from King Fahd University of Petroleum and Minerals in Dhahran, Saudi Arabia, and an MS degree in refining and petrochemicals from the IFP School in Rueil-Malmaison, France.
Comments