Boiler PLC

Industrial Supervisory Monitoring & Automatic Failover

Proof of Concept

A proof-of-concept supervisory monitoring layer for dual-boiler plants running Autoflame™ Mini Mk8 MM™ (MMM8002) burner management controllers. Real-time HMI, automatic lead-lag failover, alarm rationalization, and a full ISA-aligned engineering documentation package. This reference implementation demonstrates KHouse's industrial controls capability — similar systems can be customized for your specific plant configuration and requirements.

See the HMI in action Discuss your requirements

What it does

A supervisory layer above the certified Burner Management System, with the operator-facing features modern plants expect.

Real-Time Dual-Boiler Monitoring

Pressure, firing rate, flame status, run hours, and alarm state for both boilers — updated every second over a WebSocket from the supervisory PLC.

Automatic Lead-Lag Failover

When the lead boiler trips on a lockout, the supervisory PLC enables the standby boiler after a configurable delay. The Burner Management System still owns the lightoff sequence.

91 Rationalized Alarm Codes

Every Autoflame™ alarm code in the MMM8002 manual is rationalized per ANSI/ISA-18.2 §6 with consequence, operator action, response time, and priority. No alarm without a documented response.

Web-Based Operator HMI

Modern browser-based HMI — no plugins, no client software. Status badges, alarm banner, trend charts, failover panel. Works on any operator workstation on the plant control network.

Email + SMS with Escalation

ANSI/ISA-18.2 alarm management features: per-alarm rate limiting, hourly cap, flood detection with digest mode, 4-tier escalation, alarm shelving with critical-alarm guard, clear notifications.

Historical Trending

SQLite-backed trend logger for pressure, firing rate, and alarm history. Local-first, durable across restarts, included in the disaster-recovery backup procedure.

ISA/IEC 62443 Cybersecurity

Zone-and-conduit security model, HTTP Basic auth on all REST and WebSocket endpoints, audit trail for all configuration changes, hardening checklist for the HMI server. Not just a port-80 webpage.

Drop-In Above Existing BMS

Sits above your existing certified Burner Management System. No burner replacement, no controller swap. The MMM8002 retains full safety authority — this layer is monitoring + lead-lag swap only.

See it in action

The HMI runs in any modern browser. Below is a recorded loop of the simulator cycling through one full lead-lag swap (about 90 seconds), followed by annotated screenshots of the key states. Sim mode is included with every deployment for operator training and customer evaluation.

Normal lead-lag operation: Boiler 1 RUN, Boiler 2 STANDBY. Both boilers reporting nominal pressure and firing rate.

Failover in progress: Boiler 1 in LOCKOUT, Boiler 2 ramping up. Alarm banner shows lockout description; notification has fired.

Critical alarm banner — color reserved for abnormal conditions per ANSI/ISA-101.01-2015 high-performance HMI principles.

Trend chart panel: 1-hour rolling window of pressure and firing rate for both boilers. Backed by SQLite for durability.

Failover control panel: enable/disable, primary boiler selector, manual reset, and live failover state.

Built to current ISA and process safety standards

The project is positioned for a compliance-ready posture — structured so an internal or customer audit could proceed without rework. Every standard below has explicit conformance evidence in the Standards Compliance Register (BLR-STD-009).

NFPA 85ASME CSD-1ANSI/ISA-18.2-2016ANSI/ISA-101.01-2015ANSI/ISA/IEC 62443-3-2ANSI/ISA/IEC 62443-3-3ISA-TR84.00.05ISA-105IEC 61131-3ANSI/ISA-5.1 / 5.2 / 88.01EEMUA 191OSHA PSM (compatible)

Compliance-ready posture per BLR-STD-009. Not third-party certified. The project is supervisory monitoring only and is formally bounded out of IEC 61511 scope per ISA-TR84.00.05 — see the Hazard Analysis (BLR-HZA-016) for the SIS-boundary derivation.

Engineering documentation

The full engineering document package produced for this proof of concept. Two documents are available to read inline; the complete set is included with every customer engagement and customized to match your plant's specific configuration.

Engineering documents

Alarms rationalized

Hazard scenarios analyzed

Traceable test cases

Cybersecurity zones

Featured documents

BLR-STD-009 — Standards Compliance Register

The master inventory of every standard the project conforms to or references. Three tiers (directly applicable, supplementary, informational) with evidence pointers for audit defensibility.

View document

BLR-AAR-017 — Alarm Rationalization Report

All 91 active Autoflame™ MMM8002 alarm codes rationalized one-by-one per ANSI/ISA-18.2 §6: class, consequence, operator action, response time, priority, suppression rules, and SMS eligibility.

View document

Full document package

BLR-FDS-001Functional Design Specification

on request

BLR-CEM-002Cause & Effect Matrix

on request

BLR-IOL-003Instrument & I/O List

on request

BLR-ALP-004Alarm Philosophy

on request

BLR-OAM-005Operations & Maintenance Manual

on request

BLR-SAT-006Site Acceptance Test Procedure

on request

BLR-LGD-007Logic Diagrams

on request

BLR-NAD-008Network Architecture Diagrams

on request

BLR-STD-009Standards Compliance Register

view →

BLR-SEC-010Cybersecurity Specification

on request

BLR-HMI-011HMI Style Guide & Design Philosophy

on request

BLR-VVP-012Verification & Validation Plan

on request

BLR-DRP-013Disaster Recovery & Backup Plan

on request

BLR-TRN-014Operator Training & Competency Plan

on request

BLR-MOC-015Management of Change Procedure

on request

BLR-HZA-016Hazard Analysis & SIS Boundary

on request

BLR-AAR-017Alarm Rationalization Report

view →

BLR-BIB-018Standards & References Bibliography

on request

Proof of concept — ready for your plant

What this is. A fully realized proof of concept demonstrating KHouse Holdings' capability in industrial supervisory controls. The system was built end-to-end — from PLC ladder logic to web-based HMI to a complete 18-document ISA-aligned engineering package — as a reference implementation for dual-boiler plants with Autoflame™ MMM8002 controllers.

Customizable to your needs. Every plant is different. This proof of concept serves as the foundation for a version tailored to your specific configuration: different boiler counts, different BMS controllers (any Modbus®-RTU device with a documented register map), custom alarm priorities, plant-specific notification routing, integration with your existing SCADA or historian, and branding to match your organization. The engineering documentation package is regenerated for each customer engagement.

What you get. A turn-key supervisory monitoring system installed on your hardware, commissioned against your boilers, with operator training and a complete engineering documentation package. You own the resulting stack outright — no SaaS subscription, no outbound telemetry, no recurring license fees. Typical commissioning is one to two weeks on site.

Who it's for. Terminal operators, refineries, district energy plants, and industrial steam users looking to modernize operator visibility and add automatic failover without replacing certified safety equipment.

Why it matters

Drop-in above your existing BMS

Install over a plant that already has Autoflame™ MMM8002 controllers. No burner replacement, no controller swap, no certification overhead.

No SIS certification overhead

Formally bounded out of IEC 61511 scope per ISA-TR84.00.05. The supervisory layer cannot bypass any BMS safety interlock — derived in our Hazard Analysis, not asserted.

No commercial HMI license fees

Python® and FastAPI on the backend, plain HTML/CSS/JS on the frontend. The only commercial software needed is what you already own (Studio 5000® for the PLC).

Customer owns the stack

Runs on your own Linux® hardware (PC or Raspberry Pi 4+). No SaaS lock-in, no outbound data, no recurring subscription. Source visible, deployable in air-gapped plants.

Built on

Industrial-grade hardware paired with a modern open-source software stack. Every component is well-understood, replaceable, and documented in the engineering doc package.

Allen-Bradley® CompactLogix® 5069-L310ER5069-SERIALModbus® RTUAutoflame™ Mini Mk8 MM™ (MMM8002)Python® 3.14FastAPIpycomm3WebSocketSQLiteChart.jsNginx + TLSsystemdStudio 5000® v30+Linux®Belden® 9501

Want a version built for your plant?

This proof of concept demonstrates what's possible. KHouse Holdings will work with you to customize a version for your specific boilers, controllers, and operational requirements — then install, commission, and train your operators. First conversation is free and non-committal.

Discuss your requirements Read the full compliance register

Safety boundary. This system is supervisory monitoring only. It does NOT replace or modify the Burner Management System (BMS), which retains full authority over all safety interlocks per NFPA 85 and ASME CSD-1. The Autoflame™ Mini Mk8 MM™ (MMM8002) controllers are the certified BMS and perform all flame safety functions autonomously per their UL listing. The supervisory PLC cannot bypass any MMM8002 safety interlock. See BLR-HZA-016 Hazard Analysis for the formal SIS-boundary derivation per ISA-TR84.00.05.

Trademarks. Allen-Bradley®, CompactLogix®, Studio 5000®, and 5069-SERIAL are trademarks or registered trademarks of Rockwell Automation, Inc. Autoflame™, Mini Mk8 MM™, and MMM8002 are trademarks of Autoflame Engineering Ltd. EtherNet/IP™ and CIP™ are trademarks of ODVA, Inc. Modbus® is a registered trademark of Schneider Electric USA, Inc. Belden® and Belden 9501 are trademarks of Belden Inc. Linux® is a registered trademark of Linus Torvalds. Python® is a registered trademark of the Python Software Foundation. KHouse Holdings is not affiliated with, sponsored by, or endorsed by any of these companies. All trademarks are the property of their respective owners and are used here under nominative fair use solely to describe the compatibility and integration of the Boiler PLC supervisory monitoring system with the referenced equipment and protocols.