Safety-related

automation solutions

inprocess!
hima/process_automation

The safe decision.

 hima/process_automation

Every market, particularly the global process industry, is under ever-

increasing pressure from competition. Greater demand for cost-
effectiveness in the planning and operation of safety-related
applications combined with the need to adhere to new standards
such as IEC 61508/61511, prEN 50156, EN 61131 or ATEX are
pushing existing technologies to their limits. New approaches are
needed.

HIMA – the market leader in safety-related process automation

technology – has opened up a whole new world in terms of
performance, productivity, flexibility and cost-savings based on an
extended range of products and services. We have installed more
systems around the world than any other company and have over
35 years’ experience, so we know that cost-effective application
solutions can only be achieved by adopting a holistic approach
based on the entire life-cycle of an application.

In addition to system hardware and software, safety consulting,

project management, training and service are other essential
components of our Safety Element concept for automation processes.
HIMA’s global presence and experience with national and international
requirements and standards is the key to your success – and ours.
SAFETY
CONSULTING
Follow HIMA into a new age of safety-related process automation
and remain inprocess with our intelligent solutions.
PROJECT
PROJEKT-
MANAGEMENT HARDWARE

Photo: BASF
Safety
Element
SERVICE SOFTWARE

TRAINING
 hima/process_automation

The process industry

demands...
... value for money. This requires, in particular, smooth, uninterrupted
automation of those processes that present a high risk potential. To
protect people, the environment and equipment, safety systems are
used that now have to fulfill many more criteria other than simply
performing safety functions.

Safety. Safety systems always have to conform to the latest

standards such as IEC 61508, prEN 50156, EN 61131 or ATEX in
order to fulfil all the relevant statutory, normative and insurance
industry regulations. And not every safety system meets these
requirements.

Availability. If processes are to be cost-effective, then they must

run continuously. It is not acceptable for them to stop because of
errors in the safety system. The safety system’s fault tolerance is
therefore one of the most important characteristics for keeping the
process safe and available.

Cost saving. The start-up costs combined with reliability, main-

tenance and upgrade costs determine the cost-effectiveness of
a safety system. This requires high-quality systems with flexible
technology and appropriate services to reduce the overall life-cycle
costs.

Openness. The level of networking in automation solutions is

growing all the time. At the same time, there is a growing desire to
reduce the number of different bus systems. Simple integration of
components from various vendors requires automation systems
that are based on internationally-accepted communication standards.
Photo: BASF
 hima/process_automation

HIMA: intelligence
and concentration.
Concentrating on a target is one way to maximise performance.
HIMA became the technological leader in this segment decades
ago by specialising in safety systems. This leading position is
supported by 35 years’ experience and expertise gained from
installing more than 16,000 systems world-wide. Over this period,
companies in the process industry have learned to trust the proven
performance of HIMA technology.

HIMA products such as H41q/H51q, HIMatrix and Planar4 were

developed for different applications in order to meet customer
requirements and cost-effectiveness. The HIMA systems’ capacity
for communication and integration is just as important as their
flexibility when automating mono or redundant configuration system
architectures in small to large processes that are either centralised
or distributed.

At HIMA, customers’ requirements and the available technology are

combined to create intelligent solutions that both fulfil the conventional
needs of the process industry and offer a firm basis for potential
added value.

All HIMA systems can be

used in mono-configu- HIMatrix controllers and H41q/H51q systems are
The HIMA H41q/H51q
rations up to SIL 3/AK 6, safeethernet: the fastest the first 2oo4D/QMR
systems have the lowest
thus offering consider- safety system and safety systems in the world with
probability of failure of
able potential savings
all safety systems * bus in the world IEC 61508 certification * Calculations based
compared to 2oo3/TMR
systems. on IEC 61508

➔ 1970 ➔ 1986 ➔ 1991 ➔ 1997 ➔ 1997 ➔ 2002 ➔ 2003

The world's first TÜV- The world's first TÜV- The world's first TÜV- The world's first TÜV-approved The world's first TÜV- The world’s first TÜV-approved PES with The world’s first TÜV-confirmed
approved safety system approved PES approved reverse compiler redundant 2oo4D/QMR system approved safety-related safe communication via Ethernet for factory SIL calculation tool
Ethernet communication automation

H41q/H51q HIMatrix Planar4 Support

 hima/process_automation

HIMA safety
technology.
All HIMA systems offer maximum safety. Intelligent diagnostic routines 1. Diagnostics Openness in communication creates independence. As the primary
A complete, automatic dia-
combined with integrated dual processor technology on the other gnostic check takes place
monitoring system, safety systems necessarily have to exchange
allow the H41q/H51q and HIMatrix system families to be used during every HIMA system data with many other systems. To ensure long-term cost-effectiveness,
work cycle. Errors are identi-
in mono-configurations for applications up to IEC 61508/DIN 19250 fied and isolated quickly and
HIMA has always embraced from the concept of integration based
to SIL 3/AK 6 without time limits or regular checking. The same reliably. on open and internationally-accepted communication standards
applies to Planar4 systems, but in this case up to SIL 4/AK 7. such as OPC, Profibus or MODBUS.
2. Dual processor
HIMA systems have dual
processors on every CPU. Both
If we compare HIMA safety technology with that of 2oo3/TMR The benefits of open communication compared to vendor-specific,
processors are constantly
systems, we find a number of economic advantages in addition to checked at nanosecond inter- proprietary protocols and technology are obvious: from the reduced
vals by a safety-related hard-
the safety benefits. 2oo3/TMR systems only achieve safety through costs and risks of integration, consistent data organisation and
ware comparator. This inhe-
a triplicated structure. All calculations have to be carried out 3 times rent redundancy allows HIMA transparency through to a reduction in the variety of buses and the
systems to meet requirements
and the results then have to be compared with one another associated engineering, maintenance and training.
up to SIL 3/AK 6 in a mono-
(so-called voting systems). The system is not safe unless there is configuration.
absolute agreement between them. While HIMA systems offer In addition to the main requirements for safety systems, each
3. Degradation
maximum safety with a mono-configuration, 2oo3/TMR systems In contrast to the 2oo3/ TMR individual application has further specific requirements in terms of
require triplicated architecture – which is a considerable disadvantage systems, redundant 2oo4D/ safety, availability and flexibility. The following examples document
QMR systems can continue to
in terms of cost. operate without limitation how all the leading companies in the process industry worldwide
after an internal system error use tailored HIMA safety technology.
occurs.
In addition to safety, the fault tolerance also guarantees cost-
effectiveness. A redundant structure is only required in HIMA systems
to increase the fault tolerance and thus the availability of processes.
In contrast to conventional 2oo3/TMR systems, redundant
2oo4D/QMR systems can continue to operate without limit in the
event of an error. Production processes are therefore safe, available
and cost-effective.

Error-free First Second

operation error error

H41q/H51q HIMatrix Planar4

2oo3/TMR 3 2 0
Shut-down Shut-down
after a time limit
has elapsed Agip · Aventis · BASF · Basell · Bayer · BAYERNOIL · Borealis · BP Amoco · BSL Olefin Group · Celanese
Chemopetrol Litvinov · Clariant · Crompton · Degussa · Deutsche BP · Dillinger Steelworks · DSM · Elf Atochem
EVC · ExxonMobil · Finnish Railways · GPIC · HOLBORN EUROPA REFINERY · Hoffmann-La Roche · ICI · IFFCO

2oo4D/QMR 4 2 0 INEOS Phenolchemie · INFINEUM · ISAB Energy · KOC · Lonza · MERCK · MIRO · MRPL · NAM · OMV · PCK · PDO ·
Operation con- Safe Peroxid Chemie · PETRONAS · PIDEC · Qatar Petrochemicals · RUHR OEL · SASOL · SCHERING
tinues without status
limit Shell & DEA Oil · SKW · Statoil · Thai Petrochemical · TOTAL · TVK · Wacker Chemie

Behaviour in the event of an error at the CPU level

H41q/H51q HIMatrix Planar4 Support

 hima/process_automation/h41q_h51q

Complex
applications:

Automation processes in the chemical and petrochemical industries ➔ Safety-related networking of several systems, even over long
are generally highly complex and have many potential hazards. They distances
also have to operate without interruption if they are to be cost- ➔ Absolute conformity of all system components with the latest
effective. The safety systems currently used include: standards, such as IEC 61508, in response to normative, statutory
and insurance industry conditions
➔ Emergency shut-down systems (ESD) ➔ Compliance with application-specific standards such as:
➔ Burner management systems (BMS) NFPA 72 for F&G systems, prEN 50156 for BMS systems, ATEX
➔ Fire and gas systems (F&G)
➔ High-integrity pressure protection systems (HIPPS) The H41q/H51q system family is the ideal solution for such
applications – and has proven its worth over the years.
These systems have to fulfil a number of important requirements:

➔ Centralised automation of large numbers of I/Os

➔ Redundancy concepts that maximise the safety system’s fault
tolerance and therefore the availability of the production process
➔ Ability to process a large and varied number of I/O signals
➔ Easy to link to commonly used control and visualisation systems Reference projects
➔ Replacement of defective modules during operation Project Customer Country Application Number of I/Os
➔ Software upgrades carried out online
SECCO BP China ESD 11.984
➔ Low maintenance costs
➔ Monitoring for open and short circuits Gas drilling
South Pars 6, 7, 8 NIOC Iran ESD, F&G, HIPPS 10.168

Refinery Midor Egypt ESD, BMS 6.300

Refinery PCK Schwedt Germany ESD, BMS 5.500

Ammonia/methanol Sirte Oil Company Libya ESD, BMS 3.500

IGCC Plant ISAB Energy Italy ESD, F&G 3.500

Polyethylene plant Atofina, Carling France ESD, F&G, BMS 3.500

Gas drilling and

preparation/onshore SANTOS Australia ESD, F&G, BMS 3.000

Mars project Shell Chemie, Moerdijk Netherlands ESD, F&G 3.000

Gas drilling
Cawthorne phase 1 Shell Nigeria Nigeria ESD, F&G 2.834

Fertiliser production ABF Malaysia ESD 2.295

GL4Z Sonatrach, Arzew Algeria BMS 1.200

H41q/H51q HIMatrix Planar4 Support

 hima/process_automation/h41q_h51q

Complex
applications with
H41q/H51q systems. I/O
Input module

Diagnosis

CPU
The H41q/H51q systems were the world’s first safety systems to µP1 µP2 The combination of scal-
use the HIQuad technology developed by HIMA. This 2oo4D/QMR
CU 1
able availability at the I/O
architecture were introduced as the existing safety technology based Output module level and/or CPU level with
maximum safety at all
on dual or 2oo3/TMR systems had reached their limits of performance
times allows the system to
and cost-effectiveness. MS system
be precisely matched to
the economic and tech-
The H41q/H51q systems now offer for the first time the option of I/O
nical needs of the appli-
using mono-configuration systems up to SIL 3/AK 6. Since maximum cation concerned.
HIQuad Technology is a Diagnosis Diagnosis
safety is always guaranteed, redundancy can be tailored exactly to Scalable

DPR

DPR
2oo4D/QMR (Quadruple Modular
µP1 µP2 µP1 µP2
match the economic and technical needs of the application Redundant) architecture developed 2oo4D MS system
concerned, while providing the optimum combination of safety and by HIMA to meet the needs of availability CU 1 1oo2 1oo2 CU 2
Universal mono-con-
the process industry. HIQuad figuration safety up to
availability.
Technology is characterised by SIL 3/AK 6.
dual processors on every CPU. Maximum economy -
HS system
These systems now lead the field in safety technology: IEC 61508 minimum hardware.
calculations show that H41q/H51q systems have the lowest Both processors are constantly
checked at nanosecond intervals
probability of failure of all safety systems and are the first IEC 61508- by a safety-related hardware HS system
certified 2oo4D/QMR systems in the world. comparator, fulfill requirements Second CPU, creating a
Diagnosis Diagnosis
2oo4D/QMR structure for

DPR

DPR
up to SIL 3/AK 6 with a mono-
µP1 µP2 µP1 µP2
configuration. 2oo4D maximum availability and
CU 1 1oo2 1oo2 CU 2
fault tolerance centrally.
With a redundant architecture,
communication to the second
HRS system
CPU is established via fast dual-
port RAM (DPR), and results in
HRS system Total redundancy of CPUs,
a 2oo4D/QMR architecture. I/O bus and I/O modules.
Overview of the benefits Maximum availability and
➔ Mono-configuration SIL 3/AK 6 fault tolerance across the
➔ Maximum fault tolerance entire system.

➔ Flexible redundancy management

➔ Comprehensive and proven range of I/Os
➔ Modules can be replaced online
➔ Programs can be upgraded online
➔ Easy to integrate
➔ Safety-related networking over
safeethernet
➔ Drag&drop engineering

H41q/H51q HIMatrix Planar4 Support

 hima/process_automation/h41q_h51q

Complex by HIMA

applications with ELOP II

H41q/H51q systems.
Integration. The ease with which H41q/H51q systems can be ELOP II - The efficient engineering tool
integrated into all leading control systems is based on international ➔ Straightforward planning, programming,
communication standards such as OPC Data Access, OPC diagnostics and system and communication
documentation
Alarm&Event, Profibus DP and MODBUS RTU. The time stamps
from the HIMA systems are transferred both via the OPC Alarm&Event ➔ IEC-61131-3-compliant
server and via MODBUS RTU. ➔ Easy to program with function block diagrams
(FBD) and sequential function charts (SFC)

Safety-related networking. The H41q/H51q systems can be ➔ Windows NT/2000-compliant

networked in a safety-related way using safeethernet (standard ➔ Full-graphics programming with drag&drop
Ethernet) or HIPRO-S (RS 485) in order to construct safe, distributed functionality

applications. Safety networks up to SIL 3 with transmission speeds ➔ Can be operated safely without any need for
special hardware or safety expertise
of up to 100 Mbit/s can be implemented using standard Ethernet
components. ➔ Function blocks with TÜV certification.
➔ Use of all IEC 61131-3 functions and variable
types for safety-related programs
➔ Offline simulation of all functions
➔ Online logic test

H41q/H51q systems
· Proven 19" technology
· Compact H41q systems:
up to 208 I/O points
· Modular H51q systems:
208 or more I/O points
· Use of the same
Satellite
I/O modules
· Use of the same
programming system
Satellite antenna Satellite antenna
Photo: BASF
ISDN modem SIL 3/AK 6 ISDN modem

Radio modem Radio modem

Fibre Optic Fibre Optic

Ethernet Ethernet

H41q
H51q
 hima/process_automation/h41q_h51q
hima/process_automation/h41q_h51q

Complex
applications with ➔ Modular power supplies

H41q/H51q systems. Input voltage 230 or 115 V AC

Output voltage 24 V DC, 40 A
and 48 V DC, 20 A
Redundant operation is possible
Integration. The ease with which H41q/H51q systems can be Configurable
Konfigurierbare
Konfigurierbare availability
Verfüg-
Verfüg- SIL
SIL Kommunikations-
Communication Programming
Programmier- Protocols
Protokolle Note
Bemerkung
for
barkeit
constant bei safety
konstanter CPUs
Zentralbaugruppen
Zentralbaugruppen SIL Kommunikations-
Schnittstellen
interfaces
Schnittstellen
Programmier-
Schnittstellen
interfaces
Schnittstellen
Protokolle Bem
integrated into all leading control systems is based on international barkeit bei konstanter
Distribution fuse-board ➔ Sicherheit.
Sicherheit. CPU
CPU
CPU F8650E
F8650E
F8650E 333 222 Yes
ja
ja MODBUS,
MODBUS,
MODBUS, CPUs
CPU für
CP forH51q
H51qmit
each
je 1with
Mbyte
1 MB
Anwender-,
user,
communication standards such as OPC Data Access, OPC 18 circuit breakers slots, total master/slave,
Master/Slave,
Master/Slave, operating
Betriebssystem-
Be system und
and Datenspeicher
data memory
The H41q and H51q system HIPRO-S/N-slave
HIPRO-S/N-Slave
HIPRO-S/N-Slave
Alarm&Event, Profibus DP and MODBUS RTU. The time stamps current up to 150 A
Closed-circuit current families
Die use the
Die Systemfamilien
Systemfamilien H41q
H41q same
und
und F8652E
F8652E
F8652E 333 222 Yes
ja
ja MODBUS,
MODBUS,
MODBUS, CPUs
CPU für
CP forH41q
H41qmit
each
je 1with
Mbyte
1 MB
Anwender-,
user,
from the HIMA systems are transferred both via the OPC Alarm&Event monitoring loop ➔ Central subrack
extensive
H51q nutzenrange
H51q nutzen das gleiche
das of um-
gleiche I/O
um-
master/slave,
Master/Slave,
Master/Slave,
HIPRO-S/N-slave
HIPRO-S/N-Slave
HIPRO-S/N-Slave
operating
Betriebssystem-
Be system und
and Datenspeicher
data memory

server and via MODBUS RTU. modules.

fangreicheThis
fangreiche allows them
E/A-Baugruppen-
E/A-Baugruppen-
High-redundant CPUs Communication
Kommunikations-
Kommunikations- F8621A
F8621A
F8621A 333 222 Yes
ja
ja MODBUS-slave,
MODBUS-Slave,
MODBUS-Slave, RS485
RS485-Schnittstellen
RS interfaces
in 2oo4D/QMR configuration to be individually
Spektrum.
Spektrum. Auf diese
Auf matched
diese Weise
Weise modules
baugruppen
baugruppen HIPRO-S/N-slave
HIPRO-S/N-Slave
HIPRO-S/N-Slave

Safety-related networking. The H41q/H51q systems can be to

wird
wird application-specific
eine individuelle
eine individuelle Anpas- re-
Anpas- F8627
F8627
F8627 3*
3*
3* 111 --- OPC
OPCDA,
OPC
OPC
DA,
DA,
OPCA&E,
A&E,
100
100Base-T,
10 Base-T,RJ45
RJ45-Schnittstelle
interface
Communication modules for OPC A&E,
networked in a safety-related way using safeethernet (standard quirements,
sung an
sung an die and makes
die applikations-
applikations- safeethernet
safeethernet
safeethernet
safeethernet/Ethernet/Profibus/
upgrades,
spezifischenobtaining spare
Anforderungen F8628
F8628
F8628 000 111 --- Profibus-DP
Profibus-DP-Slave
slave
Profibus-DP-Slave
Ethernet) or HIPRO-S (RS 485) in order to construct safe, distributed MODBUS spezifischen Anforderungen
applications. Safety networks up to SIL 3 with transmission speeds
I/O subrack ➔ parts,
ermöglichttraining
ermöglicht und die
und andErweiter-
die docu-
Erweiter-
I/O
E/A-Karten
modules
E/A-Karten SIL
SIL
SIL Channels
Kanäle
Kanäle LB/LS
LB/LS
LB/LS Ex
Ex
Ex Note
Bemerkung
Bem
mentation
barkeit, Ersatzteilhaltung,
barkeit, much easier.
Ersatzteilhaltung,
of up to 100 Mbit/s can be implemented using standard Ethernet Various analog and
Input
Eingangskarten
modules F3236
F3236 333 16
16 --- --- Contacts,
Kontakte, 11 signal
Signal24
24VVDC
DC
digital I/O modules Schulung und
Schulung und Dokumentation
Dokumentation Eingangskarten F3236 16 Ko
components. digital
digital
digital
erleichtert.
The use of I/O modules with
erleichtert. F3240
F3240
F3240 333 16
16
16 --- --- Contacts,
Kontakte, 11 signal
Ko Signal110
110DC/127
DC/127VVAC
AC
Special I/O modules integral Ex separation elimi- F3248
F3248
F3248 333 16
16
16 --- --- Contacts,
Kontakte, 11 signal
Ko Signal48
48VVDC
DC
for (Ex)i signals nates a complete
Der Einsatz
Einsatz cabinet
von EA-Karten
EA-Karten mit
Der von mit Input
Eingangskarten
modules
Eingangskarten F3237
F3237
F3237 333 888 Yes
ja
ja --- SN-,
SN-,NAMUR
SN NAMUR-Initiatoren,
initiators,

Counter modules
level.
integrierter Ex-Trennung
integrierter Ex-Trennung spart spart Initiator
Initiator
Initiator wired
beschaltete
bes contacts
Kontakte
F3238
F3238
F3238 333 888 Yes
ja
ja Yes
ja
ja SN-,
SN-,NAMUR
SN NAMUR-Initiatoren,
initiators,
eine komplette
eine komplette Rangierebene.
Rangierebene. wired
beschaltete
bes contacts,
Kontakte,
8 DU wide,
8 TEATEX
breit, ATEX
I/O modules with The new F3349 module
Input
Eingangskarten
modules
Eingangskarten F6214
F6214
F6214 333 444 Yes
ja
ja --- Current,
Strom, Spannung,
Str voltage,
open/short-circuit monitoring allows
Die neueshut-down
neue Baugruppe channel-by-
F3349
Die Baugruppe F3349 analog
analog
analog integrated
integrierte transmitter
inte Transmitterspeisequellen
supply sources
channel.
ermöglicht
ermöglicht If one
einechannel
eine fails,
kanalweise
kanalweise F6217
F6217
F6217 333 888 Yes
ja
ja --- Current,
Strom, Spannung
Str voltage
I/O modules for
only this channel
Abschaltung. is eines
Der Ausfall
Ausfall shut
eines F6221
F6221
F6221 333 888 Yes
ja
ja Yes
ja
ja Current,
Strom, Spannung,
Str voltage, ATEX
ATEX
various signal voltages Abschaltung. Der
down.
KanalsAll
Kanals thenur
führt
führt others
nur zur Abschal-
zur continue
Abschal- Output
Ausgangskarten
modules
Ausgangskarten F3325
F3325
F3325 333 666 --- Yes
ja
ja Ex
Ex-Transmitterspeisebaugruppe
Ex- transmitter supply module
digital
digital
digital for
fürF6221,
für F6221,ATEX
ATEX
to
tungwork
tung without
dieses
dieses failure,
Kanals,
Kanals, die which
die fehler-
fehler- F3330
F3330
F3330 333 888 --- --- 24
24VVDC
24 DCto
bis0,5
0,5AA
increases
freie process
freie Funktion
Funktion deravailability.
der restlichen
restlichen F3331
F3331
F3331 333 888 Yes
ja
ja --- 24
24VVDC
24 DCto
bis0,5
0,5A A
Kanäle wird
Kanäle wird nicht
nicht beeinflusst,
beeinflusst, F3333
F3333
F3333 333 444 --- --- 24
24VVDC
24 DCto
bis2 2AA
damit steigt
damit steigt diedie Prozess-
Prozess- F3334
F3334
F3334 333 444 Yes
ja
ja --- 24
24VVDC
24 DCto
bis2 2AA

verfügbarkeit. F3335
F3335
F3335 333 444 --- Yes
ja
ja 24
24VVDC,
24 DC,ATEX
ATEX
Satellite verfügbarkeit.
Standards/testing principles F3348
F3348
F3348 333 888 --- --- 48
48VVDC
48 DCto
bis0,5
0,5AA
F3349
F3349 333 888 Yes
ja --- 24
24VVDC/48
DC/48VVDC
DCto
bis0,5
0,5A A
➔ IEC 61508 to SIL 3, DIN V 19250 NEW! F3349 ja 24

Output modules F6705 3 2 - - Current

Satellite antenna Satellite antenna to AK 6, EN 954-1 to category 4 analog
Photo: BASF
ISDN modem SIL 3/AK 6 ISDN modem
➔ prEN 50156, NFPA 8501, NFPA 8502 Special
Sonderkarten
modules
Sonderkarten F3430
F3430
F3430 333 444 --- --- Relay
Relaisbaugruppe,
Re module,
Radio modem

Fibre Optic
Radio modem

Fibre Optic
➔ EN54-2, NFPA 72
F5220
F5220 33 22 Yes
ja --
110
110VVDC/250
Counter
DC/250VVAC
Zählerbaugruppe
ACto
bis4 4AA
module initiator,
Initiator,5 5V VDC,
DC,
Ethernet Ethernet
➔ EN61000, EN 50082-2, 24
24VVDC
DCto
outputs
Ausgänge
bis1 1MHz,
24 24
V DC
MHz,2 2integral
V DC
to 0,5
integrierte
bis A0,5 A
digital
digitale
EN 50081-2, EN 61131-2
F6220
F6220 33 88 Yes
ja Yes
ja Ex
Ex-Thermoelementbaugruppe,
thermocouple module, ATEX ATEX
➔ ATEX 94/9/EG, EN 1127-1,
**ininconjunction
Verbindungwith
mit sicherheitsgerichtetem
safety-related protocol Protokoll
EN 61508
H41q ➔ Factory Mutual (FM), CSA, GOST R
H51q

H41q/H51q HIMatrix Planar4 Support

 hima/process_automation/himatrix

Photo: UMAG

Mono-configuration
applications:

There are whole ranges of safety applications that do not need It is important for safety-related automation systems to be easily
redundant safety systems, either because process availability is linked to the commonly available control and visualisation systems.
non-critical or because the necessary redundancy already exists
within the process. Typical applications include: To guarantee maximum flexibility of the system for networked appli-
cations, a variety of different transmission media have to be used
➔ Safety-related telecontrol systems for pipelines for safety-related data transmission.
➔ Distributed automated pharmaceutical applications
➔ BMS solutions for single and multi burner systems With the HIMatrix systems and safeethernet, HIMA offers a
➔ Distributed, safety-related fire and gas systems combination of the fastest safety controller available with the fastest
➔ Turbine control safety bus in the world. This forms the basis for new and cost-
➔ Wellhead control effective safety solutions for mono-configuration applications.

These applications place special requirements on safety systems,

including the possibility of implementing powerful, safety-related
distributed applications and very fast response times, in both individual
PESs and safety-related networked systems.

When just a few safety-related I/Os are used, cost-effective solutions

are required. These must offer greater flexibility compared to
conventional relay-based technology. An extremely compact, space-
Reference projects
saving arrangement is a must in this context. Project Customer Country Application

Darwin LNG Phillips Petroleum Australia BMS

Safety systems are subject to a whole range of standards, so it is
extremely important that all system components conform to the Burner controller Gyproc Belgium BMS
latest standards, such as IEC 61508, and fulfil the application-
specific standards. Pharma/batch processes Boehringer Ingelheim Germany ESD

Access control Glaverbal France Interlock

Gas storage Air Liquide Italy ESD

Wellhead control Swift Energy New Zealand ESD, F&G

Burner controller New Zealand Gas Corporation New Zealand BMS

Pipeline Zeton B.V. Netherlands ESD

Gas storage Air Liquide Spain ESD

Gold Mine/Minewinder Placer Dome South Africa ESD

H41q/H51q HIMatrix Planar4 Support

 hima/process_automation/himatrix

Mono-configuration
applications with
HIMatrix systems.
The safety-related controllers and remote I/O modules from the ELOP II Factory –
HIMatrix series were designed especially for time-critical applications the efficient engineering tool
with no redundancy requirements. This special version of the proven ELOP II offers
the following advantages:
The performance, compactness and ease of assembly provide
➔ Straightforward planning, programming,
solutions for applications in which the use of safety controllers used diagnostics and system and communication
to be technically impossible or was ruled out on cost grounds. documentation
➔ IEC 61131-3-compliant
The extensive range of hardware and the safety-related networking
➔ Easy to program with function block diagrams
of systems over safeethernet allow them to be matched exactly safeethernet (FBD) and sequential function charts (SFC)
to the plant structure. Based on standard Ethernet
technology and with TÜV ➔ Windows NT/2000-compliant
certification, safeethernet
safeethernet can be used to create distributed, safety-related ➔ Full-graphics programming with drag&drop
speeds up the transmission functionality
automation concepts using standard Ethernet components and of safety-related data to 100
functionality. Safety-related communication can be integrated into Mbit/s, and can therefore be ➔ Can be operated safely without any need for
existing Ethernet networks. There is no need to install a separate used to build powerful, dis- special hardware or safety expertise
safety bus. tributed safety applications. ➔ Automatic network configuration (plug&play)
➔ System based, central programming via
Structures with either centralised or decentralised distributed
intelligence can be implemented, and have a number of advantages: HIMatrix safeethernet
➔ Function blocks with TÜV/BG certification
availability upon demand, step-by-step planning and commissioning,
➔ Use of all IEC 61131-3 functions and variable
less wiring required, and all HIMatrix systems can be configured types for safety-related programs
and monitored from each individual system.
➔ Offline simulation of all functions
➔ Online logic test

Overview of the benefits

➔ Certified to SIL 3, AK 6, Cat. 4, IEC
61508, IEC 61131, prEN 50156, EN
954, DIN V 19250, NFPA, ATEX
➔ Can be used in Ex zone 2
➔ Response time < – 20 ms
➔ Cycle time for 1 K program approx.
0.02 ms
➔ Communication via safeethernet,
Profibus, OPC DA, MODBUS
RTU/TCP, Siemens Send&Receive

H41q/H51q HIMatrix Planar4 Support

 hima/process_automation/planar4

Applications
to SIL 4/AK 7:

The primary applications for hard-wired safety-related controllers Hard-wired systems must guarantee that all system components
are automated processes that represent an extremely high potential conform absolutely to standards such as IEC 61508, NFPA 72 and
risk to people, equipment and the environment and for which safety prEN 50156 in order to meet normative, statutory and insurance
is the highest priority. conditions. Additional redundancy concepts are needed to increase
availability. Other basic requirements are ease of connection to
SIL 4/AK 7 requirements can be found in the following typical commonly available control and visualisation systems and the option
applications: of monitoring for open and short circuits.

➔ High-integrity pressure protection systems The HIMA Planar4 system is the only safety system that
➔ Emergency stop systems on drilling platforms IEC 61508 allows to be used up to SIL 4/AK 7.
➔ Extremely time-critical safety circuits
➔ Primary cut-out systems

The application-specific programming for these systems is hard-

wired, rather than carried out via the software making it very robust.
Once installed, these processes will run for years without modification.
They are also known as ”fit and forget” systems.
Reference projects
Project Customer Country Application

Pipeline Air Liquide Belgium ESD

FPSO/drilling platform CNOOC China HIPPS

Oil pumping Conoco Indonesia HIPPS

South Pars 1
Offshore NIOC Iran HIPPS

HDPE plant, Marapol Marun Petrochemical Company Iran ESD

Chlorine electrolysis NAM Netherlands HIPPS

Forcados Yokri/Estuary Shell/SPDC Nigeria ESD, F&G

Gullfaks A/C drilling platform Statoil Norway HIPPS

Troll drilling platform Statoil Norway HIPPS

Tune drilling platform Norsk Hydro Norway HIPPS

LDPE Borealis Austria ESD, Interlock

H41q/H51q HIMatrix Planar4 Support

 hima/process_automation/planar4

Applications
to SIL 4/AK 7 with Input modules Logic modules
Planar4 systems. Modules for proximity switches
(including (Ex)i) with line monitoring
& AND element

The Planar4 system was developed especially for applications with

≥1 OR element
safety requirements up to SIL 4/AK 7, and is the only system in the
world that may be used up to SIL 4 in conformity with IEC 61508.
Output modules
& 1 Blocking element
Only the hard-wired system from HIMA integrates inputs, logic Modules with prelogic, short-
circuit-resistant 3 W, 24 W and
processing and outputs on every module. The application-specific
60 V/24 W outputs
programming of the Planar4 system is carried out using various ≥2 2of3 selection
wiring techniques such as solder, Termipoint or Wire Wrap on the
backplane bus board. This greatly reduces the engineering complexity Timer function
and the amount of wiring involved. Limit minitor
0 ... 20 mA, two channels,
Other modules
The Planar4 systems are the first hard-wired systems with integral each with two limit values
diagnostics and communication capability. The diagnostics ensure Fuse group with monitoring

rapid error signalling and easy trouble-shooting – even for untrained

Communication module,
personnel. An efficient remote diagnostic system can be created Relay amplifier reset module
when combined with the communication options. &
Relay amplifier with prelogic and
monitored output fuses.
Switching voltages 24 V, 48/60 V, RS 485 (MODBUS, Profibus DP)
Input and output statuses, limit and time values can be transferred Ethernet (OPC)
110/127 V, 220/230 V
via OPC DA, Profibus DP or MODBUS to control and visualisation
systems. OPC Alarm&Event can also be used to transfer events,
i.e. HIMA signals with time stamp.

All Planar4 modules can be used in a redundant structure in order

Planar4
to increase availability.

Overview of the benefits

➔ Can be used for SIL 4/AK 7
Figure: BASF ➔ MTBF > 200 years
➔ Switching time 2–10 ms
➔ Scalable redundancy
➔ Communication via OPC,
Profibus DP, MODBUS
➔ Monitoring for open and short
circuits
&
DCM Communication
BUS ➔ Space-saving 19" technology
= Monitoring
Ready Error

Function Diagnostics- and Communication Module

Integrated diagnostics
and communication capability

H41q/H51q HIMatrix Planar4 Support

 hima/process_automation/iec_61508

Safety life-cycle
support.
Production processes can only be guaranteed to be cost-effective Life-cycle The holistic approach on which IEC 61508 is based corresponds
and safe if we consider the entire life-cycle of a plant. This approach of a plant: entirely to the HIMA philosophy of providing comprehensive safety
is reflected in the new IEC 61508 standard, which does not simply in automation technology. This philosophy is expressed in the safety
relate to individual components of safety-related automation. It also Concept and element model.
considers the comprehensive structure of a safety loop – from the design
initial concept through to decommissioning of the plant. In addition to superior hardware and software, safety consulting,
Basic and project management, training and service are other essential
New requirements have to be placed on the project management, detailed engineering components of our concept of the HIMA Safety Element.
hardware and software, training, documentation and servicing to
ensure that a plant conforms to standards, and then to run it cost- System integration It is the interaction between these dimensions that creates complete
effectively. application solutions from safety systems, sensors, actuators,
FAT/SAT integration concepts, tested interfaces and off-the-shelf function
In this respect, operators, contractors and system integrators require blocks.
much more than just hardware and software from the suppliers of Installation and
safety systems. They now need comprehensive support from skilled commissioning With the Safety Element, HIMA can offer safety life-cycle
contacts during every phase of the project – both locally and world- support – world-wide.
wide. Operation and
maintenance
The process industry demands advice at the process design stage,
support for selecting the right safety strategy/systems and Modification and
instrumentation and access to experience and expertise. upgrade
SAFETY
Decommissioning CONSULTING

PROJECT
MANAGEMENT HARDWARE

Safety
Figure: BASF
Element
SERVICE SOFTWARE

TRAINING

H41q/H51q HIMatrix Planar4 Support

 Fax response
I would like to know more about the HIMA range of products
and services. Please send me more information on the following
hima/process_automation/safety_element topics:

H41q/H51q ELOP II Planar4

IEC-61508-conformity HIMatrix ELOP II Factory SILence

with the Communcation and Training programme Services

Communication
Safety Element. Integration

Safety Safety Consulting. Advice on the safety aspects of plant planning I have a specific question.
Consulting guarantees significant cost benefits, even at the very early stages.

Hardware This advice naturally incorporates all the questions associated

with safety standards compliance and the consequences of not
I would like to arrange a date for a presentation.

doing so.
The world’s first TÜV-con- Please call me back on________ at_______.
firmed SIL calculation tool
Project management. The IEC 61508-compliant project according to IEC 61508
Further information on these topics can also be found at www.hima.com.
management system comprises international project coordination allows you to automatically

Software and implementation by qualified local contacts, from the tendering

phase right through to commissioning. Using intelligent tools such
calculate the PFD, PFH,
SFF and MTTF values of
entire safety loops using
as project-specific databases, systematically-created hardware and drag&drop.
Company
software typicals and engineering with high-level understanding of
the process, HIMA can ensure that your projects will be completed
technically correctly, cost-effectively and on time. Name Title

Service. HIMA has a world-wide presence with its own Service Department/Position
Project Centres and experienced representatives, and can offer a 24-hour
management service in all the key regions of the world. Skilled employees are
Address
always available locally.
Training
Town, post code
Training. Individual project-specific training courses can be arranged,
Service in addition to courses in the basic principles. These can be held
either in one of HIMA’s training centres around the world or on the Telephone Mobile

customer’s premises.
Fax
With safety life-cycle support from HIMA,
you remain inprocess. E-Mail

Date and signature

HIMA
HIMA Paul Hildebrandt GmbH + Co KG
P.O. Box 1261 · 68777 Brühl
Telephone.: (+49 62 02) 7 09-0 · Telefax: (+49 62 02) 7 09-1 07
E-mail: [email protected] · Internet: www.hima.com

H41q/H51q HIMatrix Planar4 Support

 hima/process_automation/safety_element

IEC-61508-conformity
with the
Safety Element.
Safety Consulting. Advice on the safety aspects of plant planning
guarantees significant cost benefits, even at the very early stages.
This advice naturally incorporates all the questions associated
with safety standards compliance and the consequences of not
doing so.
The world’s first TÜV-con-
firmed SIL calculation tool
Project management. The IEC 61508-compliant project according to IEC 61508
management system comprises international project coordination allows you to automatically
and implementation by qualified local contacts, from the tendering calculate the PFD, PFH,
SFF and MTTF values of
phase right through to commissioning. Using intelligent tools such
entire safety loops using
as project-specific databases, systematically-created hardware and drag&drop.
software typicals and engineering with high-level understanding of
the process, HIMA can ensure that your projects will be completed
technically correctly, cost-effectively and on time.

Service. HIMA has a world-wide presence with its own Service

Centres and experienced representatives, and can offer a 24-hour
service in all the key regions of the world. Skilled employees are
always available locally.

Training. Individual project-specific training courses can be arranged,

in addition to courses in the basic principles. These can be held
either in one of HIMA’s training centres around the world or on the
customer’s premises.

96 9000055 0604 © by HIMA Paul Hildebrandt GmbH + Co KG

With safety life-cycle support from HIMA,
you remain inprocess.

HIMA
HIMA Paul Hildebrandt GmbH + Co KG
P.O. Box 1261 · 68777 Brühl
Telephone.: (+49 62 02) 7 09-0 · Telefax: (+49 62 02) 7 09-1 07
E-mail: [email protected] · Internet: www.hima.com

HIMatrix Planar4 Support