Debit Deltafluid
9 November 2018
HIMax ®
Nonstop safety for everyone
who thinks ahead
High plant productivity thanks to intelligent
safety solutions
Do you wish safety solutions that neither cause unscheduled
shutdowns and nor need to stop the plants for maintenance
works, changes or extensions? Do you think that safety systems
are neither supposed to limit the productivity of a system nor
to cause excessive and unnecessary investments?
Then you need intelligent safety solutions that both ensure
maximized safety and availability, and increase plant pro-
ductivity. These safety solutions can, for example:
Reduce lifecycle costs
Reduce investment costs
Minimize planning and operating failures
Reduce costs due to operating stops
HIMax will meet your expectations:
No compromises in safety!
No compromises in productivity
HIMax
Safety is a must. Productivity as well
HIMA. Safety. Nonstop.
It’s a philosophy more than 100 years in the making. It’s
built on HIMA’s singular focus on safety and is proven by
decades of technology breakthroughs. It represents our
commitment to providing maximum safety and uninterrupted
plant operations. Our goal isn’t just to design the world’s
best safety systems. It’s to help keep your business safe and
running. No shutdowns. No failures. Maximum uptime.
Maximum profitability.
Reference list
Excerpt from our customer list:
ABB, AKZO NOBEL, AMK, Angola LNG, BASF,
Bayer, BAYERNOIL, BP, Clariant, EnBW, ESSO,
Evonik, ExxonMobil, Henkel, HOLBORN, HP,
INEOS, INPEX, LANXESS, MAN, Metso, MIPRO,
MiRO, MOMENTIVE, OMV, PEMEX, Petrobras,
QATAR PETROCHEMICAL, RWE, Shell, TATA Steel,
TOTAL, Vattenfall, Vinnolit, YARA
3
HIMax — growing with the tasks
Nonstop SIL 3 safety for the process industry
HIMax solutions are used in the most various SIL 3 applications.
For instance:
Steam crackers
Polyethylene, polypropylene and PVC production plants
Fertilizer plants
Onshore/offshore facilities, platforms and FPSO
Pipelines
Tank farms and gas containers
Loading stations
Refineries
Combustion and power plants
Turbines and compressors
Batch operations
Others
Thinking ahead within the lifecycle
With HIMax, HIMA provides you not only the world’s leading
nonstop safety system, but also supports you simultaneously
with qualified, sophisticated and coordinated services for all
phases of the safety lifecycle.
4 5
HIMax — more margin for action
Major solutions
High-availability solutions with HIMax guarantee safe
and uninterrupted operation for every safety-critical
process in your facility. Emergency shutdown systems
(ESD), Fire & Gas systems or high-integrity pressure
protection systems (HIPPS) are but a few typical
applications.
Additionally, HIMax is the core element of the new com-
plete solutions developed for the process industry:
FlexSILon TMC for turbines and compressors
FlexSILon BCS for burner control and boiler
protection
FlexSILon PMC for the management of gas and
liquid fuel pipelines
HIMax provides the flexibility you need. Because
HIMax offers safe SIL and standard NonSIL modules.
In case of a safety related revalidation of a machine
you are able to substitude NonSIL for SIL modules
quickly and easily afterwards.
User-friendly features
How HIMax makes it easier for the user:
Automatic module detection
Fully integrated and protected power distribution eliminates
the need for external wiring
Fast implementation via HIMA SILworX, a user-friendly
software tool with an intuitive interface, self-documentation
and embedded version control
Accelerate start-up by building-up and testing the hardware
configuration without the application program (Loop
check mode)
Comprehensive diagnostics, automatic recording of
500/2,500 diagnostic entries on each module
Built-in user management for project- and system access
HART protocol support simplifies asset management
solutions
Multitasking affords interference free, parallel processing
of applications
Integrated version comparison provides exact and
graphical traceability of changes
Profitability on top
Buy only what you need. HIMax adapts to meet virtually
any application requirement.
HIMax can be your single platform for all I/O count,
response time and fault-tolerance requirements, as well
as centralized or distributed applications.
Save engineering time and costs using a flexible, intuitive
and easily adaptable platform.
HIMax integrates with any DCS that you use today or in
the future.
HIMax offers virtually unlimited expansion – hardware and
software changes can be performed on demand, without
interruption, for the full life cycle. Cabinet size is mini-
mised because there’s no need to allocate slots for spares.
Benefit from HIMax’s unprecedented performance and
system flexibility by integrating more I/Os or greater
application complexity per system.
HIMax is a cost-effective solution with different rack sizes
to match your physical space requirements.
No hidden software costs. With a SILworX ® software license,
you get a single intuitive software tool for all tasks.
Your advantage
Performing simulations with X-OTS, the HIMax safety
simulator, increases safety and enhances profitability.
Your advantage
User programs, system modules, racks and operating systems
can be extended or modified at any time without interrupting
the system or plant operation.
Your advantage
Application errors are dramatically reduced and valuable
time in the planning and installation phase is saved.
Learn more at our website
www.hima.com/X-OTS
Greater efficiency through simulation
The X-OTS HIMax Safety Simulator adds the aspects of
safety to the classical OTS (Operator Training System).
X-OTS is based on HIMA’s programming tool SILworX
and a corresponding number of extended soft PLCs. Each
HIMax controller will be simulated by one soft PLC. Up to 10
soft PLCs can be run on one PC (performance depending).
Application software can be checked in real
scenarios prior to commissioning, leading to shorter
commissioning times
Shorter commissioning times lead to an earlier
plant start up
Application software can already be optimized prior
to start up, leading to a higher plant efficiency
already at start-up (instead of optimizing in the
running plant)
Avoiding of plant trips by improved behaviour of
operators
6 7
HIMax — intelligent design
Flexible nonstop system solution
HIMax is a flexible SIL 3 platform designed for critical
production processes that can never afford to go down.
HIMax adapts to all I/O count, response-time and fault-
tolerance requirements as well as centralized or distrib-
uted applications. Yet it always delivers maximum plant
availability and future-proof flexibility.
Two different CPU modules with optimized performance
accordance with the required number of I/Os
XMR architecture: scalable redundancy for operation
in quad, triple (TMR), dual and single modes
Unlimited change and expansion of hardware and
software, including operating systems, while the
system is running
Multitasking operations: Separate applications indepen-
dently executed in the same processor module
Sophisticated mechanics
For the best possible handling:
Fully enclosed modules
Replace module without disturbing I/O or power wiring
All racks are panel mountable; the 15 slot is also available
for 19-inch rack installation
Fully integrated and protected power distribution
Two different field wiring options, i. e., direct wiring using
terminal strips or system cables on field termination
assemblies
Requirement based rack sizes
Three available rack sizes: 10, 15 and 18 slots
In case of using X-CPU 31, up to 4 slots can be used with
additional I/O or COM modules
1
2
3
15 slot rack
10 slot rack
ready!
18 slot rack
Modules
Rack
Wiring
Insert …
press …
9 9
Performance pays off
HIMax is the most powerful safety platform ever invented.
Its unprecedented performance is based on high-perfor-
mance components and smart system architectures.
Cycle time of 50 ms with 1,000 I/Os
(split 50% analog/digital)
Unlimited complex calculations
Impact of calculation of 1,000 PIDs on cycle time: 10 ms
Signal conditioning directly on I/O modules with no im-
pact on CPU performance
Up to 2,048 I/O s per cabinet
A system with up to 12,800 I/O s
Up to 200 I/O s in up to 16 racks per system
250 systems per network
Multitasking: Set fixed scan times for dedicated
applications
Sequence of event (SOE), 1 ms resolution quality
Online expandability
In case of expanding the update is written to a second memory
area, after which the system switches seamlessly to the update.
This method of intelligent memory management ensures that
the controller is always operational regardless of whether it is
mono or redundant. There is no limit to the number of times
a program can be reloaded during operation. Even operating
systems can be updated during operation.
I/O modules, their associated connector boards, base plates
and remote components can also be added during operation.
The same applies to new base plates and remote components.
All can be modified without having to stop the plant. Online
expandability of hardware and software guarantees maximum
flexibility during the entire life cycle.
Optimizing plant efficiency, e.g., using C code
New process optimization potential is opened up by integrating
mathematical and statistical models for dynamic process control
or by more frequent sampling of process values within the safety
system. Critical processes with continuously changing process
variable values can thus be run closer to the limit ranges. For
example: If the dynamic process value temperature in an
ethylene cracker can be kept 1 to 2 degree closer to the critical
limit, plant productivity increases considerably, while full process
safety and availability are maintained.
Self education
If the system diagnoses an internal fault, the module involved
can be replaced quickly during operation. Only a few moves
are required.
If a processor module is swapped, the new module is automati-
cally brought up to date with the currently operative modules.
The parameter setting and the user program are imported from
the functional processor module and then loaded.
“Self-education” has other benefits for the user:
Your inventory of spare parts will be smaller
You do not have to search for correct software versions
When replacing a processor module, you do not have to
connect a computer, which eliminates subsequent potential
fault causes.
HIMax
Unrivalled performance for nonstop operation
I/O points
1,000
50
2,000
10
ms
50
ms
100
ms
Cycle time
(Scan time) HIMax
Trip level
Time
Process
variable
Set point
1 11 10
CPU
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
no CPU needed
no CPU needed
no CPU needed
no CPU needed
Fully integration capable
HIMA continuously tests all options for integrating HIMax
in the leading control systems, thoroughly documents the
results and develops efficient, pre-tested configurations.
Irrespective of the process control system in use, the cus-
tomers will be able to fully benefit from all the advantages
offered by HIMax. DCS SIS integration is achieved through
high-capacity, cross-manufacturer communication stand-
ards. HIMA’s DCS specialists have the required integrations
know-how and make sure that all features wished by the
customers will be implemented:
Integration of alarms and events into the alarm
management of the DCS
Integration of faceplates for operating and monitoring
Transfer and visualisation of diagnostic data
Transfer and visualisation of process data and safety-
related locking states
Timestamp transfer
Maintenance overwrite switch (MOS)
Partial stroke test (PST)
Start-up bypass (SUB)
Multitasking for enhanced performance
HIMax can process or change up to 32 user programs simul-
taneously and independently and interference-free from
one another.
Each application with user-defined cycle time
Various applications/programs within a system are
possible, e.g., ESD, TMC, BCS, HIPPS or others
Even, e.g., C++ code and ESD
Time-critical and non-time-critical applications within
one system
Individual checksums for minimized certification efforts
Interference-free addition of applications
Each program with individual cycle time/scan time
Fixed cycle time possible for every application
Redundant networking via safeethernet
All of the necessary parameters such as IP address, network
mask, routes and standard gateway can be setup in accord-
ance with the Ethernet standard.
SIL 3
Data transmission at 1 GBit/s
Fast response times, even for networked applications
No limitations on physical separation
Use of standard Ethernet functionalities
Use of any transmission media
Networking of up to 255 systems in each project
Up to 64 connections (each up to 1100 Byte) between
two systems
Any infrastructure
Intelligent, diverse redundancy concepts and reload
functionality for uninterrupted system operation
Supported protocols include:
OPC DA and OPC A&E
Modbus TCP Master & Slave
Modbus RS485 Master & Slave
PROFIBUS DP Master & Slave
PROFINET IO Controller & Device
Send & Receive TCP
HART
ComUserTask, programmable protocols
Meaningful diagnostics
Stores up to 2,500 diagnostic entries in the processor
module and 500 entries per I/O module automatically
Maintenance log includes relevant information such as
reload, download, run, stop, force automatically
All diagnostic information can be transferred to the DCS
Condition monitoring, e.g., for relay modules
Proof test at any time without stops
In accordance with IEC 61508 and IEC 61511, all safety systems
must be subjected to proof tests at regular intervals to reliably
ensure compliance with the latest standards. With HIMax, test-
ing is done as required – with no need to stop the safety system.
HIMax
Engineered for flexibility and productivity
Redundant networking via system bus
Thanks to its remote rack functionality, HIMax offers the
widest range of remote/distributed SIL 3 solutions
Local solution within one rack
Distributed solution with racks connected with copper
cables and a maximum distance of 100 m between the
racks in a line
Distributed solution with racks connected with media
converters via fibre optics and a maximum expansion
of ~20 km in a line
Remote Rack functionality offers the ability to distribute
up to 16 racks of a HIMax system in free (e.g. star) topology.
The internal system bus can be used in a redundant manner
and at theoretical maximum distance of 10,000 km.
Remote Rack functionality enables faster reaction time
than distributed CPUs via safeethernet.
System bus with external switches
Max. rack distance: 10,000 km
Max. system expansion: 20,000 km
safeethernet on any Ethernet infrastructure
Virtually no limit in the expansion
ESD
HIPPS
TMC
BMS
…
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
12 13
Maximizing availability as needed
HIMax is designed to maximize plant availability and there-
fore improve productivity. Key to this promise is HIMax’s
revolutionary XMR architecture. XMR combines the best of
all existing safety architectures. As the X in “XMR” can
represent values from 1 to 4, HIMax offers unprecedented
levels of redundancy and fault-tolerance at constant maximum
safety (SIL 3).
The results are “available for life” safety solutions with no
single point of failure. Even multiple failures will not trigger
a shutdown. Replace the faulty module online – at any time
and without restrictions. HIMax need not be shutdown, even
when upgrading software or hardware, or performing main-
tenance.
XMR architecture
Moving beyond TMR fault tolerance and functionality
Control room
with a HIMax system
Remote location
with a fully redundant HIMax system
running the same application
1
2
3
4
X = 4
SIL = 3
X = 3
SIL = 3
X = 2
SIL = 3
X = 1
SIL = 3
Benefits Modes of operation Description Architecture
XMR
Modularity
An application that provides maximum
common cause hardware protection
and maximum availability.
A traditional architecture, also known
as TMR, which can provide similar
safety and availability characteristics as
X = 2. This application is offered for cus-
tomers who “require” TMR technology.
The most widely used safety archi-
tecture providing absolute safety and
availability.
The original safety architecture – used
wherever multiple process facilities
need protection without redundancy.
Quad inputs
Quad outputs
Quad CPUs
Triple inputs
Triple outputs
Triple CPUs
Dual inputs
Dual outputs
Dual CPUs
Single inputs
Single outputs
Single CPU
INPUT OUTPUT CPU
INPUT OUTPUT CPU
INPUT OUTPUT CPU
INPUT OUTPUT CPU
Protecting against common-cause failures
HIMax offers reliable protection against common-cause
failures through the physical separation of the redundant
system components. Supposing critical components of the
safety system fail in a control cabinet due to fire or water
damage, the redundant components located in another
control cabinet continue to operate, ensuring the system
complete functionality.
This results in enhanced availability, system runtime and
productivity.
14 15
SILworX highlights:
A single fully integrated software tool for all tasks
One licence for all functions
IEC 61131-3-compliant, supporting all functions and
variable types for safety-related programming
Flexible programming using function block diagrams,
sequential function charts
Supports reload funcitonality for hardware and logic changes
Project saved automatically each time it is loaded
Safe comparator for hardware and logic changes,
including detail view and Go to … functionality
Program validation inlcuding offline simulation, online test
Secure double code generation with code comparison
Monitored forcing of signals
Project-wide cross-references and navigation
Password protection for projects and controller access
ST (Structered Text)
Supports SOE programming
Supports multitasking for up to 32 independent programs
Hardware import/export via XML
Library including function blocks developed in accordance
with IEC 61511
C Code function block option
3
GUIDELINES
DNV Business Assurance
Management System Certification Mark
Guidelines > June 2011
01. Introduction. Communicate your
certification to the market
02. Basic design elements
03. Colours
04. Basic rules
05. Mark and inscription misuse
06. Distance and size
07. Use with accreditation marks
08. Marketing material and annual report
09. Website
10. Stands, buildings and signs
11. Stationary: letterhead
12. Stationary: envelopes, invoices
and fax sheets
13. Business cards
14. Vehicles
3. Colours
The management system certification marks
can be applied also in black and/or PMS 286.
Coloured background should be used
only with light colour (less 30% CMYK)
Examples of certification marks
Examples of inscriptions
For specific application on a dark background
the certification mark can be reversed.
Certification Mark
The certification mark colours are Blue
PMS 286 and Green PMS 370 and Black.
The certification mark should maintain
the original colour and preferably be set
on a white background.
Inscription
The inscription may be reproduced:
• in black or 80% black
• in two colours – the colours must be
those in the official artwork. For the
blue and green Pantone colours please
consult the colour references.
• in one colour (Blue PMS 286)
• in negative: white inscription
on a black background.
If translating the inscription into other
languages, the structure of the inscription
must remain unaltered.
Colour references
PMS 286
(CMYK for four colour printing:
100% Cyan, 60% Magenta,
0% Yellow, 0% Black)
RGB : R4 G52 B177
Web: 005EA8
The green in the DNV logo
and green lines is
PMS 370
(CMYK for four colour printing:
70% Cyan, 0% Magenta,
100% Yellow, 10% Black)
RGB : R78 G146 B0
Web: 4e9200
Blue PMS 286 and Green PMS 370 Blue PMS 286
100% Black 80% Black Negative on a dark background
HIMax module specifications
Compliance with all major standards
IEC 61508:2010, Part 1-7
IEC 61511:2004, Part 1-3
ANSI/ISA-84.00.01-2004
EN ISO 13849-1:2008 (PL e)
EN 62061:2005
EN 50156-1:2004
EN 12067-2:2004
EN 298:2012
EN 61131-2:2007
EN 61000-6-2:2005
EN 61000-6-4:2007 + A1:2011
EN 54-2:1997/A1:2006
EN 50130-4:1998-2003
NFPA 72:2010, 85:2011, 86:2011
EN 60079-15:2010 ATEX (Zone 2, T4),
IEC Ex (Zone 2, T4)
EN 50271:2010
EN 50495:2010
ANSI/ISA-S 71.04 Class G3 (Tropicalisation)
UL (UL 508)
cUL (CSA-C22.2 Nr. 142)
FM CLASS 1 DIV2
Achilles Level I Certification
EN 50126:1999 (SIL 4)
EN 50129:2003 (SIL 4)
EN 50128:2011 (SIL 4)
BUREAU VERITAS
DNV GL (DET NORSKE VERITAS)
Lloyd’s Register Type Approval
Russia EAC
ABS Design Assessment
Central modules Type Description
Processor module X-CPU 01 For high performance requirements and large safety applications, 4 x RJ-45
Processor module X-CPU 31 For smaller and mid-size safety applications, 4 x RJ-45
System bus module X-SB 01
Communication module X-COM 01 4 x RJ-45, 2 x 9-pole D-Sub, up to 6 different protocols
Input/output modules Type Description
Input modules
Digital input module X-DI 64 01 64 channels , 24 VDC, SIL 3
Digital input module X-DI 64 51 64 channels , 24 VDC
Digital input module X-DI 32 01 32 channels , 24 VDC, SIL 3
Digital input module X-DI 32 02 32 channels , 8,2 VDC, proximity switch, line monitoring, SIL 3
Digital input module X-DI 32 03 32 channels, 48 VDC, SIL 3
Digital input module X-DI 32 04 32 channels, 24 VDC, SOE, SIL 3
Digital input module X-DI 32 05 32 channels, 8,2 VDC, proximity switch, line monitoring, SOE, SIL 3
Digital input module X-DI 32 51 32 channels, 24 VDC
Digital input module X-DI 32 52 32 channels, 8,2 VDC, proximity switch, line monitoring
Digital input module X-DI 16 01 16 channels, 120 VAC, SIL 3
Analog input module X-AI 16 51 16 channels, 0/4 … 20 mA, ± 280 mV, galvanically isolated, thermocouple TC, Pt100
Analog input module X-AI 32 01 32 channels, 4 … 20 mA, line monitoring, SIL 3
Analog input module X-AI 32 02 32 channels, 4 … 20 mA, line monitoring , SOE, SIL 3
Analog input module X-AI 32 51 32 channels, 0/4 … 20 mA, line monitoring
Counter module X-CI 24 01 24 channels, 0 … 20 kHz, SIL 3
Counter module X-CI 24 51 24 channels, 0 … 20 kHz
Output modules
Digital output module X-DO 32 01 32 channels, 24 VDC, 0,5 A, short-circuit monitoring LS, individual channel shut-off, SIL 3
Digital output module X-DO 32 51 32 channels, 24 VDC, 0,5 A, protected outputs, group shut-off
Digital output module X-DO 24 01 24 channels, 24 VDC, 0,5 A, line monitoring LS/LB, individual channel shut-off, SIL 3
Digital output module X-DO 24 02 24 channels, 48 VDC, 0,5 A, line monitoring LS/LB, individual channel shut-off, SIL 3
Relay output module X-DO 12 01 12 channels, 230 VAC/DC, current measurement, cycle counting , SIL 3
Digital output module X-DO 12 02 12 channels, 24 VDC, 2 A, short-circuit monitoring LS, individual channel shut-off, SIL 3
Relay output module X-DO 12 51 12 channels, 230 VAC/DC
Analog output module X-AO 16 01 16 channels, 4 … 20 mA, pairwise galvanically isolated
Analog output module X-AO 16 51 16 channels, 4 … 20 mA
Further modules
HART communication module X-HART 32 01 32 modems, SIL 3, X-AI 32 01, X-AI 32 02, X-AI 32 51, X-AO 16 01, X-AO 16 51
Overspeed trip module X-MIO 7/6 01 3 counter, 4 digital input, 5 digital output, 1 relay channel, SIL 3
Dimensions Type Description
Size of modules All 310 x 29 x 230 mm
The world’s most advanced
safety application manager
SILworX is HIMA’s easy-to-use, fully integrated configuration,
programming and diagnostic environment. Its state-of-the
art interface with drag&drop programming helps users
avoid mistakes and speeds up the engineering process.
Different levels of user guidance, clear display of all status
and diagnostic information and comprehensive validation
tools help engineers achieve safe applications.
16 17
HIMA is the world’s leading specialist for safety-related auto-
mation solutions. HIMA solutions provide maximum safety and
maximum availability and can be integrated into any automa-
tion environment. More than 35,000 HIMA systems have been
installed in over 80 countries, protecting the assets of the
world’s largest companies in the oil, gas, chemicals, pharmaceu-
ticals and power generation industries for more than 45 years.
In the fields of rail, logistics and machine safety, HIMA solutions
are leading the way to increased safety and profitability.
HIMA develops solutions that provide both maximum safety
and availability for processes, plants and machinery – nonstop.
The HIMA LIFECYCLE SERVICES concept gives customers an
overview of all the requirements of ‘functional safety’ allowing
them to always make the right decision at the appropriate time.
HIMA solutions therefore offer maximum safety, strengthen a
plant’s productivity and profitability whilst ensuring compliance
to global statutory requirements.
HIMA was founded in Germany in 1908. Since 1970, the com-
pany has achieved numerous milestones in the field of safety-
related automation engineering, including the introduction of the
world’s first TÜV-certified safety system. HIMA now has over
800 employees with every third member of staff at the head-
quarters in Brühl working solely in research and development.
Through a steadily growing network of group companies, sales
and service centres, as well as representatives in more than
50 countries, HIMA implements projects of all sizes all over the
world. Thanks to its corporate independence, the family-run
company is able to work in any project structure – taking on
complete projects or partial tasks, and working both directly for
end customers and as part of a team with EPCs, MACs and DCS
manufacturers. This enables HIMA to continue to concentrate
on safety solutions. The results are quality products, unrivalled
specialist knowledge and customer confidence built on decades
of successful projects.
Why HIMA?
19 18
For a detailed list of all our subsidiaries and representatives,
please visit our website: www.hima.com/contact
96 9000347 0916 V10
© 2015 HIMA Paul Hildebrandt GmbH
® = registered trademarks of HIMA Paul Hildebrandt GmbH
Specifications are subject to change.
HIMA Paul Hildebrandt GmbH
Albert-Bassermann-Str. 28 I 68782 Brühl, Germany
Phone +49 6202 709-0 I Fax +49 6202 709-107
info@hima.com I www.hima.com
Nonstop safety for everyone
who thinks ahead
High plant productivity thanks to intelligent
safety solutions
Do you wish safety solutions that neither cause unscheduled
shutdowns and nor need to stop the plants for maintenance
works, changes or extensions? Do you think that safety systems
are neither supposed to limit the productivity of a system nor
to cause excessive and unnecessary investments?
Then you need intelligent safety solutions that both ensure
maximized safety and availability, and increase plant pro-
ductivity. These safety solutions can, for example:
Reduce lifecycle costs
Reduce investment costs
Minimize planning and operating failures
Reduce costs due to operating stops
HIMax will meet your expectations:
No compromises in safety!
No compromises in productivity
HIMax
Safety is a must. Productivity as well
HIMA. Safety. Nonstop.
It’s a philosophy more than 100 years in the making. It’s
built on HIMA’s singular focus on safety and is proven by
decades of technology breakthroughs. It represents our
commitment to providing maximum safety and uninterrupted
plant operations. Our goal isn’t just to design the world’s
best safety systems. It’s to help keep your business safe and
running. No shutdowns. No failures. Maximum uptime.
Maximum profitability.
Reference list
Excerpt from our customer list:
ABB, AKZO NOBEL, AMK, Angola LNG, BASF,
Bayer, BAYERNOIL, BP, Clariant, EnBW, ESSO,
Evonik, ExxonMobil, Henkel, HOLBORN, HP,
INEOS, INPEX, LANXESS, MAN, Metso, MIPRO,
MiRO, MOMENTIVE, OMV, PEMEX, Petrobras,
QATAR PETROCHEMICAL, RWE, Shell, TATA Steel,
TOTAL, Vattenfall, Vinnolit, YARA
3
HIMax — growing with the tasks
Nonstop SIL 3 safety for the process industry
HIMax solutions are used in the most various SIL 3 applications.
For instance:
Steam crackers
Polyethylene, polypropylene and PVC production plants
Fertilizer plants
Onshore/offshore facilities, platforms and FPSO
Pipelines
Tank farms and gas containers
Loading stations
Refineries
Combustion and power plants
Turbines and compressors
Batch operations
Others
Thinking ahead within the lifecycle
With HIMax, HIMA provides you not only the world’s leading
nonstop safety system, but also supports you simultaneously
with qualified, sophisticated and coordinated services for all
phases of the safety lifecycle.
4 5
HIMax — more margin for action
Major solutions
High-availability solutions with HIMax guarantee safe
and uninterrupted operation for every safety-critical
process in your facility. Emergency shutdown systems
(ESD), Fire & Gas systems or high-integrity pressure
protection systems (HIPPS) are but a few typical
applications.
Additionally, HIMax is the core element of the new com-
plete solutions developed for the process industry:
FlexSILon TMC for turbines and compressors
FlexSILon BCS for burner control and boiler
protection
FlexSILon PMC for the management of gas and
liquid fuel pipelines
HIMax provides the flexibility you need. Because
HIMax offers safe SIL and standard NonSIL modules.
In case of a safety related revalidation of a machine
you are able to substitude NonSIL for SIL modules
quickly and easily afterwards.
User-friendly features
How HIMax makes it easier for the user:
Automatic module detection
Fully integrated and protected power distribution eliminates
the need for external wiring
Fast implementation via HIMA SILworX, a user-friendly
software tool with an intuitive interface, self-documentation
and embedded version control
Accelerate start-up by building-up and testing the hardware
configuration without the application program (Loop
check mode)
Comprehensive diagnostics, automatic recording of
500/2,500 diagnostic entries on each module
Built-in user management for project- and system access
HART protocol support simplifies asset management
solutions
Multitasking affords interference free, parallel processing
of applications
Integrated version comparison provides exact and
graphical traceability of changes
Profitability on top
Buy only what you need. HIMax adapts to meet virtually
any application requirement.
HIMax can be your single platform for all I/O count,
response time and fault-tolerance requirements, as well
as centralized or distributed applications.
Save engineering time and costs using a flexible, intuitive
and easily adaptable platform.
HIMax integrates with any DCS that you use today or in
the future.
HIMax offers virtually unlimited expansion – hardware and
software changes can be performed on demand, without
interruption, for the full life cycle. Cabinet size is mini-
mised because there’s no need to allocate slots for spares.
Benefit from HIMax’s unprecedented performance and
system flexibility by integrating more I/Os or greater
application complexity per system.
HIMax is a cost-effective solution with different rack sizes
to match your physical space requirements.
No hidden software costs. With a SILworX ® software license,
you get a single intuitive software tool for all tasks.
Your advantage
Performing simulations with X-OTS, the HIMax safety
simulator, increases safety and enhances profitability.
Your advantage
User programs, system modules, racks and operating systems
can be extended or modified at any time without interrupting
the system or plant operation.
Your advantage
Application errors are dramatically reduced and valuable
time in the planning and installation phase is saved.
Learn more at our website
www.hima.com/X-OTS
Greater efficiency through simulation
The X-OTS HIMax Safety Simulator adds the aspects of
safety to the classical OTS (Operator Training System).
X-OTS is based on HIMA’s programming tool SILworX
and a corresponding number of extended soft PLCs. Each
HIMax controller will be simulated by one soft PLC. Up to 10
soft PLCs can be run on one PC (performance depending).
Application software can be checked in real
scenarios prior to commissioning, leading to shorter
commissioning times
Shorter commissioning times lead to an earlier
plant start up
Application software can already be optimized prior
to start up, leading to a higher plant efficiency
already at start-up (instead of optimizing in the
running plant)
Avoiding of plant trips by improved behaviour of
operators
6 7
HIMax — intelligent design
Flexible nonstop system solution
HIMax is a flexible SIL 3 platform designed for critical
production processes that can never afford to go down.
HIMax adapts to all I/O count, response-time and fault-
tolerance requirements as well as centralized or distrib-
uted applications. Yet it always delivers maximum plant
availability and future-proof flexibility.
Two different CPU modules with optimized performance
accordance with the required number of I/Os
XMR architecture: scalable redundancy for operation
in quad, triple (TMR), dual and single modes
Unlimited change and expansion of hardware and
software, including operating systems, while the
system is running
Multitasking operations: Separate applications indepen-
dently executed in the same processor module
Sophisticated mechanics
For the best possible handling:
Fully enclosed modules
Replace module without disturbing I/O or power wiring
All racks are panel mountable; the 15 slot is also available
for 19-inch rack installation
Fully integrated and protected power distribution
Two different field wiring options, i. e., direct wiring using
terminal strips or system cables on field termination
assemblies
Requirement based rack sizes
Three available rack sizes: 10, 15 and 18 slots
In case of using X-CPU 31, up to 4 slots can be used with
additional I/O or COM modules
1
2
3
15 slot rack
10 slot rack
ready!
18 slot rack
Modules
Rack
Wiring
Insert …
press …
9 9
Performance pays off
HIMax is the most powerful safety platform ever invented.
Its unprecedented performance is based on high-perfor-
mance components and smart system architectures.
Cycle time of 50 ms with 1,000 I/Os
(split 50% analog/digital)
Unlimited complex calculations
Impact of calculation of 1,000 PIDs on cycle time: 10 ms
Signal conditioning directly on I/O modules with no im-
pact on CPU performance
Up to 2,048 I/O s per cabinet
A system with up to 12,800 I/O s
Up to 200 I/O s in up to 16 racks per system
250 systems per network
Multitasking: Set fixed scan times for dedicated
applications
Sequence of event (SOE), 1 ms resolution quality
Online expandability
In case of expanding the update is written to a second memory
area, after which the system switches seamlessly to the update.
This method of intelligent memory management ensures that
the controller is always operational regardless of whether it is
mono or redundant. There is no limit to the number of times
a program can be reloaded during operation. Even operating
systems can be updated during operation.
I/O modules, their associated connector boards, base plates
and remote components can also be added during operation.
The same applies to new base plates and remote components.
All can be modified without having to stop the plant. Online
expandability of hardware and software guarantees maximum
flexibility during the entire life cycle.
Optimizing plant efficiency, e.g., using C code
New process optimization potential is opened up by integrating
mathematical and statistical models for dynamic process control
or by more frequent sampling of process values within the safety
system. Critical processes with continuously changing process
variable values can thus be run closer to the limit ranges. For
example: If the dynamic process value temperature in an
ethylene cracker can be kept 1 to 2 degree closer to the critical
limit, plant productivity increases considerably, while full process
safety and availability are maintained.
Self education
If the system diagnoses an internal fault, the module involved
can be replaced quickly during operation. Only a few moves
are required.
If a processor module is swapped, the new module is automati-
cally brought up to date with the currently operative modules.
The parameter setting and the user program are imported from
the functional processor module and then loaded.
“Self-education” has other benefits for the user:
Your inventory of spare parts will be smaller
You do not have to search for correct software versions
When replacing a processor module, you do not have to
connect a computer, which eliminates subsequent potential
fault causes.
HIMax
Unrivalled performance for nonstop operation
I/O points
1,000
50
2,000
10
ms
50
ms
100
ms
Cycle time
(Scan time) HIMax
Trip level
Time
Process
variable
Set point
1 11 10
CPU
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
no CPU needed
no CPU needed
no CPU needed
no CPU needed
Fully integration capable
HIMA continuously tests all options for integrating HIMax
in the leading control systems, thoroughly documents the
results and develops efficient, pre-tested configurations.
Irrespective of the process control system in use, the cus-
tomers will be able to fully benefit from all the advantages
offered by HIMax. DCS SIS integration is achieved through
high-capacity, cross-manufacturer communication stand-
ards. HIMA’s DCS specialists have the required integrations
know-how and make sure that all features wished by the
customers will be implemented:
Integration of alarms and events into the alarm
management of the DCS
Integration of faceplates for operating and monitoring
Transfer and visualisation of diagnostic data
Transfer and visualisation of process data and safety-
related locking states
Timestamp transfer
Maintenance overwrite switch (MOS)
Partial stroke test (PST)
Start-up bypass (SUB)
Multitasking for enhanced performance
HIMax can process or change up to 32 user programs simul-
taneously and independently and interference-free from
one another.
Each application with user-defined cycle time
Various applications/programs within a system are
possible, e.g., ESD, TMC, BCS, HIPPS or others
Even, e.g., C++ code and ESD
Time-critical and non-time-critical applications within
one system
Individual checksums for minimized certification efforts
Interference-free addition of applications
Each program with individual cycle time/scan time
Fixed cycle time possible for every application
Redundant networking via safeethernet
All of the necessary parameters such as IP address, network
mask, routes and standard gateway can be setup in accord-
ance with the Ethernet standard.
SIL 3
Data transmission at 1 GBit/s
Fast response times, even for networked applications
No limitations on physical separation
Use of standard Ethernet functionalities
Use of any transmission media
Networking of up to 255 systems in each project
Up to 64 connections (each up to 1100 Byte) between
two systems
Any infrastructure
Intelligent, diverse redundancy concepts and reload
functionality for uninterrupted system operation
Supported protocols include:
OPC DA and OPC A&E
Modbus TCP Master & Slave
Modbus RS485 Master & Slave
PROFIBUS DP Master & Slave
PROFINET IO Controller & Device
Send & Receive TCP
HART
ComUserTask, programmable protocols
Meaningful diagnostics
Stores up to 2,500 diagnostic entries in the processor
module and 500 entries per I/O module automatically
Maintenance log includes relevant information such as
reload, download, run, stop, force automatically
All diagnostic information can be transferred to the DCS
Condition monitoring, e.g., for relay modules
Proof test at any time without stops
In accordance with IEC 61508 and IEC 61511, all safety systems
must be subjected to proof tests at regular intervals to reliably
ensure compliance with the latest standards. With HIMax, test-
ing is done as required – with no need to stop the safety system.
HIMax
Engineered for flexibility and productivity
Redundant networking via system bus
Thanks to its remote rack functionality, HIMax offers the
widest range of remote/distributed SIL 3 solutions
Local solution within one rack
Distributed solution with racks connected with copper
cables and a maximum distance of 100 m between the
racks in a line
Distributed solution with racks connected with media
converters via fibre optics and a maximum expansion
of ~20 km in a line
Remote Rack functionality offers the ability to distribute
up to 16 racks of a HIMax system in free (e.g. star) topology.
The internal system bus can be used in a redundant manner
and at theoretical maximum distance of 10,000 km.
Remote Rack functionality enables faster reaction time
than distributed CPUs via safeethernet.
System bus with external switches
Max. rack distance: 10,000 km
Max. system expansion: 20,000 km
safeethernet on any Ethernet infrastructure
Virtually no limit in the expansion
ESD
HIPPS
TMC
BMS
…
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
HIMax
12 13
Maximizing availability as needed
HIMax is designed to maximize plant availability and there-
fore improve productivity. Key to this promise is HIMax’s
revolutionary XMR architecture. XMR combines the best of
all existing safety architectures. As the X in “XMR” can
represent values from 1 to 4, HIMax offers unprecedented
levels of redundancy and fault-tolerance at constant maximum
safety (SIL 3).
The results are “available for life” safety solutions with no
single point of failure. Even multiple failures will not trigger
a shutdown. Replace the faulty module online – at any time
and without restrictions. HIMax need not be shutdown, even
when upgrading software or hardware, or performing main-
tenance.
XMR architecture
Moving beyond TMR fault tolerance and functionality
Control room
with a HIMax system
Remote location
with a fully redundant HIMax system
running the same application
1
2
3
4
X = 4
SIL = 3
X = 3
SIL = 3
X = 2
SIL = 3
X = 1
SIL = 3
Benefits Modes of operation Description Architecture
XMR
Modularity
An application that provides maximum
common cause hardware protection
and maximum availability.
A traditional architecture, also known
as TMR, which can provide similar
safety and availability characteristics as
X = 2. This application is offered for cus-
tomers who “require” TMR technology.
The most widely used safety archi-
tecture providing absolute safety and
availability.
The original safety architecture – used
wherever multiple process facilities
need protection without redundancy.
Quad inputs
Quad outputs
Quad CPUs
Triple inputs
Triple outputs
Triple CPUs
Dual inputs
Dual outputs
Dual CPUs
Single inputs
Single outputs
Single CPU
INPUT OUTPUT CPU
INPUT OUTPUT CPU
INPUT OUTPUT CPU
INPUT OUTPUT CPU
Protecting against common-cause failures
HIMax offers reliable protection against common-cause
failures through the physical separation of the redundant
system components. Supposing critical components of the
safety system fail in a control cabinet due to fire or water
damage, the redundant components located in another
control cabinet continue to operate, ensuring the system
complete functionality.
This results in enhanced availability, system runtime and
productivity.
14 15
SILworX highlights:
A single fully integrated software tool for all tasks
One licence for all functions
IEC 61131-3-compliant, supporting all functions and
variable types for safety-related programming
Flexible programming using function block diagrams,
sequential function charts
Supports reload funcitonality for hardware and logic changes
Project saved automatically each time it is loaded
Safe comparator for hardware and logic changes,
including detail view and Go to … functionality
Program validation inlcuding offline simulation, online test
Secure double code generation with code comparison
Monitored forcing of signals
Project-wide cross-references and navigation
Password protection for projects and controller access
ST (Structered Text)
Supports SOE programming
Supports multitasking for up to 32 independent programs
Hardware import/export via XML
Library including function blocks developed in accordance
with IEC 61511
C Code function block option
3
GUIDELINES
DNV Business Assurance
Management System Certification Mark
Guidelines > June 2011
01. Introduction. Communicate your
certification to the market
02. Basic design elements
03. Colours
04. Basic rules
05. Mark and inscription misuse
06. Distance and size
07. Use with accreditation marks
08. Marketing material and annual report
09. Website
10. Stands, buildings and signs
11. Stationary: letterhead
12. Stationary: envelopes, invoices
and fax sheets
13. Business cards
14. Vehicles
3. Colours
The management system certification marks
can be applied also in black and/or PMS 286.
Coloured background should be used
only with light colour (less 30% CMYK)
Examples of certification marks
Examples of inscriptions
For specific application on a dark background
the certification mark can be reversed.
Certification Mark
The certification mark colours are Blue
PMS 286 and Green PMS 370 and Black.
The certification mark should maintain
the original colour and preferably be set
on a white background.
Inscription
The inscription may be reproduced:
• in black or 80% black
• in two colours – the colours must be
those in the official artwork. For the
blue and green Pantone colours please
consult the colour references.
• in one colour (Blue PMS 286)
• in negative: white inscription
on a black background.
If translating the inscription into other
languages, the structure of the inscription
must remain unaltered.
Colour references
PMS 286
(CMYK for four colour printing:
100% Cyan, 60% Magenta,
0% Yellow, 0% Black)
RGB : R4 G52 B177
Web: 005EA8
The green in the DNV logo
and green lines is
PMS 370
(CMYK for four colour printing:
70% Cyan, 0% Magenta,
100% Yellow, 10% Black)
RGB : R78 G146 B0
Web: 4e9200
Blue PMS 286 and Green PMS 370 Blue PMS 286
100% Black 80% Black Negative on a dark background
HIMax module specifications
Compliance with all major standards
IEC 61508:2010, Part 1-7
IEC 61511:2004, Part 1-3
ANSI/ISA-84.00.01-2004
EN ISO 13849-1:2008 (PL e)
EN 62061:2005
EN 50156-1:2004
EN 12067-2:2004
EN 298:2012
EN 61131-2:2007
EN 61000-6-2:2005
EN 61000-6-4:2007 + A1:2011
EN 54-2:1997/A1:2006
EN 50130-4:1998-2003
NFPA 72:2010, 85:2011, 86:2011
EN 60079-15:2010 ATEX (Zone 2, T4),
IEC Ex (Zone 2, T4)
EN 50271:2010
EN 50495:2010
ANSI/ISA-S 71.04 Class G3 (Tropicalisation)
UL (UL 508)
cUL (CSA-C22.2 Nr. 142)
FM CLASS 1 DIV2
Achilles Level I Certification
EN 50126:1999 (SIL 4)
EN 50129:2003 (SIL 4)
EN 50128:2011 (SIL 4)
BUREAU VERITAS
DNV GL (DET NORSKE VERITAS)
Lloyd’s Register Type Approval
Russia EAC
ABS Design Assessment
Central modules Type Description
Processor module X-CPU 01 For high performance requirements and large safety applications, 4 x RJ-45
Processor module X-CPU 31 For smaller and mid-size safety applications, 4 x RJ-45
System bus module X-SB 01
Communication module X-COM 01 4 x RJ-45, 2 x 9-pole D-Sub, up to 6 different protocols
Input/output modules Type Description
Input modules
Digital input module X-DI 64 01 64 channels , 24 VDC, SIL 3
Digital input module X-DI 64 51 64 channels , 24 VDC
Digital input module X-DI 32 01 32 channels , 24 VDC, SIL 3
Digital input module X-DI 32 02 32 channels , 8,2 VDC, proximity switch, line monitoring, SIL 3
Digital input module X-DI 32 03 32 channels, 48 VDC, SIL 3
Digital input module X-DI 32 04 32 channels, 24 VDC, SOE, SIL 3
Digital input module X-DI 32 05 32 channels, 8,2 VDC, proximity switch, line monitoring, SOE, SIL 3
Digital input module X-DI 32 51 32 channels, 24 VDC
Digital input module X-DI 32 52 32 channels, 8,2 VDC, proximity switch, line monitoring
Digital input module X-DI 16 01 16 channels, 120 VAC, SIL 3
Analog input module X-AI 16 51 16 channels, 0/4 … 20 mA, ± 280 mV, galvanically isolated, thermocouple TC, Pt100
Analog input module X-AI 32 01 32 channels, 4 … 20 mA, line monitoring, SIL 3
Analog input module X-AI 32 02 32 channels, 4 … 20 mA, line monitoring , SOE, SIL 3
Analog input module X-AI 32 51 32 channels, 0/4 … 20 mA, line monitoring
Counter module X-CI 24 01 24 channels, 0 … 20 kHz, SIL 3
Counter module X-CI 24 51 24 channels, 0 … 20 kHz
Output modules
Digital output module X-DO 32 01 32 channels, 24 VDC, 0,5 A, short-circuit monitoring LS, individual channel shut-off, SIL 3
Digital output module X-DO 32 51 32 channels, 24 VDC, 0,5 A, protected outputs, group shut-off
Digital output module X-DO 24 01 24 channels, 24 VDC, 0,5 A, line monitoring LS/LB, individual channel shut-off, SIL 3
Digital output module X-DO 24 02 24 channels, 48 VDC, 0,5 A, line monitoring LS/LB, individual channel shut-off, SIL 3
Relay output module X-DO 12 01 12 channels, 230 VAC/DC, current measurement, cycle counting , SIL 3
Digital output module X-DO 12 02 12 channels, 24 VDC, 2 A, short-circuit monitoring LS, individual channel shut-off, SIL 3
Relay output module X-DO 12 51 12 channels, 230 VAC/DC
Analog output module X-AO 16 01 16 channels, 4 … 20 mA, pairwise galvanically isolated
Analog output module X-AO 16 51 16 channels, 4 … 20 mA
Further modules
HART communication module X-HART 32 01 32 modems, SIL 3, X-AI 32 01, X-AI 32 02, X-AI 32 51, X-AO 16 01, X-AO 16 51
Overspeed trip module X-MIO 7/6 01 3 counter, 4 digital input, 5 digital output, 1 relay channel, SIL 3
Dimensions Type Description
Size of modules All 310 x 29 x 230 mm
The world’s most advanced
safety application manager
SILworX is HIMA’s easy-to-use, fully integrated configuration,
programming and diagnostic environment. Its state-of-the
art interface with drag&drop programming helps users
avoid mistakes and speeds up the engineering process.
Different levels of user guidance, clear display of all status
and diagnostic information and comprehensive validation
tools help engineers achieve safe applications.
16 17
HIMA is the world’s leading specialist for safety-related auto-
mation solutions. HIMA solutions provide maximum safety and
maximum availability and can be integrated into any automa-
tion environment. More than 35,000 HIMA systems have been
installed in over 80 countries, protecting the assets of the
world’s largest companies in the oil, gas, chemicals, pharmaceu-
ticals and power generation industries for more than 45 years.
In the fields of rail, logistics and machine safety, HIMA solutions
are leading the way to increased safety and profitability.
HIMA develops solutions that provide both maximum safety
and availability for processes, plants and machinery – nonstop.
The HIMA LIFECYCLE SERVICES concept gives customers an
overview of all the requirements of ‘functional safety’ allowing
them to always make the right decision at the appropriate time.
HIMA solutions therefore offer maximum safety, strengthen a
plant’s productivity and profitability whilst ensuring compliance
to global statutory requirements.
HIMA was founded in Germany in 1908. Since 1970, the com-
pany has achieved numerous milestones in the field of safety-
related automation engineering, including the introduction of the
world’s first TÜV-certified safety system. HIMA now has over
800 employees with every third member of staff at the head-
quarters in Brühl working solely in research and development.
Through a steadily growing network of group companies, sales
and service centres, as well as representatives in more than
50 countries, HIMA implements projects of all sizes all over the
world. Thanks to its corporate independence, the family-run
company is able to work in any project structure – taking on
complete projects or partial tasks, and working both directly for
end customers and as part of a team with EPCs, MACs and DCS
manufacturers. This enables HIMA to continue to concentrate
on safety solutions. The results are quality products, unrivalled
specialist knowledge and customer confidence built on decades
of successful projects.
Why HIMA?
19 18
For a detailed list of all our subsidiaries and representatives,
please visit our website: www.hima.com/contact
96 9000347 0916 V10
© 2015 HIMA Paul Hildebrandt GmbH
® = registered trademarks of HIMA Paul Hildebrandt GmbH
Specifications are subject to change.
HIMA Paul Hildebrandt GmbH
Albert-Bassermann-Str. 28 I 68782 Brühl, Germany
Phone +49 6202 709-0 I Fax +49 6202 709-107
info@hima.com I www.hima.com
