Shell completes HIMA safety system assessment

Braden-Wberg, Germany – Shell recently performed comprehensive assessment tests of the HIMax safety system from HIMA Paul Hildebrandt GmbH + Co KG – allowing its use in the oil company’s future projects worldwide, without further evaluations.
 
As with its chosen control systems, Shell performs assessment tests (acceptance tests) on safety systems. During the qualification process, the product is subjected to an extensive and demanding evaluation.

The assessment testing is designed to evaluate and document the safety system’s strengths and weaknesses, as well as the project work of the system supplier.  
 
HIMax, the system for mid-size and large applications, is the first safety system to allow uninterrupted system operation throughout a plant’s entire life cycle.

The largest part of the assessment test was performed in the spring of 2010 at HIMA‘s headquarters in Braden-Wberg. One of Shell’s main interests during the assessment test was to determine to what extent HIMax meets the demands and safety requirements of end users.
 
Like all other HIMA systems, HIMax can be integrated with all leading control systems. In contrast to solutions from other manufacturers, HIMA completely separates the safety system from the control system.

Separating the hardware from the software guarantees a technical absence of reaction and ensures that safety-critical design, programming and operating errors (human common cause faults) are avoided.

“If no common mode failures may occur, a very good solution is a standalone safety system with a communication interface to the DCS,” explains Audun Gjerde from Shell Global Solutions.
 
During the assessment testing, four HIMax systems were tested with four different control systems – Yokogawa, Siemens, Honeywell, Emerson – double the number set forth in the specification.

Essential components of the assessment testing included a communication test, a hardware stress test, a FAT stress test, a temperature test, and an asset management test.

“The performance of HIMax is impressive, above all the performance between two safety controllers. The reaction rate of the controller under load is remarkable, as well as the fact that the configuration can be adjusted to the desired rate,” said Gjerde.
 
The communication, stress and temperature tests were also completed to Shell’s satisfaction. After successful completion of the assessment test, HIMax is technically qualified to be used on Shell projects.

“Looking back at the testing period, Gjerde noted, “During the tests, we usually try to take systems beyond their limits, but this was admittedly difficult with HIMax.”
 
With respect to the stress test, Gjerde highlighted the availability of HIMax: “The option to perform changes online and replace the hardware during the system operation avoids undesired process shut-downs.”

He also pointed to the function blocks for the SILworX engineering tool as additional advantages. “The function blocks are an advantage for Shell. We prefer working with libraries and like to use the same solution in follow-up projects.”
 
The HIMA safety system also scored well in the important area of cyber security. The Achilles testing device from Wurldtech Security Technologies Ind. was used during the development of HIMax and the Canadian company issued HIMA the Achilles Level I Security Certificate in 2009. “

With this certification, HIMA demonstrated that they know how to handle cyber security. We have been requiring the Achilles test since several years. HIMA was familiar with our requirements and was able to meet them,” said Gjerde.