New concept for signalling systems based on SIL 4 COTS safety


Efacec Portugal_schmal

EFACEC introduces new railway traffic control solution

The leading Portuguese group EFACEC operating in the infrastructure, energy and transportation markets, has selected HIMA products based on their compliance with stringent railway standards, the highest safety level, architecture modularity and scalability as a base for its new range of railway safety solutions. Railway safety systems are highly complex solutions that must meet very specific and demanding requirements concerning safety, reliability and availability.

Historically, the lack of widely accepted standards and the absence of uniform customer safety concepts and functional country-based requirements led to the development of unique solutions based on proprietary technologies, thus making customers overly dependent on individual vendors. New opportunities to address that imbalance came with commercial off-the-shelf (COTS) solutions whose safety specifications comply with railway safety standards.

Das Ichthys-LNG-Projekt Onshore-Anlage, Entstehungsphase, September 2015  

AEGIS Oporto Metro system architecture

The market availability of PLC products based on IEC 61508, certified according to specific railway standards (CENELEC EN 50126/129/128/159), was the key element that allowed EFACEC to develop a signalling system focused on light rail applications. The ultimate flexibility of HIMA’s platform and the compatibility between HIMA’s two PLC families, HiMatrix and HiMax, allowed EFACEC to introduce into the market two different solutions that share the same hardware base and a certified software production, verification and validation process with the following set of innovative and highly valued attributes:

  • A COTS (commercial off-the-shelf) based design that assures the best levels of support and evolution throughout the life-cycle of the product
  • A modular and scalable architecture based on IP communications, which enables flexible and highly reliable application solutions
  • Lower life-cycle costs
  • Reduced vendor dependency, guaranteeing future-proof investments

AEGIS Signalling System

The modular and flexible AEGIS system is an all new concept for signalling systems based on SIL 4 (safety) certified industrial hardware and off-the-shelf software, which allows modular and scalable application configurations. AEGIS meets the highest railway safety standards, addressing customers’ expectations regarding their investment and life-cycle costs.

At the heart of the AEGIS system is an interlocking railway traffic control solution based on HIMA’s safety PLC platforms and software developed by EFACEC extensively using standard languages according to the IEC 61131 standard and certified function blocks to achieve the SIL 4 certification, validated by TUV-SUD.

EFACEC installed the first implementation of the AEGIS innovative signalling system at the 1.5 km double-track Airport line of the Oporto Metro in Porto, Portugal. This system recently concluded its third year of operation. With complete customer satisfaction and proof of all the innovative principles adopted in its design, the AEGIS system is now being deployed to other customers.

XSafe Level Crossing Controller

XSafe is EFACEC’s latest version of its automatic level crossing protection systems based on the same innovative approach adopted in the design of the AEGIS signalling system. Developed with a COTS hardware solution based on certified safety PLCs, XSafe is a solution with distinctive features that provides significant advantages to customers: a cost-effective, future-proof solution, compliance with the highest safety levels, and a common solution for almost every type of crossing.

The XSafe advanced controller is based on HIMA’s HiMatrix safety PLC family and benefits from the platform’s modularity and flexibility to implement a highly configurable solution that is well suited for a wide range of applications. The distributed nature of the HiMatrix architecture, using IP-based communications to interconnect the several modules, is ideally suited for this kind of application, particularly in terms of integration with other railway systems. This distributed approach also enables significant cost reductions, especially in terms of cabling.

The system software was developed according to CENELEC standard 50128. Following the standard, and complementing the tests, the Level Crossing’s safety requirements are verified with formal proofs before the release.
This solution now has SIL 4 certification according to CENELEC standards EN 50126 and EN 50129 and meets the highest railways standards of availability and safety, which is field-proven through more than 40 units in operation with complete customer satisfaction.


Herr Daniel Plaga

Tel.: (+49 62 02) 70 94 05