SIL4 COTS Safety PLC for Level Crossings

SELLA CONTROLS and Amey have been developing COTS Safety PLC based Level Crossing solutions for 3 years based on the HIMatrix range of safety PLCs. Using standard proven industry safety PLCs in Level Crossings and railway signalling is a logical step and has been done by railway administrations in other countries.

The main advantages are significant cost reductions and increased system performance. Use of Safety PLCs simplifies the design and testing. PLCs have significant design tools to simplify the design process and further reduce costs. The function block logic used in PLCs is easily suited and understood by signalling engineers.

Amey and SELLA CONTROLS have produced the Generic Application Safety Case (GASC) for the introduction of the HIMatrix PLC into the UK and the Specific Application Safety Case (SASC) for application to NR level crossing work. Software has been developed using standard function blocks and also to interface to existing Network Rail approved data loggers and to Frauscher axle counting systems using FSE.

All types of Level Crossing systems can be achieved using the Safety PLC; from Miniature Stop Light (MSL) to Controlled Barrier Crossing with Obstacle Detection (CB-OD).



Safety PLC unit types include the HIMax (large centralised capability), HIMatrix F60 (smaller centralised capability) HIMatrix F35 (small distributed capability with analogue) and the HIMatrix F30 (smaller distributed capability).

Input/Output Modules come as either fixed unit types (i.e. 16I/8O) or as cards for the F60 and HIMax.

PLCs and I/O can be networked together to form various system architectures and configurations to meet the application environment. SIL 4 safe Ethernet protocol is used.



Only two units are used in the Amey and SELLA CONTROLS distributed modular plug and play Level crossing PLC system solution:

  • F30 PLC Unit – 20 Inputs, 8 Outputs
  • F3 DIO 16/8 01 – 16 Inputs, 8 Outputs

The HIMatrix F Series is a range of Compact and modular safety controllers and remote I/O modules.

  • Tried and tested safety technology
  • Certified for use up to SIL 4 (EN 50126, EN 50128, EN 50129)
  • Operating temperature -25oC to +70oC
  • Response time ≤ 5 ms
  • Communication: Ethernet TCP/UDP, RS485, RS422, RS232 and CAN
  • Communication via safeethernet and many industrial protocols: users can implement their specific protocol