07/01/2026 BY
IN Uncategorized

HIMatrix

Safety-Related Controller

F3 DIO 8/8 01 Manual

Introduction

This manual describes the technical characteristics of the device and its use. It provides

information on how to install, start up and configure the module.

1.1

Structure and Use of this Manual

The content of this manual is part of the hardware description of the HIMatrix programmable

electronic system.

This manual is organized in the following main chapters:

Introduction

Safety

Product Description

Start-up

Operation

Maintenance

Decommissioning

Transport

Disposal

HIMatrix remote I/Os are available for the programming tools SILworX and ELOP II Factory.

Which programming tool can be used, depends on the processor operating system of the

HIMatrix remote I/O, refer to the following table:

Programming tool

SILworX

Processor operating system

CPU OS V7 and higher

ELOP II Factory

CPU OS up to V6.x

Table 1:

Programming Tools for HIMatrix Remote I/Os

In the manual, the differences are specified by using:

Separated chapters

Tables differentiating among the versions

Additionally, the following documents must be taken into account:

Name

Content

HIMatrix System Manual

Compact Systems

Document number

HI 800 141 E

HIMatrix System Manual

Modular System F60

Hardware description of the HIMatrix

compact systems

Hardware description of the HIMatrix

modular system

HI 800 191 E

HIMatrix Safety Manual

Safety functions of the HIMatrix system

HIMatrix Safety Manual for

Railway Applications

Safety functions of the HIMatrix system

using the HIMatrix in railway

applications

HI 800 023 E

HI 800 437 E

SILworX Online Help

Instructions on how to use SILworX

ELOP II Factory

Online Help – –

SILworX First Steps

Instructions on how to use ELOP II

Factory, Ethernet IP protocol

Introduction to SILworX using the

HIMax system as an example

HI 801 103 E

ELOP II Factory First Steps Introduction to ELOP II Factory

Table 2:

HI 800 006 E

Additional Relevant Documents

The latest manuals can be downloaded from the HIMA website at www.hima.com. The revision

index on the footer can be used to compare the current version of existing manuals with the

Internet edition.

1.2

Target Audience

This document addresses system planners, configuration engineers, programmers of

automation devices and personnel authorized to implement, operate and maintain the modules

and systems. Specialized knowledge of safety-related automation systems is required

Formatting Conventions

To ensure improved readability and comprehensibility, the following fonts are used in this

document:

Bold

Italics

Courier

RUN

F3 DIO 8/8 01

Chapter 1.2.3

To highlight important parts.

Names of buttons, menu functions and tabs that can be clicked and used

in the programming tool.

For parameters and system variables

Literal user inputs

Operating state are designated by capitals

Cross references are hyperlinks even though they are not particularly

marked. When the cursor hovers over a hyperlink, it changes its shape.

Click the hyperlink to jump to the corresponding position.

Safety notes and operating tips are particularly marked.

Safety Notes

The safety notes are represented as described below.

These notes must absolutely be observed to reduce the risk to a minimum. The content is

structured as follows:

 Signal word: warning, caution, notice

 Type and source of risk

 Consequences arising from non-observance

 Risk prevention

Safety

All safety information, notes and instructions specified in this document must be strictly

observed. The product may only be used if all guidelines and safety instructions are adhered to.

This product is operated with SELV or PELV. No imminent risk results from the product itself.

The use in Ex-zone is permitted if additional measures are taken.

Intended Use

HIMatrix components are designed for assembling safety-related controller systems.

When using the

Residual Risk

No imminent risk results from a HIMatrix system itself.

Residual risk may result from:

 Faults related to engineering

 Faults related to the user program

 Faults related to the wiring

Safety Precautions

F3 DIO 88 01

Observe all local safety requirements and use the protective equipment required on site.

Emergency Information

A HIMatrix system is a part of the safety equipment of a site. If a device or a module fails, the

system enters the safe state.

In case of emergency, no action that may prevent the HIMatrix systems from operating safely is

permitted.

Product Description

The safety-related F3 DIO 8/8 01 remote I/O is a compact system in a metal housing with

8 digital inputs, 8 digital DO+ outputs (L- ground), 2 digital DO- outputs (S+ ground) and 2

pulsed outputs. The digital outputs DO4+, DO8+, DO4- and DO8- can also be connected as

2-pole connections.

The remote I/O is available in various model variants for SILworX and ELOP II Factory, see

Table 4.

Remote I/Os are connected to individual HIMax or HIMatrix controllers via safeethernet. They

are used to extend the I/O level, but are not able to run any user program by themselves.

The remote I/O is suitable for mounting in Ex-zone 2. see Chapter 4.1.5.

The device is TÜV-certified for safety-related applications up to SIL 3 (IEC 61508. IEC 61511

and IEC 62061), Cat. 4 and PL e (EN ISO 13849-1) and SIL 4 (EN 50126. EN 50128 and

EN 50129).

Further safety standards, application standards and test standards are specified in the

certificates available on the HIMA website.

3.1

3.1.1

Safety Function

The remote I/O is equipped with safety-related digital inputs and outputs. The input values on

the inputs are safely transmitted to the connected controller via safeethernet. The outputs are

safely assigned their values by the connected controller via safeethernet.

Safety-Related Digital Inputs

The remote I/O is equipped with 8 digital inputs. The state (HIGH, LOW) of each input is

signaled by an individual LED.

Mechanical contacts without own power supply or signal power source can be connected to the

inputs. Potential-free mechanical contacts without own power supply are fed via an internal

short-circuit-proof 24 V power source (LS+). Each of them supply a group of 4 mechanical

contacts. Figure 1 shows how the connection is performed.

With signal voltage sources, the corresponding ground must be connected to the input (L-), see

Figure 1.

Reaction in the Event of a Fault

If the device detects a fault on a digital input, the user program processes a low level in

accordance with the de-energized to trip principle.

The device activates the FAULT LED.

In addition to the channel signal value, the user program must also consider the corresponding

error code.

The error code allows the user to configure additional fault reactions in the user program.

Line Control

Line control is used to detect short-circuits or open-circuits and can be configured for the

remote I/O, e.g., on EMERGENCY STOP inputs complying with Cat. 4 and PL e in accordance

with EN ISO 13849-1.

To this end, connect the digital outputs TO 1 through TO 2 of the system to the digital inputs DI

of the same system as follows:

The remote I/O pulses the pulsed outputs to detect short-circuits and open-circuits on the lines

connected to the digital inputs. To do so, configure the Value [BOOL] -> system variable in

SILworX or the DO[01].Value system signal in ELOP II Factory. The variables for the pulsed

outputs must begin with channel 1 and reside in direct sequence, one after the other.

If the following faults occur, the FAULT LED located on the front plate of the device blinks, the

inputs are set to low level and an (evaluable) error code is created:

 Cross-circuit between two parallel wires.

 Invalid connections of two lines (e.g., TO 2 to DI 3),

 Earth fault on one wire (with earthed ground only).

 Open-circuit or open contacts, i.e., including when one of the two EMERGENCY STOP

switches mentioned above has been engaged, the FAULT LED blinks and the error code is

created.Safety-Related Digital Outputs

The remote I/O is equipped with 8 digital outputs DO+ (ground L-) and 2 digital outputs DO-

(ground S+). The state (HIGH, LOW) of each output is signaled by an individual LED (HIGH,

LOW).

F3 DIO 8/8 01

At the maximum ambient temperature, the DO+ outputs 1…3 and 5…7 can be loaded with 0.5 A

each, and DO+ outputs 4 and 8 can be loaded with 1 A or with 2 A at an ambient temperature of

up to 40 °C.

At the maximum ambient temperature, the DO- outputs 4- and 8- can be loaded with 1 A each

or with 2 A at an ambient temperature of up to 40 °C.

Within a temperature range of 60…70 °C, all outputs of the F3 DIO 8/8 014 can be loaded with

0.5 A, see Table 15.

The digital outputs DO4+, DO8+, DO4- and DO8- can be connected as one-pole or 2-pole

switching connections. The remaining outputs are only set up for one-pole switching

connections.

With 1-pole switching outputs, ensure that the system’s L- ground from the corresponding

channel group is used for the DO+ outputs and the system’s S+ ground is used for the DO-

outputs, see Table 18. The S+ ground is limited by the system to a maximum current of 8 A and

obtained from the 24 V voltage connection.

The external wire of an output is not monitored, however, a detected short-circuit is signaled.

With 2-pole switching outputs, the L+ switching output DO4+ must be connected  to the L-

switching output DO4- and the L+ switching output DO8+ to the L- switching output DO8-. This

type of connection must be set via the DO2[xx].2-pole system parameter

Line Diagnosis

During 2-pole operation, a line diagnosis is performed to detect potential external short-circuits

to L+ and L-. Time on delay is required to detect external short-circuits with an inductive or

capacitive load or a lamp load. This delay can be configured using the Time on delay system

parameter. In the range of 0…30 ms, the value can be set in steps of 1 ms.

Reaction in the Event of a Fault

If the device detects a faulty signal on a digital output, the affected module output is set to the

safe (de-energized) state using the safety switches.

If a device fault occurs, all digital outputs are switched off.

In both cases, the devices activates the FAULT LED.

The error code allows the user to configure additional fault reactions in the user program.

Pulsed Outputs

The 2 digital pulsed outputs can be used to detect short-circuits and open-circuits on digital

inputs, e.g., on EMERGENCY STOP button complying with Cat. 4 and PL e in accordance with

EN ISO 13849-1.