ISO/TS 8102-21:2026

Technical
Specification
ISO/TS 8102-21
First edition
Electrical requirements for lifts,
2026-01
escalators and moving walks —
Part 21:
On-site and off-site software
updates
Exigences électriques pour ascenseurs, escaliers mécaniques et
trottoirs roulants —
Partie 21: Mises à jour logicielles sur site et à distance
Reference number
© ISO 2026
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions .1
3.2 Abbreviated terms .2
4 Overview of software update . 2
4.1 General .2
4.2 EUC domains with relevant security and safety requirements .3
5 Management of software update . 3
5.1 General .3
5.2 Requirements for software development .3
5.3 Requirements for the deployment of software update .3
5.3.1 Purpose of software update .3
5.3.2 Preparations for software update .3
5.4 Off-site software update management platform .4
5.4.1 Requirements for the service provider .4
5.4.2 Managing EUC configuration information .4
5.4.3 Processing software packages .4
6 Technical requirements of the software update . 4
6.1 General .4
6.2 Initiation .5
6.3 Delivery .5
6.4 Protection of persons .5
6.4.1 Lifts .5
6.4.2 Escalators and moving walks .5
6.5 Compatibility check . .5
6.5.1 General .5
6.5.2 Automatic compatibility check .5
6.5.3 Manual compatibility check .5
6.6 Activation .6
6.7 Validation .6
6.7.1 General .6
6.7.2 Automatic validation .6
6.7.3 Manual validation .6
6.8 Completion of software update .7
6.9 Recovery from validation failure .7
6.10 Auditing and reporting .7
6.10.1 EUC audit log .7
6.10.2 Off-site access to the EUC audit log .7
7 Information for use . 7
Annex A (informative) Comparison of on-site and off-site software updates . 9
Annex B (informative) Example of a software update sequence.12
Annex C (informative) Product life cycle and EUC installation life cycle . 14
Bibliography .16

iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 178, Lifts, escalators and moving walks.
A list of all parts in the ISO 8102 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
Introduction
[1]
This document complements ISO 8102-20 for software and parameter updates.
Lifts, escalators, and moving walks [referred to as the equipment under control (EUC) in this document]
contain executable code and parameters which require occasional updates.
Such executable code and parameters can be dynamically written or modified during execution and this can
impact the safety and security of the EUC. Therefore, fulfilment of safety and security requirements must be
ensured when either the executable code or the parameters, or both, are modified.
In this document, the term software is used for both executable code and parameters, because the same
safety and security requirements of the EUC apply, independent of whether the executable code or a
parameter is updated.
In this document the term "lifts" includes:
— lifts for the transport of persons and goods;
— lifts for the transport of goods only;
— special lifts (lifting appliances) for the transport of persons and goods.

v
Technical Specification ISO/TS 8102-21:2026(en)
Electrical requirements for lifts, escalators and moving
walks —
Part 21:
On-site and off-site software updates
1 Scope
This document specifies means for software updates including parameter modifications for lifts, escalators,
and moving walks [(equipment under control (EUC)]. It is applicable to process steps carried out on-site and
off-site.
This document is not applicable to EUC that are installed before the date of its publication.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
IEC 62443-3-2:2020, Security for industrial automation and control systems — Part 3-2: Security risk
assessment for system design
IEC/TS 62443-1-1:2009, Industrial communication networks — Network and system security — Part 1-1:
Terminology, concepts and models
ISO 8102-20:2022, Electrical requirements for lifts, escalators and moving walks — Part 20: Cybersecurity
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 8102-20:2022,
IEC/TS 62443-1-1:2009, IEC 62443-3-2:2020 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1.1
software
either executable code, or configuration parameters, or both
Note 1 to entry: Change of the value of a configuration parameter of an executable software typically impacts
behaviour of a component or a system.

3.1.2
software update
process of updating software (3.1.1)
Note 1 to entry: In this document the term software update also covers parameter modifications.
3.1.3
software package
collection of software (3.1.1) and information necessary for the software update (3.1.2)
3.1.4
important function
function or capability belonging to the equipment under control (EUC) domains: "safety", "essential" or
"alarm".
[2]
Note 1 to entry: The EUC domains are described in ISO 8102-20:2022 and 4.2.
3.1.5
equipment under control owner
EUC owner
individual or organization responsible for the equipment under control (EUC)
[2]
[SOURCE: ISO 8102-20:2022 , 3.1.3]
3.1.6
activation
step in the software update (3.1.2) when an executable code either becomes executable on an equipment
under control (EUC) or parameter(s) become active on an EUC, or both
3.1.7
on-site
at the site of the equipment under control (EUC) installation with physical access to the EUC
3.1.8
validation
confirmation, through the provision of objective evidence, that the requirements for a specific intended use
or application have been fulfilled
[3]
[SOURCE: ISO 9000:2015 , 3.8.13, modified — Deleted Notes to entry 1 to 3.]
3.2 Abbreviated terms
EUC equipment under control
4 Overview of software update
4.1 General
This document describes generic steps of a software update process. Steps of a software update can be
carried out either on-site or off-site, by manual or automatic means. In this document on-site software
update refers to a software update carried out by a person at the site of the EUC installation with physical
access to the EUC. Off-site software update refers to a software update, which cannot be considered as on-
site.
Technical requirements for software update steps are defined in Clause 6.
An example illustration of on-site and off-site software update, and advantages and disadvantages of each
method are provided in Annex A.
An example of a software update sequence is described in Annex B.

Contextual information related to the product life cycle and installation life cycle is provided in Annex C.
4.2 EUC domains with relevant security and safety requirements
When the EUC is installed in the building, cybersecurity requirements given in ISO 8102-20:2022, shall be
met. EUC functions are divided into four domains: "safety", "essential", "alarm" and "other". The software
of the three domains "safety", "essential" and "alarm", may be updated after the installation of the EUC, if
[2]
the requirements of this document, and cybersecurity requirements given in ISO 8102-20:2022 are met,
including EUC safety requirements.
NOTE This document does not set any requirements for the domain "other".
5 Management of software update
5.1 General
This clause gives requirements on the management of software update:
a) for the software development process;
b) for the deployment of the software that apply both to on-site and off-site software updates;
c) for an off-site software update management platform.
A change of a configuration parameter value shall be considered as software development if the impact to the
behaviour of the component or the system has not been evaluated earlier during the software development
process.
5.2 Requirements for software development
The software development process shall be in accordance with the secure development life cycle defined in
ISO 8102-20:2022, Clause 4 and including processes relevant to safety requirements.
5.3 Requirements for the deployment of software update
5.3.1 Purpose of software update
The purpose of the software update shall be documented according to Clause 7 a).
EXAMPLE Purposes include:
— providing new features by the software update;
— cybersecurity or safety issues fixed by the software update;
— altering existing functions by the software update.
5.3.2 Preparations for software update
Preparations for a software update shall include at least the following:
— A process to record information about the current executable code identification, identification of
parameter sets or individual parameter values.
— A process to determine which delivery method(s) are used for the software update.
— A process to determine the EUC target(s) for the software update.
— A process to specify conditions to perform the software update.

— A process to specify corrective actions to be performed in the event of an unsuccessful software update,
including the information to the owner in case of unavailability (see WARNING below).
— A process to specify the need for special equipment, a skilled person or actions to complete the software
update.
— A process to provide the information in the software update package about the software update, including
the necessary compatibility check information. See 6.5.1.
WARNING — Unavailability of the EUC can lead to a hazardous situation in the building. Hazardous
situations that can arise during the software update to consider include, but are not limited to, a
temporary loss of lift service where lift availability is critical to the operation of the facility,
for example hospitals. Mitigation can be established to address such hazards, such as planned
deployment roll-out of the software update.
5.4 Off-site software update management platform
5.4.1 Requirements for the service provider
There shall be a process for providing the requirements to the service provider executing software updates
via a management platform.
5.4.2 Managing EUC configuration information
The management platform shall have:
— the capability for receiving, storing and processing EUC software version information;
— the capability to maintain the integrity of the collected EUC information;
— the capability to support the identification of dependencies for software packages;
— the capability to check compatibility of a software package.
5.4.3 Processing software packages
The management platform shall have:
— the capability to process, receive and
...