Lifts (elevators), escalators and moving walks — Programmable electronic systems in safety-related applications — Part 1: Lifts (elevators) (PESSRAL)

ISO 22201-1:2017 is applicable to the product family of passenger and goods/passenger lifts used in residential buildings, offices, hospitals, hotels, industrial plants, etc. This document covers those aspects that it is necessary to address when programmable electronic systems are used to carry out electric safety functions for lifts (PESSRAL). This document is applicable for lift safety functions that are identified in lift codes, standards or laws that reference this document for PESSRAL. The SILs specified in this document are understood to be valid for PESSRAL in the context of the referenced lift codes, standards and laws in Annex B. NOTE Within this document, the UK term "lift" is used throughout instead of the US term "elevator". ISO 22201-1:2017 is also applicable for PESSRAL that are new or deviate from those described in this document. The requirements of this document regarding electrical safety/protective devices are such that it is not necessary to take into consideration the possibility of a failure of an electric safety/protective device complying with all the requirements of this document and other relevant standards. In particular, this document a) uses safety integrity levels (SIL) for specifying the target failure measure for the safety functions implemented by the PESSRAL; b) specifies the requirements for achieving safety integrity for a function but does not specify who is responsible for implementing and maintaining the requirements (for example, designers, suppliers, owner/operating company, contractor); this responsibility is assigned to different parties according to safety planning and national regulations; c) applies to PE systems used in lift applications that meet the minimum requirements of a recognized lift standard such as EN 81, ASME A17.1-2007/CSA B44-07, or lift laws such as the Japan Building Standard Law Enforcement Order For Elevator and Escalator; d) defines the relationship between this document and IEC 61508 and defines the relationship between this document and the EMC standard for lifts on immunity, ISO 22200; e) outlines the relationship between lift safety functions and their safe-state conditions; f) applies to phases and activities that are specific to design of software and related hardware but not to those phases and activities that occur post-design, for example sourcing and manufacturing; g) requires the manufacturer of the PESSRAL to provide instructions that specify what is necessary to maintain the integrity of the PESSRAL (instruction manual) for the organization carrying out the assembly, connections, adjustment and maintenance of the lift; h) provides requirements relating to the software and hardware safety validation; i) establishes the safety integrity levels for specific lift safety functions; j) specifies techniques/measures required for achieving the specified safety integrity levels; k) provides risk-reduction decision tables for the application of PESSRALs; l) defines a maximum level of performance (SIL 3) that can be achieved for a PESSRAL according to this document and defines a minimum level of performance (SIL 1). ISO 22201-1:2017 does not cover: - hazards arising from the PE systems equipment itself, such as electric shock, etc.; - the concept of fail-safe, which can be of value when the failure modes are well defined and the level of complexity is relatively low; the concept of fail-safe is considered inappropriate because of the full range of complexity of the PESSRAL that are within the scope of this document; - other relevant requirements necessary for the complete application of a PESSRAL in a lift safety function, such as the mechanical construction, mounting and labelling of switches, actuators, or sensors that contain the PESSRAL. It is necessary that these requirements be carried out in accordance with the national lift standard that references this document. - foreseeable misuse involving security threats related to malevolen

Ascenseurs, escaliers mécaniques et trottoirs roulants — Systèmes électroniques programmables dans les applications liées à la sécurité — Partie 1: Ascenseurs (PESSRAL)

General Information

Status
Published
Publication Date
22-Feb-2017
Current Stage
9093 - International Standard confirmed
Completion Date
23-Sep-2022
Ref Project

Relations

Buy Standard

Standard
ISO 22201-1:2017 - Lifts (elevators), escalators and moving walks -- Programmable electronic systems in safety-related applications
English language
48 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO
STANDARD 22201-1
First edition
2017-02
Lifts (elevators), escalators and
moving walks — Programmable
electronic systems in safety-related
applications —
Part 1:
Lifts (elevators) (PESSRAL)
Ascenseurs, escaliers mécaniques et trottoirs roulants — Systèmes
électroniques programmables dans les applications liées à la
sécurité —
Partie 1: Ascenseurs (PESSRAL)
Reference number
©
ISO 2017
© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2017 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 2
3 Terms and definitions . 2
4 Symbols and abbreviated terms . 6
5 Requirements . 7
5.1 General . 7
5.2 Extended application of this document . 7
5.2.1 General. 7
5.2.2 Risk assessment . . 7
5.2.3 Limits for specifying SIL for PESSRAL . 7
5.2.4 Safe-state requirements . 8
5.3 Safety function SIL requirements . 8
5.4 SIL-relevant and non-SIL-relevant safe-state requirements . 8
5.5 Implementation and demonstration requirements for verification of SIL compliance .20
5.5.1 General.20
5.5.2 Required techniques and measures to implement and demonstrate PE
systems compliance with specified safety integrity levels .20
5.5.3 Loss of power after a PESSRAL device has actuated.20
Annex A (normative) Techniques and measures to implement, verify and maintain
SIL compliance .21
Annex B (informative) Applicable lift codes, standards and laws .36
Annex C (informative) Example of a risk-reduction decision table .47
Bibliography .48
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www . i so .org/ iso/ foreword .html.
The committee responsible for this document is ISO/TC 178, Lifts, escalators and moving walks.
This first edition cancels and replaces ISO 22201:2009, which has been technically revised
(incorporating ISO 22201:2009/Cor 1:2011) and includes the following changes:
— editorial changes that correct typographical errors and terminology inconsistencies between
this document and its reference standards, including between it and the two other standards in the
22201 series.
A list of all parts in the ISO 22201 series can be found on the ISO website.
iv © ISO 2017 – All rights reserved

Introduction
Systems comprised of electrical and/or electronic elements have been used for many years to
perform safety functions in most application sectors. Computer-based systems, generically referred
to as programmable electronic systems, are being used in many application sectors to perform non-
safety functions and, increasingly, to perform safety functions. In order to effectively and safely
exploit computer-system technology, it is essential that those responsible for making decisions have
sufficient guidance on the safety aspects on which to make these decisions. In most situations, safety
is achieved by a number of protective systems that rely on many technologies (for example mechanical,
hydraulic, pneumatic, electrical, electronic, programmable electronic). It is necessary that any safety
strategy, therefore, considers not only all the components within an individual system (for example
sensors, controlling devices and actuators), but also all the safety-related elements making up the total
combination of safety-related systems.
This document is based upon the guidelines provided in the generic IEC 61508 series of standards of
the International Electrotechnical Commission (IEC) and EN 81 (all parts) of the Comité Européen de
Normalization (CEN).
The requirements given in this document recognize the fact that the product family covers a total range
of passenger and goods/passenger lifts used in residential buildings, offices, hospitals, hotels, industrial
plants, etc. This document is the product family standard for lifts and takes precedence over all aspects
of the generic standard.
This document sets out the product specific requirements for systems comprised of programmable
electronic components and programmable electronic systems that are used to perform safety functions
in lifts. This document has been developed in order that consistent technical and performance
requirements and rational be specified for programmable electronic systems in safety-related
applications for lifts (PESSRAL).
Risk analysis, terminology and technical solutions have been considered, taking into account the
methods of the IEC 61508 series of standards. The risk analysis of each safety function specified in
Table 1 resulted in the classification of electric safety functions applied to PESSRAL. Tables 1 and 2 give
the safety integrity level and functional requirements, respectively, for each electric safety function.
The safety integrity levels (SIL) specified in this document can also be applied to other technologies
used to satisfy the safety functions specified in this document.
Within the context of the harmonization with national standards for lifts, the application of this
document is intended to be by reference within a national standard lift such as lift codes, standards, or
laws. The reason for this is threefold:
a) to allow selective reference by national standards to specific lift safety functions described in this
document (not all lift safety functions identified in this document are called out in every national
standard);
b) to allow for future harmonization of national standards with lift safety functions identified in this
document:
— Because there exist some differences in the requirements for fulfilment of the safety objectives
of national lift standards and in national practice of lift use and maintenance, there are instances
where the requirements for lift safety functions described in this document are based on the
consensus work and agreement by the ISO committee responsible for this document. National
bodies may choose to selectively harmonize with those lift safety functions that differ in the
requirements called for by the existing national standard in future standard revisions.
— It is important to note that more than 90 % of the safe-state requirements and more than 80 %
of the anticipated SIL requirements by the national standards referenced in this document
are already harmonized with the requirements of the lift safety functions specified in this
document. The remainder is not harmonized for the reasons given above.
c) to allow for the application of this document where lift safety functions are new or deviate
from those specified in this document. More and more, national lift legislations are moving to
performance-based requirements. For this reason, the development of new or different lift safety
functions can be foreseen in product specific applications. For those who require lift safety
functions that are new or different from those specified in this document, this document provides a
verifiable method to establish the necessary level of safety integrity for those functions.
vi © ISO 2017 – All rights reserved

INTERNATIONAL STANDARD ISO 22201-1:2017(E)
Lifts (elevators), escalators and moving walks —
Programmable electronic systems in safety-related
applications —
Part 1:
Lifts (elevators) (PESSRAL)
1 Scope
This document is applicable to the product family of passenger and goods/passenger lifts used in
residential buildings, offices, hospitals, hotels, industrial plants, etc. This document covers those
aspects that it is necessary to address when programmable electronic systems are used to carry out
electric safety functions for lifts (PESSRAL). This document is applicable for lift safety functions that
are identified in lift codes, standards or laws that reference this document for PESSRAL. The SILs
specified in this document are understood to be valid for PESSRAL in the context of the referenced lift
codes, standards and laws in Annex B.
NOTE Within this document, the UK term “lift” is used throughout instead of the US term “elevator”.
This document is also applicable for PESSRAL that are new or deviate from those described in this
document.
The requirements of this document regarding electrical safety/protective devices are such that it is not
necessary to take into consideration the possibility of a failure of an electric safety/protective device
complying with all the requirements of this document and other relevant standards.
In particular, this document
a) uses safety integrity levels (SIL) for specifying the target failure measure for the safety functions
implemented by the PESSRAL;
b) specifies the requirements for achieving safety integrity for a function but does not specify who is
responsible for implementing and maintaining the requirements (for example, designers, suppliers,
owner/operating com
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.