BSI - BS ISO 22201-1 - TC
Tracked Changes (Redline) - Lifts (elevators), escalators and moving walks - Programmable electronic systems in safety-related applications Part 1: Lifts (elevators) (PESSRAL)
|Publication Date:||27 February 2020|
|ICS Code (Lifts. Escalators):||91.140.90|
This document is applicable to the product family of passenger and goods/passenger lifts used in residential buildings, offices, hospitals, hotels, industrial plants, etc. This document covers those aspects that it is necessary to address when programmable electronic systems are used to carry out electric safety functions for lifts (PESSRAL). This document is applicable for lift safety functions that are identified in lift codes, standards or laws that reference this document for PESSRAL. The SILs specified in this document are understood to be valid for PESSRAL in the context of the referenced lift codes, standards and laws in Annex B.
NOTE Within this document, the UK term "lift" is used throughout instead of the US term "elevator".
This document is also applicable for PESSRAL that are new or deviate from those described in this document.
The requirements of this document regarding electrical safety/protective devices are such that it is not necessary to take into consideration the possibility of a failure of an electric safety/protective device complying with all the requirements of this document and other relevant standards.
In particular, this document
a) uses safety integrity levels (SIL) for specifying the target failure measure for the safety functions implemented by the PESSRAL;
b) specifies the requirements for achieving safety integrity for a function but does not specify who is responsible for implementing and maintaining the requirements (for example, designers, suppliers, owner/operating company, contractor); this responsibility is assigned to different parties according to safety planning and national regulations;
c) applies to PE systems used in lift applications that meet the minimum requirements of a recognized lift standard such as EN 81, ASME A17.1-2007/CSA B44-07, or lift laws such as the Japan Building Standard Law Enforcement Order For Elevator and Escalator;
d) defines the relationship between this document and IEC 61508 and defines the relationship between this document and the EMC standard for lifts on immunity, ISO 22200;
e) outlines the relationship between lift safety functions and their safe-state conditions;
f) applies to phases and activities that are specific to design of software and related hardware but not to those phases and activities that occur post-design, for example sourcing and manufacturing;
g) requires the manufacturer of the PESSRAL to provide instructions that specify what is necessary to maintain the integrity of the PESSRAL (instruction manual) for the organization carrying out the assembly, connections, adjustment and maintenance of the lift;
h) provides requirements relating to the software and hardware safety validation;
i) establishes the safety integrity levels for specific lift safety functions;
j) specifies techniques/measures required for achieving the specified safety integrity levels;
k) provides risk-reduction decision tables for the application of PESSRALs;
l) defines a maximum level of performance (SIL 3) that can be achieved for a PESSRAL according to this document and defines a minimum level of performance (SIL 1).
This document does not cover:
- hazards arising from the PE systems equipment itself, such as electric shock, etc.;
- the concept of fail-safe, which can be of value when the failure modes are well defined and the level of complexity is relatively low; the concept of fail-safe is considered inappropriate because of the full range of complexity of the PESSRAL that are within the scope of this document;
- other relevant requirements necessary for the complete application of a PESSRAL in a lift safety function, such as the mechanical construction, mounting and labelling of switches, actuators, or sensors that contain the PESSRAL. It is necessary that these requirements be carried out in accordance with the national lift standard that references this document.
- foreseeable misuse involving security threats related to malevolent or unauthorized action. In cases where a security threat analysis needs to be considered, this standard may be used, provided the specified SIL has been reassessed.