1、 Reference numberISO 22201:2009(E)ISO 2009INTERNATIONAL STANDARD ISO22201First edition2009-01-15Lifts (elevators) Design and development of programmable electronic systems in safety-related applications for lifts (PESSRAL) Ascenseurs Conception et mise au point des systmes lectroniques programmables
2、 dans les applications lies la scurit des ascenseurs (PESSRAL) ISO 22201:2009(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to
3、 and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the soft
4、ware products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it i
5、s found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO 2009 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying an
6、d microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii
7、 ISO 2009 All rights reservedISO 22201:2009(E) ISO 2009 All rights reserved iiiContents Page Foreword iv Introduction v 1 Scope . 1 2 Conformance. 2 3 Normative references . 2 4 Terms and definitions. 3 5 Symbols and abbreviated terms . 6 6 Requirements 6 6.1 General. 6 6.2 Extended application of t
8、his International Standard 6 6.3 Safety function SIL requirements . 7 6.4 SIL-relevant and non-SIL-relevant safe-state requirements. 7 6.5 Implementation and demonstration requirements for verification of SIL compliance 15 Annex A (normative) Techniques and measures to implement, verify and maintain
9、 SIL compliance 17 Annex B (informative) Applicable lift codes, standards and laws 33 Annex C (informative) Example of a risk-reduction decision table. 43 Bibliography . 44 ISO 22201:2009(E) iv ISO 2009 All rights reservedForeword ISO (the International Organization for Standardization) is a worldwi
10、de federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on tha
11、t committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in a
12、ccordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard re
13、quires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 22201 was prepared by Techn
14、ical Committee ISO/TC 178, Lifts, escalators and moving walks. ISO 22201:2009(E) ISO 2009 All rights reserved vIntroduction The Working Group ISO/TC 178, WG8 has developed this International Standard as a result of ISO/TC 178 resolution 234/2004, document N 343. Systems comprised of electrical and/o
15、r electronic components have been used for many years to perform safety functions in most application sectors. Computer-based systems, generically referred to as programmable electronic systems (PES), are being used in many application sectors to perform non-safety functions and, increasingly, to pe
16、rform safety functions. In order to effectively and safely exploit computer-system technology, it is essential that those responsible for making decisions have sufficient guidance on the safety aspects on which to make these decisions. In most situations, safety is achieved by a number of protective
17、 systems that rely on many technologies (for example mechanical, hydraulic, pneumatic, electrical, electronic, programmable electronic). It is necessary that any safety strategy, therefore, consider not only all the elements within an individual system (for example sensors, controlling devices and a
18、ctuators) but also all the safety-related subsystems making up the total combination of safety-related systems. This International Standard is based upon the guidelines provided in the generic IEC 61508 series of standards of the International Electro-technical Commission (IEC) and EN 81 (all parts)
19、 of the Comit Europen de Normalisation (CEN). The requirements given in this International Standard recognize the fact that the product family covers a total range of passenger and goods/passenger lifts used in residential buildings, offices, hospitals, hotels, industrial plants, etc. This Internati
20、onal Standard is the product family standard for lifts and takes precedence over all aspects of the generic standard. This International Standard sets out the product specific requirements for systems comprised of programmable electronic components and programmable electronic systems (PES) that are
21、used to perform safety functions in lifts. This International Standard has been developed in order that consistent technical and performance requirements and rational be specified for programmable electronic systems in safety-related applications for lifts (PESSRAL). Most of the specific measures in
22、 Clause A.2 have been copied from EN 81-1. Risk analysis, terminology and technical solutions have been considered, taking into account the methods of the IEC 61508 series of standards. The risk analysis of each safety function specified in Table 1 resulted in the classification of electric safety f
23、unctions applied to PESSRAL. Tables 1 and 2 give the safety integrity level and functional requirements, respectively, for each electric safety function. The safety-integrity levels (SIL) specified in this International Standard can also be applied to other technologies used to satisfy the safety fu
24、nctions specified in this International Standard. Within the context of the harmonization with national standards for lifts, the application of this International Standard is intended to be by reference within a national standard lift such as lift codes, standards, or laws. The reason for this is th
25、ree-fold: a) to allow selective reference by national standards to specific lift-safety functions described in this International Standard; not all lift-safety functions identified in this International Standard are called out in every national standard; b) to allow for future harmonization of natio
26、nal standards with lift-safety functions identified in this International Standard: Because there exist some differences in the requirements for fulfilment of the safety objectives of national lift standards and in national practice of lift use and maintenance, there are instances where the requirem
27、ents for lift-safety functions described in this International Standard are based on the consensus work and agreement by the ISO committee responsible for this International Standard. National bodies may chose to selectively harmonize with those lift-safety functions that differ in the requirements
28、called for by the existing national standard in future standard revisions. ISO 22201:2009(E) vi ISO 2009 All rights reserved It is important to note that more than 90 % of the safe-state requirements and more than 80 % of the anticipated SIL requirements by the national standards referenced in this
29、International Standard are already harmonized with the requirements of the lift-safety functions specified in this International Standard. The remainder is not harmonized for the reasons given above. c) to allow for the application of this International Standard where lift-safety functions are new o
30、r deviate from those specified in this International Standard. More and more, national lift legislations are moving to performance-based requirements. For this reason, the development of new or different lift-safety functions can be foreseen in product specific applications. For those who require li
31、ft-safety functions that are new or different from those specified in this International Standard, this International Standard provides a verifiable method to establish the necessary level of safety integrity for those functions. INTERNATIONAL STANDARD ISO 22201:2009(E) ISO 2009 All rights reserved
32、1Lifts (elevators) Design and development of programmable electronic systems in safety-related applications for lifts (PESSRAL) 1 Scope This International Standard is applicable to the product family of passenger and goods/passenger lifts used in residential buildings, offices, hospitals, hotels, in
33、dustrial plants, etc. This International Standard covers those aspects that it is necessary to address when programmable electronic systems are used to carry out electric safety functions for lifts (PESSRAL). This International Standard is applicable for lift-safety functions that are identified in
34、lift codes, standards or laws that reference this International Standard for PESSRAL. The SILs specified in this International Standard are understood to be valid for PESSRAL in the context of the referenced lift codes, standards and laws in Annex B. NOTE Within this International Standard, the UK t
35、erm “lift” is used throughout instead of the US term “elevator”. This International Standard is also applicable for PESSRAL that are new or deviate from those described in this International Standard. The requirements of this International Standard regarding electrical safety/protective devices are
36、such that it is not necessary to take into consideration the possibility of a failure of an electric safety/protective device complying with all the requirements of this International Standard and other relevant standards. In particular, this International Standard a) uses safety integrity levels (S
37、IL) for specifying the target failure measure for the safety functions implemented by the PESSRAL; b) specifies the requirements for achieving safety integrity for a function but does not specify who is responsible for implementing and maintaining the requirements (for example, designers, suppliers,
38、 owner/operating company, contractor); this responsibility is assigned to different parties according to safety planning and national regulations; c) applies to PES used in lift applications that meet the minimum requirements of a recognized lift standard such as EN 81, ASME A17.1-2007/CSA B44-07, o
39、r lift laws such as the Japan Building Standard Law Enforcement Order For Elevator and Escalator; d) defines the relationship between this International Standard and IEC 61508 and defines the relationship between this International Standard and the EMC standard for lifts on immunity, ISO 22200; e) o
40、utlines the relationship between lift-safety functions and their safe-state conditions; f) applies to phases and activities that are specific to design of software and related hardware but not to those phases and activities that occur post-design, for example sourcing and manufacturing; g) requires
41、the manufacturer of the PESSRAL to provide instructions that specify what is necessary to maintain the integrity of the PESSRAL (instruction manual) for the organization carrying out the assembly, connections, adjustment and maintenance of the lift; h) provides requirements relating to the software
42、and hardware safety validation; ISO 22201:2009(E) 2 ISO 2009 All rights reservedi) establishes the safety-integrity levels for specific lift-safety functions; j) specifies techniques/measures required for achieving the specified safety-integrity levels; k) provides risk-reduction decision tables for
43、 the application of PESSRALs; l) defines a maximum level of performance (SIL 3) that can be achieved for a PESSRAL according to this International Standard and defines a minimum level of performance (SIL 1). This International Standard does not cover hazards arising from the PES equipment itself, su
44、ch as electric shock etc.; the concept of fail-safe, which can be of value when the failure modes are well defined and the level of complexity is relatively low; the concept of fail-safe is considered inappropriate because of the full range of complexity of the PESSRAL that are within the scope of t
45、his International Standard; other relevant requirements necessary for the complete application of a PESSRAL in a lift-safety function, such as the mechanical construction, mounting and labelling of switches, actuators, or sensors that contain the PESSRAL. It is necessary that these requirements be c
46、arried out in accordance with the national lift standard that references this International Standard. 2 Conformance To conform to this International Standard, it shall be shown that each of the requirements outlined in Clause 6 has been satisfied to the defined criteria and, therefore, the clause ob
47、jective(s) has(have) been met. 3 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) appl
48、ies. IEC 61508-1:1999, Functional safety of electrical/electronic/programmable electronic safety-related systems Part 1: General requirements IEC 61508-2, Functional safety of electrical/electronic/programmable electronic safety-related systems Part 2: Requirements for electrical/electronic/programm
49、able/electronic safety-related systems IEC 61508-3, Functional safety of electrical/electronic/programmable electronic safety-related systems Part 3: Software requirements IEC 61508-4, Functional safety of electrical/electronic/programmable electronic safety-related systems Part 4: Definitions and abbreviations IEC 61508-5, Functional safety of electrical/electronic/programmable electronic safety-related systems Part 5: Example of methods for the determination of safety integrity levels IEC 61508-7:2000, Functional safety o
