1、BS ISO 22201-1:2017Lifts (elevators), escalators and moving walks Programmable electronic systems in safety-related applicationsPart 1: Lifts (elevators) (PESSRAL)BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06BS ISO 22201-1:2017 BRITISH STANDARDNational forewordThi
2、s British Standard is the UK implementation of ISO 22201-1:2017. It supersedes BS ISO 22201:2009 which is withdrawn.The UK participation in its preparation was entrusted to Technical Committee MHE/4, Lifts, hoists and escalators.A list of organizations represented on this committee can be obtained o
3、n request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2017.Published by BSI Standards Limited 2017ISBN 978 0 580 90247 5 ICS 91.140.90 Compliance with a
4、British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 March 2017.Amendments/corrigenda issued since publicationDate T e x t a f f e c t e dBS ISO 22201-1:2017 ISO 2017Lifts (elevator
5、s), escalators and moving walks Programmable electronic systems in safety-related applications Part 1: Lifts (elevators) (PESSRAL)Ascenseurs, escaliers mcaniques et trottoirs roulants Systmes lectroniques programmables dans les applications lies la scurit Partie 1: Ascenseurs (PESSRAL)INTERNATIONAL
6、STANDARDISO22201-1First edition2017-02Reference numberISO 22201-1:2017(E)BS ISO 22201-1:2017ISO 22201-1:2017(E)ii ISO 2017 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO 2017, Published in SwitzerlandAll rights reserved. Unless otherwise specified, no part of this publication may be reproduced
7、or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO c
8、opyright officeCh. de Blandonnet 8 CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22 749 09 47copyrightiso.orgwww.iso.orgBS ISO 22201-1:2017ISO 22201-1:2017(E)Foreword ivIntroduction v1 Scope . 12 Normative references 23 Terms and definitions . 24 Symbols and abbreviated term
9、s . 65 Requirements 75.1 General . 75.2 Extended application of this document . 75.2.1 General 75.2.2 Risk assessment 75.2.3 Limits for specifying SIL for PESSRAL . 75.2.4 Safe-state requirements 85.3 Safety function SIL requirements . 85.4 SIL-relevant and non-SIL-relevant safe-state requirements .
10、 85.5 Implementation and demonstration requirements for verification of SIL compliance 205.5.1 General. 205.5.2 Required techniques and measures to implement and demonstrate PE systems compliance with specified safety integrity levels .205.5.3 Loss of power after a PESSRAL device has actuated20Annex
11、 A (normative) Techniques and measures to implement, verify and maintain SIL compliance .21Annex B (informative) Applicable lift codes, standards and laws .36Annex C (informative) Example of a risk-reduction decision table .47Bibliography .48 ISO 2017 All rights reserved iiiContents PageBS ISO 22201
12、-1:2017ISO 22201-1:2017(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested i
13、n a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commis
14、sion (IEC) on all matters of electrotechnical standardization.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents sh
15、ould be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible fo
16、r identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).Any trade name used in this document is information given for th
17、e convenience of users and does not constitute an endorsement.For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT
18、) see the following URL: www .iso .org/ iso/ foreword .html.The committee responsible for this document is ISO/TC 178, Lifts, escalators and moving walks.This first edition cancels and replaces ISO 22201:2009, which has been technically revised (incorporating ISO 22201:2009/Cor 1:2011) and includes
19、the following changes: editorial changes that correct typographical errors and terminology inconsistencies between this document and its reference standards, including between it and the two other standards in the 22201 series.A list of all parts in the ISO 22201 series can be found on the ISO websi
20、te.iv ISO 2017 All rights reservedBS ISO 22201-1:2017ISO 22201-1:2017(E)IntroductionSystems comprised of electrical and/or electronic elements have been used for many years to perform safety functions in most application sectors. Computer-based systems, generically referred to as programmable electr
21、onic systems, are being used in many application sectors to perform non-safety functions and, increasingly, to perform safety functions. In order to effectively and safely exploit computer-system technology, it is essential that those responsible for making decisions have sufficient guidance on the
22、safety aspects on which to make these decisions. In most situations, safety is achieved by a number of protective systems that rely on many technologies (for example mechanical, hydraulic, pneumatic, electrical, electronic, programmable electronic). It is necessary that any safety strategy, therefor
23、e, considers not only all the components within an individual system (for example sensors, controlling devices and actuators), but also all the safety-related elements making up the total combination of safety-related systems.This document is based upon the guidelines provided in the generic IEC 615
24、08 series of standards of the International Electrotechnical Commission (IEC) and EN 81 (all parts) of the Comit Europen de Normalization (CEN).The requirements given in this document recognize the fact that the product family covers a total range of passenger and goods/passenger lifts used in resid
25、ential buildings, offices, hospitals, hotels, industrial plants, etc. This document is the product family standard for lifts and takes precedence over all aspects of the generic standard.This document sets out the product specific requirements for systems comprised of programmable electronic compone
26、nts and programmable electronic systems that are used to perform safety functions in lifts. This document has been developed in order that consistent technical and performance requirements and rational be specified for programmable electronic systems in safety-related applications for lifts (PESSRAL
27、).Risk analysis, terminology and technical solutions have been considered, taking into account the methods of the IEC 61508 series of standards. The risk analysis of each safety function specified in Table 1 resulted in the classification of electric safety functions applied to PESSRAL. Tables 1 and
28、 2 give the safety integrity level and functional requirements, respectively, for each electric safety function.The safety integrity levels (SIL) specified in this document can also be applied to other technologies used to satisfy the safety functions specified in this document.Within the context of
29、 the harmonization with national standards for lifts, the application of this document is intended to be by reference within a national standard lift such as lift codes, standards, or laws. The reason for this is threefold:a) to allow selective reference by national standards to specific lift safety
30、 functions described in this document (not all lift safety functions identified in this document are called out in every national standard);b) to allow for future harmonization of national standards with lift safety functions identified in this document: Because there exist some differences in the r
31、equirements for fulfilment of the safety objectives of national lift standards and in national practice of lift use and maintenance, there are instances where the requirements for lift safety functions described in this document are based on the consensus work and agreement by the ISO committee resp
32、onsible for this document. National bodies may choose to selectively harmonize with those lift safety functions that differ in the requirements called for by the existing national standard in future standard revisions. It is important to note that more than 90 % of the safe-state requirements and mo
33、re than 80 % of the anticipated SIL requirements by the national standards referenced in this document are already harmonized with the requirements of the lift safety functions specified in this document. The remainder is not harmonized for the reasons given above. ISO 2017 All rights reserved vBS I
34、SO 22201-1:2017ISO 22201-1:2017(E)c) to allow for the application of this document where lift safety functions are new or deviate from those specified in this document. More and more, national lift legislations are moving to performance-based requirements. For this reason, the development of new or
35、different lift safety functions can be foreseen in product specific applications. For those who require lift safety functions that are new or different from those specified in this document, this document provides a verifiable method to establish the necessary level of safety integrity for those fun
36、ctions.vi ISO 2017 All rights reservedBS ISO 22201-1:2017INTERNATIONAL STANDARD ISO 22201-1:2017(E)Lifts (elevators), escalators and moving walks Programmable electronic systems in safety-related applications Part 1: Lifts (elevators) (PESSRAL)1 ScopeThis document is applicable to the product family
37、 of passenger and goods/passenger lifts used in residential buildings, offices, hospitals, hotels, industrial plants, etc. This document covers those aspects that it is necessary to address when programmable electronic systems are used to carry out electric safety functions for lifts (PESSRAL). This
38、 document is applicable for lift safety functions that are identified in lift codes, standards or laws that reference this document for PESSRAL. The SILs specified in this document are understood to be valid for PESSRAL in the context of the referenced lift codes, standards and laws in Annex B.NOTE
39、Within this document, the UK term “lift” is used throughout instead of the US term “elevator”.This document is also applicable for PESSRAL that are new or deviate from those described in this document.The requirements of this document regarding electrical safety/protective devices are such that it i
40、s not necessary to take into consideration the possibility of a failure of an electric safety/protective device complying with all the requirements of this document and other relevant standards.In particular, this documenta) uses safety integrity levels (SIL) for specifying the target failure measur
41、e for the safety functions implemented by the PESSRAL;b) specifies the requirements for achieving safety integrity for a function but does not specify who is responsible for implementing and maintaining the requirements (for example, designers, suppliers, owner/operating company, contractor); this r
42、esponsibility is assigned to different parties according to safety planning and national regulations;c) applies to PE systems used in lift applications that meet the minimum requirements of a recognized lift standard such as EN 81, ASME A17.1-2007/CSA B44-07, or lift laws such as the Japan Building
43、Standard Law Enforcement Order For Elevator and Escalator;d) defines the relationship between this document and IEC 61508 and defines the relationship between this document and the EMC standard for lifts on immunity, ISO 22200;e) outlines the relationship between lift safety functions and their safe
44、-state conditions;f) applies to phases and activities that are specific to design of software and related hardware but not to those phases and activities that occur post-design, for example sourcing and manufacturing;g) requires the manufacturer of the PESSRAL to provide instructions that specify wh
45、at is necessary to maintain the integrity of the PESSRAL (instruction manual) for the organization carrying out the assembly, connections, adjustment and maintenance of the lift;h) provides requirements relating to the software and hardware safety validation;i) establishes the safety integrity level
46、s for specific lift safety functions; ISO 2017 All rights reserved 1BS ISO 22201-1:2017ISO 22201-1:2017(E)j) specifies techniques/measures required for achieving the specified safety integrity levels;k) provides risk-reduction decision tables for the application of PESSRALs;l) defines a maximum leve
47、l of performance (SIL 3) that can be achieved for a PESSRAL according to this document and defines a minimum level of performance (SIL 1).This document does not cover: hazards arising from the PE systems equipment itself, such as electric shock, etc.; the concept of fail-safe, which can be of value
48、when the failure modes are well defined and the level of complexity is relatively low; the concept of fail-safe is considered inappropriate because of the full range of complexity of the PESSRAL that are within the scope of this document; other relevant requirements necessary for the complete applic
49、ation of a PESSRAL in a lift safety function, such as the mechanical construction, mounting and labelling of switches, actuators, or sensors that contain the PESSRAL. It is necessary that these requirements be carried out in accordance with the national lift standard that references this document. foreseeable misuse involving security threats related to malevolent or unauthorized action. In cases where a security threat analysis needs to be considered, this standard may be used, provided the specified SIL has been reassessed.2 Normati