Tiêu chuẩn iso tr 22201 3 2016

© ISO 2016 Lifts (elevators), escalators and moving walks — Programmable electronic systems in safety related applications — Part 3 Life cycle guideline for programmable electronic systems related to[.]

Lifts (elevators), escalators and

Part 3:

Ascenseurs,escaliers méca ique s et trotoirs ro la t — Co c ption

et mise a p int des systèmes électro ique s pro ramma le s da s le s

a plications liées à la sécurité —

Partie 3: Ligne s directrice s p ur le c ycle de vie des système s

élec tro ique s pro ramma les liés à PES RAL et PES RAE

Refer ence n mb r

ISO/TR 2 2 1-3:2 16(E)

S con edition

2 16-1 -1

COPYRIGHT PROTECTED DOCUMENT

© ISO 2016, P blshed in Sw itz rlan

A ll rig hts r eserved Unles otherw ise spe ified, nopar of this p blc tion ma y be r epr od c d or utilz d otherw ise in an form

or b an me ns, ele tr onic or me hanic l, inclu in p oto opying , or postin on the internet or an intranet , w ithout prior

written permis ion Permis ion c n be req esed from either ISO at the ad r es below or ISO’s member bod y in the c u try of

the r eq eser

ISO c pyrig ht ofic

C de Blan on et 8 • C 4 1

CH-1 14 Vernier, Geneva, Sw itzerlan

Tel + 12 7 9 011

Fax 412 7 9 0 4

c pyrig ht@iso.or g

www.iso.or g

F reword i v

Introduction v

1 Sc ope 1

2 Nor mati ve r eferenc es 1

3 Terms an definitions 1

4 Instructio manual c ontent 3

4.1 Safety pr ecautions 3

4.2 Mar king s, sig ns, pictog rams an writen warning s 3

4.3 Element to conside for content of the instruction man al 4

5 Proc ed re .4

A nne x A (informative)Elements of instructio manual and valdation pr oc es 6

Biblog raphy 8

ISO (he Int ernational Org nization for Stan ardization) is a worldwidefede ation of national s an ards

b dies (ISO membe b dies) The work of pr p ring Int ernational Stan ards is normaly car ied out

through ISO t ech ical committ ees Each membe b dy int er st ed in a subje t for w hich a t ech ical

committ ee has be n es a lshed has the right t o be r pr sent ed on that committ ee Int ernational

org nizations, g ove nmental an non-g ove nmental, in laison with ISO, also take part in the work

ISO cola orat es closely with the Int ernational Ele trot ech ical C mmis ion (IEC) on al matt ers of

ele trot ech ical s an ardization

The proc d r s used t o develo this document an those int en ed for it furthe maint enanc ar

desc ibed in the ISO/IEC Dir ctives, Part 1 In p rticular the dife ent a pro al c it eria ne ded for the

dife ent ty es of ISO document should be not ed This document was draft ed in ac ordanc with the

edit orial rules of the ISO/IEC Dir ctives, Part 2 ( e www.iso.org dir ctives)

A tt ention is drawn t o the p s ibi ity that some of the element of this document ma be the subje t of

p t ent right ISO shal not be held r sponsible for identifying any or al such p t ent right Detais of

any p t ent right identified d ring the develo ment of the document wi be in the Introd ction an / r

on the ISO ls of p t ent de larations r c ived ( e www.iso.org p t ent )

Any trade name used in this document is information given for the convenienc of use s an does not

cons itut e an en orsement

For an ex lanation on the meaning of ISO spe ific t erms an ex r s ions r lated to conformity as es ment,

as wel as information a out ISO’s adhe enc to the Wor ld Trade Org nization (WTO) principles in the

Te h ical Bar ie s to Trade (TBT) se the folowing URL: www.iso.org/ iso/for word.html

The committ ee r sp nsible for thisdocument is ISO/TC1 8, Lifts , es c alators a d mov in walk s

This se on edition canc ls an r plac s the firs edition (ISO/TR 2 2 1-3:2 1 ), w hich has be n

t ech icaly r vised

A l s of al p rt in theISO 2 2 1 se ies can be fou d on the ISO websit e

This document ad r s es phases in the lfe cycle planning an actions for p s -ins alation activities

(e.g maint enanc , r p ir, an r plac ment an modification of int erfac ) of P S RAL an P S RAE t o

help ensur the safety int egrity level ( SIL) o e the l fe cycle of the sy st em

Lifts (elevators), escalators and moving walks —

Part 3:

This document pro ides ad itional information an proc s for the develo ment of the ins ruction

man al r q ir d b ISO 2 2 1-1 (P S RAL) and ISO 2 2 1- 2 (P S RAE) for pro ramma le ele tronic

sy st ems for use b compet ent maint enanc pe son( ) that car y out maint enanc o e ations

2 Normati ve r eferences

The e ar no normative r fe enc s in this document

3 Terms and definitions

F or the purp ses of this document, the t erms an def initions given in ISO 2 2 1-1, ISO 2 2 1- 2 and the

folowing a ply

ISO an IEC maintain t erminolo ical data ases for use in s an ardization at the folowing ad r s es:

— IECEle tro edia: a aia le at ht p:/ www.ele tro edia.org

— ISO Onlne brow sing plat orm:a ai a le at ht p:/ www.iso.org o p

3.1

competent maintenance per o

designat ed pe son, suita ly trained, q al fied b k ow ledg e an practical ex e ienc , pro ided with

ne es ary ins ructions an sup ort ed within their mainten nc e org ni zatio (3.4) t o ena le the

r q ir d maint enanc o e ations t o be safely car ied out

Note 1 to entry: T e competence of the maint enance per on within the mainte a c e o g ni zation (3.4) should b

contin ously u dat ed

3.2

design equiv alent

original eq ipment man factur r, or third p rty c rtif ied prod ct, w hich fulf ils same SIL rat ed

element/subsy st em design spe if ications but has dife ent spe ifications for the non-SIL rat ed p rtion

of the P sy st em

3.3

functio al equivalent

prod ct w hich fulf ils same fu ctional r q ir ment with dife ent SIL rat ed element/subsy st em design

spe if ications from that of the original c rtified prod ct

maintenance org nizatio

comp ny or p rt of a comp ny w he e c ompetent mainten nc e pe s on(s) (3.1) car y out maint enanc

o e ations on behalf of the ow ne (3.7) of the ins al ation

3.5

manufacturer

natural or leg l pe son w ho takes r sp nsibi ity for the design, man factur an placing on the market

safety component for lf s or of machine y (escalat or, pas eng er convey r, se vic l f an ac es ible

g oodsonly lf)

3.6

maintenance

p s -ins alation lfe cycle activities, inclu ing pr ventative, r plac ment, r p ir, an alt eration

(modif ications)

3.7

owner

natural or leg l pe son w ho has the p we or disposal of the ins alation and takes the r sp nsibi ty

for it o e ation an use

3.8

programmable electro ic

PE

b sed on comput er t echnolo y w hich ma be comprised of hardwar , sof war , an of input an / r

output u it

Not e 1 to entry: T is term cover mic o lectronic devices b sed on one or more central proces ing u its (C Us)

t og ther with as ociated memories, etc

E AMP E T e fol owing are al pro ramma le electronic devices:

— mic o roc s ors;

— mic o-controle s;

— pro ramma le controle s;

— f ield pro ramma le g t e ar a (FP A);

— a plcation spe if ic int egrat ed cir uit (ASICs);

— pro ramma le lo ic controle s (PL s);

— othe comput er-b sed devic s (for ex mple, smart sensors, transmitt ers, actuat ors)

3 9

programmable electro ic sy stem

PE sy stem

sy st em for control, prot ection or monit oring b sed on one or mor pro ramma le ele tronic devic s,

inclu ing al element of the sy st em such as power sup les, sensors an othe input devic s, data

highway s an othe commu ication p ths, an actuat ors an othe output devic s

Not e 1t o entry: S e Figure 1

Not e 2 to entry: A P sy st em may perform fu ctions that fulf il req irements for SIL rated an non-SIL rated

fu ction(s) T e SIL rating of a fu ction is only req ired t o consider that portion of the P sy stem that performs

the SIL relevant fu ctional req irements

NOT T e pro ramma le electronic are shown central y located but could e ist at several places in the

P system

Figure 1 — Basic PE sy stem structure

3.1

pro uct eq iv alent

original eq ipment man factur r or third p rty c rtified prod ct hat is a dir ct r plac ment in design,

make, model, an ve sion (bui t t o the same prod ction drawings) of the original c rtified prod ct

4 Instr uction manual c ontent

This clause ad r s es spe ial conside ations for proc s an ad itional cont ent of ins ruction man als

a pled t o P syst em as desc ibed in ISO 2 2 1-1 an ISO 2 2 1- 2

4.1 S fety precautions

In c eating an ins ruction man al, the develo e should car y out a risk as es ment t o identify an

ad r s p s ible hazardsfor this phase of the l fe cycle of P sy st em ( Se ISO 147 8 for p s ible hazard

as es ment methodolo y)

4.2 Mar king s, sig ns, pictog rams and writ en warning s

As embles containing SIL rat ed devic s should be la eled or ta ged with identif ication information,

in ac ordanc with national r q ir ment , an in icat e that the maintaine should r fe t o the

ins ruction man al for detai ins ructions an pr cautions Whe e p s ible, r adi y u de s an a le

signs and pict ograms taken from a pl ca le ISO s an ards should be used, for ex mple, ISO 7 0 :2 14,

symb l 1 40

If the risk as es ment in icat es that ad itional spe ific warnings ar r q ir d for the purp se of

maint enanc , these wi l be affix ed dir ctly on the ins alation/comp nent or, w hen this is not p s ible, in

the close vicinity Markings, signs, pict ograms and writt en warnings should be r adiy un e s an a le

an u ambiguous Signs or writt en warnings car ying only “DANGER ” should not be used Information

aff ix ed dir ctly on the ins alation/comp nent should be pe manent an legible

4.3 Elements to c onsider for content of the instruction manual

List ed below ar element t o conside for cont ent of the ins ruction man al S e also A.1 for ad itional

element of conside ation

a) Al thene es ary o e ations t o ensur the safe an int en ed fu ctioning of the ins al ation an it

comp nent aft er the completion of the ins al ation an throughout it l fe cycle

b) R ep ir or changing of comp nent w hich ma oc ur d e t o wear or t ear an does not afe t the

charact eris ics of the ins alation

c) Mode nization of the ins alation, inclu ing the changing of any charact eris ic of the ins alation

( pe d, lo d, et c )

d) R escue o e ations car ied out b f ir brig des an eme g ency pe son el

e) The spe if ications an the int en ed use of the ins alation ( y e of ins alation, pe formanc , ty e

of g oods t o be transp rt ed, ty e of use s, et c )

f) The environment in w hich the ins alation an it comp nent ar ins aled (weathe con itions,

v n al sm, et c )

g) Any r s riction of use

h) The r sult of the risk as es ment ( e 4.1) for eve y working ar a an for eve y task t o be

un e taken

i) The spe if ic maint enanc ins ructions pro ided b the man factur r of the safety element

The ins ructions for maint enanc of P syst em ar pro ided b the man factur r w hen plac d on the

market They should be the r sult of a risk as es ment an writt en in the off icial languag e( ) of the

country for the location of the ins al ation When pr p ring the cont ent of the maint enanc ins ructions,

the folowing element should be taken int o ac ou t in the man al

a) Control document — Control document ar identif ied an maintained for the l fe of a P sy st em

that inclu es SIL rat ed hardwar or sof war These document inclu e:

1) Fu ctional r q ir ment :

i) design spe ifications ( y st em and element/subsy st em);

i) prod ction spe if ication;

i i) ve sion identification and ve sion control.

b) Maint enanc activity an r cord keeping of maint enanc activity — The folowing maint enanc

activities, dat e an ex lanation of r ason for the activity of P sy st em ar r corded and r tained b

the owne for the l fe of the P syst em ins alation:

1) pr ventative maintenanc of the safety devic ( ched led safety fu ction actuation, pro f

tes , etc );

2) faiur event of the safety devic ;

3) modif ication in the P sy st em devic (o solesc nc , up rade, r la i ity impro ement, et c );

4 ) modif ication of the int erfac s t o the safety devic or it environment

c) Valdation of r plac ment or modification proc s — R eplac ment or modif ications that r sult

from the maint enanc activities in (b) should be made ac ording t o the proc s outl ned in A.2

an should not modify the minimum r q ir d SIL for the fu ction Whe e SIL r lev nt an

non-SIL r lev nt fu ctions (hose in icat ed in ISO 2 2 1-1 an ISO 2 2 1- 2 ar in cir uit driven b or

commu icating with SIL rat ed p rt ) ar inclu ed in the design of the SIL rating of the P syst em,

chang es made t o sof war or hardwar of the non-SIL r lev nt functions ar tr at ed in the same

man e as a chang e t o the SIL r lev nt portion of the P sy st em

A nnex A

A 1 Additional elements for creating instruction manual

S e Ta le A.1

Table A.1 — A dditio al elements for c e ting instruction manual

ID Element t o conside

1 Consideration of dia nostic an failure modes identif ied

2 Clarity in how to perform the pro f t est

3 Clarity in g ining ac es t o P elements

4 Clarity in replacing P elements

5 Identif ication of the p ysical elements inclu ing sof ware

6 Identif ication of P elements in documentation

7 Ver ion an conf iguration mana ement of P syst em devices an related

sof ware

8 Ver ion an configuration mana ement of system interfaces with P

sys-tem devices

9 Precautions concerning sensitivity to chang s in e ternalen ironmental

con-dition of the instal ation (e.g air pres ure, t emperature, h midity, ESD,EMI,

an grou ding)

1 Freq ency for maint enance action inclu ing pro f test

1 Precautions related t o introd ction of u inten ed faults d e to test

simula-tion setup /parameter

1 Precautions related t o u int en ed faults d e t o test con itions

1 Precautions related t o u int en ed faults d e t o sof ware t ools (conf iguration,

pro ramming, an testing to ls) or incompatibility of sof ware t ools

14 Precautions related t o misle ding results d e to misuse of sof ware to ls

(conf iguration, pro ramming, an testing t ools) or incompatibility of sof

-ware t ools

A 2 Proc es for val dating PE system devic e replac ement or modification

S e Figur A.1

Figure A.1 — Proces for valdating PE sy stem device replacement or mo ification

A 3 Verification/cer tification categ ories for the SIL rating of the PE system device

in the appl ed safety function

A pplcation tes ( y stem level): a tes car ied out b or witnes ed b a r gister d or lc nc d profes ional

engine r, tes ing la oratory, or c rtifying org nization to ensur conformanc to code r q ir ment

These tes s do not ad r s conformity to c rtifications that ma be r q ir d b othe s an ards, e.g EMC

Ce tif ication ( y st em): a proc s car ied out b an in epen ent org nization w hich is authoriz d t o

ev luat e the conformity with the a pro riat e s an ards

Fu ction t es (f ield or fact ory): ve ification that field ins alation does not introd c a faiur These

t es s do not ad r s conformity t o c rtifications that ma be r q ir d b othe s an ards, e.g EMC