Photo: © TÜV SÜD
News | December 2024
First “notified body” for Machine Directive
TÜV Süd has been recognised and listed as the worldwide first notified body on the European NANDO website for the new Machine Regulation.
Inspectors on site cannot always determine which software is currently installed. (Photo: © TÜV Süd)
May 2022
The safety technology of lifts is becoming increasingly digitalised. Many systems are still purely mechanical in operation. Programmable electronic safety systems (PESSRAL) are becoming far more important. What has to be borne in mind here? An overview.
By Katrin Schwickal
PESSRAL stands for “Programmable Electronic System in Safety-Related Applications for Lifts”. This refers to the safety-related functions of lifts, which previously for the most part was performed by various mechanical-electric components. They are increasingly being assumed by a programmable electronic controller (PEC) with corresponding sensors and actuators, which exchange data via bus systems.
This great step in the direction of further digitalisation of lift systems makes various mechanical safety functions obsolete and facilitates a high safety standard with lower maintenance costs. This is because the software reacts dynamically to dangerous situations, delivers data permanently and does not wear out. In addition, it can be adjusted continually to new standards.
A list of safety installations that have to correspond to the requirements of functional safety can be found in Annex A of EN 81-20. Many of these can be part of a PESSRAL, but do not have to be. What is new and important is that safety functions and no longer just safety components are being talked about in connection with PESSRAL.
For example, the multitude of components involved in fall protection (e.g. safety gear) in a lift system can be reduced by electronics. The path and position of the lift in the shaft is measured by sensors. They also measure the speed and can trigger the safety gear to stop the lift via logic and the actuator earlier than mechanical systems.
This eliminates the conventional speed governor, for example, along with its drive rope and tightening device in the shaft pit. Consequently, the safety function in the event of overspeed is fulfilled.
Apart from the functionality of the safety functions, the software status is also tested. Changes to the safety-related software (e.g., updates) can influence the safe operation of the lift and are not always obvious. The replacement of mechanical safety components is usually visibly detectable and associated with other type approval certificates or was checked in advance.
Changes to safety-oriented software are also subjected to inspection according to TRBS 1201 Part 4 Annex 2 and must be checked by an authorised inspection body if they influence the design or operation. Moreover, the electronic components only have the assured and predictable reliability for the expected duration of use (by contrast with mechanical components). This can be assessed in the case of safety functions based on the corresponding information in the safety manual.
Separating operational and safety-related software is advisable. Any changes become quickly and clearly apparent.
The operator is in charge of safe operation with the manufacturer naturally being responsible for the product safety (inherent safety): The manufacturer must agree for example on maintenance and repair as part of the risk assessment in agreement with the operator.
Apart from the standard series EN 81-20/50, which describes the safety regulations for the design and installation of lifts, TRBS 1115 “Safety-relevant instrumentation and control systems” has existed since 2021. It requires operators to have a concept for managing the functional safety of lifts. However, hardly any single operator will be able to create such a concept on their own. Many will want or have to delegate this to the companies involved in manufacture, installation and maintenance. Consequently, the entire sector is responsible.
In addition to workmen in the lift shaft, more expertise regarding software and IT security is required. In future, electronic components with PESSRAL will be able to replace several mechanical components.
Therefore, manufacturers, maintenance companies and operators must pay more attention to the software that guarantees safety electronically. It offers many deployment options and more flexibility through updates, for example, but also opens up possibilities of putting the lift into an unsafe condition. Whether unintended parameter change or deliberate manipulation: cyber security will have to be an integral component of digitised lifts.
The author is Senior Business Process Manager at TÜV SÜD Industrie Service GmbH
More information: tuvsud.com/aufzuege
Write a comment