|
US$759.00 · In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 35850.1-2018: Programmable electronic systems in safety-related applications for lifts (elevators), escalators and moving walks -- Part 1: Lifts (elevators) (PESSRAL)
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 35850.1-2018 | English | 759 |
Add to Cart
|
6 days [Need to translate]
|
Programmable electronic systems in safety-related applications for lifts (elevators), escalators and moving walks -- Part 1: Lifts (elevators) (PESSRAL)
| Valid |
GB/T 35850.1-2018
|
PDF similar to GB/T 35850.1-2018
Basic data | Standard ID | GB/T 35850.1-2018 (GB/T35850.1-2018) | | Description (Translated English) | Programmable electronic systems in safety-related applications for lifts (elevators), escalators and moving walks -- Part 1: Lifts (elevators) (PESSRAL) | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | Q78 | | Classification of International Standard | 91.140.90 | | Word Count Estimation | 38,370 | | Date of Issue | 2018-02-06 | | Date of Implementation | 2018-09-01 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 35850.1-2018: Programmable electronic systems in safety-related applications for lifts (elevators), escalators and moving walks -- Part 1: Lifts (elevators) (PESSRAL)
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Programmable electronic systems in safety-related applications for lifts(elevators), escalators and moving walks--Part 1. Lifts(elevators)(PESSRAL)
ICS 91.140.90
Q78
National Standards of People's Republic of China
Elevators, escalators and moving walkways
Application of safety-related programmable electronic systems
Part 1. Elevator (PESSRAL)
Part 1. Lifts(elevators)(PESSRAL)
(ISO 22201-1..2017, MOD)
Published on.2018-02-06
2018-09-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
China National Standardization Administration issued
Content
Foreword III
Introduction VI
1 Scope 1
2 Normative references 1
3 Terms and Definitions 2
4 Symbols and abbreviations 5
5 Requirements 6
5.1 General 6
5.2 Extended Application 6
5.3 SIL requirements for safety functions 6
5.4 SIL related and non-SIL related security status requirements 8
5.5 Implementation and certification of SIL compliance verification 14
Appendix A (Normative) Techniques and measures to achieve, validate and maintain SIL compliance 15
Appendix B (informative) Applicable elevator specifications and standards 28
Appendix C (informative) Example of risk reduction decision table 30
Reference 31
Foreword
GB/T 35850 "Application of programmable electronic systems related to elevators, escalators and moving walkways" is intended to be based on the following sections
composition.
--- Part 1. Elevator (PESSRAL);
--- Part 2. Escalators and moving walkways;
--- Part 3. Life cycle guidelines (technical reports) for programmable electronic systems related to PESSRAL and PESSRAE.
This part is the first part of GB/T 35850.
This part is drafted in accordance with the rules given in GB/T 1.1-2009.
This section uses the redrafting method to modify the ISO 22201-1.2017 "Elevator, escalator and moving walkway safety related
Application of the electronic system Part 1. Elevator (PESSRAL).
The technical differences between this part and ISO 22201-1.2017 and their reasons are as follows.
---About the normative reference documents, this part has made technical adjustments to adapt to China's technical conditions, adjustments
The situation is reflected in Chapter 2, “Regulatory References”, and the specific adjustments are as follows.
● Replace IEC 61249 (all parts) with GB/T 4721, GB/T 4723, GB/T 4724, GB/T 4725;
● Replace IEC 60950 (all parts) with GB 4943 (all parts) modified to international standards;
● Replace IEC 62326-1 with GB/T 16261;
● Replace IEC 61508-1 with GB/T 20438.1 equivalent to the international standard;
● Replace IEC 61508-2 with GB/T 20438.2 equivalent to the international standard;
● Replace IEC 61508-3 with GB/T 20438.3 equivalent to the international standard;
● Replace IEC 61508-5 with GB/T 20438.5 equivalent to the international standard;
● Replace IEC 61508-6 with GB/T 20438.6 equivalent to the international standard;
● Replace IEC 61508-7 with GB/T 20438.7 equivalent to the international standard;
● Replace ISO 22200 with GB/T 24808, which is equivalent to the international standard.
---Based on Table A.1 in GB 7588-2003 XG1-2015 and Table A.1 in GB 21240-2007, and reference
EN81-20.2014, this section has made the following modifications.
● In terms and definitions, 3.1 and 3.2 were deleted because the relevant content in Table 1 has been deleted;
● In Table 1, item 1, item 3, item 6, item 8, item 10 (a, b, c, i), item 10 (i).1, item 10 are deleted.
(a, d, g, h). 2, 10(e).3, 26, 34, 35, 37, 43, 45, 45
51 items to be compatible with GB 7588-2003 XG1-2015 and GB 21240-2007 and EN81-20.2014
Consistent
● In Table 1, the following elevator safety functions (apparatus) have been added. the first pit stop device and the second pulley stop device
Set, the third item checks the storage position of the pit ladder, the fourth inspection access door, the safety door and the closed position of the access door,
6 inspection mechanical device non-working position (work area in car or car top), 19th car top stop device,
20 items to check the lift of the car or counterweight, the 29th to check the break or slack of the safety rope, and the 30th check to trigger the lever
The position of the retraction, the action of the car accidental movement protection device when the 35th detection door is opened, the 42nd inspection and overhaul
The button used for operation, the 45th maintenance stop device, the stop device on the 46th elevator drive main unit,
47 emergency and test operation screen stop devices, item 49 check hydraulic cylinder plunger position transmission device tension (pole
Limit switch) to be consistent with relevant standards;
● In Table 1, check the safety integrity of the deceleration condition of the stroke reducing buffer in item 39 of the elevator safety function (apparatus).
Level (SIL) is increased from SIL2 to SIL3 to be consistent with relevant standards;
● In Table 2, items 1, 3, 6, 8 and 10 (a, b, c, i), 10 (i). 1 and 10 are deleted.
(a, d, g, h). 2, 10(e).3, 26, 34, 35, 37, 43, 45, 45
51 items to be compatible with GB 7588-2003 XG1-2015 and GB 21240-2007 and EN81-20.2014
Consistent
● In Table 2, the following elevator safety functions (apparatus) have been added. the first pit stop device and the second pulley stop device
Set, the third item checks the storage position of the pit ladder, the fourth inspection access door, the safety door and the closed position of the access door,
Item 6 Check the non-working position of the mechanical device (working area in the car or on the car top), the 19th car top stop loading
Set, item 20 check the car or counterweight lift, item 29 check the safety rope break or slack, the 30th check trigger
The retracted position of the lever, the action of the car accidental movement protection device when the 35th detection door is opened, the 42nd inspection
Button used in conjunction with the inspection operation, the 45th maintenance stop device, and the stop on the 46th elevator drive unit
Device, stop device on the 47th emergency and test operation screen, item 49 check the hydraulic cylinder plunger position transfer device
Tension (limit switch). At the same time, the corresponding safety status requirements are added;
● In the first column of the safety status requirement column of Table 2, a forced elevator is added, which is modified to “cut off the motor and brake power supply.
(dragging elevator, forced elevator)" to improve applicability;
● In the Safety Status Requirement column of Table 2, the “Block (Prevent) Well Access Operation” is deleted to be consistent with the relevant standards;
● In the “Safety Status Requirements” column of Table 2, “Convert to Emergency Electric Operation” is added to be consistent with the relevant standards;
● In Table 2, R1, R18, and R19 are deleted because their corresponding elevator safety functions (devices) have been deleted;
● In Table 2, R10, R20, and R25 are deleted because they do not match the actual application in China;
● In Table 2, R17 is modified and changed to R12.
When enabled, one or more of the following devices should be disabled.
a) an electrical safety device for checking rope or chain slack (No. 22);
b) electrical safety device on the car safety gear (No. 25);
c) overspeed electrical safety device (No. 26, serial number 27);
d) an electrical safety device on the car's upstream overspeed protection device (No. 33);
e) an electrical safety device on the buffer (No. 36);
f) Limit switch (No. 50).
● In Table 2, R23 is modified and changed to R15 “Ignore this check when leveling and re-leveling and preparatory operations”
The standards are consistent;
● In Table 2, R26 is added “Ignore this check only when the mechanism is in the non-working position”;
● In Table 2, R27 “Car speed should not exceed 0.3 m/s” is added.
This section has also made the following editorial changes compared to ISO 22201-1.2017.
--- Removed the contents of the ISO 22201-1.2017 introduction that are not relevant to this section, because of its existence or not to understand and make this part
Use without any effect;
--- The number of the elevator safety function (device) in Table 1 and Table 2 was adjusted, and the serial number of the R comment in Table 2 was
Adjust to facilitate application;
--- Removed ASMEA17.1-2007/CSAB44-07 in Table B.1 of Appendix B (informative appendix) and Japanese building regulations
Terms and content, because it does not match the actual application of our country;
--- Added elevator safety function in Table B.1 to GB 7588-2003 XG1-2015, GB 21240-2007 and
EN81-20..2014 article number for ease of application;
--- In the reference, the corresponding international documents were replaced by national standards for ease of application.
This part is proposed and managed by the National Elevator Standardization Technical Committee (SAC/TC196).
This section was drafted by. Shanghai Xinshida Electric Co., Ltd., China Academy of Building Research Construction Mechanization Research Branch, Austrian
Electromechanical Elevator Co., Ltd., Shanghai Mitsubishi Elevator Co., Ltd., Hitachi Elevator (China) Co., Ltd., Jiangnan Jiajie Elevator Co., Ltd.
Yongda Elevator Equipment (China) Co., Ltd., Schindler (China) Elevator Co., Ltd., KONE Elevator Co., Ltd., Shanghai Jiaotong University, Guangdong Province
Equipment Testing and Research Institute, Shanghai Special Equipment Supervision and Inspection Technology Research Institute, Otis Express Elevator (Shanghai) Co., Ltd., Suzhou Huichuan
Technology Co., Ltd., ThyssenKrupp Elevator (Shanghai) Co., Ltd., Guangzhou Guangri Elevator Industry Co., Ltd., Kangli Elevator Co., Ltd.
National Elevator Quality Supervision and Inspection Center, Huasheng Fujitec Elevator Co., Ltd., Toshiba Elevator (China) Co., Ltd., Giant KONE Elevator Co., Ltd.
Company, Shenyang Yuanda Intelligent Industry Group Co., Ltd., Suzhou Dior Elevator Co., Ltd., Shenlong Elevator Co., Ltd., Southeast Elevator
Co., Ltd., Shanghai Aidenberg Elevator Group Co., Ltd., Senhe Elevator Co., Ltd., Lingwang Elevator Co., Ltd., Su
State Rhine Elevator Co., Ltd.
The main drafters of this section. Wang Peng, Sun Entao, Chen Fengwang, Wen Aimin, Weng Bin, Lai Zhipeng, Zhao Bitao, Ou Qibin, Ma Guanghua, Wang Mingkai,
Hu Hui, Dai Qingyou, Fang Liang, Liu Tongqiu, Yuan Huayou, Zhang Weilun, Zhang Yan, Huang Weigang, Li Xinlong, Li Xuzheng, Jiang Hua, Zhang Xinhua, Wang Fuqiang,
Tang Linzhong, Tang Zhirong, Cai Zhuang, Chen Dahua, Ru Xiaoying, Jiang Junxi, Huang Bo.
Introduction
In recent years, systems containing electrical and electronic components have been used to perform safety functions in many fields. Computer-based system, generally
Classified as a programmable electronic system (PEsystem), it is increasingly being used to perform safety functions in many areas. Safe and effective
The key to using computer system technology is that decision makers need to have adequate guidance when making security decisions. In most cases, security
Sex is accomplished by multiple protection systems that rely on multi-domain technologies such as mechanical, hydraulic, pneumatic, electrical, electronic, programmable electronics, and the like. therefore
Any security strategy must consider not only all components within a stand-alone system (such as sensors, control devices, and actuators), but must also consider
All safety-related subsystems used to form a complete safety-related system.
This section describes the systems and programmable electronic systems with programmable electronic components (PEsys- for performing elevator safety functions).
Tem) specific requirements of the product. The purpose of this section is to consistently apply the technology of the elevator safety related programmable electronic system (PESSRAL).
Specific provisions for sexuality, performance requirements and rationality.
Risk analysis, terminology and technical solutions are mainly referred to GB/T 20438. Risk analysis of each safety function in Table 1
The classification of the electrical safety functions of PESSRAL was determined. Tables 1 and 2 give safety integrity for each electrical safety function.
SIL and functional requirements.
Elevators, escalators and moving walkways
Application of safety-related programmable electronic systems
Part 1. Elevator (PESSRAL)
1 Scope
1.1 This part of GB/T 35850 applies to passenger elevators and cargo elevators, when programmable electronic systems are used to perform elevator electrical safety
This part should be used when functioning. This section should be referred to when the elevator safety function defined in the elevator specification and standard applies PESSRAL.
1.2 This section can also be applied to new or different PESSRALs that differ from the descriptions in this section.
1.3 If the electrical safety device complies with all the requirements of this part and other relevant standards, it is not necessary to consider the possibility of failure.
1.4 This part.
a) The use of a Safety Integrity Level (SIL) to specify the target failure amount for implementing safety functions with PESSRAL;
b) specifies the requirements for achieving the safety integrity of a function, but does not specify the responsible entity that implements and maintains the requirement (eg.
Meter, manufacturer, supplier or owner, etc.)
c) The programmable electronic system (PEsystem) applied to the elevator meets the minimum requirements of elevator related standards (eg GB 7588, etc.);
d) clarify the relationship with GB/T 20438 and GB/T 24808;
e) illustrates the relationship between the elevator safety function and its safe state conditions;
f) phases and activities applicable to software and related hardware design, but excluding post-design phases and activities such as procurement and manufacturing;
g) Require the PESSRAL manufacturer to provide instructions for the organization that implements the assembly, connection, commissioning and maintenance of the elevator.
Maintain the integrity of PESSRAL;
h) specifies requirements related to hardware and software security verification;
i) a safety integrity level is specified for specific elevator safety functions;
j) specifies the technologies and measures required to achieve a specific safety integrity level;
k) provides a risk reduction decision table applying PESSRAL;
l) The required PESSRAL maximum safety integrity level is SIL3 and the minimum safety integrity level is SIL1.
1.5 This section does not contain.
a) the dangers generated by the PEsystem device itself, such as electric shock;
b) The concept of fail-safe, which may be valuable in situations where the failure mode is well defined and the complexity is relatively low.
Because of the high complexity of PESSRAL within the scope of this section, the fail-safe concept is not appropriate here;
c) other relevant requirements necessary for the complete application of PESSRAL in the elevator safety function, such as switches, actuators and sensing
Mechanical structure, installation and identification. These requirements shall be in accordance with the relevant elevator standards;
d) Foreseeable misoperations involving security threats caused by malicious or unauthorized actions. Need to consider a security threat analysis
This section can be used if a specific SIL is re-evaluated.
2 Normative references
The following documents are indispensable for the application of this document. For dated references, only dated versions apply to this article.
Pieces. For undated references, the latest edition (including all amendments) applies to this document.
GB/T 4721 General rules for copper clad laminates for printed circuits
GB/T 4723 copper-clad phenolic paper laminate for printed circuit
GB/T 4724 copper clad laminate-based laminate for printed circuit
GB/T 4725 copper-clad epoxy glass cloth laminate for printed circuit
GB 4943 (all parts) Information technology equipment security [IEC 60950 (all parts)]
GB/T 16261 General specification for printed boards (GB/T 16261-1996, IEC /PQC88..1990, IDT)
GB/T 20438.1 Functional safety of electrical/electronic/programmable electronic safety systems - Part 1. General requirements
(IEC 61508-1.1998, IDT)
GB/T 20438.2 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 2. Electrical/electronic/programmable
Requirements for electronic safety related systems (GB/T 20438.2-2006, IEC 61508-2.2000, IDT)
GB/T 20438.3 Functional safety of electrical/electronic/programmable electronic safety related systems - Part 3. Software requirements
(GB/T 20438.3-2006, IEC 61508-3.1998, IDT)
GB/T 20438.5 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 5. Determination of safety integrity, etc.
Level method example (GB/T 20438.5-2006, IEC 61508-5.1998, IDT)
GB/T 20438.6 Functional safety of electrical/electronic/programmable electronic safety related systems Part 6. GB/T 20438.2 and
Application Guide for GB/T 20438.3 (GB/T 20438.6-2006, IEC 61508-6.2000, IDT)
GB/T 20438.7 Functional safety of electrical/electronic/programmable electronic safety-related systems Part 7. Overview of techniques and measures
(IEC 61508-7.1998, IDT)
GB/T 24808 electromagnetic compatibility elevator, escalator and moving walkway product standard immunity (GB/T 24808-
2009, ISO 22200.2009, IDT)
IEC 61508-7.2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 7
(Functional safety of electrical/electronic/programmableelectronicsafety-related systems-Part 7.
Overviewoftechniquesandmeasures)
3 Terms and definitions
The terms and definitions given in GB/T 20438.4 apply to this document, but the definitions made in this document should take precedence over the general standards.
GB/T 20438.
3.1
Non-SIL related safety status requirements non-SIL-relevantsafe-staterequirement
The action of a certain SIL related security function is responded, and the function of performing the response has no SIL requirement.
Note. See Figure 4 and Table 2.
3.2
Programmable electronic programmableelectronic
PE
Based on computer technology, it can be composed of hardware, software, and its input and/or output units.
Note. This term includes microelectronic devices based on one or more central processing units (CPUs) and associated memory. Example. The following are all programmable
Electronic device.
---microprocessor;
---Microcontroller;
---Programmable Controllers;
--- Field Programmable Gate Array (FPGA);
---Special integrated appliances (ASICs);
---Programmable Logic Controllers (PLCs); and
---Other computer-based devices (smart sensors, transmitters, actuators, etc.).
3.3
Programmable electronic system programmableelectronicsystem
PEsystem
A system based on control, protection or monitoring of one or more programmable electronic devices, including all units in the system, such as power supplies, sensors
And other input devices, data buses and other communication paths, actuators, and other output devices.
Note 1. See Figure 1.
Note 2. PEsystems may include units that perform SIL requirements and non-SIL requirements. The SIL rating is only for units that perform SIL related functional requirements.
Description.
1---the scope of PEsystem;
2---input interface (such as A/D converter);
3---input device (such as sensor);
4---communication;
5---programmable electronic devices (PEs);
6---output interface (such as D/A converter);
7---output device/terminal component (such as actuator).
a The programmable electronic device shown in the figure is in the center position, but it can exist in multiple locations in the PEsystem.
Figure 1 Basic PEsystem structure
3.4
Elevator safety related programmable electronic system programmableelectronicsystemsinsafegy-relatedapplications
Forlifts
PESSRAL
Application of software-based PEsystem in elevator safety related systems.
3.5
Inspection test prooftest
Periodic testing to detect dangerous recessive failures in safety-related systems and, if necessary, to restore the system to “new”
The state is actually close to this state.
Note 1. The “test test” is used in this section, but note the synonymous term “periodic test”.
Note 2. The effectiveness of the test is dependent on the effectiveness of the failure coverage and repair. In practice, in addition to simple E/E/PE safety-related systems, 100%
The detection of recessive failures is difficult to achieve, which is a goal. At least all safety functions to be performed are specified in accordance with E/E/PE safety-related system safety requirements
checking. If multiple independent channels are used, a separate test is performed for each channel. For complex components, analysis is required to prove
During the overall life cycle of an E/E/PE safety-related system, the probability of a hidden hazard failure detected by an untested test is negligible.
Note 3. The inspection test takes a certain amount of time to complete. During this time, the E/E/PE safety related system may be partially or completely disabled. During the test, only
When the EUC is down or the E/E/PE safety related system is tested, the part can still be valid when the action is required. The test test duration can be
ignore.
Note 4. During the inspection test, the E/E/PE safety related system may not be able to respond to the action requirements in part or in whole. Only the EUC is down during the repair process or
When using other equivalent risk measures instead, the MTTR for SIL calculations can be ignored.
3.6
Safety loop safetychain
A combination of all safety devices that complete one or all of the safety functions of the elevator.
Note. See Figure 2.
Description.
1---safety device 1, function 1;
2---safety device 2, function 2;
3---safety device n, function n;
4---Safety device (n 1), function (n 1).
a One or all of the necessary elevator safety functions (see Table 1).
Figure 2 Safety loop
3.7
Safety device safetydevice
A component of a safety-related system, including the necessary control circuitry for independently implementing an elevator safety function,
Meta and non-PE units.
Note. See Figure 3 and Table 1.
Description.
1---PE unit;
2---non-PE unit.
Figure 3 Safety device
3.8
Safety function safetyfunction
A function implemented by a safety-related system in order to achieve or maintain a safe state of an elevator for a specific hazardous event.
Note 1. See Table 1.
Note 2. The safety function may include non-SIL related safety status requirements, see Table 2.
3.9
Safety related system safety-related system
One or more safety devices that perform one or more safety functions may be based on PE, electrical, electronic, and/or mechanical elevator components.
3.10
Safety integrity level; SIL
A discrete level (one of four possible levels) that specifies the safety functions assigned to a programmable electronic safety-related system
Full integrity requirements. Safety Integrity Level 4 is the highest and Safety Integrity Level 1 is the lowest.
Note 1. SIL indicates the failure rate of various factors leading to failure (random hardware failure and system failure), which will lead to unsafe conditions, such as.
Failure of the piece, failure caused by software, failure caused by electrical interference.
Note 2. For this part, SIL3 is the highest safety integrity level for elevator applications.
3.11
SIL related safety status requires SIL-relevantsafe-staterequirement
Part of the safety-related system should comply with the SIL required for safety functions.
Note. See Figure 4 and Table 2.
Description.
1---SIL related safety status requirements;
2---Non-SIL related safety status requirements.
Figure 4 elevator safety function
3.12
System response time systemreactiontime
Is the sum of the following two values.
a) the time from the occurrence of the PESSRAL fault to the start of the corresponding action on the elevator;
b) The time required for the elevator to respond to the above actions to maintain a safe state.
4 symbols and abbreviations
The following symbols and abbreviations apply to this document.
EUC---controlled equipment.
MTTR---average repair time.
PCB---Printed circuit board.
5 requirements
5.1 General
5.1.1 Table 1 lists the safety function names and SIL requirements for the relevant part of the safety function SIL. When the safety function is not working,
The elevator does not interrupt the operation.
5.1.2 Table 2 lists the safety status requirements after the safety function action in Table 1. After the safety function is activated, the elevator is transferred to the safety in Table 2.
Full state.
5.1.3 In...
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 35850.1-2018_English be delivered?Answer: Upon your order, we will start to translate GB/T 35850.1-2018_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 35850.1-2018_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 35850.1-2018_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|