A Look at the New, Safer Elevators of the Future

By Kevin Connelly, UL LLC

New standard’s codes, methods focus on programmable and electronic safety

Having been in industrial automation for my entire career, I am familiar with the safety concerns regarding automated equipment in an industrial environment.  It is understood that the environment is populated by staff familiar with the equipment, educated on the operation of the equipment and designed as such. But for equipment intended for use by and interacted with the general public, the level and number of concerns are different.

The elevator environment is an interesting mix of industrial automation and equipment intended for operation by the general public. As we step on an elevator often times all we see is the interior of the cabin, but not the interior of the hoistway. Behind the scenes however it looks a great deal like an industrial environment.  So in a way what we have is the intersection of two environments – industrial and general public.

That’s important because in order to ensure public safety, elevators undergo a rigorous installation process. Elevators are installed in accordance with ASME A17.1/CSA B44.1 and the local authority having jurisdiction(AHJ) is the final decider on compliance.

ASME A17.1/CSAB44.1 however allows new approaches, new technology and a new way of looking at an old approach.

Functional Safety for Programmable or Electronic Safety Related Systems

ASME A17.1/CSA B44.1 gives a choice of using traditional positively opened contacts for safety related controls, or an option of using solid state or programmable devices that may offer more flexibility and monitoring. Table 2.26.4.3.2 of ASME A17.1/CSA B44.1 details the safety related devices that may have an option of using more state of the art controls. For example, a speed governor switch can be a traditional positively opened contact or it can be a Safety Integrity Level (SIL) 2 third-party certified device in accordance with IEC61508  Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems . So what is Functional Safety and what is a SIL?

The term Functional Safety may be a new term to some in the industry and may be familiar to others. The official definition of Functional Safety can be considered broad, and for those not involved in Functional Safety, the definition is possibly not very illuminating.  As stated in IEC61508 Functional Safety is defined as:

“Part of the overall safety that depends on a system or equipment operating correctly in response to its inputs.”

Or perhaps a slightly different explanation is that when a control or system is relied upon to perform a safety function, it should be designed and built appropriately to reliably perform that safety function when needed. The above referenced standard IEC61508 is the functional safety standard and it defines the safety integrity levels below.

Safety Integrity Level (SIL)

Average Probability of a Dangerous Failure on Demand of a Safety Function  (PFDavg) for high demand or continuous use

4

≥10-5 to <10-4

3

≥10-4 to <10-3

2

≥10-3 to <10-2

1

≥10-2 to <10-1

Performance Based Codes – Exhaustive Analysis to Determine Equivalent Safety

Table 2.26.4.3.2 addresses known safety circuits, and known technology. However the elevator industry has additionally taken an approach to allow installation of technology that is not specifically described, otherwise known as prescriptive requirements, in the standard. ASME A17.7/CSA B44.7, the Elevator Performance Based Code describes a process where an accredited organization with the appropriate processes, essential knowledge and expertise are able to verify equivalent safety to the requirements in the elevator code.

The process calls for an exhaustive analysis of the risks involved and then mitigation of those risks. But the key element of the approach is the certification required by an accredited third-party. A component, subsystem or system can only be considered to be compliant with ASME A17.7/CSAB44.7 if it is certified compliant by an Accredited Elevator & Escalator Organization (AECO). (Note: although the title does include Escalator at this time ASME A17.7/CSA B44.7 only includes Elevators).

The AECO brings several things that help determine equivalent safety. First is access to a wide range of expertise. Since ASME A17.7CSAB44.7 is intended to analyze newer technologies the span of expertise necessary could range from materials to software to understanding the history of the particular standard requirement.  The second important feature that an AECO brings to the process isthird-party impartiality. It has always been my experience in assessing conformity to safety standards that the manufacturers are genuinely interested in doing the right thing in regards to safety, however having an independent outside review to question all design decisions often raises the bar of safety to another level.

Factors of Safety

Another new development is a fresh way of looking at something old. Traditionally authorities have required that a Professional Engineer (PE) confirm manufacturer claims, such as Factor of Safety. This approach does not guarantee an independent analysis since a manufacturer can retain Professional Engineers on staff with the correct State credentials for the confirmation.  Typically a manufacturer will utilize a combination of employees and contracted individuals to provide the required confirmation. This classical approach also creates issues when modern CAD tools are used for design. The PE either needs to be trained on the CAD analysis approach, or the calculations need to be performed again using the old paper, pencil and calculations methods so the PE can verify compliance. However, recently authorities have accepted “Factor of Safety” verification by experienced organizations, such as UL.  This gives the authority a high level of confidence that an independent organization has conducted a thorough review and it gives the manufacturer an opportunity to submit to one organization and have that confirmation be applied in multiple states instead of submitting to PEs in multiple regions. Since the third-party organizations rely on their staff being competent on the latest CAD design tools the entire process is simplified for the manufacturer and calculation errors are eliminated.

Many people don’t realize the most important technology implemented in elevators wasn’t the technology required to raise an elevator up a high-rise building at high speed, or the push button systems that allowed for public operation. It was the safety brake.  The industry was only really able to get started once a safety system was in place. The industry has always carried through that safety mindset. The above options on elevator installations are the natural evolution of the safety mindset in a technologically evolving world.

Have an Inquiry for Siemens about this article? Click Here >>
 
 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>