Remote Monitoring: Risks and Rewards
In this Readers’ Platform, your author addresses industrial safety in light of digital transformation.
More and more safety components are supplied with programmable logic controllers (PLCs) that communicate with sensors and actuators. PLCs are generally cheap to operate and maintain. They also offer data connectivity. This opens new opportunities for remote monitoring and maintenance, as well as predictive maintenance, but also entails new risks.
The software logic of PLC firmware can be complex and difficult to understand. Conventional safety chains that consist of mechanical switches and contactors offer greater transparency. In such cases, experts can directly identify wear or corrosion and verify physical components have been installed at the correct points and work as expected. By contrast, whether digital safety devices are in place and function as intended cannot, at first glance, be evaluated.
Example: Inspection of Lift Systems
Modern lift systems have electronic shaft-copying systems. In other words, the positions of all landing doors and switches are recorded as parameters in the PLC firmware. In a software update, these parameters may be reset to factory default settings, which can result in problems, such as confusing the shaft position of the software-based inspection limit switch with that of the mechanical limit switch. This may expose lift inspectors to becoming locked in the cab or on its roof during periodic technical inspection. Before a periodic technical inspection, staff should always make sure the parameters of the lift system are correct and represent the actual lift installation.
Further risks include crushing hazards or falls from heights into the lift shaft. Many lift systems have an unintended car movement (UCM) monitoring system, which prevents UCM when the doors are open. However, this safety function does not release a brake if the related mechanical actuators are significantly worn. While electronic UCM systems come with an integrated self-diagnosis function, they do not record physical defects on action-triggering controller elements such as actuators.
Whether digital safety devices are in place and function as intended cannot, at first glance, be evaluated.
If experts blindly trust the green LED light of the remote testing system, they put themselves and other users at risk. Instead, experts should always also check all physical components of the safety monitoring systems and make sure the functions are not only in place, but also operational and working as intended. For this purpose, inspectors must either trigger the entire safety chain or use measuring instruments not dependent on the system. This is the only way of achieving a robust and reliable inspection statement.
Opportunities and Risks of Connectivity
One advantage of remote maintenance and monitoring of lifts and industrial equipment is that inspection staff no longer have to travel to the equipment, which saves money. In addition, the dearth of qualified and experienced inspections and maintenance staff can be better managed. Faulty program code can be quickly debugged, updates installed or the system restarted from afar. But what if cybercriminals hack into the network? Unless appropriate security measures are in place, they will be able to control the operational and safety-relevant functions from the configuration platform.
This affects not only the risk emerging from individual lifts, but also the collective risk faced by all lifts worldwide equipped with the same control systems. It applies irrespective of physical access without requiring special knowledge of the system. Given this, the safe operation and industrial safety of equipment subject to monitoring impose high demands on information technology (IT) security. There is an urgent need for action in this area.
Controlling New Risks
Equipment-specific knowledge of functional safety and IT security plays a critical role in periodic technical inspections. The specific technical rules for industrial safety must be aligned and applied. Office workers, warehouse employees and inspection staff need to update their technical knowledge to reflect the continual advancement of digital systems and data networking technologies.
During an inspection, simply working through checklists is not enough; the content of these checklists also needs to be scrutinized. Data and information need to be acquired to allow the specific condition of the equipment to be evaluated. This, for example, requires extensive knowhow of the dependencies of all safety-relevant subsystems resulting from connectivity. Experience and transfer of knowledge also play significant roles in ensuring safe work.
TÜV SÜD’s experts identify, evaluate and reduce new risks constantly and have developed new in-house testing and inspection equipment and methods, like ADIASYSTEM, which support third-party function and efficacy testing of the traction and safety gear of lift systems. ADIASYSTEM’s services are complemented by numerous assistance systems, such as the mobile inspection app, to facilitate routine tasks.
Which Equipment Is Subject to Mandatory Inspection?
Equipment subject to mandatory inspection is varied and includes passenger lifts, construction lifts, transport platforms, explosive gas-filling systems and refueling stations. The same applies to pressure systems (including steam boilers and pressure vessels), as well as piping for toxic, explosive or caustic fluids. The following regulations pertain to Germany, but since they are implementations of European guidelines, there will be similar regulations in other European countries.
What Are the Basic Duties?
Permit: Some types of equipment (e.g., equipment working with highly flammable substances) require a permit under the German Regulation on Health and Safety in the use of Work Equipment (Betriebssicherheitsverordnung, BetrSichV). Such permits are subject to an expert report issued by an Authorised Inspection Agency (AIA).
Inspection: Equipment subject to mandatory inspection must be inspected by an AIA before it goes into operation and at intervals thereafter. The scope, deadlines and responsibilities of these inspections are outlined in BetrSichV Annex 2.
Documentation: All inspections must be documented by the owners/operators of lift systems. The requirements are specified in BetrSichV Section 17.