This document specifies cybersecurity requirements for new lifts, escalators and moving walks, referred to in this document as “equipment under control (EUC)”, designed in accordance with the ISO 8100 series. It is also applicable with other lift, escalator and moving walk standards that specify similar requirements, and to other lift-related equipment connected to the EUC.

This document specifies product and system requirements related to cybersecurity threats in the following lifecycle steps:

—    product development (process and product requirements);

—    manufacturing;

—    installation;

—    operation and maintenance;

—    decommissioning.

This document addresses the roles of product supplier and system integrator as shown in IEC 62443-4-1:2018, Figure 2, for the EUC.

This document does not address the role of asset owner as shown in IEC 62443-4-1:2018, Figure 2, but defines requirements for the product supplier and system integrator of the EUC to establish documentation allowing the asset owner, referred to as the “EUC owner” in this document, to achieve and maintain the security of the EUC.

This document specifies the minimum cybersecurity requirements for:

—    essential functions;

—    safety functions;

—    alarm functions.

This document is applicable to EUCs that are capable of connectivity to external systems such as building networks, cloud services, or service tools. The capability to connectivity can exist through equipment permanently available on site, or equipment temporarily brought to the location during the installation, operation and maintenance, or decommissioning steps.

EUC interfaces to external systems and services are in the scope of this document. External systems and services as such are out of the scope of this document.

This document does not apply to EUC that are installed before the date of its publication.