Safety is one of the key issues and requirements of today's and tomorrow's automobile development. New functionalities, not only in the area of driver assistance, but also in vehicle dynamics control and active and passive safety systems, are increasingly being covered in the domain of safety engineering. Future development and integration of these functionalities will further strengthen the need to have safe system development processes and to provide evidence that all reasonable safety objectives are satisfied.
With the trend of increasing complexity, software content, and mechatronic implementation, risks of systematic failures and random hardware failures are also increasing. ISO 26262 provides guidance to reduce these risks to a tolerable level by providing feasible requirements and processes.
In a series of two papers, we will try to detail the functional safety standard (ISO 26262) for the automotive sector and the implications it has for the design community. The first paper in the series will touch upon the safety standard requirements, various steps involved in the overall safety assessment flow and what they mean for design community and the second paper will discuss in detail various steps that need to be taken in design for failure prevention.
Evolution of ISO 26262 Standard
ISO 26262 is a Functional Safety standard specifically customized for "Road vehicles -- Functional safety". This standard is an adaptation of the Functional Safety standard IEC 61508 for Automotive Electric/Electronic Systems.
Figure 1: Evolution of ISO 26262
ISO 26262 provides:
- An automotive safety lifecycle (management, development, production, operation, service, decommissioning) and supports tailoring the necessary activities during these lifecycle phases.
- Functional safety aspects of the entire development process (including activities such as requirements specification, design, implementation, integration, verification, validation, and configuration).
- An automotive-specific risk-based approach for determining risk classes (Automotive Safety Integrity Levels, ASILs).
- ASILs for specifying the item's necessary safety requirements for achieving an acceptable residual risk.
- Provides requirements for validation and confirmation measures to ensure a sufficient and acceptable level of safety is being achieved.
The main scope and goal of ISO 26262 standard can be described as shown in figure 2:
Figure 2: The standard's main scope and goalsSteps involved for ISO 26262 compliance
Figure 3 shows the various steps that are involved in safety classification and assessment leading to ISO 26262 compliance:
Figure 3: An outline of the six steps involved in safety classification and assessmentASIL classification
Automotive Safety Integrity Level (ASIL) expresses the criticality associated with the automotive system. It is a function of exposure, controllability and severity of any critical hazard.
Figure 4: ASIL classificationClassification of exposure:
Exposure is classified as a state of being in an operational situation that can be hazardous if coincident with the failure mode under analysis. The table below classifies the Exposure:
Figure 5Classification of severity
: Severity can be defined as an estimate of the extent of harm
to one or more individuals that can occur in a potentially hazardous situation. The table below classifies severity:
Figure 6Classification of controllability
: Controllability can be defined as the ability to avoid a specified harm
or damage through the timely reactions of the persons involved. The table below classifies controllability: