Nowadays, we have connected cars, which means that everything in our vehicles operates as a complex system of systems. Even a seemingly minor failure can ultimately lead to serious injuries for the driver or passengers. That’s why testing at every stage of development is so important – especially when it comes to functional safety testing. ASIL functions, which are central to this process, play a critical role in ensuring our safety and well-being.

Why standard testing isn’t enough when Functional Safety is at stake

Testing in the automotive industry covers the entire right side of the V-model. It’s crucial due to the requirements of the ASPICE levels requested by OEMs.

When an organisation clearly defines and understands its ASPICE processes and avoids excessive tailoring, the team can execute the testing process correctly. Quality departments oversee its accuracy and verify it during ASPICE audits and assessments. 

Seems straightforward and familiar to those involved in automotive development processes, right?

Where does Functional Safety fit in?

Is there any difference when a requirement is marked with an ASIL (Automotive Safety Integrity Level)? Maybe it’s simply an additional attribute for a requirement that we can overlook, and no one will notice? Do we really need to adjust our standard testing approach that has “always worked” without incident?  

The answer is yes, we have to adapt.

The importance of a well-defined process for Functional Safety testing 

I often thought that safety-related verification is underrated and viewed as a necessary evil. Meanwhile, although it’s required by ISO standards and evaluated during Functional Safety audits and assessments, it can actually offer significant value to us as testers. 

Some time ago, I came across a saying: “Only when you pay for a mistake do you realise its pice”. In my opinion, this is thought-provoking, especially when considering safety functions, where the “price” can be the highest.

ASIL functions are crucial for our health and safety, making them the highest priority during the development of embedded systems. ISO26262 outlines many restrictions for their implementation and testing. A well-defined process allows us to thoroughly and accurately verify the implementation, operation, and safety mechanisms specified for these safety functionalities.

What ISO 26262 and IEC 61508 require

ISO26262 does not define a completely new testing strategy. It’s rather a supplement to a well-known approach from ASPICE and ISTQB.

See the table below:

automotive testingFor each test level (unit tests, software integration tests, software qualification tests, system integration tests, system qualification tests), ISO26262 defines the methods to prepare a test environment, derive test cases, and conduct both functional and non-functional testing.

Learn more about ISO 26262 guide blog banner

How do we approach Functional Safety testing at Spyrosoft?  

I would describe our approach at Spyrosoft “complex”. In our test plans, we always outline the Functional Safety (FuSa) testing process.

Our starting point is to define all the methods and their combinations that we intend to use for a specific project.

The approach we take depends on various factors, including ASIL, the stage of development, the system, the architecture, the type of testing we’re responsible for, and the tools available. We utilise our own templates that we created based on the recommendations outlined in ISO26262.

Method selection and documentation

For each dedicated method listed in the ISO standards, we begin by assessing its relevance to our system. If a method is not applicable, we provide a clear explanation as to why it doesn’t fit our needs. Additionally, we outline the rationale for selecting a specific combination of methods.

The next step involves defining the implementation strategy for the chosen method. We also identify the work product that results from the method’s use, along with its verification strategy. 

Here’s what the summary looks like: 

functional safety testing

Ensuring safety with traceability and tooling

We use our own documents and scripts, evaluated and qualified in accordance with ISO 26262. This allows us to guarantee the full traceability required for ASPICE and compliance with the ISO 26262 process in test preparation, execution, and reporting.

We recognise that Functional Safety (FuSa) testing is highly beneficial during the qualification of hardware (HW) and software (SW) components. 

Additionally, fault injection is an effective method to verify safety measures. It involves intentionally introducing failures into the system to check whether the detection and recovery mechanisms work as expected.

At Spyrosoft, we offer a variety of fault injection techniques, such as injecting faults via the XCP protocol to the Software Under Test (SUT) and conducting hardware failure simulations.

Interested to learn more? Contact us for more details. 

FAQ

ISO 26262 is a functional safety standard specifically tailored for the automotive industry, while IEC 61508 serves as a broader base for electrical, electronic, and programmable electronic control systems across multiple industries. ISO 26262 applies these general principles to address the complexities of achieving functional safety in road vehicles, focusing on safety lifecycle, safety integrity levels (ASIL), and risk assessment.

Yes. While some general testing practices overlap, ISO 26262 introduces specific methods, documentation, and traceability requirements that go beyond standard approaches. A well-structured process for functional safety is essential to meet safety certification criteria, ensure compliance, and pass safety assessments by bodies like TÜV SÜD.

Traceability ensures that each safety requirement is linked to its implementation and corresponding tests. This is critical for demonstrating that the safety system works as intended across the entire lifecycle and for achieving functional safety certification. ISO 26262 and ASPICE both emphasise full traceability as a foundational element of compliance.

Fault injection testing involves deliberately introducing failures into a system to verify the effectiveness of its safety mechanisms. In automotive functional safety, this helps confirm that systems can detect and recover from faults as required. Techniques like XCP injection into the software under test (SUT) and hardware fault simulations are commonly used in control system testing.

Functional safety directly influences the design and verification of both hardware and software in electronic systems. Developers must implement safety mechanisms, perform exhaustive safety-related testing, and follow structured processes to meet the safety integrity level (ASIL) assigned to each safety function. This ensures that the vehicle operates safely under all conditions.

About the author

dominik długosz spyrosoft

Dominik Dlugosz

Functional Safety Engineer