The practical guide to Functional Safety ISO 26262
The application of the appropriate standards, rules and best practices is essential from the perspective of any experienced manufacturer or supplier in the automotive industry. The story doesn’t differ in the automotive environment. This well developed and crucial industry branch cannot work effectively without the unification and the process support defined in the standards. Nowadays, it is obvious, but it was not always like that.
Currently, there are a few vital organisations that provide international industry standards. Some examples of these types of institutions include Internal Organisation of Standardisation (ISO) and International Electrotechnical Commission (IEC). ISO standards are developed by groups of experts from all over the world,and are part of larger groups called technical committees. These experts negotiate all aspects of the standard, including its scope, key definitions and content. These non-governmental institutions are doing their job in almost every area of human life. Since 1946, they approved about 20 000 standards
For more information on our Functional Safety (ISO 26262) competencies, visit our automotive training page.
What is ISO 26262
“Road vehicles – Functional Safety” is the official title of the ISO 26262 standard. It is the international standard for functional safety of electrical and electronic systems in serial production road vehicles. The basics were derived from IEC 61508, which is often recognised as a master functional safety standard. IEC 61508 can be applied in various industries and it is related to any electronic or electrical system. ISO 26262 is an adaptation of the IEC 61508, which is a generic functional safety standard for electrical and electronic systems, for automotive needs.
The ISO 26262 maintains support for the whole product safety lifecycle, including management, development, production and service. During the development process, functional safety covers every safety related aspect of the product on a very detailed level, including such activities as requirements specification, design, implementation, integration, verification, validation, configuration, production, services, operation and decommissioning. The above-mentioned standard also describes the framework for functional safety to assist the development of the safety-related system.
The goal is to achieve acceptable residual risk. E/E System Safety Goals are derived from Hazard and Risk Assessment (HARA) and then the ASIL (Automotive Safety Integrity Level) can be defined. ASIL from A to D means that in the system there is some level of non-acceptable risk which means there are particular FUSA efforts needed to raise the controllability of unwanted situations. – an Automotive Safety Integrity Level (ASIL). Based on that series of activities, it could then be tailored to a particular application.
The history of ISO 26262
The origins of the safety design date back to the 1960s, when for example, the product failure rate, reliability, dependability and availability were considered, but in those days, there was still a long way to go before the first functional safety standard in the automotive environment was created. It does not mean there weren’t any safety features in cars before then. Despite mechanical improvements like safety belts which where mounted in the series car since 1958, the electronic/electrical features were also added long before the appearance of ISO 26262 . For example, Anti – lock braking systems (ABS) currently mandatory in the EU was released in late 1960s. It was the same story with the Electronic steering control (ESC), which was first introduced to the market ] in the 1980s.
The first draft of the ISO 26262 arrived in 2008, but the official release was in 2011. That version of the standard includes ten parts and was limited to electric or electronic devices in series production vehicles with a maximum gross weight of 3500 kg. The second and latest version of the ISO 26262 is from 2018. Two new chapters had been added to the standard. One of them was concerning semiconductors, the other describes adaptation for motorcycles. 4. Why is ISO 26262 important
Even though ISO 26262 is treated very seriously by mature producers it is not mandatory. Widespread compliance shows therefore that it is viewed as an essential standard. This is just half of the story. OEM’s are aware that compliance with this standard is essential and will insist that their own suppliers adhere to it. Following the rules and best practice defined by ISO 26262 makes the development and production process more effective and structured. Based on Quality Assurance there are still gaps in the safety product related to design and production, so the answer in that case is the ISO 26262. It introduces more effort and restriction in the workflow, but as a result, you receive well organised processes, and weak points will be identified and addressed. This lead to a safe, high quality product.
Key Concepts in ISO 26262
ISO 26262 is built around several key concepts that are essential to understanding the standard. These concepts include:
- Functional Safety: At its core, functional safety is about ensuring that a system or component performs its intended function without causing harm to people or the environment. This involves identifying potential hazards and implementing measures to mitigate risks, ensuring that the system operates safely under all conditions.
- Automotive Safety Integrity Level (ASIL): ASIL is a risk classification system that defines the level of risk associated with a particular hazard. It ranges from ASIL A (the lowest level of risk) to ASIL D (the highest level of risk). Determining the ASIL is crucial as it dictates the rigor of the safety measures that need to be implemented.
- Safety Life Cycle: The safety life cycle is a comprehensive framework for managing functional safety throughout the entire development process, from concept to decommissioning. It ensures that safety is considered at every stage, helping to identify and address potential issues early on.
- Hazard Analysis and Risk Assessment (HARA): HARA is a method for identifying and assessing potential hazards and risks associated with a system or component. It involves analysing the system to identify possible failure modes and their effects, and then assessing the associated risks to determine the necessary safety measures.
Recommended reading: Hazard analysis and risk assessment (HARA) in an automotive project (case study)
- Safety Requirements: These are specific requirements that must be met to ensure the functional safety of a system or component. They are derived from the hazard analysis and risk assessment and are used to guide the development process, ensuring that all safety-related aspects are addressed.
12 parts of ISO 26262 and how they help the automotive industry comply with Functional Safety
As was mentioned before, ISO 26262 contains twelve separate parts. Each of them refers to a different level of the product lifecycle. Ten parts are normative and the remaining, are guidelines. All the parts constitute one combined form and furthermore it is common that one part refers to another.
Part 1: Vocabulary
The title speaks for itself. The role of the first part is to specify vocabulary, definitions, and abbreviations. It is crucial to be on the same page and in terms of definitions, understand each other. A brilliant example is an explanation of these words:
Fault – Abnormal condition that can cause an element or an item to fail.
Error – Discrepancy between a computed, observed, or measured value or condition, and the true, specified or theoretically correct value or condition.
Failure -Termination of an intended behavior of an element or an item due to a fault manifestation.
Part 2: Management of functional safety
This section describes the appropriate functional safety management methodology for automotive applications, including overall safety management and project-specific information related to management activities during the safety lifecycle’s various phases.
Part 3: Concept phase
The third part is applied during the early phase of product development. The third part is applied during the early phase of product development. This section requires you to perform a Hazard and Risk Assessment (HARA) based on Item Definition. Later on, Functional Safety Requirements will be defined then all of Functional Safety Requirements will be given to the System Team. meeting the definition of the item. This section requires you to perform Hazard Analysis and Risk Assessment (HARA), so from this point onwards, the Safety Goals in the project should be defined.
Part 4: Product development at the system level
This section covers a range of issues from development on the system level. On the stage are specifications that need to be initiated for technical safety, such as the technical safety concept, system architectural design, item integration and testing.
Part 5: Product development at the hardware level
Part five defines requirements for product development on the hardware level. It includes basic topics like hardware design, or evaluation of architectural hardware metrics. In the range of that section, it is also required to evaluate safety goal violation due to random failures.
Part 6: Product development at the software level
This section addresses a range of topics concerned with product development on the software level. This includes specifications for software safety, software architectural design, software unit design and verification, software integration and testing embedded software. At this stage qualitative analyses, like Failure Tree Analysis (FTA) and Failure Mode and Effect Analysis (FMEA) are often used.
Part 7: Production, operation, service and decommissioning
The objective of this part is to develop and maintain a production process for safety related elements or items that are intended to be installed in road vehicles, as well as gather information about operations, services and decommissioning for users which interface with safety-related items.
Part 8: Supporting processes
The goal of this part is to integrate the whole process and support Safety Life Cycle. It is continuously active throughout all phases. Part eight describes among others how to correctly proceed to verification, how to perform tool qualification, or how introduce proven in-use arguments.
Part 9: Automotive Safety Integrity Level (ASIL)-oriented and safety-oriented analyses
In specifying Automotive Safety Integrity Levels (ASILs) and safety-oriented analyses, this part covers decomposition with respect to ASIL tailoring, criteria for coexistence of elements, analysis of dependent failures, and safety analyses.
Part 10: Guidelines on ISO 26262
This is one of two informative ISO 26262 parts which provides an overview and extends information by adding additional explanations. The objective of this part is to improve the understanding of other parts and the general concept of the ISO 26262.
Part 11: Guidelines on applying the standard to semiconductors
Part 11 was added in the second release of the standard. It provides detailed information to support semiconductor manufacturers and silicon intellectual property (IP). Its goal is to address how IP suppliers and integrators should work together.
Part 12: Adaptation of ISO 26262 to motorcycles
The objective of this clause is to give an overview of the adaptation of the ISO 26262 series of standards for motorcycles. It covers general topics for the adaptation of motorcycles, safety culture, confirmation measures, hazard analysis and risk assessment, vehicle integration and testing, and safety validation.
Achieving ISO 26262 compliance
Achieving ISO 26262 compliance requires a structured approach that involves several key steps. Each step is crucial to ensuring that the system or component meets the necessary safety requirements:
- Functional Safety Assessment: A comprehensive assessment of the system or component to identify potential hazards and risks. This involves analysing the system’s design and operation to ensure that all safety-related aspects are addressed.
- Hazard Analysis and Risk Assessment (HARA): A method for identifying and assessing potential hazards and risks associated with a system or component. This step is critical for determining the necessary safety measures and defining the safety requirements.
- Safety Requirements: Specific requirements that must be met to ensure the functional safety of a system or component. These requirements guide the development process, ensuring that all safety-related aspects are addressed.
- Software Tool Classification Analysis: An analysis of the software tools used in the development process to ensure that they meet the safety requirements. This involves evaluating the tools’ reliability and determining the necessary qualification activities.
- Safety-Related Systems: Systems or components that are critical to the safety of the vehicle or its occupants. These systems must be designed and developed to meet the highest safety standards.
- Entire Development Process: The entire development process, from concept to decommissioning, must be managed to ensure that the safety requirements are met. This involves rigorous planning, execution, and monitoring to ensure that all safety-related aspects are addressed.
- Software Tool Qualification Report: A report that provides evidence that a software tool is suitable for use in the development of safety-related software. This report documents the qualification activities and the results, providing assurance that the tool meets the necessary safety standards.
- Risk Assessment: A comprehensive assessment of the risks associated with a system or component. This involves analysing potential failure modes and their effects, and implementing measures to mitigate the risks.
- Determining Risk Classes: The risk classes are determined based on the hazard analysis and risk assessment. This step is crucial for defining the necessary safety measures and ensuring that the system meets the required safety standards.
- Automotive Components: Components that are critical to the safety of the vehicle or its occupants. These components must be designed, developed, and tested to meet the highest safety standards.
- Software Tool Documentation: Documentation that provides evidence that a software tool is suitable for use in the development of safety-related software. This includes detailed records of the tool’s qualification activities and results, ensuring that the tool meets the necessary safety standards.
By following these steps, manufacturers can achieve ISO 26262 compliance, ensuring that their systems and components meet the highest safety standards and provide reliable performance throughout their lifecycle.
Criticism of ISO 26262 (mentioning SOTIF)
Despite the significant improvement to the electronic and electrical environment in the second release of the ISO 26262, there are still some gaps in the functional safety field. Places where the standard falls short are for example missuses, or automated driving. The solution is ISO PAS 21448 (SOTIF). Previously there was a plan to include that standard in ISO 26262 as a fourteenth section, but it was released as a separate document.
The purpose of SOTIF is to start to address some of the aspects of autonomous driving, where safety is not violated by the failure itself but by the unspecified behavior of the vehicle. SOTIF is taking a more holistic look on the usage of the product. Bright lights, dust, smoke and snowstorms all affect the sensor data, and the “brain” of the car is processing and making decisions based on probability.
ISO 26262 Tool Qualification
The tool qualification is a one of the activities deemed essential for compliance with ISO 26262. In general, the purpose is to ensure that all tools used in the project are reliable, or malfunctions are known, and any issues that arise can be handled. It is important to take into consideration all tools used even those indirectly involved in the development process.
Need help implementing ISO 26262 in your project?
Our expert team can guide you through the entire functional safety process, from hazard analysis and risk assessment to system design, validation, and compliance audits. We’ll help you navigate the complexities of achieving ISO 26262 certification, ensuring your automotive systems meet the highest safety standards. Reach out to our expert via the form below and schedule a no-obligation meeting.
About the author
We’ll help you implement automotive safety standards. Contact our expert.
RECOMMENDED ARTICLES