ISO26262解析(一)——概述

写在前面：本文旨在对汽车电子功能安全标准ISO26262进行解析，提炼出对设计有强指导意义的关键点。文中包括ISO26262原文的翻译及结合自己工作经验的理解。

0. ISO26262应用对象：

ISO26262 is intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars with a maximum gross vehicle mass up to 3500kg. 

(1) ISO26262适用于安全相关的汽车电子电气系统；

(2) ISO26262适用于3.5吨以下的乘用车辆，专用车辆不适用。

ISO26262 addresses possible hazards caused by malfunctioning behaviour of E/E safety-related systems, including interaction of these systems. It does not address hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy and similar hazards, unless directly caused by malfunctioning behaviour of E/E safety-related systems.

ISO26262只针对由于电子电气系统故障而导致的危险，不包括振动、火、烟、热、放射、有毒性、可燃性、反应、腐蚀、热传递等导致的危险。

1. ISO26262作用：

a) provides an automotive safety lifecycle(management, development, production, operation, service, decommissioning) and supports tailoring the necessary activities during these lifecycle phases;

保证整个生命周期内的安全性，包括管理、开发、生产、运行、服务、报废，并在这些阶段内帮助定制必要的工作。

b) provides an automotive-specific risk-based approach to determine integrity levels[Automotive Safety Integrity Levels(ASIL)];

提供了一种汽车行业专有的基于风险的分析方法，来决定汽车安全等级。

c) uses ASILs to specify applicable requirements of ISO26262 so as to avoid unreasonable residual risk;

使用ASIL等级来标明可执行的需求，以达到避免不合理的残余风险。

d) provides requirements for validation and confirmation measures to ensure a sufficient and acceptable level of safety being achieved;

为验证和确认测试提供需求，来保证达到足够的且可接受的ASIL等级。

e) provides requirements for relations with suppliers。

为供应商提供需求。

2. ISO26262总体框图

由上图可见，ISO26262涵盖了整个产品设计的各个方面，包括系统设计、软件设计、硬件设计等，并贯穿于整个产品的生命周期，从产品概念阶段一直到产品报废。