What Is ISO 26262? Overview and ASIL

REF

https://www.perforce.com/blog/qac/what-is-iso-26262

By Richard Bellairs

What Is the ISO 26262 Functional Safety Standard?

ISO 26262 is a risk-based safety standard that’s derived from IEC 61508. It applies to electric and/or electronic systems in production vehicles. This includes driver assistance, propulsion, and vehicle dynamics control systems.

The functional safety standard covers all of the functional safety aspects of the entire development process:

• Requirements specification
• Design
• Implementation
• Integration
• Verification
• Validation
• Configuration

Why Is ISO 26262 Important?

The goal of the standard is to ensure safety throughout the lifecycle of automotive equipment and systems.

Specific steps are required in each phase. This ensures safety from the earliest concept to the point when the vehicle is retired.

By complying with this standard, you’ll avoid or control systematic failures. And you’ll detect or control random hardware failures. (Or, you’ll mitigate the effects of failure.)

 

ISO 26262:2018 consists of twelve parts, ten normative parts (parts 1 to 9 and 12) and two guidelines (parts 10 and 11):

1. Vocabulary
2. Management of functional safety
3. Concept phase
4. Product development at the system level
5. Product development at the hardware level
6. Product development at the software level
7. Production, operation, service and decommissioning
8. Supporting processes
9. Automotive Safety Integrity Level (ASIL)-oriented and safety-oriented analysis
10. Guidelines on ISO 26262
11. Guidelines on application of ISO 26262 to semiconductors
12. Adaptation of ISO 26262 for motorcycles

In comparison, ISO 26262:2011 consisted of just 10 parts, with slightly different naming:

• Part 7 was named just Production and operation
• Part 10 was named Guideline ... instead of Guidelines ...
• Parts 11 and 12 did not exist.

 

ISO 26262 Functional Safety For Hardware Developers

need to supplement later

Random Hardware failure compliance of a cell balancing circuit with the requirements of automotive functional safety 

https://core.ac.uk/download/pdf/295596511.pdf

 

 

ISO 26262 Functional Safety For Software Developers

Part 6 is the most important part for software developers. It details the steps developers must take to ensure the safety of each component.

What's more, Part 6 includes several tables that define the methods that must be considered in order to achieve compliance with the standard.

ISO 26262 Tool Qualification

Any tools used in automotive development need to be qualified. Part 8 provides guidance for tool qualification.

It requires the following:

 

 

• Software tool qualification plan.
• Software tool documentation.
• Software tool classification analysis.
• Software tool qualification report.

Some tools are easier to qualify than others. For instance, Helix QAC — a C/C++ static code analyzer — comes with certificates of compliance that make the qualification process easier.

What Is ASIL (Automotive Safety Integrity Level)? And, Why Is ASIL Important?

 

Automotive Safety Integrity Level (ASIL) is a key component of ISO 26262 and it is used to measure the risk of a specific system component. The more complex the system, the greater the risk of systematic failures and random hardware failures.

There are four Automotive Safety Integrity Level values, named A–D. ASIL A is the minimum level of risk and ASIL D is the maximum, as you go from A to D, the compliance requirements get stricter.

When determining Automotive Safety Integrity Levels, there’s also a fifth option — QM (quality management). This is used to note that there isn’t a safety requirement for that component. (But it’s typically still a good idea to comply in order to improve product quality.)

How to Determine ASIL?

ASIL is determined by three factors — severity, exposure, and controllability.

Severity

Severity measures how serious the damages are of a system failure. Damages include both people and property.

There are four classes of severity:

 

Exposure

Exposure is the likelihood of the conditions under which a particular failure would result in a safety hazard.

The probability of each condition is ranked on five-point scale:

Controllability

 

Controllability is a measure of the probability that harm can be avoided when a hazardous condition occurs. This condition might be due to actions by the driver or by external measures.

The controllability of a hazardous situation is ranked on a four-point scale:

How to Determine ASILs?

Once you’ve determined severity, probability, and controllability, you can determine the Automotive Safety Integrity Level. Table 4 of Part 3 provides guidance on this.

Use this chart to determine ASIL based on severity, exposure, and controllability.

 

 

 

others

https://www.perforce.com/resources/qac/what-is-functional-safety

Your Guide to What is Functional Safety

Read along or jump to the section that interests you most:

 

 

 

 

 

• • S0: No injuries.
  • S1: Light to moderate injuries.
  • S2: Severe to life-threatening (survival probable) injuries.
  • S3: Life-threatening (survival uncertain) to fatal injuries.
  • E0: Incredibly unlikely.
  • E1: Very low probability (injury could happen only in rare operating conditions).
  • E2: Low probability.
  • E3: Medium probability.
  • E4: High probability (injury could happen under most operating conditions).
  • C0: Controllable in general.
  • C1: Simply controllable.
  • C2: Normally controllable (most drivers could act to prevent injury).
  • C3: Difficult to control or uncontrollable.
  • Why Is Functional Safety Important?
  • What Are Functional Safety Standards? An Overview
    • IEC 61508 — General
    • ISO 26262 — Automotive
    • EN 50128 — Railway
    • IEC 62304 — Medical Device
    • IEC 62061 — Manufacturing
    • IEC 60880 — Nuclear
  • How to Receive Certification
  • Which Software Development Tools to Use