Requirements of ISO 26262The issue of safety has always been one of the most important topics for the automotiveindustry. ...
Overview of ISO 26262 structureThe ISO 26262 is specifically formulated for safety systems that have one or moreelectrical...
The risk assessment is based on a combination of several factors like the probability ofexposure, the controllability of t...
•    Software unit test   •    Software integration and test   •    Software safety acceptance testThere is a standard fra...
ConclusionMost of the requirements of the ISO 26262 standard in dealing with the development andauxiliary processes are al...
Upcoming SlideShare
Loading in...5
×

Requirements of ISO 26262

2,136

Published on

A recent regulation approved by the European Parliament laid out the requirements for type approvals of motor vehicles on their safety aspects calls for the introduction of these new safety features as a prerequisite. As such, the need for an internationally recognized standard for safety critical systems becomes more crucial to measure how safe a system is.

Published in: Automotive
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,136
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
47
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Requirements of ISO 26262

  1. 1. Requirements of ISO 26262The issue of safety has always been one of the most important topics for the automotiveindustry. The announcement made by Toyota last year for the recall of their defective vehiclesonly serves to highlight how costly defects can be not only for the company’s balance sheet butalso costly in terms of eroded consumers’ confidence. New technologies introduced to enhancevehicle control and driver assistance have now become standard accessories rather thanoptional. In addition, a recent regulation approved by the European Parliament laid out therequirements for type approvals of motor vehicles on their safety aspects calls for theintroduction of these new safety features as a prerequisite. As such, the need for aninternationally recognized standard for safety critical systems becomes more crucial to measurehow safe a system is.Unlike other industries, detailed discussions about functional safety in the automotive industryonly began a few years ago. One of the reasons was that there was a prevailing view that therisks posed as a result of mechanical failures are still within the control of the driver. A drivermerely had to stop the motor vehicle to bring the motor vehicle to a safe state. But we nowknow that this is not always possible when there is a failure in the drive-by-wire throttle system,as illustrated in the cases of gas pedal failures in Toyota cars in 2010.Although there were existing standards on functional safety like the IEC 61508, this standard isnot dedicated to the auto industry. The application of a non dedicated functional safety standardwithin different firms will not result in harmonization of functional safety objectives as differentinterpretations of the standard will ensue.SILs & ASILsThe ISO 26262 was developed to overcome this problem and to reach a harmonized standardfor the auto industry. This standard is provided for the requirements, processes and methods tolessen the effects of systematic failures and unsystematic hardware failures. The ISO 26262 isbased on the IEC 61508 which is a generic yardstick on the functional safety forElectrical/Electronic (E/E) systems created in 2002 by CENELEC. The ISO 26262 borrowed onthe IEC 61508 concept of “Safety Integrity Level” (SIL) and redefined it as “Automotive SafetyIntegrity Levels” (ASIL).The structure of the ISO 26262 comes in 10 parts as listed below: • ISO 26262: Part one: Vocabulary • ISO 26262: Part two: Management of functional safety • ISO 26262: Part three: Concept phase • ISO 26262: Part four: Product development: system level • ISO 26262: Part five: Product development: hardware level • ISO 26262: Part six: Product development: software level • ISO 26262: Part seven: Production and operation • ISO 26262: Part eight: Supporting processes • ISO 26262: Part nine: ASIL-oriented and safety-oriented analyses • ISO 26262: Part ten: Guideline on ISO 26262----------------------------------------------------------------------------------------------------------------------------------- IQPC GmbH | Friedrichstr. 94 | D-10117 Berlin, Germany t: +49 (0) 30 2091 3330 | f: +49 (0) 30 2091 3263 | e: eq@iqpc.de | w: www.iqpc.de Visit IQPC for a portfolio of topic-related events, congresses, seminars and conferences: www.iqpc.de
  2. 2. Overview of ISO 26262 structureThe ISO 26262 is specifically formulated for safety systems that have one or moreelectrical/electronic systems which are installed in series production cars with a maximum grossweight of 3500kg.As the standard is designed for series production cars, Part 7 of the standard includes somethingthat is not found in the IEC 61508 standard which is the requirements for the production andoperation processes. The production aspect is seen in the framework of the automotive safetylifecycle that include management stage, the development stage, the production stage, theoperation stage, the service stage and the decommissioning stage.Approach of ISO 26262As mentioned earlier, ISO 26262 standard uses a different approach for evaluating functionalsafety in the sense it adopt ASILs instead of the SILS of IEC 61508. SILs have three levels whileASILs have four levels from the lowest (A) to the highest (D).The ASIL is obtained by conducting a hazard and risk analysis. From the start of a development,all intended functions are evaluated and compared to possible hazards. The main question askedis “What would result if malfunctions occur within the context of different operationalcircumstances?”----------------------------------------------------------------------------------------------------------------------------------- IQPC GmbH | Friedrichstr. 94 | D-10117 Berlin, Germany t: +49 (0) 30 2091 3330 | f: +49 (0) 30 2091 3263 | e: eq@iqpc.de | w: www.iqpc.de Visit IQPC for a portfolio of topic-related events, congresses, seminars and conferences: www.iqpc.de
  3. 3. The risk assessment is based on a combination of several factors like the probability ofexposure, the controllability of the situation by the driver and the measurement of the severityof injury of the person that is involved in the hazard.Implementing the ASILOnce all these factors are taken into consideration, an ASIL will be the result and this ASIL willbe assigned a consequent safety requirement that is generated to avoid the risk. There are fivestages in the implementation of ASIL. They are: 1. Defining the safety goals These are the safety requirements of the function, assigned to each hazard that the risk assessment indentified, that depict the safety goals to reach. 2. Safe state implementation This is the stage where the function is put into operation in order that the level of risk is reduced to an acceptable level so that the safety goals are not violated. 3. Risks Mitigation Mitigation of risks resulted for random hardware failure to an acceptable level with the application of specific measures. 4. Systematic Failures Prevention Prevention of systematic failures through the definition of a set of requirements. 5. ASIL Decomposition This process allows the distribution of an ASIL that is associated to a function to the various elements that assist in the performance of the function dealing with the same safety goals.The Development ModelsThe development model include in Part three to Part six of the ISO 26262 standardencompasses the development process from: • Part three – concept phrase • Part four- Product development system phrase • Part five – Product development (hardware phrase) • Part six – Product development (software phrase)For the product development system phrase, the ISO 26262 uses a V model. Likewise, thehardware development phrase and software development phrase also uses a V model.Below is the list of recommended phases for the product development (software) stage: • Initiation of software development • Software safety requirements specification • Software architectural and design • Software unit implementation----------------------------------------------------------------------------------------------------------------------------------- IQPC GmbH | Friedrichstr. 94 | D-10117 Berlin, Germany t: +49 (0) 30 2091 3330 | f: +49 (0) 30 2091 3263 | e: eq@iqpc.de | w: www.iqpc.de Visit IQPC for a portfolio of topic-related events, congresses, seminars and conferences: www.iqpc.de
  4. 4. • Software unit test • Software integration and test • Software safety acceptance testThere is a standard framework of objectives, inputs, recommendations, requirements and workproducts that generally become the inputs for the next phase. It is these recommendations andrequirements that form the foundation of the standard.For example, under Part 6, the requirements to methods for informally verifying the architectureof the software design are as listed in the table below:Requirements TraceabilityPrior to the development of the software stage, the ISO 26262 standard requires the planning ofactivities, methods and measures utilized in the different sub-phrases of software development,is always with reference to the system’s ASIL under development. One vital aspect to considerupfront is “Requirements Traceability”. This refers to the capability to track the life of aparticular requirement in both directions, forward and backward.The objective is to follow a requirement to its implementation and its testing phrase. This ishelpful in seeing whether a requirement has been fulfilled and tested for. Requirementstraceability also helps in ensuring the completeness of the requirements through theidentification of requirements that are not integrated into the model and by indentifying parts ofthe model that cannot be linked to any particular requirement. Being able to indentify thediscrete parts of the model, it will help in preventing the modelling and implementation ofbehaviours which are not intended. In addition, it will assist in the management of changes inrequirements.----------------------------------------------------------------------------------------------------------------------------------- IQPC GmbH | Friedrichstr. 94 | D-10117 Berlin, Germany t: +49 (0) 30 2091 3330 | f: +49 (0) 30 2091 3263 | e: eq@iqpc.de | w: www.iqpc.de Visit IQPC for a portfolio of topic-related events, congresses, seminars and conferences: www.iqpc.de
  5. 5. ConclusionMost of the requirements of the ISO 26262 standard in dealing with the development andauxiliary processes are already incorporated into existing internal quality standard. That is not tosay that the automotive industry faces no challenges in the adoption of the ISO 26262.Requirements have to be applied efficiently with consideration to the internal context andlimitation. Most of the difficulties in implementing the ISO 26262 requirements occur during thelater part of the development phrases. This is mainly due to the integration of areas into asetting which has yet to develop into the same standard. Because the ISO 26262 standard is aprocess standard, full integration in current E/E processes will require some time. One shouldbear in mind that the ISO 26262 is just a standard guideline. It is equally important tounderstand that good engineering sense is required in helping to improve the processes used inrelation to the existing E/E processes. Using the ISO 26262 standard with the correct attitudewill only benefit the automotive industry in terms of functional safety in the long run. Want to learn more about E/E commercial vehicles, about current technologies and developments? Visit our Download Center for more articles, whitepapers and interviews: http://bit.ly/eecommercials-articlesAbout IQPC:IQPC provides tailored conferences, large events, seminars and internal training programmes formanagers around the world. Topics include current information on industry trends, technicaldevelopments and regulatory rules and guidelines. IQPCs conferences are market leading events, highlyregarded for their opportunity to exchange knowledge and ideas for professionals from various industries.IQPC has offices in major cities across six continents including: Berlin, Dubai, London, New York, SaoPaulo, Singapore, Johannesburg, Sydney and Toronto. IQPC leverages a global research base of bestpractices to produce an unrivaled portfolio of problem-solving conferences. Each year IQPC offersapproximately 2,000 worldwide conferences, seminars, and related learning programs.----------------------------------------------------------------------------------------------------------------------------------- IQPC GmbH | Friedrichstr. 94 | D-10117 Berlin, Germany t: +49 (0) 30 2091 3330 | f: +49 (0) 30 2091 3263 | e: eq@iqpc.de | w: www.iqpc.de Visit IQPC for a portfolio of topic-related events, congresses, seminars and conferences: www.iqpc.de

×