The document discusses the application of ISO 26262 safety standards in electric vehicles, highlighting the importance of addressing potential hazards such as cell flammability and performance implications at the system level. It contrasts safety cultures through examples of accountability and prioritization of safety versus cost, emphasizing proactive attitudes for early problem identification. Additionally, the document outlines various scenarios for assessing risks, severity, exposure, and controllability related to vehicle operations and incidents.

1. 1

2. 2

3. Example One:
For EV, The Flammability or explosion of cells is not addressed in ISO26262 unless there
exists an E/E component designated to warn or mitigate or monitor the component.
If functions realized by BMS can increase the chance of flame or explosion, then iso2626
shall be applied.
Example two:
Performance at system level is not addressed but if the performance of any of
subcomponents has safety implication, then performance comes into play. For example,
the performance of the SW unit responsible for processing the airbag accelerometer
data. Referred in Part IV
3

4. Slide 3
hm1 hasanvand milad, 8/19/2018

5. Interesting Statistics:
10 parts
43 chapters
100 work products
180 engineering methods
500 page
600 requirements
4

6. 5

7. 6

8. Examples on safety culture:
Annex B. Part II Table B.1
Poor culture: Accountability for decisions is not traceable
Good culture: Vice versa
Poor culture: Cost and schedule always takes precedence over safety and quality
Good culture: safety is the highest priority
Poor culture: Passive attitude towards safety, dependence on testing at the end of
project, reaction of management only when a problem is in the filed
Proactive attitude towards Safety: safety and quality issues are discovered and resolved
from the earliest phase (test early , test often, Agile methodology , MBSE)
7

9. 8

10. 9

11. 10

12. 11

13. 12

14. To Analyze the situation, The following shall be considered:
Normal Operation, Degraded Operation w/o warning
Road or Location Type : highway, city road, parked, maintenance …
Road conditions: friction, slope, width and passes
Environmental circumstances : wind, traffic jam, construction zone
Driving maneuver: starting, turning, parking, over taking ,…
Driving state: parked, stopped, accelerate, collision, braked, charging
state of other road users:
13

15. Annex B Part III
Examples on Severity:
S0 : Bumps with roadside infrastructure, Damage entering/exiting parking space, Leaving the road without collision or rollover
S1 : Side impact with a narrow stationary object, or a passenger car, e.g. crashing into a tree (impact to passenger cell) with very low speed
S2 : S1 with low speed, Pedestrian/bicycle accident while turning (city intersection and streets)
S3 : S1 with high speed, Pedestrian/bicycle accident
Medium to high speed 50‐90
Examples on Exposure:
It is highly dependent on the driving statistics of the target market.
E0: a vehicle involved in an accident with another vehicle that is carrying a hazardous material, natural disasters,
E1 : Duration not specified: Occurs less often than once a year for the great majority of drivers
Lost cargo or obstacle in lane of travel (highway)
In repair garage (on roller rig)
Driving downhill with engine off (mountain pass)
E2 : Duration less than 1% of average operating time
Highway entrance/ exit ramp
Snow and ice on Road
Slippery leaves on road
In car wash
refueling
E3 : Duration less than 10% of average operating time
One‐way street
Wet road
In tunnel
Traffic congestion
Vehicle on a hill (hill hold)
Heavy traffic (stop and go)
Unlighted roads at night
E4 : more than 10%
charging
Highway
Accelerate, decelerate, park …
Starting from standstill
Examples on Controllability:
In table B.4 Part III, the best actions are mentioned, contents of user manual
In complicated scenarios, to avoid over engineering, HFE is needed to derive the exact level of controllability
C0 : Controllable in general
distracting situations
warning messages
abnormality of multimedia systems
C1 : 99 % or more of all drivers or other traffic participants are usually able to avoid harm
Faulty adjustment of seat position while driving
Blocked steering column when starting the vehicle
C2 : 90%
Failure of ABS during emergency braking
Headlights fail while night driving at medium/high speed on unlighted road
Motor failure at high lateral acceleration (motorway exit)
C3 : less than 90%
Failure of ABS when braking on low friction road surface while executing a turn
Failure of brakes
Faulty driver airbag release when travelling at high speed
Steering angle change not aligned to driver intent
From Renesas Report:
*****Inadvertent hard braking during driving ASIL D.
No Brake Lighting during braking ASIL C.
HEV/EV sudden Torque up/down ASIL C.
TI example : Charging over current ‐> over temp ‐> Fire: ASIL C, S2,E4,C3
SAIPA Example:
Airbag deploys unintentionally on vehicle start
S2,S3 ‐> S3,C3,E4 ‐> Part III, 7.4.4 Table 4 ‐> ASIL C,D
Example on Determination of ASIL : Source Auto service paraxis de, vector:
A Japanese automaker, 2013, Problems with acceleration, the car unintentionally accelerates thus causing personal damage
S2, E4 (while driving), C1,C2 => ASIL A,B
A German Automaker. 2013, Problems with airbag, airbag and pre‐tentioners are not or too late deployed
S3, C3, E1,E2 => ASIL A,B
Airbag deploys unintentionally in high speed
S2,S3, C3, E4 => ASIL C,D
For EPB, unintended activation in motion
S3, C3, E4 => ASIL D
PART 10 6.4.2 Example of external measures
Sudden release of EPB when the vehicle is parked on a slope in an urban area when vehicle is off and key is not in vehicle
Vehicle A manual gearbox : S2,S3, C3, E1‐3, C3 => ASIL C
Vehicle B automated gearbox : C0 => no resulting hazard
14

16. 15

17. 16

18. 17

19. 18

20. 19

21. 20