Requirements of ISO 26262
2 likes2,138 views
The ISO 26262 standard addresses functional safety in the automotive industry, highlighting the necessity for an internationally recognized framework due to the increasing complexity and risks associated with modern vehicles equipped with electrical/electronic systems. The standard, developed to replace generic safety guidelines, includes specific parts for various development stages, emphasizing the assessment and mitigation of risks through an Automotive Safety Integrity Level (ASIL) framework. While ISO 26262 aims to enhance automotive safety practices, the document outlines challenges in its implementation, particularly in integrating these standards within existing processes.
Requirements of ISO 26262
- 1. Requirements of ISO 26262 The issue of safety has always been one of the most important topics for the automotive industry. The announcement made by Toyota last year for the recall of their defective vehicles only serves to highlight how costly defects can be not only for the company’s balance sheet but also costly in terms of eroded consumers’ confidence. New technologies introduced to enhance vehicle control and driver assistance have now become standard accessories rather than optional. In addition, a recent regulation approved by the European Parliament laid out the requirements for type approvals of motor vehicles on their safety aspects calls for the introduction of these new safety features as a prerequisite. As such, the need for an internationally recognized standard for safety critical systems becomes more crucial to measure how safe a system is. Unlike other industries, detailed discussions about functional safety in the automotive industry only began a few years ago. One of the reasons was that there was a prevailing view that the risks posed as a result of mechanical failures are still within the control of the driver. A driver merely had to stop the motor vehicle to bring the motor vehicle to a safe state. But we now know that this is not always possible when there is a failure in the drive-by-wire throttle system, as illustrated in the cases of gas pedal failures in Toyota cars in 2010. Although there were existing standards on functional safety like the IEC 61508, this standard is not dedicated to the auto industry. The application of a non dedicated functional safety standard within different firms will not result in harmonization of functional safety objectives as different interpretations of the standard will ensue. SILs & ASILs The ISO 26262 was developed to overcome this problem and to reach a harmonized standard for the auto industry. This standard is provided for the requirements, processes and methods to lessen the effects of systematic failures and unsystematic hardware failures. The ISO 26262 is based on the IEC 61508 which is a generic yardstick on the functional safety for Electrical/Electronic (E/E) systems created in 2002 by CENELEC. The ISO 26262 borrowed on the IEC 61508 concept of “Safety Integrity Level” (SIL) and redefined it as “Automotive Safety Integrity Levels” (ASIL). The structure of the ISO 26262 comes in 10 parts as listed below: • ISO 26262: Part one: Vocabulary • ISO 26262: Part two: Management of functional safety • ISO 26262: Part three: Concept phase • ISO 26262: Part four: Product development: system level • ISO 26262: Part five: Product development: hardware level • ISO 26262: Part six: Product development: software level • ISO 26262: Part seven: Production and operation • ISO 26262: Part eight: Supporting processes • ISO 26262: Part nine: ASIL-oriented and safety-oriented analyses • ISO 26262: Part ten: Guideline on ISO 26262 ----------------------------------------------------------------------------------------------------------------------------------- IQPC GmbH | Friedrichstr. 94 | D-10117 Berlin, Germany t: +49 (0) 30 2091 3330 | f: +49 (0) 30 2091 3263 | e: eq@iqpc.de | w: www.iqpc.de Visit IQPC for a portfolio of topic-related events, congresses, seminars and conferences: www.iqpc.de
- 2. Overview of ISO 26262 structure The ISO 26262 is specifically formulated for safety systems that have one or more electrical/electronic systems which are installed in series production cars with a maximum gross weight of 3500kg. As the standard is designed for series production cars, Part 7 of the standard includes something that is not found in the IEC 61508 standard which is the requirements for the production and operation processes. The production aspect is seen in the framework of the automotive safety lifecycle that include management stage, the development stage, the production stage, the operation stage, the service stage and the decommissioning stage. Approach of ISO 26262 As mentioned earlier, ISO 26262 standard uses a different approach for evaluating functional safety in the sense it adopt ASILs instead of the SILS of IEC 61508. SILs have three levels while ASILs have four levels from the lowest (A) to the highest (D). The ASIL is obtained by conducting a hazard and risk analysis. From the start of a development, all intended functions are evaluated and compared to possible hazards. The main question asked is “What would result if malfunctions occur within the context of different operational circumstances?” ----------------------------------------------------------------------------------------------------------------------------------- IQPC GmbH | Friedrichstr. 94 | D-10117 Berlin, Germany t: +49 (0) 30 2091 3330 | f: +49 (0) 30 2091 3263 | e: eq@iqpc.de | w: www.iqpc.de Visit IQPC for a portfolio of topic-related events, congresses, seminars and conferences: www.iqpc.de
- 3. The risk assessment is based on a combination of several factors like the probability of exposure, the controllability of the situation by the driver and the measurement of the severity of injury of the person that is involved in the hazard. Implementing the ASIL Once all these factors are taken into consideration, an ASIL will be the result and this ASIL will be assigned a consequent safety requirement that is generated to avoid the risk. There are five stages in the implementation of ASIL. They are: 1. Defining the safety goals These are the safety requirements of the function, assigned to each hazard that the risk assessment indentified, that depict the safety goals to reach. 2. Safe state implementation This is the stage where the function is put into operation in order that the level of risk is reduced to an acceptable level so that the safety goals are not violated. 3. Risks Mitigation Mitigation of risks resulted for random hardware failure to an acceptable level with the application of specific measures. 4. Systematic Failures Prevention Prevention of systematic failures through the definition of a set of requirements. 5. ASIL Decomposition This process allows the distribution of an ASIL that is associated to a function to the various elements that assist in the performance of the function dealing with the same safety goals. The Development Models The development model include in Part three to Part six of the ISO 26262 standard encompasses the development process from: • Part three – concept phrase • Part four- Product development system phrase • Part five – Product development (hardware phrase) • Part six – Product development (software phrase) For the product development system phrase, the ISO 26262 uses a V model. Likewise, the hardware development phrase and software development phrase also uses a V model. Below is the list of recommended phases for the product development (software) stage: • Initiation of software development • Software safety requirements specification • Software architectural and design • Software unit implementation ----------------------------------------------------------------------------------------------------------------------------------- IQPC GmbH | Friedrichstr. 94 | D-10117 Berlin, Germany t: +49 (0) 30 2091 3330 | f: +49 (0) 30 2091 3263 | e: eq@iqpc.de | w: www.iqpc.de Visit IQPC for a portfolio of topic-related events, congresses, seminars and conferences: www.iqpc.de
- 4. • Software unit test • Software integration and test • Software safety acceptance test There is a standard framework of objectives, inputs, recommendations, requirements and work products that generally become the inputs for the next phase. It is these recommendations and requirements that form the foundation of the standard. For example, under Part 6, the requirements to methods for informally verifying the architecture of the software design are as listed in the table below: Requirements Traceability Prior to the development of the software stage, the ISO 26262 standard requires the planning of activities, methods and measures utilized in the different sub-phrases of software development, is always with reference to the system’s ASIL under development. One vital aspect to consider upfront is “Requirements Traceability”. This refers to the capability to track the life of a particular requirement in both directions, forward and backward. The objective is to follow a requirement to its implementation and its testing phrase. This is helpful in seeing whether a requirement has been fulfilled and tested for. Requirements traceability also helps in ensuring the completeness of the requirements through the identification of requirements that are not integrated into the model and by indentifying parts of the model that cannot be linked to any particular requirement. Being able to indentify the discrete parts of the model, it will help in preventing the modelling and implementation of behaviours which are not intended. In addition, it will assist in the management of changes in requirements. ----------------------------------------------------------------------------------------------------------------------------------- IQPC GmbH | Friedrichstr. 94 | D-10117 Berlin, Germany t: +49 (0) 30 2091 3330 | f: +49 (0) 30 2091 3263 | e: eq@iqpc.de | w: www.iqpc.de Visit IQPC for a portfolio of topic-related events, congresses, seminars and conferences: www.iqpc.de
- 5. Conclusion Most of the requirements of the ISO 26262 standard in dealing with the development and auxiliary processes are already incorporated into existing internal quality standard. That is not to say that the automotive industry faces no challenges in the adoption of the ISO 26262. Requirements have to be applied efficiently with consideration to the internal context and limitation. Most of the difficulties in implementing the ISO 26262 requirements occur during the later part of the development phrases. This is mainly due to the integration of areas into a setting which has yet to develop into the same standard. Because the ISO 26262 standard is a process standard, full integration in current E/E processes will require some time. One should bear in mind that the ISO 26262 is just a standard guideline. It is equally important to understand that good engineering sense is required in helping to improve the processes used in relation to the existing E/E processes. Using the ISO 26262 standard with the correct attitude will only benefit the automotive industry in terms of functional safety in the long run. Want to learn more about E/E commercial vehicles, about current technologies and developments? Visit our Download Center for more articles, whitepapers and interviews: http://bit.ly/eecommercials-articles About IQPC: IQPC provides tailored conferences, large events, seminars and internal training programmes for managers around the world. Topics include current information on industry trends, technical developments and regulatory rules and guidelines. IQPC's conferences are market leading events, highly regarded for their opportunity to exchange knowledge and ideas for professionals from various industries. IQPC has offices in major cities across six continents including: Berlin, Dubai, London, New York, Sao Paulo, Singapore, Johannesburg, Sydney and Toronto. IQPC leverages a global research base of best practices to produce an unrivaled portfolio of problem-solving conferences. Each year IQPC offers approximately 2,000 worldwide conferences, seminars, and related learning programs. ----------------------------------------------------------------------------------------------------------------------------------- IQPC GmbH | Friedrichstr. 94 | D-10117 Berlin, Germany t: +49 (0) 30 2091 3330 | f: +49 (0) 30 2091 3263 | e: eq@iqpc.de | w: www.iqpc.de Visit IQPC for a portfolio of topic-related events, congresses, seminars and conferences: www.iqpc.de