ISO 26262 – Automotive Industry

Automotive Functional Safety

ISO 26262 is an international standard for functional safety in the automotive industry. The standard applies to electrical and electronic systems consisting of hardware and software components in vehicles. It defines the requirements to be met by the safety relevant function of the system as well as by processes, methods and tools which are used within the development process.

It was first published in 2011, and at that time was limited to electrical and electronic systems in series production passenger cars up to 3500kg. In 2018, the second edition brought into scope all road vehicles except for mopeds.

ISO 26262 is a risk-based standard – meaning that the risk of hazardous operational situations is qualitatively assessed, and safety measures are defined to avoid or control systematic failures and to detect or control random hardware failures or mitigate their effects. A key goal is to provide the industry with an automotive-specific, risk-based approach for determining risk classes – the ASIL, or Automotive Safety Integrity Level.

The standard provides an automotive safety lifecycle and supports tailoring the necessary activities during these lifecycle phases. It determines an automotive specific risk-based approach for determining risk classes (Automotive Safety Integrity Levels, ASILs), and uses ASILs for specifying the item’s necessary safety requirements for achieving an acceptable residual risk. And lastly, identifies the requirements for validation, verification, and confirmation measures to ensure a sufficient and acceptable level of safety being achieved.

The ASIL is defined in four steps, from ASIL A (the lowest amount of risk reduction) to ASIL D (the highest amount of risk reduction), with the standard detailing the minimum requirements according to the assigned ASIL. This is a key component for ISO 26262 compliance, as the ASIL, and therefore the hazard level, is determined at the beginning of the development process, and the intended functions of the safety system are then analyzed with respect to those possible hazards (Figure 2).

SAFETY ELEMENT OUT OF CONTEXT (SEOOC)

As most components are designed in isolation, without full knowledge of their end use, i.e. ‘out of context’, SEooC is used to ensure that the component meets the requirements of ISO 26262 and can be used in a safety system.

The ISO 26262 standard ensures that sufficient levels of functional safety are being met and maintained throughout the vehicle lifecycle. Using ISO 26262 to evaluate the safety of your vehicle’s electrical and electronic components provides automotive original equipment manufacturers (OEMs) and suppliers with multiple benefits, such as:

• A demonstration of due diligence and ensuring the overall safety of the respective vehicle and/or the corresponding systems
• A recognized process of minimizing the risk of harm to people, and non-acceptance of your products by the market
• Avoiding costly product recalls and reputational damage due to safety hazards because insufficient safety assurance
• Simplified access to global markets by ensuring compliance with relevant international regulations