This is part 2 of a 4-part series on ISO 26262. Part 1 provides an overview of ISO 26262; this part reviews the functional safety life cycles; part 3 examines the latest trends driving ISO 26262; and finally, part 4 explains how you can easily meet compliance standards with the right tools.
ISO 26262 is one of the most important safety standards in the automotive industry. Its goal is to address possible hazards associated with the potential malfunction of electrical and mechanical subsystems within a vehicle. As motor vehicles become more and more connected, this safety standard must be at the center of processes for all automotive manufacturers.
ISO 26262 Safety Life Cycle
The entire ISO 26262 software compliance standard comprises 10 parts. Parts 3 through 7 break down the ISO 26262 safety life cycle into 3 phases: concept, product development, and post-SOP.
ISO 26262 Safety Life Cycle, Phase 1: Concept Phase
Even as the elements of the complete ISO 26262 standard are broken down into parts, the phases of the life cycle are also broken down in a similar way. The first phase of the ISO 26262 safety life cycle is the concept phase, which is further broken down into:
- Item definition: In this first step, products are identified, and functional, nonfunctional, and safety requirements, along with operating/environmental constraints, are defined. Functional analysis is completed to identify potential failures, and all this information is taken into the next step of the process.
- Hazard analysis and risk assessment (HARA): A complete HARA risk assessment is then completed in which a variety of factors including vehicle state, driving situations, environmental conditions, and road surface conditions are evaluated to understand potential hazardous situations. All the combinations of conditions are evaluated and assigned an ASIL (automotive safety integrity level), which considers severity, exposure, and controllability to define a value for each hazard. This information is then used in the next phase.
- Safety goals and functional safety concept: Finally, safety goals will be determined for each hazardous event, then inherit the underlying hazard ASIL value to create the input for the functional safety concept stage. For each goal, a fault tolerant time interval (FTTI) is established based on the timespan in which a fault can be present in a system before a hazardous event occurs. This means the system must detect and confirm the fault, then react to achieve the safe state, all of which takes time. The FTTI is the maximum duration a system has to achieve the safe state to not jeopardize safety goals.
The components of each stage of the concept phase of ISO 26262 contribute to determining the safety scores in the next stage.
ISO 26262 Safety Life Cycle, Phase 2: Product Development Phase
The product development phase of the ISO 26262 safety life cycle deals with development at the system level. This includes critical tasks like identifying and planning safety activities throughout the development life cycle. The phase includes the methods used, supporting activities, and the identification and refinement of technical safety requirements.
In this phase, users must begin by determining and planning the functional safety activities in regard to both hardware and software design and specify the requirements based on each. Once the requirements are defined, it must be verified that they conform to what is outlined in the technical safety concept so the hardware and software architecture can be created.
ISO 26262 Safety Life Cycle, Phase 3: Production, Operations, and Supporting Processes
The final phase includes the standards that govern the production, operation, service, and decommissioning of products. ISO 26262 specifically outlines requirements for handling hardware as well as objectives for service and decommissioning. It includes details around repair instructions and maintenance, which can greatly impact the product’s overall functional safety.
There is also a section that defines collaborative processes between the OEM and their suppliers. This section allocates responsibilities and requires those carrying out distributed development activities to specify them in a development interface agreement (DIA). The DIA is essential to achieving functional safety for products that multiple parties develop together as it specifies not only what is expected of each party but also how to complete the respective requirements.
Now that you understand the basics of the ISO 26262 safety life cycle . . .
You now have a better understanding of all the components required to meet ISO 26262 compliance. This is obviously just one part of a much larger picture. In part 3, we will dive into some of the latest automotive trends that are driving the need for such extensive functional safety standards.
If you’re looking for help meeting ISO 26262 compliance standards, we have tools to help. Just contact us to learn more.