ISO 26262 Overview

Srinivasan Venkat

1 |.
 Agenda

▪ Automotive History
▪ Road Accident Statistics
▪ Industry Standards for Safety

▪ ISO 26262

2 |.
Automotive History

▪ The first automobile was probably designed by Guido da Vigevano in the 1400 century
but we had to wait another 400 years to have a real automobile

▪ Steam cars had been built in America since before the Civil War but the early one were
like miniature locomotives.

▪ Robert Anderson did the first electric carricage

▪ In 1871, Dr. J. W. Carhart, , and the J. I. Case Company built a working steam car.

In 1885, Karl Benz designed and built the world's first practical
automobile to be powered by an internal-combustion engine.

On 1886, Benz received the first patent for a gas-fueled car. It

was a three-wheeler; Benz built his first four-wheeled car in
1891

3 |.
Automotive History

4 |.
Road Accident Statistics

5 |.
Road Accident Statistics

6 |.
Road Accident Statistics

7 |.
Industry Standards for Safety

Medical
[IEC 62304]

Process
Automotive
Industry
[ISO 26262]
[IEC 61511]

Industrial
Automation
[IEC 61508]

Nuclear Transportation
[IEC 60880, IEC 60987, [EN 50126. EN 50128,
IEC 61226] EN 50129]

Agriculture
[ISO 25119]

8 |.
 Industry Standards for Safety - Critical Products and Systems

Standard Scope Approach Interpretation or use

The predecessor of many safety standards for electronic systems. Several industry-
The generic standard for electronic Basic safety understanding with risk-
IEC 61508 specific standards have been derived from it. Still widely used despite its rather high-
systems’ functional safety based mitigation
level approach. A solid focus on hardware aspects, but less suitable for software.
Rather detailed and prescriptive risk- Focuses on electrical and electronic subsystems for automotive vehicles. No formal
ISO 26262 Road vehicles based mitigation covering product, certification required. Covers the complete life cycle, systems engineering, hardware,
process, and culture software, production, and operation. Will evolve toward all types of vehicles.
The safety standard for agriculture and off-road systems, such as industry transport,
ISO 25119 Agriculture and forestry Prescriptive risk-based mitigation
mining, and so on. Increasingly enhanced by ISO 26262 for off-road vehicles.
Machinery and safety-related parts of Safety awareness for a wide Focuses on the performance and safety of industrial machinery, such as production
ISO 13849
control systems range of industries systems and embedded control systems.
The primary standard for implementing functional safety in medical equipment. A
IEC 62304 Medical-device software Safety oriented life cycle requirements
strong focus on certification, unlike the other standards.
Rather strong process focus and life The standard for software development in civil aviation. The DO-254 hardware standard
cycle requirements for complex electronics was derived from it. DO-178C is seeing increased application in
DO-178C Avionics software development
defense programs. DO-178B, a rigid enforcement by certification, has proven its
effectiveness over two decades, minor revision, and extension with DO-178C
Provides an overarching systems-engineering life-cycle framework to which specific
ISO 15288 Systems life-cycle processes Generic life-cycle requirements
industry norms are adjusted

ISO 12207 Software life-cycle processes Generic life-cycle requirements Provides the foundation for software product life-cycle development

9 |.
ISO 26262

Electronics ???

With enlargement and advancement of the in-vehicle software, forming the common basis from the
base of each software is becoming much effective and it is named as “electronic platform”.
10 |.
 ISO 26262
What
▪ ISO 26262 is the adaptation of IEC 61508 to comply with needs specific to the application sector of electrical and/or electronic (E/E) systems within road vehicles
▪ ISO 26262 is a multipart standard defining requirements and providing guidelines for achieving functional safety in E/E systems installed in road vehicles.
▪ The standard ISO 26262 is considered a best practice framework for achieving functional safety in road vehicles.
▪ ISO 26262 addresses possible hazards caused by malfunctioning behaviour of E/E safety-related systems, including interaction of these systems.

Why
▪ Safety is one of the key issues of future automobile development. New functionalities not only in areas such as driver assistance, propulsion, in vehicle dynamics control
and active and passive safety systems increasingly touch the domain of system safety engineering.
▪ Development and integration of these functionalities will strengthen the need for safe system development processes and the need to provide evidence that all
reasonable system safety objectives are satisfied
▪ With the trend of increasing technological complexity, software content and mechatronic implementation, there are increasing risks from systematic failures and random
hardware failures.
▪ ISO 26262 includes guidance to avoid these risks by providing appropriate requirements and processes

Scope
▪ Hardware/Software such as electric/electronic devices
▪ Parts or systems that may significantly impact on human lives in case of malfunction/failure are considered
▪ Equipment that consists only of machinery is out of its scope
▪ The entire Life-Cycle of automotive products

Benefits
▪ Implementing ISO 26262 ensures that a high level of safety is built into car components right from the start.
▪ Shall be used to establish a safety management system based on internationally recognized best practices and the latest approach to risk management, giving you a
competitive edge.
▪ It is expected that car manufacturers shall use compliance to ISO 26262 as a means to qualify components and potential suppliers of E/E components

11 |.
 ISO 26262 - Goals

a. Provides an automotive safety lifecycle (management, development, production, operation, service, decommissioning)
and supports tailoring the necessary activities during these lifecycle phases.

b. Covers functional safety aspects of the entire development process (including such activities as requirements
specification, design, implementation, integration, verification, validation, and configuration).

c. Provides an automotive-specific risk-based approach for determining risk classes (Automotive Safety Integrity Levels,
ASILs).

d. Uses ASILs for specifying the item's necessary safety requirements for achieving an acceptable residual risk.

e. Provides requirements for validation and confirmation measures to ensure a sufficient and acceptable level of safety is
being achieved

12 |.
 ISO 26262 - Framework
The framework provided by ISO 26262 deals with the functional safety of:

▪ Products. The standard requires a safety case and a number of confirmation measures to be applied during the product lifecycle

▪ Processes. The standard requires specific life cycle processes to be implemented within a safety management system driven by a risk-based
approach

The word “safety” is subject to various different interpretations. However, when applied to modern automobile design it can generally be
categorized using the following structure:

1. Passive safety: Assuming that an accident is effectively inevitable, the aim of passive safety mechanisms is to minimize the severity of that
accident. The passive safety elements found within a vehicle include seatbelts, crumple zones, etc.

2. Active safety: The systems that are concerned with active safety (based on the knowledge of the current state of the vehicle) will aim to avoid
accidents altogether in addition to the minimization of its effects if an accident occurs. Seatbelt pre-tensioning, airbag deployment, predictive
emergency braking, anti-lock braking systems and traction control are all examples of this.

3. Functional safety: This focuses on ensuring that all of the electrical and electronic systems (such as power supplies, sensors, communication
networks, actuators, etc), including (but not limited to) all ;active safety related systems, function correctly. Functional safety is dealt with by
the ISO-26262 standard

13 |.
 ISO 26262 - Passive & Active Safety

Active safety systems Passive safety systems

▪ Help preventing accidents ▪ Help mitigating the consequences of accidents
▪ They control the dynamics of the vehicle ▪ They protect occupants and pedestrians

Typical Typical
• Anti-lock Braking System (ABS) • Seatbelts
• Traction Control System (TCS) • Airbags
• Stability Control system (ESP) • Body Structure With Programmed Deformation
• Retractable Steering Column
Emerging • Head Restraints
• Cruise Control (ACC) • Seats With “Anti-submarine” Effect
• Steering Control • Fuel Cut-off
• Suspension Control
• Road Sign Detection Emerging
• Intelligent Speed Assistance (ISA) • Automatic Emergency Call (Ecall)
• Autonomous Emergency Braking (AEB) • Automatic Message To An Emergency Call
• Cross-traffic Assist Centre In Case Of A Crash
• Blind Spot Detection
• Lane Departure Warning
• Light Source Recognition
• Pedestrian Detection
• Vision Enhancement (Night/Augmented Vision,
Adaptive Headlights)

14 |.
ISO 26262 - Functional Safety
▪ Absence of unreasonable risk due to hazards caused by
malfunctioning behavior of E/E systems

▪ A dependable system can be broken down into three parts,

of which functional safety is one. It consists of three
categories.
➢ First, is reliability, in that the system should work as it
was designed to in response to a command and not
fail.
➢ Secondly, it should be available when required, so can
respond when required.
➢ Thirdly, it should be safe, so that the system will
respond to a failure in such a way as to not cause any
injuries.

▪ While it’s impossible to guarantee absolute safety, it’s

designed to bring the risk down as much as possible.

▪ Within the automobile industry, the functional safety as a

process is based on the guidelines specified by ISO 26262 ,
an international safety standard for automotive

15 |.
ISO 26262 - Parts

▪ Part 1: Vocabulary
Part 1
▪ Part 2: Management of functional safety
Part 10 Part 2
▪ Part 3: Concept phase

▪ Part 4: Product development at the system level

Part 9 Part 3
▪ Part 5: Product development at the hardware level
ISO
26262
▪ Part 6: Product development at the software level
Part 8 Part 4
▪ Part 7: Production and operation

▪ Part 8: Supporting processes

Part 7 Part 5
▪ Part 9: Automotive Safety Integrity Level (ASIL)-oriented and safety-oriented analyses
Part 6
▪ Part 10: Guideline on ISO 26262

16 |.
 ISO 26262 - Structure
1. Vocabulary
2. Management of Functional Safety
2-5 Overall safety management 2-5 Safety management during item development 2-5 Safety management after release for production

3. Concept Phase 4. Product development at the system level 7. Production, Operation, service And Decommissioning

4-5 Initiation of product development at the system 4-11 Release for production
level

3-5 Item definition 4-10 Functional safety assessment

7-5 Production
4-6 Specification of the technical safety requirements
4-9 Safety validation
7-6 Operation, service and decommissioning
3-6 Hazard analysis and risk assessment
4.7 System Design 4-8 Item integration and testing

5. Product development: Hardware Level 6. Product development: Software Level

3-6 Hazard analysis and risk assessment
5-5 Initiation of product development at the 6-5 Initiation of product development at the software
hardware level level

3-6 Hazard analysis and risk assessment 5-6 Specification of hardware safety requirements 6-6 Specification of software safety requirements

6-7 Software architectural design

5-7 Hardware design
6-8 Software unit design and implementation
5-8 Hardware architectural metrics
6-9 Software unit testing
5-9 Evaluation of violation of the safety goal due to
random HW failures 6-10 Software integration and testing

5-10 Hardware integration and testing 6-11 Verification of software safety requirements

8. Supporting processes
8-5 Interfaces within distributed developments 8-6 Specification and management of safety requirements 8-7 Configuration management 8-8 Change management
8-9 Verification 8-10 Documentation 8-11 Qualification of software tools 8-12 Qualification of software components
8-13 Qualification of hardware components 8-14 Proven in use argument

9. ASIL-oriented and safety-oriented analyses

9-5 Requirements decomposition with respect to ASIL tailoring 9-6 Criteria for coexistence of elements 9-7 Analysis of dependent failures 9-8 Safety analyses

10. uideline on ISO 26262

17 |.
 ISO 26262 - Does Not Cover

• Unique E/E systems in special purpose vehicles such as vehicles designed for drivers with disabilities

• Hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion,
release of energy and similar hazards, unless directly caused by malfunctioning behavior of E/E safety-related
systems

• Nominal performance of E/E systems .

18 |.
 ISO 26262 - Software Development
Part 6 of the standard specifically addresses product development at the software level. Requirements for the
following development activities are specified:
▪ Initialization of product development
▪ Specification of software safety requirements
▪ Software architectural design
▪ Unit design and implementation
▪ Unit testing
▪ Software integration and testing
▪ Verification of software safety requirements. .

Safety is Only as Strong as its Weakest Link

19 |.