Automotive Grade | ISO26262 Road Vehicle Functional Safety Certification

1. The origin of ISO26262

Safety is the most important factor in automobile R&D and manufacturing.

No matter how advanced the driving functions are integrated into a new car, the designer needs to provide sufficient evidence to prove that the newly added functions are safe enough to meet the safety requirements of the entire vehicle.

As the electrification and intelligence of automobiles increase, the complexity of the electrical and electronic systems of the vehicle also increases. The increase in the complexity of electronic/electrical systems has brought about an increase in the risk of system failure and random failure, and the uncertainty of automobile safety, which has become the biggest challenge on the road to intelligent transformation of automobiles today.

In 2011, the International Organization for Standardization Road Vehicle Technical Committee sorted out the special safety of the electrical/electronic systems of "road vehicles" based on IEC61508 (first released in 2000), and proposed safety requirements and verification requirements for electrical/electronic hardware and software and related components related to automotive functional safety in the entire life cycle of design, production, service and scrapping. ISO26262 "Road Vehicle Functional Safety" was officially born. Currently, ISO26262 certification is a necessary condition for products to enter the automotive electronic/electrical parts and system supply chain system.

2. Specific requirements of ISO26262

ISO26262 provides corresponding safety assurance measures to ensure the functional safety of electronic/electrical systems throughout the vehicle life cycle (including product development, production, use, maintenance and scrapping), such as requirements, methods and management processes for how to evaluate/improve/verify safety. It also provides a safety assurance framework including other technologies such as mechanics, hydraulics, and pneumatics.

ISO26262 starts from the perspective of vehicle functional safety, and determines the safety goals through hazard analysis and risk assessment of function-related items and determination of the Automotive Safety Integrity Level (ASIL).

In order to achieve the safety goals, the function-related items, the electronic/electrical systems that constitute the related items, the components that make up the system, and the layers of components that make up each component are subdivided. Corresponding functional safety concepts and technical safety concepts are formulated for each level, and the safety of the related items is evaluated through review, verification and other means to determine whether it is achieved and effective.

The review is generally conducted on the work results (walkthrough/inspection/approval review) generated during the system development process to achieve relevant safety goals. The work results include approximately 86 types of results documents, covering the documentation of functional safety activities throughout the entire life cycle from the product concept proposal stage to scrapping, as well as the management documents of the developer and supplier.

ISO26262 provides corresponding safety certification guidelines for developers and manufacturers of electronic components and parts. Electronic components or parts specially developed for ISO26262 need to be developed and verified in accordance with the development requirements and safety activities of ISO26262-5.

For shelf electronic components or parts, the safety concept of ISO26262 is not introduced in the development stage, and safety function assessment and risk assessment of deviation from safety goals are required according to the evaluation requirements of ISO26262-8 for hardware elements. When evaluating such shelf electronic components and parts, they are classified (Class I-Class III) according to the characteristics of the product, the difference in evaluation difficulty, and the role of the elements in the safety concept.

3. Class Ⅰ-Class Ⅲ

ClassⅠ

Class I components or devices belong to the simplest certification elements (a general term for electronic components/components). Passive components and discrete devices belong to this category. Their common characteristics are that they have fewer working modes, their working parameters can be fully evaluated, and they have no internal fault diagnosis and control mechanisms.

In the ISO26262-11-2011 version, such evaluated elements only need to be certified according to the corresponding standards of ISO16750 or AEC-Q. In the 2018 version, such elements do not need to be evaluated separately, but can be evaluated at a higher integration level.

ClassⅡ

Class II elements are characterized by diverse working modes, but they also lack internal safety diagnosis and control mechanisms, such as sensors and integrated circuits without integrated IP cores. The evaluation of such elements shall be conducted in accordance with ISO26262-8 using analysis (analysis of data, files, models, and records) and testing (testing and verifying the safety of functions and usage environments). The robustness test of the elements to external stress shall be evaluated in accordance with ISO26262-5.

The purpose of the assessment is to analyze and verify whether the functional performance of the element meets its specifications and meets its intended use. These performance requirements should fully consider the performance requirements of the assessed element under normal conditions and in conditions that cause failures.

ClassⅢ

Class III elements are characterized by diverse working modes, and their functional performance can only be evaluated under actual working conditions. Internally embedded safety diagnosis and control mechanisms, such as MCU, DSP, and integrated circuits with integrated IP cores, belong to this category. The evaluation of Class III elements is the most complex and demanding. In addition to meeting the safety assessment requirements of Class II elements, additional evaluation measures must be adopted to demonstrate that the risk of deviation from safety goals and safety requirements is sufficiently low. Additional evaluation measures include but are not limited to:

a) Verification of security-related functions needs to be completed based on specific usage functions and usage environment.

b) It is best to have a usage history of similar usage scenarios to serve as a supporting basis for hardware security assessment.

c) The hardware must have independent and diverse cores that can perform diagnostic functions and monitor chip security.

d) The hardware development process implements certain safety standards, and the safety standards are equivalent to the ASIL level of ISO26262.

For this reason, it is not recommended to adopt the assessment of Class III elements in ISO26262 that are not developed in accordance with ISO26262. It is hoped that such elements can be upgraded in full compliance with the ISO26262-5 hardware layer development requirements in future upgrades.

Compared with the 2011 version, the ISO26262-2018 version adds ISO26262-11 "Guidelines for Application to Semiconductor Development", which provides methods and use cases specifically for the development process of semiconductor components and parts.

IV. Service Capabilities of Radio and Television Measurement

SVA Metrology has a professional technical team and provides ISO26262 certification technical support services featuring product safety function verification. With the goal of achieving product functional safety, we provide customers with professional and integrated technical services such as ISO26262 safety system establishment, product technical safety concept establishment and achievement at all stages, and guidance for customers on related approvals and verification reviews.

Featured services include:

●Analysis of chip functional safety requirements.

●Chip structure analysis.

●Basic failure rate analysis and calculation.

●Soft error rate testing and evaluation.

●FMEA and HAZOP analysis.

●Fault injection simulation.

5. About Broadcasting and Television Metrology Semiconductor Services

China Radio and Television Metrology has component screening and failure analysis laboratories across the country, and has formed a technical team headed by doctors and experts. It has built multiple technical service platforms such as component localization verification and competitive product analysis, integrated circuit testing and process evaluation, semiconductor power device quality improvement projects, automotive-grade chips and components AEC-Q certification, and automotive-grade power module AQG324 certification to meet the quality and reliability needs of electronic products in the fields of equipment manufacturing, aerospace, automobiles, rail transit, 5G communications, optoelectronic devices and sensors.

6. Our service advantages

● Cooperate with the Ministry of Industry and Information Technology to lead multiple projects such as the "Public Service Platform Construction Project for the Integrated Circuit and Chip Industry" and the "Public Service Platform for the Industrialization of Innovation Results of Key Components such as Sensors for the Manufacturing Industry";

● It is one of the third-party testing organizations with the most comprehensive technical capabilities and the highest reputation in the field of integrated circuits and SiC, and has completed chip verification for hundreds of models including MCU, AI chips, and security chips;

● In the automotive field, it has a full set of AEC-Q and AQG324 service capabilities, has been recognized by nearly 50 car manufacturers, has issued nearly 300 AEC-Q and AQG324 reports, and has helped the mass production of more than 100 automotive components.