ISO 26262: Automotive functional safety standard for ensuring driving safety

With the rapid development of automobile technology, more and more electronic systems and functions are introduced into automobiles, bringing great improvements to driving experience and safety. However, these complex electronic systems also bring potential risks and safety challenges. In order to ensure the safety of modern automobiles in various situations, the International Organization for Standardization released the ISO 26262 standard in 2011, which has become the cornerstone of functional safety in the automotive industry.

ISO 26262: Functional safety of road vehicles is a standard published by the International Organization for Standardization (ISO) to guide the automotive industry in ensuring functional safety when developing electronic and electrical systems. The main goal of this standard is to reduce the risks to people, property and the environment caused by electronic system failures in road traffic, especially in the electronic control systems commonly used in modern cars.

1. Overview of ISO 26262

Scope and application areas: ISO 26262 applies to all road vehicles with electronic and electrical systems, including passenger cars, commercial vehicles, motorcycles, etc. It covers the entire development life cycle, from the concept stage to the end of life stage.

Safety concept: The standard requires the development of a functional safety concept, which is to determine the safety goals and safety performance requirements of the system. This includes the assessment of potential hazards and the determination of appropriate safety measures to reduce risks.

Risk analysis and assessment: The standard requires a risk analysis to identify potential hazardous situations and then assess the risks based on severity, frequency, and avoidability. This helps determine the functional safety performance level (ASIL).

Functional Safety Performance Level (ASIL): ASIL is a level determined based on risk assessment to guide the degree of safety activities required during development. There are four levels, from A (lowest) to D (highest).

Security requirements: Security requirements need to be defined and analyzed at every development stage, from the system level to the hardware and software levels, to ensure the security performance of the system.

Verification and validation: The standard specifies the verification and validation requirements for systems and components, including testing, simulation, analysis and other methods to ensure that the system meets safety performance requirements under various circumstances.

Configuration Management: The standard emphasizes the management of configuration items to ensure that changes made during the development lifecycle do not affect the security of the system.

Fault handling: The standard requires development teams to identify possible fault conditions and implement appropriate fault detection, diagnosis, and fault tolerance measures.

Documentation and Records: The standard emphasizes the management of documents and records generated during the development process to facilitate the review and tracking of security activities.

In summary, ISO 26262 aims to provide automotive manufacturers, suppliers and development teams with a structured approach to ensure that adequate safety is integrated into the electronic and electrical systems of the vehicle to reduce potential risks. It emphasizes safety activities throughout the development lifecycle, from concept to actual deployment and maintenance.

2. ISO 26262 safety lifecycle

The ISO 26262 standard specifies the safety lifecycle of automotive electronic and electrical systems to ensure functional safety throughout the development and operation process. The safety lifecycle includes the following main stages and activities:

Concept phase: In this phase, the functional safety concept is developed, including the definition of safety goals, safety performance requirements, and the assessment of potential hazards. When developing the safety concept, the overall safety of the system needs to be considered.

System safety analysis: Perform system-level safety analysis to identify potential hazardous situations and assess the risks to determine the functional safety performance level (ASIL). This helps determine the safety activities required in subsequent development stages.

System security requirements: Based on the results of the system security analysis, formulate the system security requirements, which describe the security performance of the system in various situations. These requirements will guide the subsequent design and development activities.

Hardware and software design: In this phase, hardware and software are designed according to the system security requirements. The design process should consider security requirements such as fault detection, fault tolerance, and fault handling.

Verification and validation: After the design is completed, verification and validation activities are performed to ensure that the design meets safety requirements. This includes various testing, simulation and analysis methods.

Production and Operation: Once verification and validation are passed, the system can enter the production and operation phase. During the production process, it is necessary to ensure that the components produced meet safety standards. During the operation phase, monitoring and fault handling are required to ensure that the system remains safe during operation.

Fault management: Throughout the life cycle, a fault management process needs to be established to promptly identify, diagnose and repair possible fault conditions to ensure the safety performance of the system.

Decommissioning phase: Before a system is decommissioned, a final safety assessment is required to ensure that the system does not pose risks during the decommissioning process. Appropriate measures can be taken to ensure the safe handling and disposal of the system.

In summary, the safety lifecycle of ISO 26262 emphasizes the entire process from concept to retirement, covering various stages such as system development, verification, production, operation and retirement, to ensure that automotive electronic and electrical systems can maintain adequate safety performance throughout their life cycle.

3. ISO 26262 safety level

ISO 26262 defines functional safety performance levels (ASILs) to guide the degree of safety activities required during the development process. ASILs are divided into four levels based on the severity, frequency, and avoidability of potentially hazardous situations: ASIL A, ASIL B, ASIL C, and ASIL D. Each ASIL level corresponds to a more stringent set of safety requirements and development activities to ensure that the system can maintain adequate safety performance in various situations.

Here is an overview of each ASIL level:

ASIL A (lowest level): This level applies to situations with the lowest severity of potentially hazardous situations. Some failures may cause minor injuries, but generally will not cause serious casualties. At the ASIL A level, basic safety activities are required, including risk analysis, safety requirements definition, etc.

ASIL B: This level applies to situations where the severity of potentially hazardous situations is slightly higher than ASIL A. Failures may result in minor injuries or serious property damage. At the ASIL B level, more safety activities are required, including fault handling and safety verification.

ASIL C: This level applies to situations with a higher severity of potentially hazardous situations. Failures may result in serious injury but are not life-threatening. At the ASIL C level, more rigorous safety activities are required, including more detailed fault handling, verification, and validation.

ASIL D (highest level): This level applies to situations with the highest severity of potentially hazardous situations, where failures could result in serious injury or death. At the ASIL D level, the most stringent safety activities are required, including highly detailed fault handling, verification, and validation.

Selecting the appropriate ASIL level requires a system-level safety analysis to identify potential hazardous situations and their possible consequences. Appropriate ASIL levels are then assigned based on severity, frequency, and avoidability. These levels guide the development team in the safety activities that should be performed during design, verification, and testing to ensure that the system can maintain adequate safety performance in a variety of situations.

4. ISO 26262 safety analysis

Safety analysis in the ISO 26262 standard refers to the process of identifying, evaluating and managing potential hazardous situations during the development of automotive electronic and electrical systems. The purpose of safety analysis is to determine the system's safety performance level (ASIL) and formulate corresponding safety requirements to ensure that the system can maintain adequate safety performance in various situations.

The following are the main steps of security analysis:

Identify potentially hazardous situations: First, the development team needs to identify potentially hazardous situations that could result in personal injury, death, severe property damage, or environmental damage. This can include failure of system components, incorrect operation, etc.

Hazard Analysis: For each potential hazardous situation identified, perform a hazard analysis, which is an assessment of the likelihood and consequences of the hazardous situation occurring. This helps determine the severity level of the hazardous situation.

Risk assessment: Based on the hazard analysis, a risk assessment is conducted to consider the severity, frequency, and avoidability of hazardous situations. Based on the assessment results, the functional safety performance level (ASIL) is determined and the hazardous situation is classified as ASIL A, ASIL B, ASIL C, or ASIL D.