FUNCTIONAL SAFETY (ISO 26262)

Functional safety is about ensuring that nobody is exposed to a serious threat due to a malfunction in the vehicle or any of the systems contained in a vehicle. To ensure your E/E development matches the latest engineering standards, we help you develop and update your development processes, conduct safety audits and assessments, and provide experts with training.

  • Functional Safety (ISO 26262)

    FUNCTIONAL SAFETY – WHAT EXACTLY IS IT?

    Are you involved in the development of vehicle electronics, control units, electronic systems, or components used for safety-critical functions in cars? If you are, your work is subject to the requirements of ISO 26262, a standard specifically developed for the functional safety of series-production vehicles. Developing software, embedded electronic systems and other forms of technology is becoming increasingly complex, making it necessary to meet the requirements of ISO 26262 not only to prevent damage to vehicles, but also to avoid the risk of product recalls or compensation claims.

    ISO 26262 now defines required technology standards by providing an established procedural model for the development and series-production of vehicles. It also provides a standard combining the procedural model with required tasks, outputs, work products and methods that should be applied in each of these areas.

    One example would be a protection device that prevents electric car windows from jamming: people have an unfortunate habit of sticking their hands out of open car windows, so this is a safety issue. A simple solution is to install a device that prevents windows closing and trapping their hands.

    SINCE 2008

    We’re proud that we have been one of the pioneers of functional safety since 2008 and that this has given us the opportunity to leverage our experience in developing the ISO 26262 safety standard.

    Functional safety in automotive electronics? We’re the experts!

    700+ PROJECTS

    We have a wealth of experience in functional safety according to ISO 26262, having conducted over 700 projects with more than 100 clients worldwide.

    Functional safety in automotive electronics? We’re the experts!

    +100 SPECIALISTS

    To date, we have trained more than 100 specialists under the TÜV Rheinland Functional Safety (Automotive) certification scheme.

    Functional safety in automotive electronics? We’re the experts!

    +250 YEARS

    If we add up the experience of our experts in the field of functional safety, it comes to no less than 250 years.

    Functional safety in automotive electronics? We’re the experts!

    Classic manual

    Who wrote the classic manual on Functional Safety in Practice, or Functional Safety Essentials? We did.

    Functional safety in automotive electronics? We’re the experts!

    18 Experts

    We already have 18 experts certified under the TÜV Rheinland Functional Safety (Automotive) scheme, or privately approved as official trainers.

    Functional safety in automotive electronics? We’re the experts!

    CERTIFICATION

    We are a partner of the TÜV Rheinland certification scheme for Functional Safety Engineers (Automotive).

    Functional safety in automotive electronics? We’re the experts!

    Committee work

    We work as expert advisors to a variety of industry associations, for example through our committee work for the German Electrical and Electronic Manufacturers’ Association (ZVEI).

    Functional safety in automotive electronics? We’re the experts!

    FUNCTIONAL SAFETY BEYOND THE LIFE CYCLE

    Functional safety standards mean that every aspect of your control units, electronic vehicle components or electrical systems have to be taken into account. This means that they only adhere to ISO 26262 if they address all factors at every stage of the product life cycle – from the initial concept to development, production, and the point when a safety-critical system is taken out of operation. As experts in the development of electronic systems and machinery, we keep an open mind regarding long-term trends when introducing workflows or processes. We know the key principles, technologies and measures you will require to support you in keeping with your business goals – now and in the long term.

    Image   The safety life cycle according to ISO 26262:2018
    WE’RE HERE TO HELP YOU

    Need support with a key project? We’re your first port of call when it comes to management consulting and improvement programmes in electronics development.

    Steffen Herrmann and the sales team

    CLASSIFICATION BASED ON SAFETY INTEGRITY LEVELS

    Focus on getting the task done. By using schemes like Automotive Safety Integrity Level (ASIL) defined by ISO 26262, we help you define the exact targets you will require to implement functional safety standards. This also involves maintaining a clear focus on safety-critical factors. ASIL is a useful instrument when it comes to risk assessment. As a classification scheme, it helps you ensure that systems conform with safety standards laid down under ISO 26262. There are four ASIL categories: ASIL A, ASIL B, ASIL C and ASIL D. ASIL D is the highest safety requirement, so it necessitates correspondingly high safety mechanisms.

    By introducing sophisticated processes clearly structured to match the requirements of Automotive SPICE®, we ensure that your processes flow reliably and efficiently in order to deliver the required outcomes.

    As experts in functional safety, we can advise you on all aspects of the ISO 26262 automotive standard, so you can rest assured that everything is shipshape.

    TWO SIDES OF THE SAME COIN

    Functional safety protects systems from malfunctions and thus also protects people from vehicles. This contrasts to security, which is about protecting your vehicle from other people and malicious attacks from cyberspace.

    Our expertise allows us to address both process requirements and ensure that you benefit from protective measures from a single source.

    MORE ON AUTOMOTIVE SECURITY (ISO 21434)

     

    As neutral and independent consultants, we can look at the situation in your company objectively and assess everything from the outside in. Not only do we ensure that your vehicle electronics and software-related systems adhere fully to the requirements of functional safety guidelines, we also offer our consultancy for all phases of the safety life cycle. Drawing on our know-how, we work with you to plan and design operations and projects. Your business then fulfils all requirements relating not just to functional safety standards, but also AUTOMOTIVE SPICE® –considered the de facto standard. By dovetailing functional safety with process maturity, you enhance the quality of your electronic systems and raise the efficiency of your processes. As well as integrating Automotive SPICE®-compatible workflows and AGILE PRINCIPLES into ISO 26262, we also ensure that they work in harmony side by side, without extra outlays or effort. As a result, you derive the maximum benefit on all fronts.

    THE ISO 26262:2018 SAFETY STANDARD

    The most recent version of ISO 26262 went live in December 2018. This second edition of the standard includes two new sections: part 11 and part 12. Parts 3 to 7 outline systems development by drawing on an interwoven V-Model (the state-of-the-art project management methodology), spanning the product life cycle from initial concept to production and decommissioning. Part 3 provides the tools required to manage functional safety. Part 8 covers supporting processes.

    Parts of ISO 26262:2018

    The first part of ISO 26262 outlines terms and abbreviations used by the standard.

    The second part defines management tasks required during different phases of a system’s safety life cycle.

    It also outlines the organisational prerequisites that need to be fulfilled to develop a system in accordance with a required ASIL – an automotive safety integrity level relating to each level of a security requirement. ISO 26262 contains certain recommendations regarding different protective measures, depending on the level a system comes under.

    The third part describes the concept phase, outlining the requirements, hazard analysis and risk assessments that have to be carried out.

    The hazard analysis involves identifying potential threats to a system. To do this, malfunctions are examined. Each hazard is categorised according to ASIL level A to D, or classified as not safety-critical. The higher the ASIL level, the increasingly tight safety requirements become.

    The fourth part deals with development processes on a system level in keeping with the V-Model. Methods and work products are outlined for each individual process.

    Methods used to meet a requirement are classified according to each ASIL – as optional, recommended or strongly recommended. If a method that is not named can be shown to be effective, it may also be used.

    The fifth part deals with development processes on a hardware level in keeping with the lower segment of the V-Model. It also outlines methods and work products for each individual process.

    Methods used to meet a requirement are classified according to each ASIL – as optional, recommended or strongly recommended.

    The sixth part deals exclusively with development processes on a software level in keeping with the lower segment of the V-Model. It also outlines methods and work products for each individual process.

    The ASIL classification model applies in the same way as the other layers.

    The seventh part deals with the process of production and installation planning. The aim is to meet the requirements of functional safety during the production and installation process.

    The aim of the eighth part is to define and delegate responsibilities. The requirements of the safety life cycle are specified and configuration and change management are explained. This also involves defining how tools are used.

    The ninth part deals with requirements decomposition with respect to ASIL and criticality analysis. Further part look at different analysis methods used to gain a better understanding of safety-critical failures and system breakdowns.

    The tenth part provides examples of applications and supplementary details on ISO 26262.

    This part is more for information purposes.

    The eleventh part explains the impact ISO 26262 can have on the activities of semiconductor producers.

    The last part deals with motorcycle development.

    Image   ISO 26262:2018, the structure
    SAFETY ANALYSIS ON AN ARCHITECTURE LEVEL

    In the specialist article for HanserAutomotive, the authors describe their experiences conducting HAZOP and fault tree analysis on software architectures.

    READ ARTICLE (FEE-BASED)

     

    NORMED FOR ROAD USE

    In their article for iX kompakt (edition 1, 2011), safety experts Peter Löw, Roland Pabst and Erwin Petry show how specialists go through several rounds of assessments to check whether a new vehicle was developed in keeping with ISO 26262.

    Download

    SERIAL PRODUCTION

    In their article for iX kompakt (edition 1, 2011) Peter Löw, Roland Pabst and Erwin Petry provide an introduction to the ISO 26262 automotive safety standard, as used in the development of serial vehicles. Their article is based on a chapter from the specialist manual on functional safety in practice.

    Download

    CRASH PROTECTION

    In his article in iX kompakt (edition 9, 2010), Bertram Janositz explains the implications ISO 26262 has for development processes.

    Download

    Literature

    FUNCTIONAL SAFETY IN PRACTICE

    This specialist manual by Peter Löw, Roland Pabst and Erwin Petry provides a thorough overview of the functional safety standards covered by DIN EN 61508, ISO 26262 (automotive) and DIN EN 50128 (railways).

    APPLICATION OF ISO 26262 TO THE DEVELOPMENT OF SERIAL PRODUCTS

    This book provides a thorough overview of the standards of functional safety. As well as explaining the requirements of the basic DIN EN 61508 standard, it also looks at the ISO 26262 automotive standard and DIN EN 50128 railway standard. Interdependencies are highlighted between the different standards and maturity models like CMMI® and Automotive SPICE®, and issues that arise in actual use are also examined.

    To illustrate how they are used, examples are given of solutions at all stages of product development. Specific examples are provided of product architecture, analysing and evaluating safety, required processes and methods, and tool support.

    TRANSLATING THE SUBJECT MATTER OF FUNCTIONAL SAFETY INTO PRACTICE

    An overview of functional safety

    General requirements of the DIN EN 61508 standard

    Requirements of the DIN EN 61508 standard relating to electronic systems

    • Requirements of the DIN EN 61508 standard relating to software
    • Standards for serial products: differences to the basic standard
    • Implementation in an Automotive SPICE® or CMMI® setting
    • Tools, materials and forms

    The book finishes with a glossary and detailed list of references.

    See the extract to read the table of contents of the specialist manual on functional safety in practice, as well as extracts from two chapters.

    Extract to read

    • 365 pages
    • May 2010
    • dpunkt publishing, Heidelberg

    Functional Safety in Practice is only available in digital form. The e-book is available directly from dpunkt publishing.

    FUNCTIONAL SAFETY ESSENTIALS

    This book does what it says on the label: as well as offering a thorough introduction to the topic of functional safety, it also provides vivid descriptions of know-how derived from actual practice in industry.

    YOUR INTRODUCTION TO FUNCTIONAL SAFETY

    This concise book from the Essential series provides you with a ready-made overview of the requirements laid down under ISO 26262. Whether you work for an automotive company or a supplier, Safety Essentials gives answers to the basic questions.

    THIS CONSOLIDATED MANUAL DESCRIBES ISO 26262 IN STRAIGHTFORWARD AND SIMPLE TERMS

    • General overview of the standard
    • Descriptions and interpretations of the individual elements of the standard
    • An introduction to the output provided by the standard, shown as a quick overview
    • Illustrations of the requirements laid down by the standard using a detailed example 
    • The relationships between functional safety in the automotive sector (ISO 26262), Automotive SPICE® and AGILE METHODS such as Scrum and Kanban
    • Responsibility matrix: the most important areas of output under the standard shown by the typical roles fulfilled in a development organisation

    WE CAN SUPPORT YOU WITH…

    • Improving your processes to keep them up to date with the latest safety standards – also so you can develop and sell reliable, available, maintainable and functional products
    • Designing and rolling out safety management systems
    • Conducting safety audits to confirm that your safety management fulfils relevant requirements
    • Knowing for certain if a supplier really can provide you with the right components
    • Building the capability to assess the functional safety of electronic systems and components 
    • Building the capability to provide staff training on all aspects of functional safety