Overview on ISO 26262

Do you you need to understand the structure of automotive functional safety, particularly the ISO 26262? Read on for a quick overview of this international standard, including a video and our free white paper.

Back to Functional Safety

Functional safety is a general approach to make car electronics safe. For this purpose, the international standard ISO 26262 contains guidelines to protect us road users, drivers, and pedestrians, against injuries caused by faults in vehicle electronics and software. This white paper gives you a very condensed overview of functional safety and of this standard.

We all know that todays’ road vehicles include more and more software. Of course, software today enables us to incorporate useful new features into vehicles. Let's think for example about the cruise control feature or for the future: automated driving. However, I'm sure you know examples where software also causes problems. Software can harm people and endanger all traffic participants. Take an uncontrolled acceleration of a vehicle for instance. A simple software fault can lead to a tragedy.

Functional safety, defined by ISO 26262, aims to reduce the risk of software and electronics to a very low level that society finds acceptable.

Image   The structure of ISO 26262:2018
Play
Your free white paper

Interested in a brief summary on functional safety according ISO 26262? Our free white paper provides you with a summary of all key information, including figures showing the talked about part or clause of the ISO – ideal reading for anyone new to the topic of process improvements.

Overview of ISO 26262:2018 – A brief look at its 12 parts

Let us introduce you to the formal structure of “ISO 26262 Road vehicles – Functional safety”. The up to date second edition of the standard consists of 12 parts. We’ll explain how you can achieve the functional safety of your product by using these parts together.

Part 1: Vocabulary

Part 1 defines the vocabulary to achieve a common language and interpretation of the content in the other parts. Here you’ll hear terms such as hazard analysis and risk assessment, safe state, and freedom from interference for the very first time.

Part 2: Management of functional safety

Part 2 addresses the management of functional safety. According to ISO 26262, you have to work in a structured and controlled manner in order to achieve functional safety. This includes that you have defined and actually applied development procedures. You also need a trained safety manager. This person is in charge of planning and controlling the safety activities.

You have to create a so-called “safety case”. This includes a well-founded argumentation why your system is safe. Do not underestimate this task: You need an independent person who confirms your argumentation. This principle is mandatory to prevent misinterpretation and fraud.

Video functional safety management

WE’RE HERE TO HELP YOU

Need support with a key project? We’re your first port of call when it comes to management consulting and improvement programmes in electronics development.

Steffen Herrmann and the sales team

Part 3: Concept phase

Parts 3 through 7 of ISO 26262 give guidance for different phases and technical disciplines from the early concept stage to the junkyard. The structure of the parts follows the V-shape of the system development lifecycle.

Part 3 is called “concept phase”. This early stage of a vehicle and feature development is typically performed by the car maker. Development starts with defining the scope, which is called the “item” in ISO 26262.

Then we come directly to your first real functional safety activity. Perform a so called “hazard analysis and risk assessment (HARA)”. With the HARA you judge the risk to human life when your item is faulty. Based on the risk, you define a set of so-called “safety goals” for your item. These goals are high level safety requirements to be met. They all get an “Automotive Safety Integrity Level”: ASIL A, ASIL B, ASIL C or ASIL D. Classify your item to ASIL D when the risk is highest. Take the adaptive cruise control for instance: This item would typically be assessed ASIL D. An electric window lift where you just risk pinching your fingers would probably be ASIL A.

The determined automotive safety integrity level accompanies you for the rest of the lifecycle: A bulk of necessary safety activities for your item depend on the ASIL assigned. In fact, in ISO 26262 there is more or less rigor in what you have to do and how systematically to do it, corresponding to the identified risks.

What follows now is that safety goals must be addressed as one important aspect along with development. At the vehicle level, this means that, based on the safety goals, a “functional safety concept” and “functional safety requirements” must be developed. The purpose of that concept is to describe the principles of detecting faulty situations and how to react in such situations. For example, the airbag should be deactivated as soon as a safety mechanism detects that it is no longer working correctly.

Part 4: Product development at the system level

If the functional safety concept is developed by the carmaker, the various suppliers now come into play with the system development on the next level (part 4). Typically, the suppliers create a “technical safety concept” for their area of responsibility, which includes “technical safety requirements”. “Safety mechanisms” implement these safety requirements and are often an interaction of hardware that detects errors, software that determines the response, and then again hardware that performs the response, such as to de-energize a circuit.

SINCE 2008

We’re proud that we have been one of the pioneers of functional safety since 2008 and that this has given us the opportunity to leverage our experience in developing the ISO 26262 safety standard.

Functional safety in automotive electronics? We’re the experts!

700+ PROJECTS

We have a wealth of experience in functional safety according to ISO 26262, having conducted over 700 projects with more than 100 clients worldwide.

Functional safety in automotive electronics? We’re the experts!

+100 SPECIALISTS

To date, we have trained more than 100 specialists under the TÜV Rheinland Functional Safety (Automotive) certification scheme.

Functional safety in automotive electronics? We’re the experts!

18 Experts

We already have 18 experts certified under the TÜV Rheinland Functional Safety (Automotive) scheme, or privately approved as official trainers.

Functional safety in automotive electronics? We’re the experts!

+250 YEARS

If we add up the experience of our experts in the field of functional safety, it comes to no less than 250 years.

Functional safety in automotive electronics? We’re the experts!

Classic manual

Who wrote the classic manual on Functional Safety in Practice, or Functional Safety Essentials? We did.

Functional safety in automotive electronics? We’re the experts!

Parts 5 and 6: Product development at the hardware and software level

What you require on system level has to be implemented on hardware and software level. These are parts 5 and 6 of ISO 26262. Detail your safety requirements for both engineering domains hardware and software development. Remember the V-model: don’t forget to consider testing on all levels.

Especially test and validate the safety mechanisms and the functioning of your safety concept at system and vehicle level before you switch on the assembly line.

You must therefore note that ISO 26262 contains a number of requirements and methods that influence the usual development process at system, hardware and software level in detail.

Part 9: ASIL-oriented and safety-oriented analyses

Accompanying the development, safety analyses (according to part 9) must be carried out, which serve to have a precise understanding of the causes and effects of faults and thus to ensure the design.

Part 7: Production, operation, service and decommissioning

Your responsibility doesn’t end with finished development. That’s why we come to part 7, Production, operation, service and decommissioning. It is often necessary to check that the electronics have been produced and installed safely. Repairs in workshops must not pose a safety risk. ISO 26262 requires planning accordingly. The field observation process is intended to ensure that defective parts are examined to determine whether there are deviations from the safety concepts and whether software needs to be updated or hardware replaced.

This completes the parts regarding the vehicle’s lifecycle. However, there are more parts in ISO 26262, so let’s have a look at those.

Part 8: Supporting processes

Part 8 is labelled "Supporting processes". In fact, you’ll find here a number of very different topics which have to be taken into account at various points throughout the lifecycle. That’s for example configuration management. Configuration management is similar to that required by Automotive SPICE.

Parts 10, 11, and 12

Part 10 of the standard contains explanations for better understanding. This part is just informative but helpful.

Part 11 gives very detailed help on the use of semiconductors and microcontrollers in safety-related systems.

Finally, part 12 has been added especially for motorcycles. It essentially contains information on how the hazard analysis and risk assessment is sensibly carried out for bikes.

This concludes a quick overview of ISO 26262.

What have we learned? Here is my summary of things you should definitely remember.
Functional safety prevents people from harm caused by malfunctioning electronics.
That’s the reason why ISO 26262 exists and why it is relevant for you if you are involved in the development of electronics for vehicles.
Please keep in mind
  • Your development steps and efforts depend on the ASIL, where the ASIL is a result of a hazard analysis and risk assessment.
  • Develop a safety concept with safety requirements.
    Do this for your scope of responsibility. Such concepts and requirements describe how to detect faults and how to mitigate them.
  • Implement and test these requirements on all levels.
    Each company involved must contribute here, depending on their responsibility, be it vehicle, system, hardware or software level.
  • Perform safety analyses to understand causes and effects of faults.
  • Confirm the results of important development activities by an independent person.
  • Provide an argumentation for safety in a safety case.
  • Functional safety requires appropriate measures to assure functional safety throughout the whole lifetime of vehicles.
  • There is no functional safety without safety management.
WE CAN SUPPORT YOU WITH…
  • Improving your processes to keep them up to date with the latest safety standards – also so you can develop and sell reliable, available, maintainable and functional products
  • Designing and rolling out safety management systems
  • Conducting safety audits to confirm that your safety management fulfils relevant requirements
  • Knowing for certain if a supplier really can provide you with the right components
  • Building the capability to assess the functional safety of electronic systems and components 
  • Building the capability to provide staff training on all aspects of functional safety

Download Report