Skip to main content
Loading ...

Your Country

Your Country

Change your address
Search

You are here

ISO 26262 compliance is not a costly overhead

June 07, 2017
ISO 26262

By using ISO 26262 as agreed‑upon set of rules, engineers and sales can get along better, and customers get safer automobiles.

“Shoot the engineer and ship the product,” is a fun maxim that has stood the test of time. Engineers and developers like to get it right, step back, and take pride in the beauty of their work. CEOs, marketing, and sales want to get it shipped, on time and below budget.

That’s OK if it’s a small drone, but when it comes to automotive safety, who wins?

Counter‑intuitively, the labyrinthine ISO 26262 standard for functional safety may actually have provided a speedy solution to this seemingly eternal tug‑of‑war, but both sides must recognize the importance of the standard, and work together to minimize the cost of adhering to it.

ISO 26262 was defined in 2011 by the International Standards Organization as an international standard for functional safety of electrical and/or electronic systems in production automobiles. It is an adaptation of Functional Safety IEC 61508 and arrived just in time for the rapid adoption of electronics and software for automotive driving assistance systems (ADAS), as well as the increasing focus on autonomous vehicles (Figure 1).

Vehicle Electronics 
Figure 1: ISO 26262 arrived just in time to define clear functional safety requirements for automobiles that are becoming increasingly reliant on electronic hardware and software. (Figure source: Clemson University Vehicular Electronics Laboratory)

It is a risk‑based safety standard, where the goal is to assess risks and define measures to mitigate their effects to avoid or control catastrophic failures. With so much complexity and 100s of millions of lines of code, there is a good chance something will go wrong. However, even if that failure happens in a critical subsystem, there is a good chance that by adhering to ISO 26262 requirements and guidelines, the driver and passengers in a vehicle will emerge unscathed.

Life‑cycle safety
ISO 26262 has a wide scope, from product conceptualization through to design, development, operation, service, and decommission at end of life. This is important, as a lapse at any point along that path could undermine what came before and what comes after.

Specific to automotive systems and with regard to passenger and driver safety, the standard has four Automotive Safety Integrity Levels (ASILs), A, B, C, and D. The ASIL is assessed right at the start of product development and asks the fundamental question of what will happen to the occupants of a vehicle – and other road users – if a failure occurs? For example, a failure of the anti‑lock brakes or engine’s electronic control unit (ECU) requires more attention than the failure of an in‑cabin USB charger.

The estimation is based on a combination of the probability of exposure, the possible controllability by a driver, and the possible outcome’s severity if a critical event occurs. The answer to this question determines the ASIL level, with D having the most safety critical processes and strictest testing regulations. For example, a failure of the anti‑lock brakes or engine’s electronic control unit (ECU) may be ASIL‑D, while an in‑cabin USB charger would be an “A” issue.

Lowering the cost of ISO 26262 compliance
Both hardware and software are addressed by ISO 26262 and need to be qualified through extensive testing. For hardware, many issues can be resolved or circumvented by using pre‑qualified modules where possible, but it must be accompanied by the documentation and a good supplier can help you get through the qualification process.

For software, the key word is standards: use MISRA coding guidelines. The group has even developed MISRA Autocode, which are guidelines for users of control‑system modeling packages, in much the same way as it developed MISRA‑C as a guideline to developing code directly.

There is another keyword, and while it applies to both hardware and software, it’s mostly an issue with software. That keyword is test. It bears repeating: Test, test, test. Thankfully, the standard does require test tool qualification and various tool chains are available from multiple vendors (Figure 2). Just make sure to verify the Tool Confidence Level (1 to 4) based on what comes out of the software tool qualification plan (STQP) that commences early in the design cycle.

Software Design

Figure 2: Software is an increasingly important and complex element of system design and is addressed in Part 6 of ISO 26262 in a V‑shaped cycle. Ansys provides a useful Technical Paper for related safety model‑based approach applications. (Figure source: Ansys)

The testing phase is arduous, but the rewards far outweigh the costs of taking the time to do it right. A failure found in the field can be 10x more expensive than one found during the development stage. However, test and measurement companies and embedded tools providers provide many resources to model and execute a compliance program.

It seems like a lot of extra steps to have to go through so the immediate gains of ISO 26262 and its qualification processes may seem like extra work, time and expense. Be assured, however, that it’s worth it. An unmitigated catastrophic event in the field can haunt a brand for many years, particularly if it results in loss of life.

On this point, engineers, sales, and marketing can all agree. ISO 26262 therefore provides a set of common rules they can all adhere too with less subjectivity and more confidence in the final product’s quality. In cases where engineering is still pressured to ship, it often comes down to having the courage to say, “No,” for the sake of the customer, your company, and your development team.

A small note on safety versus security: A system can be secure without being safe, but a system isn’t safe unless it’s also secure.

 

Patrick Mannion
Technology Analyst and Writer

New

by Patrick Mannion

The Security Manifesto and accompanying Digital Social Contract are an industry‑wide call to action from Arm’s CEO at the recent Arm TechCon, but developers have to act now, using available tools and pushing back to ge

November 17, 2017
Galileo Satellite Constellation by Lukas Rohr: https://commons.wikimedia.org/wiki/File:Galileo_sat_constallation.gif

New

by Clemens Buergi

Two decades after it was first conceived, the Galileo global navigation satellite system is raining down its signals across the globe.

November 14, 2017
Connecting cars for over 12 years

New

by Thomas Nigg

The automotive industry found u‑blox sometime around 2005. It was neither anticipated nor planned, but looking back, it’s been a fantastic adventure. Since, we’ve sold dozens of millions of positioning and communication devices to automotive Tier Ones and OEMs.

November 07, 2017
dog tracker

New

by Florian Bousquet

GPS trackers – small, wearable devices used to track people, pets and animals – have made life easier for parents, pet owners, wildlife researchers, farmers, and businesses alike.

November 02, 2017
Arm TechCon

There’s a lot that goes into making IoT applications run smoothly and securely. From designing the hardware to ensuring robust connectivity, security, privacy, and data collection, the success of a prototype or of an end product hinges on cleanly clearing all of these hurdles. Sound daunting?

October 25, 2017

New

by Florian Bousquet

From the Apple Watch, to the Samsung Gear and Huawei 2, more and more smartwatches are popping up every day on people’s wrists. What started as a luxurious fashion accessory is becoming increasingly respected as a useful wearable.

October 18, 2017

u‑blox is demoing the long range connectivity of its newly launched, full‑featured Bluetooth 5 wireless MCU (microcontroller unit) module, NINA‑B3, at booth #1G44 of the

October 04, 2017
Prototype shooting jacket that gives feedback on position and stability of the participant’s arm

CSR

by Paul Gough

Electronics and sportswear are not a natural combination. The materials are quite different; you have hard, rigid and fragile electronics compared to the soft, flexible, robust and washable textiles.

September 27, 2017
Home security

New

by Diego Grassi

The residential security and hybrid home automation market is currently in a state of transformation, as conventional anti‑intrusion technologies are giving way to a new generation of advanced smart home ecosystems.

September 19, 2017