Skip to main content
Loading ...

Your Country

Your Country

Change your address
Search

You are here

ISO 26262 compliance is not a costly overhead

June 07, 2017
ISO 26262

By using ISO 26262 as agreed‑upon set of rules, engineers and sales can get along better, and customers get safer automobiles.

“Shoot the engineer and ship the product,” is a fun maxim that has stood the test of time. Engineers and developers like to get it right, step back, and take pride in the beauty of their work. CEOs, marketing, and sales want to get it shipped, on time and below budget.

That’s OK if it’s a small drone, but when it comes to automotive safety, who wins?

Counter‑intuitively, the labyrinthine ISO 26262 standard for functional safety may actually have provided a speedy solution to this seemingly eternal tug‑of‑war, but both sides must recognize the importance of the standard, and work together to minimize the cost of adhering to it.

ISO 26262 was defined in 2011 by the International Standards Organization as an international standard for functional safety of electrical and/or electronic systems in production automobiles. It is an adaptation of Functional Safety IEC 61508 and arrived just in time for the rapid adoption of electronics and software for automotive driving assistance systems (ADAS), as well as the increasing focus on autonomous vehicles (Figure 1).

Vehicle Electronics 
Figure 1: ISO 26262 arrived just in time to define clear functional safety requirements for automobiles that are becoming increasingly reliant on electronic hardware and software. (Figure source: Clemson University Vehicular Electronics Laboratory)

It is a risk‑based safety standard, where the goal is to assess risks and define measures to mitigate their effects to avoid or control catastrophic failures. With so much complexity and 100s of millions of lines of code, there is a good chance something will go wrong. However, even if that failure happens in a critical subsystem, there is a good chance that by adhering to ISO 26262 requirements and guidelines, the driver and passengers in a vehicle will emerge unscathed.

Life‑cycle safety
ISO 26262 has a wide scope, from product conceptualization through to design, development, operation, service, and decommission at end of life. This is important, as a lapse at any point along that path could undermine what came before and what comes after.

Specific to automotive systems and with regard to passenger and driver safety, the standard has four Automotive Safety Integrity Levels (ASILs), A, B, C, and D. The ASIL is assessed right at the start of product development and asks the fundamental question of what will happen to the occupants of a vehicle – and other road users – if a failure occurs? For example, a failure of the anti‑lock brakes or engine’s electronic control unit (ECU) requires more attention than the failure of an in‑cabin USB charger.

The estimation is based on a combination of the probability of exposure, the possible controllability by a driver, and the possible outcome’s severity if a critical event occurs. The answer to this question determines the ASIL level, with D having the most safety critical processes and strictest testing regulations. For example, a failure of the anti‑lock brakes or engine’s electronic control unit (ECU) may be ASIL‑D, while an in‑cabin USB charger would be an “A” issue.

Lowering the cost of ISO 26262 compliance
Both hardware and software are addressed by ISO 26262 and need to be qualified through extensive testing. For hardware, many issues can be resolved or circumvented by using pre‑qualified modules where possible, but it must be accompanied by the documentation and a good supplier can help you get through the qualification process.

For software, the key word is standards: use MISRA coding guidelines. The group has even developed MISRA Autocode, which are guidelines for users of control‑system modeling packages, in much the same way as it developed MISRA‑C as a guideline to developing code directly.

There is another keyword, and while it applies to both hardware and software, it’s mostly an issue with software. That keyword is test. It bears repeating: Test, test, test. Thankfully, the standard does require test tool qualification and various tool chains are available from multiple vendors (Figure 2). Just make sure to verify the Tool Confidence Level (1 to 4) based on what comes out of the software tool qualification plan (STQP) that commences early in the design cycle.

Software Design

Figure 2: Software is an increasingly important and complex element of system design and is addressed in Part 6 of ISO 26262 in a V‑shaped cycle. Ansys provides a useful Technical Paper for related safety model‑based approach applications. (Figure source: Ansys)

The testing phase is arduous, but the rewards far outweigh the costs of taking the time to do it right. A failure found in the field can be 10x more expensive than one found during the development stage. However, test and measurement companies and embedded tools providers provide many resources to model and execute a compliance program.

It seems like a lot of extra steps to have to go through so the immediate gains of ISO 26262 and its qualification processes may seem like extra work, time and expense. Be assured, however, that it’s worth it. An unmitigated catastrophic event in the field can haunt a brand for many years, particularly if it results in loss of life.

On this point, engineers, sales, and marketing can all agree. ISO 26262 therefore provides a set of common rules they can all adhere too with less subjectivity and more confidence in the final product’s quality. In cases where engineering is still pressured to ship, it often comes down to having the courage to say, “No,” for the sake of the customer, your company, and your development team.

A small note on safety versus security: A system can be secure without being safe, but a system isn’t safe unless it’s also secure.

 

Patrick Mannion
Technology Analyst and Writer
Home security

New

by Diego Grassi

The residential security and hybrid home automation market is currently in a state of transformation, as conventional anti‑intrusion technologies are giving way to a new generation of advanced smart home ecosystems.

September 19, 2017

by Florian Bousquet

Ever since the Nike+ FuelBand came out in 2012, proving the appeal of wrist‑based activity tracking, the category has exploded. Nowadays, a whole industry has emerged around this market, led by brands like Fitbit and Xiaomi.

September 11, 2017
Hurrican

by Terry Hock

There seems little that can be done when faced with the destructive powers of nature. Severe weather systems such as hurricanes, typhoons, and winter storms regularly strike population centers, and their impact can be catastrophic.

August 28, 2017
u-blox_Tour de Munster

CSR

by Paul Sheridan

From Thursday, August 10 to Sunday, August 13, the Irish counties of Munster in Ireland saw a team of “leisure” cyclists complete an extremely demanding 4‑day 600km charity ride.

August 14, 2017
u-blox_V2X

New

by Patrick Mannion

The necessary elements of high‑level autonomous vehicles are starting to roll out as GM deploys Vehicle‑to‑Vehicle (V2V) systems in its vehicles, while Vehicle‑to‑Everything (V2X) test beds begin in Tampa, New York, and Wyoming.

August 07, 2017
Water meter

by Ludger Boeggering

As smart electricity metering rollouts progress across Europe, Asia and the United States, other utilities are looking to get in on the act. Those involved in water, gas and heat are now also seeking to take advantage of the benefits.

July 28, 2017
u-blox_20 years

by Sven Etzold

1997 – Daniel Ammann, Jean‑Pierre Wyss and Andreas Thiel invented the world’s smallest GPS module as part of their post‑graduate research at the Swiss Federal Institute of Technology (ETH).

July 10, 2017
Big Data Management

by Craig S. Mullins

The number of connected things is projected to grow exorbitantly before the end of the decade.

June 16, 2017