Functional Safety in Automotive

Functional Safety also plays a significant role in the automotive industry. The international standard ISO 26262 (Road vehicles - Functional Safety) is relevant for this industry.

Technological requirements and the resulting rapid growth in the complexity of electronic components in vehicles increase the risk of dangerous malfunctions.

ISO 26262 defines necessary processes and activities, methods and work products for the development and production of safety-related electrical and/or electronic systems in motor vehicles. It is an adaptation of the basic standard IEC 61508 to the specific demand and requirements in the automotive sector.

ISO 26262 is important for automotive manufacturers (OEM's) as well as suppliers (tier x) of safety-related systems and components. For every manufacturer and supplier, compliance with this standard is necessary to achieve the state of the art technology.

At the beginning, potential hazards in the event of vehicle malfunctions are identified by means of a Hazard Analysis and Risk Assessment, from which safety targets and the necessary degree of risk reduction are derived. The latter is expressed by ISO 26262 specific Automotive Safety Integrity Levels (ASIL). These Automotive Safety Integrity Levels represent the pivotal point for development.

The required risk reduction is divided into four different groups. These are designated ASIL A to ASIL D, with ASIL D representing the highest level of risk reduction. In the further course of the project, the corresponding Automotive Safety Integrity Level has a decisive influence on the execution of the development as well as on the product.

Depending on the ASIL, the standard ISO 26262 now defines measures for the avoidance of systematic errors, but also requirements with regard to random hardware errors.

The following applies:

• The higher the ASIL - the higher the requirements for the avoidance of systematic faults.
• The higher the ASIL, the more robust the product against a dangerous influence of random hardware failures, as well as the lower the acceptable dangerous failure probability per hour.

Additionally, the requirements for a Functional Safety assessment are one of the normative measures to ensure a safe product, which depend on safety integrity levels. Above a certain level, the standard requires that a body which is organizationally independent of the development department be consulted for the assessment.

A Functional Safety assessment is performed by our experts for all safety-relevant development phases, or product groups. This includes:

• Risk analysis and concept assessments
• Systems (e.g. control units)
• Hardware (at PCB level)
• Software (e.g. operating systems, libraries)
• Complex semiconductors (microcontrollers, ASICs)

Our systematic approach to Functional Safety assessment includes the following steps:

• Carrying out a pre-assessment (preliminary evaluation).
  Due to the automotive-specific development phases, many work products are finalized relatively late in the development process, although potential design weaknesses can be identified much earlier. Pre-assessment is used for early identification of potential design weaknesses, allowing improvement actions to be implemented more easily and cost-effectively.
• Main Assessment.
  After the pre-assessment has been carried out, the process moves on to the main assessment. This ends with compiling a corresponding assessment report. In addition, if the assessment is passed, a corresponding certificate can be issued.
  It is important to note that this is an activity that accompanies the development. If a new development phase has been reached by the developing team, the assessor carries out the assessment of this phase. Again, the aim here is to identify potential safety-relevant deficiencies as early as possible in the development process.

With regard to the evaluation of the methods and measures required by the standards, our experts apply their comprehensive knowledge of the current state of the art.

In particular with regard to highly automated driving, other standards such as ISO 21448 "SOTIF" can also be taken into account.

• ISO 26262 Training: The aim of this training is to impart knowledge in order to implement the requirements of the international standard ISO 26262 in a goal-oriented and effective manner.
• Certification of Functional Safety management systems of automotive manufacturers or suppliers.
• Evaluation / certification of software development tools (Software tools)

With the evaluation of Functional Safety in accordance with ISO 26262 by TÜV Rheinland …

• … costly modifications at an early stage by involving our specialists can be avoided;
• … problems in the approval process (vehicle type approval) for safety-relevant vehicle functions, including braking and steering systems can be avoided;
• … your risk in possible product liability cases can be reduced;
• … you have clear competitive advantages, as the standards conformity of your products is confirmed by a globally accepted certification body;
• … compliance with internationally applicable standards will simplify your access to international markets.