With today's state of the art, the following is clear: Electrical, electronic and programmable electronic systems (in short: E/E/PE systems) can make a massive contribution to road safety and the comfort of vehicles and at the same time reduce pollutant emissions.
The unavoidable problem here: Due to the constantly increasing performance of technical devices and ever finer structures, the number and complexity of systems is increasing and leading to problems with both hardware and software.
What happens if there is an error or failure of the E/E/PE systems that directly or indirectly control the system, or what must not happen if such a mistake is made?
Road users can be put at risk if they misbehave. However, their safety remains the top priority!
And this is exactly where “functional safety” comes into play with the international standard ISO 26262. If components and/or systems and the functions they are supposed to perform result in controlled actuators being able to lead to hazards in terms of functional safety due to incorrect execution, they must be developed in accordance with the safety life cycle according to ISO 26262. A comprehensive analysis is carried out in which the product system is considered and evaluated as a whole.
The first attempts at standardization were made in the 1980s and 1990s. The first publication in a standard was in 1998 in IEC 61508 with the name "Functional safety of safety-related electrical/electronic/programmable electronic systems".
From this standard, the international standard ISO 26262, which came into force in 2011 and consists of ten parts, was initially developed for the automotive sector. This only applied to cars with a permissible total weight of up to 3500 kg. A new version of ISO 26262, published at the end of 2018, now with a total of twelve parts, now also takes trucks, buses, motorcycles and others into account. The standard has thus been expanded to cover all vehicles.
The application of the standard is not mandatory, but legal claims are derived from it. The vehicle manufacturer is liable for damages if safety-critical functions developed using other and not equivalent methods are the cause.
Understandably, questions arise such as:
What does "safe" mean?
How can E/E/PE systems be developed "safely" and how can safety be proven?
Where in the system (hardware and/or software) is safety carried out?
In order to understand and apply the topic, key words that appear repeatedly in the standard must first be understood in their context:
Danger - damage - risk - safety
A danger exists when people can be injured by faulty behavior of a system.
Damage occurs when people are injured. This ranges from the smallest abrasions to fatal injuries.
The risk can be differentiated continuously, refers to the potential damage and exists when the system is exposed to the danger and the danger can therefore be attributed a probability.
For example: In a certain situation, a safety-relevant system in a vehicle malfunctions. If the vehicle is traveling at high speed, dramatic damage can occur and the risk is correspondingly high. The same situation at walking speed may possibly lead to no or only a low risk.
Security exists when the corresponding system is free from intolerable or unacceptable risks.
Functional safety according to ISO 26262 therefore aims to ensure that if a system or function to be developed is classified as safety-critical in any way, an analysis of the risk must be carried out and, through the use of automated safety mechanisms, risks in technical systems are minimized or kept within tolerable limits. The distance between tolerable risk and the identified risk, which is referred to as ASIL classification, forms the basis for the measures that must be taken into account during development. If a system fails or behaves incorrectly and the resulting damage remains low, the risk is initially low. However, whether a risk is ultimately tolerable or not is defined by sociological and political norms.
The implementation of functional safety requires a systematic approach throughout the entire life cycle of a product or system.
Are you affected by the issue?
We, Melster Consulting, do not see safety as an option, but as an obligation and are happy to support the development process of your product with our expertise!