ISO 26262 & Software Development for Functional Safety of Automotive Systems with ASIL
The ISO 26262 standard determines functional safety for automotive engineering projects and ensures the reliability of critical vehicle components. This article will show how international standards work together for efficient automotive software and hardware development in compliance with ASIL, HARA, and ASPICE.
Â
Table of contents
Safety Systems Development with ISO 26262 Standard: How It Works
Case Studies on Functional Safety for Automotive Projects
Â
Vehicle electronics are becoming increasingly complex, and errors in critical systems such as brakes, ADAS, airbags and seatbelts, fuel delivery and other electrical and electronic systems can cost the health and lives of all road users. Therefore, engineers and manufacturers are guided by the international standard ISO 26262, which defines programmes, rules and recommended tools to ensure safety in the automotive industry.
What Are ISO 26262 and ASIL?
The ISO 26262 standard regulates the entire development process for vehicle functional safety: planning, hardware design and automotive software development, mechanical and industrial design, various types of testing (including integration and system testing), implementation, operation and maintenance of vehicles.
ISO 26262 provides several levels for assessing automotive electrical safety – Automotive Safety Integrity Levels (ASIL). They specify the hazard potential of each system from the lowest A to the highest D level and define the rules to be followed during their development.
Scheme: ASIL for functional safety and ISO 26262 certification
- ASIL A is usually assigned to systems whose failure is unlikely to have a serious and life-threatening effect: interior vehicle lighting, windscreen washers, and infotainment systems.
- ASIL B defines systems development that can cause non-serious injury or life-threatening consequences: brake lights, reversing camera, and instrument cluster.
- ASIL C is assigned to systems whose failure could result in serious injury but not death: adaptive cruise control, battery management, and suspension.
- ASIL D is for critical systems whose breakdown can be fatal: autonomous driving systems, braking systems, airbags, and electric power steering.
How to Define ASIL Levels?
ASIL levels can be assigned using HARA (Hazard Analysis and Risk Assessment), taking into account three factors with several classes:
S – severity – the seriousness of a person’s injury from the system
Class | |||
S0 | S1 | S2 | S3 |
No injuries | Light and moderate injuries | Severe and life-threatening injuries (survival probable) | Life-threatening injuries (survival incertain), fatal injuries |
E – exposure – frequency of potential hazards in the system.
Class | ||||
E0 | E1 | E2 | E3 | E4 |
Incredible | Very low probability | Low probability | Medium probability | High probability |
C – controllability – the possibility that a driver will do something to prevent injury.
Class | |||
C0 | C1 | C2 | C3 |
Controllable in general | Simply controllable | Normally controllable | Difficult to control or uncontrollable |
Each system is assigned an appropriate severity, exposure and controllability level during the HARA process. A null factor does not require the assignment of an ASIL level.
The correlation of the levels of each factor helps assign the system to the appropriate ASIL level:
Severity | Exposure | Controllability | ||
C-1 — Simple | C-2 — Normal | C-3 — Difficult | ||
S-1 — Light | E-1 — very low | QM | QM | QM |
E-2 — low | QM | QM | QM | |
E-3 — medium | QM | QM | A | |
E-4 — high | QM | A | B | |
S-2 — Severe | E-1 — very low | QM | QM | QM |
E-2 — low | QM | QM | A | |
E-3 — medium | QM | A | B | |
E-4 — high | A | B | C | |
S-3 — Fatal | E-1 — very low | QM | QM | A |
E-2 — low | QM | A | B | |
E-3 — medium | A | B | C | |
E-4 — high | B | C | D |
ASIL Level Definition Table
Safety Systems Development with ISO 26262 Standard: How It Works
Case Studies on Functional Safety for Automotive Projects
Keeping to automotive functional safety standards allows our team to create solutions for our clients that comply with ISO 26262. Our portfolio includes solutions up to ASIL-C level in ECU development (electronic control units), IVI and EV systems. Below we present three examples and publish our ISO 26262 safety cases.
Case Study: Developing Requirements and Documentation for Microcontroller Software
A supplier of controllers and chips for the automotive industry approached us to develop microcontroller software for error detection during MCU operation. And we successfully solved this task.
The Promwad engineers developed the software architecture in compliance with ASIL-C security guidelines for the electronic platform based on the STM microcontroller. They analysed the source code of the prototype firmware to ensure functional security requirements.
Case Study: Development of Updated2-DIN Multimedia System
Commissioned by a supplier of dashboards and in-car infotainment systems (IVI), we developed a hardware and software solution in compliance with the technical safety requirements of ISO 26262 and MISRA.
The designed embedded solution included several features:
- IVI system;
- GPS navigation;
- journey time calculation;
- air conditioning control;
- voice control of the on-board computer;
- interface lock to turn off manual control on the move.
The Promwad engineers integrated new functions, tested the software and fixed bugs in the client version of the software code.
* * *
ASIL and ISO standards provide the functional safety and regulatory compliance required for successful certification and, as a result, user confidence in new automotive solutions. We help our clients adhere to industry standards to create safe and reliable vehicles.
Contact us to develop your software and hardware within automotive functional safety standards.
Â