ISO 26262 & Software Development for Functional Safety of Automotive Systems with ASIL

The ISO 26262 standard determines functional safety for automotive engineering projects and ensures the reliability of critical vehicle components. This article will show how international standards work together for efficient automotive software and hardware development in compliance with ASIL, HARA, and ASPICE.

Vehicle electronics are becoming increasingly complex, and errors in critical systems such as brakes, ADAS, airbags and seatbelts, fuel delivery and other electrical and electronic systems can cost the health and lives of all road users. Therefore, engineers and manufacturers are guided by the international standard ISO 26262, which defines programmes, rules and recommended tools to ensure safety in the automotive industry.

What Are ISO 26262 and ASIL?

The ISO 26262 standard regulates the entire development process for vehicle functional safety: planning, hardware design and automotive software development, mechanical and industrial design, various types of testing (including integration and system testing), implementation, operation and maintenance of vehicles.

ISO 26262 provides several levels for assessing automotive electrical safety – Automotive Safety Integrity Levels (ASIL). They specify the hazard potential of each system from the lowest A to the highest D level and define the rules to be followed during their development.

ASIL for functional safety

Scheme: ASIL for functional safety and ISO 26262 certification

  • ASIL A is usually assigned to systems whose failure is unlikely to have a serious and life-threatening effect: interior vehicle lighting, windscreen washers, and infotainment systems.
  • ASIL B defines systems development that can cause non-serious injury or life-threatening consequences: brake lights, reversing camera, and instrument cluster.
  • ASIL C is assigned to systems whose failure could result in serious injury but not death: adaptive cruise control, battery management, and suspension.
  • ASIL D is for critical systems whose breakdown can be fatal: autonomous driving systems, braking systems, airbags, and electric power steering.

How to Define ASIL Levels?

ASIL levels can be assigned using HARA (Hazard Analysis and Risk Assessment), taking into account three factors with several classes:

S – severity – the seriousness of a person’s injury from the system

No injuriesLight and moderate injuriesSevere and life-threatening injuries (survival probable)Life-threatening injuries (survival incertain), fatal injuries

E – exposure – frequency of potential hazards in the system.

IncredibleVery low probabilityLow probabilityMedium probabilityHigh probability

C – controllability – the possibility that a driver will do something to prevent injury.

Controllable in generalSimply controllableNormally controllableDifficult to control or uncontrollable

Each system is assigned an appropriate severity, exposure and controllability level during the HARA process. A null factor does not require the assignment of an ASIL level.

The correlation of the levels of each factor helps assign the system to the appropriate ASIL level:

C-1 — SimpleC-2 — NormalC-3 — Difficult
S-1 — LightE-1 — very lowQMQMQM
E-2 — lowQMQMQM
E-3 — mediumQMQMA
E-4 — highQMAB
S-2 — SevereE-1 — very lowQMQMQM
E-2 — lowQMQMA
E-3 — mediumQMAB
E-4 — highABC
S-3 — FatalE-1 — very lowQMQMA
E-2 — lowQMAB
E-3 — mediumABC
E-4 — highBCD

ASIL Level Definition Table

Safety Systems Development with ISO 26262 Standard: How It Works

To develop safety solutions according to ISO 26262, you need processes and tools that comply with this standard: software development rules and verification tools. Let's take a closer look at some of the methods that ISO 26262 recommends. 
V-model is our a primary methodology at Promwad for software  development and the implementation of ASPICE processes. One of the main features of the V-Model is early testing that could be implemented on each step to find bugs and faults on very early stages. 
As for ASPICE (Automotive Software Process Improvement Capability dEtermination), this standard is used to assess and improve development processes for the design of software-intensive automotive systems. To provide quality according to ASPICE, we use traceability-supportive tools like Polarion and verification tools and methods like unit testing, integration testing, static code analysis, HIL testing, and etc.
As for our software development process, we follow a conventional coding approach or model-based design. The model-based design in automotive software development is an approach that is commonly used for the solutions that conform to the ASIL C and ASIL D levels. This method automates code development and model testing, saves time and ensures the system's reliability in general. 

Case Studies on Functional Safety for Automotive Projects

Keeping to automotive functional safety standards allows our team to create solutions for our clients that comply with ISO 26262. Our portfolio includes solutions up to ASIL-C level in ECU development (electronic control units), IVI and EV systems. Below we present three examples and publish our ISO 26262 safety cases.

Case Study: Developing Requirements and Documentation for Microcontroller Software

A supplier of controllers and chips for the automotive industry approached us to develop microcontroller software for error detection during MCU operation. And we successfully solved this task.

The Promwad engineers developed the software architecture in compliance with ASIL-C security guidelines for the electronic platform based on the STM microcontroller. They analysed the source code of the prototype firmware to ensure functional security requirements.

In-car entertainment

Case Study: Development of Updated2-DIN Multimedia System

Commissioned by a supplier of dashboards and in-car infotainment systems (IVI), we developed a hardware and software solution in compliance with the technical safety requirements of ISO 26262 and MISRA.

The designed embedded solution included several features:

  • IVI system;
  • GPS navigation;
  • journey time calculation;
  • air conditioning control;
  • voice control of the on-board computer;
  • interface lock to turn off manual control on the move.

The Promwad engineers integrated new functions, tested the software and fixed bugs in the client version of the software code.

* * *

ASIL and ISO standards provide the functional safety and regulatory compliance required for successful certification and, as a result, user confidence in new automotive solutions. We help our clients adhere to industry standards to create safe and reliable vehicles.

Contact us to develop your software and hardware within automotive functional safety standards.


Our Case Studies in Automotive Industry