ISO 26262 & Software Development for Functional Safety of Automotive Systems with ASIL

The ISO 26262 standard determines functional safety for automotive engineering projects and ensures the reliability of critical vehicle components. This article will show how international standards work together for efficient automotive software and hardware development in compliance with ASIL, HARA, and ASPICE.

Vehicle electronics are becoming increasingly complex, and errors in critical systems such as brakes, ADAS, airbags and seatbelts, fuel delivery and other electrical and electronic systems can cost the health and lives of all road users. Therefore, engineers and manufacturers are guided by the international standard ISO 26262, which defines programmes, rules and recommended tools to ensure safety in the automotive industry.

What Are ISO 26262 and ASIL?

The ISO 26262 standard regulates the entire development process for vehicle functional safety: planning, hardware design and automotive software development, mechanical and industrial design, various types of testing (including integration and system testing), implementation, operation and maintenance of vehicles.

ISO 26262 provides several levels for assessing automotive electrical safety – Automotive Safety Integrity Levels (ASIL). They specify the hazard potential of each system from the lowest A to the highest D level and define the rules to be followed during their development.

ASIL for functional safety

Scheme: ASIL for functional safety and ISO 26262 certification

  • ASIL A is usually assigned to systems whose failure is unlikely to have a serious and life-threatening effect: interior vehicle lighting, windscreen washers, and infotainment systems.
  • ASIL B defines systems development that can cause non-serious injury or life-threatening consequences: brake lights, reversing camera, and instrument cluster.
  • ASIL C is assigned to systems whose failure could result in serious injury but not death: adaptive cruise control, battery management, and suspension.
  • ASIL D is for critical systems whose breakdown can be fatal: autonomous driving systems, braking systems, airbags, and electric power steering.

How to Define ASIL Levels?

ASIL levels are assigned using HARA (Hazard Analysis and Risk Assessment), taking into account three factors with several classes:

S – severity – the seriousness of a person’s injury from the system

Class
S0S1S2S3
No injuriesLight and moderate injuriesSevere and life-threatening injuries (survival probable)Life-threatening injuries (survival incertain), fatal injuries

E – exposure – frequency of potential hazards in the system.

Class
E0E1E2E3E4
IncredibleVery low probabilityLow probabilityMedium probabilityHigh probability

C – controllability – the possibility that a driver will do something to prevent injury.

Class
C0C1C2C3
Controllable in generalSimply controllableNormally controllableDifficult to control or uncontrollable

Each system is assigned an appropriate severity, exposure and controllability level during the HARA process. A null factor does not require the assignment of an ASIL level.

The correlation of the levels of each factor helps assign the system to the appropriate ASIL level:

SeverityExposureControllability
C-1 — SimpleC-2 — NormalC-3 — Difficult
S-1 — LightE-1 — very lowQMQMQM
E-2 — lowQMQMQM
E-3 — mediumQMQMA
E-4 — highQMAB
S-2 — SevereE-1 — very lowQMQMQM
E-2 — lowQMQMA
E-3 — mediumQMAB
E-4 — highABC
S-3 — FatalE-1 — very lowQMQMA
E-2 — lowQMAB
E-3 — mediumABC
E-4 — highBCD

ASIL Level Definition Table

Safety Systems Development with ISO 26262 Standard: How It Works

To develop safety solutions according to ISO 26262, you need tools and processes that comply with this standard: software development rules and verification tools.

The tree of interconnected standards and development principles may look like this:

ISO 26262

Scheme: the example of functional safety concept based on ISO 26262

Let's take a look at these principles in detail:

  • ASIL within the ISO 26262 standard is defined by HARA. Also, it specifies the general requirements for software developed in ASPICE with V-model rules.
  • ASPICE (Automotive Software Process Improvement Capability dEtermination) is a system for assessing and improving software-intensive systems development processes.
  • MISRA regulates the development of software in C and C++ (our engineers use these languages and also Rust to design automotive safety systems).

Case Studies on Functional Safety for Automotive Projects

Keeping to automotive functional safety standards allows our team to create solutions for our clients that comply with ISO 26262. Our portfolio includes solutions up to ASIL-C level in ECU development (electronic control units), IVI and EV systems. Below we present three examples and publish our ISO 26262 safety cases.

Case Study: Developing Requirements and Documentation for Microcontroller Software

A supplier of controllers and chips for the automotive industry approached us to develop microcontroller software for error detection during MCU operation. And we successfully solved this task.

The Promwad engineers developed the software architecture in compliance with ASIL-C security guidelines for the electronic platform based on the STM microcontroller. They analysed the source code of the prototype firmware to ensure functional security requirements.

In-car entertainment

Case Study: Development of Updated2-DIN Multimedia System

Commissioned by a supplier of dashboards and in-car infotainment systems (IVI), we developed a hardware and software solution in compliance with the technical safety requirements of ISO 26262 and MISRA.

The designed embedded solution included several features:

  • IVI system;
  • GPS navigation;
  • journey time calculation;
  • air conditioning control;
  • voice control of the on-board computer;
  • interface lock to turn off manual control on the move.

The Promwad engineers integrated new functions, tested the software and fixed bugs in the client version of the software code.

* * *

ASIL and ISO standards provide the functional safety and regulatory compliance required for successful certification and, as a result, user confidence in new automotive solutions. We help our clients adhere to industry standards to create safe and reliable vehicles.

Contact us to develop your software and hardware within automotive functional safety standards.