![[Translate to English:]](/fileadmin/_processed_/9/1/csm_NewTec_Automotive_ISO26262_f593c63dc7.jpg)
ISO 26262: The standard for functional safety of electrical/electronic systems in motor vehicles
The ISO 26262 series of standards was published in 2011 to minimize the risk of potentially dangerous malfunctions of electrical and electronic vehicle components. ISO 26262 is based on IEC 61508 - the basic standard for functional safety (FuSi for short) of electrical and electronic systems. It provides an established procedural model for the development and production of series vehicles and takes particular account of the requirements in the automotive sector.
Content
- Who is affected by the standard?
- Which vehicles are affected?
- What does ISO 26262 regulate?
- Brief overview of the individual parts of the series of standards
- ASIL classification
- Sources of reference
- Development of functionally safe systems and components according to ISO 26262
Who is affected by the standard ISO 26262?
The standard focuses on both electronic and electrical components and systems of vehicles. It does not apply to mechanical, hydraulic and pneumatic parts. The overriding aim is to reduce risks in vehicles that can be triggered by malfunctions of vehicle components.
Accordingly, the series of standards applies to both suppliers and vehicle manufacturers (OEMs); the requirements and recommendations also apply to both without distinction.
Which vehicles are affected?
While the first version of ISO 26262 was limited to series vehicles with a maximum mass of 3.5 t, the second edition (ISO 26262:2018, hereinafter referred to as ISO 26262 for short) also applies to trucks, buses and trailers (provided that they are equipped with electronic control units). Since 2018 motorcycles with a total mass of no more than 800 kg have also been affected by this standard.
In contrast, mopeds, prototypes, racing vehicles and special vehicles that are manufactured in small series or one-off production (e.g. special vehicles for people with disabilities) are not affected by the ISO 26262 standard. Components and systems which were developed before 2011 are also exempt from this standard.
What does ISO 26262 regulate?
The ISO 26262 series of standards covers the entire safety life cycle for vehicles - ranging from development and production through operation and service to decommissioning. In particular, it contains specifications and recommendations for the entire development process reaching from the initial concept to the final implementation.
In a total of 12 parts, it first explains how systems and components are assessed with regard to their risks and hazards. Then the necessary safety requirements (ASILs, Automotive Safety Integrity Levels - see below) are presented on the basis of the identified and documented risk classes. In addition, a description of how these safety requirements can be achieved with an acceptable residual risk is provided. Moreover, the standard provides verification and validation measures to ensure the required safety level.
Brief overview of the individual parts of the series of standards
Part 1: Explanation of terms and abbreviations used.
Part 2: Specification of the requirements for functional safety management during the various phases of the safety life cycle. In addition, the organizational requirements for development in accordance with the required ASIL are described.
Part 3: Requirements for the concept phase of the hazard analysis and risk assessment (HARA) as well as a functional safety concept.
Part 4: Description of the development processes at a system level with a procedure corresponding to the V-model (also applies to parts 5 and 6). Procedures and work results are defined for the individual sections. The system (driver assistance system, battery management system, etc.) is broken down into subsystems and methods for implementation are recommended - depending on the ASIL classification.
Part 5: Description of the development process at a hardware level with a particular focus on the qualification of the hardware with regard to its reliability and fail-safety as well as to its integration into the overall system.
Part 6: Description of the development process at a software level, determination of functional requirements and resource utilization as well as prediction of software behaviour in the event of errors and overloading - in order to avoid systematic errors. The development process can be simplified and abbreviated by the use of qualified software.
Part 7: Description of the requirements for the production, operation, maintenance, repair and decommissioning of safety-related systems and components as well as for the associated planning activities.
Part 8: Requirements for elements that were not developed for functional safety but for the support of functional safety - e.g. requirements, configuration and change management or documentation management.
Part 9: Rules for separating safety-relevant functions from criteria which aim at the avoidance of mutual interference. In addition, safety analyses of dependent failures ("Cascading failures", "Common cause failures") are performed.
Part 10: Overview of the series of standards, explanations and further information about various aspects of the standard. This part is not normative but is intended to facilitate understanding of the other parts.
Part 11: Like Part 10, this part is informative (non-normative) and contains possible interpretations of other parts of ISO 26262 in relation to semiconductor development.
Part 12: Special requirements or adaptation of the requirements for motorcycles, e.g. with regard to hazard and risk analysis, vehicle integration and safety validation.
ASIL classification
ISO 26262 places the determination of the ASIL (Automotive Safety Integrity Level or safety requirement level) at the beginning of every development process. The severity of the impact (severity: danger to the user or to the environment), the probability of occurrence (exposure: comonness of the corresponding driving situation) and the controllability of the fault, e.g. by the driver (controllability), are assessed for each potential risk which has been identified and are then subdivided into four levels (S0 to S3, E1 to E4, C0 to C3).
The addition of the classifications results in a safety requirement level which ranges from ASIL A to ASIL D, with ASIL D representing the highest risk and therefore the highest requirement level, which applies to brake control units, for example. If the risk, however, is so low that the measures of normal quality management are sufficient, ISO does not have to be applied.
Sources of supply
All parts of ISO 26262-1:2018-12 can be purchased from Beuth-Verlag or directly from the International Organization for Standardization (ISO).
Development of functionally safe automotive systems according to ISO 26262
NewTec supports manufacturers and suppliers in the development of both electronic and electrical systems and components for motor vehicles, which are functionally safe and comply with ISO 26262 requirements. Our safety specialists offer a long-standing experience in consulting and coaching in all facets of embedded automotive safety and can take on requirements engineering projekts or entire safety engineering projects on request. In addition, our ISO 26262-compliant platforms like NTBatteryManagementSystem and NTMicroDrive may significantly contribute to the reduction of your developmental efforts and costs.
Questions? Get in touch with us: Contact
Or give us a call on +49 7302 9611-0