Automotive Industry Insights

ISO 26262

Description
The international safety standard ISO 26262 (“Road Vehicles – Functional Safety”) outlines a framework for functional safety in the automotive industry. The intention of the framework is to establish a uniform, universally accepted approach for the development of safety-related electric/electronic systems. In doing so, ISO 26262 helps to uncover and address possible hazards caused by malfunctions of safety-related E/E systems. ISO 26262 addresses the specific needs of the automotive industry and covers the complete product life cycle, from design and specification, implementation and verification, to production, operation, and maintenance and even end of life and decommissioning of the system.

As ISO 26262 is a risk-based safety standard, a hazard analysis and risk assessment (HARA) forms the foundation for the evaluation of safety-relevant systems. To subsequently identify the safety relevance of a malfunction, the Automotive Safety Integrity Level (ASIL) is determined by combining the frequency of hazardous incidents with their severity and controllability. To complete the holistic framework, ISO 26262 furthermore provides requirements for functional safety management, design, implementation, verification, validation, and confirmation measures in a total of ten normative parts and two guidelines.

Status
ISO 26262 is well established in the Western and Japanese automotive industry. In Asia and especially China, ISO 26262 is becoming increasingly relevant and some companies already implement it in their development process. The first version of ISO 26262 was released in 2011 and covers mass-production passenger vehicles up to 3.5 t. For the second edition of ISO 26262, which was released at the end of 2018, the scope was extended, such that the new edition covers all series-production road vehicles including buses and trucks and motorcycles. Additionally, part 12 of the standard now explicitly addresses an “adaptation for motorcycles.”

Current role and relevance with regard to ADAS/AD
In classical automotive control systems, the type approval is granted based on product testing. This testing is conducted before market introduction. With the introduction of automated vehicle functions, the process of the identification, management, and treatment of risks must be stretched over the entire product life cycle. This results in the need for a continuous application of ISO 262626-compliant testing, verification, and validation processes, to maintain the safe operation of vehicles in an ever-changing environment. Furthermore, moving toward higher automation levels implies that the controllability of malfunctions is reduced. Therefore, extensive verification of safety-relevant functions is necessary.

Study group summary of ISO 26262
The test strategy blueprint defined in the study group is based on various sources. One source is ISO 26262, which recommends a test strategy for electronics and software that is also based on a combination of real and virtual test procedures. The blueprint proposed in the study group, from which the relevant use cases for homologation are derived, is a concretization and extension of the test strategy recommended by ISO 26262. Since ISO 26262 is intended to describe the state of the art for the verification and validation of complex and safety-critical E/E systems and software, we recommend that an extension and renewal of the proposed test procedures and test strategy be undertaken for the next edition. The blueprint developed by the study group is an excellent basis for this, as it lists all currently relevant test procedures, describes them in detail, and places them in the context of the approval of automated driving functions.