Issue: Jul 2011

Requirements of ISO 26262

by Tony Davison

The issue of safety has always been one of the most important topics for the automotive industry. The announcement made by Toyota last year for the recall of their defective vehicles only serves to highlight how costly defects can be not only for the company’s balance sheet but also costly in terms of eroded consumers’ confidence. New technologies introduced to enhance vehicle control and driver assistance have now become standard accessories rather than optional. In addition, a recent regulation approved by the European Parliament laid out the requirements for type approvals of motor vehicles on their safety aspects calls for the introduction of these new safety features as a prerequisite. As such, the need for an internationally recognized standard for safety critical systems becomes more crucial to measure how safe a system is.

Unlike other industries, detailed discussions about functional safety in the automotive industry only began a few years ago. One of the reasons was that there was a prevailing view that the risks posed as a result of mechanical failures are still within the control of the driver. A driver merely had to stop the motor vehicle to bring the motor vehicle to a safe state. But we now know that this is not always possible when there is a failure in the drive-by-wire throttle system, as illustrated in the cases of gas pedal failures in Toyota cars in 2010.

Although there were existing standards on functional safety like the IEC 61508, this standard is not dedicated to the auto industry. The application of a non dedicated functional safety standard within different firms will not result in harmonization of functional safety objectives as different interpretations of the standard will ensue.

The ISO 26262 was developed to overcome this problem and to reach a harmonized standard for the auto industry. This standard is provided for the requirements, processes and methods to lessen the effects of systematic failures and unsystematic hardware failures. The ISO 26262 is based on the IEC 61508 which is a generic yardstick on the functional safety for Electrical/Electronic (E/E) systems created in 2002 by CENELEC. The ISO 26262 borrowed on the IEC 61508 concept of “Safety Integrity Level” (SIL) and redefined it as “Automotive Safety Integrity Levels” (ASIL).

The structure of the ISO 26262 comes in 10 parts as listed below:
• ISO 26262: Part one: Vocabulary
• ISO 26262: Part two: Management of functional safety
• ISO 26262: Part three: Concept phase
• ISO 26262: Part four: Product development: system level
• ISO 26262: Part five: Product development: hardware level
• ISO 26262: Part six: Product development: software level
• ISO 26262: Part seven: Production and operation
• ISO 26262: Part eight: Supporting processes
• ISO 26262: Part nine: ASIL-oriented and safety-oriented analyses
• ISO 26262: Part ten: Guideline on ISO 26262

Overview of ISO 26262 structure

The ISO 26262 is specifically formulated for safety systems that have one or more electrical/electronic systems which are installed in series production cars with a maximum gross weight of 3500kg.

As the standard is designed for series production cars, Part 7 of the standard includes something that is not found in the IEC 61508 standard which is the requirements for the production and operation processes. The production aspect is seen in the framework of the automotive safety lifecycle that include management stage, the development stage, the production stage, the operation stage, the service stage and the decommissioning stage.

Approach of ISO 26262 

As mentioned earlier, ISO 26262 standard uses a different approach for evaluating functional safety in the sense it adopt ASILs instead of the SILS of IEC 61508. SILs have three levels while ASILs have four levels from the lowest (A) to the highest (D).

The ASIL is obtained by conducting a hazard and risk analysis. From the start of a development, all intended functions are evaluated and compared to possible hazards. The main question asked is “What would result if malfunctions occur within the context of different operational circumstances?”

The risk assessment is based on a combination of several factors like the probability of exposure, the controllability of the situation by the driver and the measurement of the severity of injury of the person that is involved in the hazard.

Want to learn more about current technologies and developments in steering systems?

Visit our Download Center for more articles, whitepapers and interviews:  

Send your comment:
Name: Email:
Phone: Town & Country:

Automotive Industries


Thank You