ISO 26262, known as “Road vehicles – Functional safety”, is a functional safety standard used in the automotive industry. The ASIL/ASIL level is a key component in determining the safety requirements for software development.
Compliance with this standard is critical to the development of automotive products. Original equipment manufacturers, suppliers and auto parts developers are required to comply with this standard.
This article will introduce ISO 26262, ISO 26262 certification tools, ASIL (Automotive Safety Integrity Level), and ISO 26262 functional safety compliance recommendations for software development teams.
What is ISO 26262 functional safety?
ISO 26262 is a risk-based safety standard derived from IEC 61508. It is suitable for use in electrical and/or electronic systems in production vehicles. This includes driver assistance, propulsion and vehicle dynamics control systems.
This functional safety standard covers all functional safety aspects throughout the development process:
-
requirements specification
-
design
-
implement
-
integrated
-
verify
-
verify
-
Configuration
Why is ISO 26262 important? And why is ASIL (Automotive Safety Integrity Level)/ASIL rating important?
The goal of this standard is to ensure the safety of automotive equipment and systems throughout their life cycle.
At each stage of the life cycle, specific steps need to be taken. This will ensure safety is considered throughout, from the early concept stages to vehicle decommissioning.
By complying with the ISO 26262 standard, you will be able to avoid or control systemic failures, and you can detect or control random hardware failures (or you will mitigate the effects of failures).
Ten parts of ISO 26262
-
Part 1 : Terminology
-
Part 2 : Functional Safety Management
-
Part 3 : Concept Phase
-
Part 4 : Product Development at the System Level
-
Part 5 : Product Development at the Hardware Level
-
Part 6 : Product Development at the Software Level
-
Part 7 : Production and Operations
-
Part 8 : Support Process
-
Part 9 : ASIL and Safety Oriented Analysis
-
Part 10 : Guidance on Safety Standards
The second edition of the safety standard was planned to add a section - SOTIF, focusing on the safety of intended functions. However, SOTIF has since been published as a separate standard - ISO/PAS 21448.
Functional safety for software developers
Part 6 is the most important part for software developers. It details the steps developers must take to ensure the security of each component.
In addition, Part 6 includes several tables that define methods that must be considered in order to achieve standard compliance.
ISO 26262 certification tools
In automotive development, any tool used needs to be certified for conformity. Part 8 provides guidance on ISO 26262 tool qualification.
The authentication tool needs to have the following content:
-
Software Tools Certification Program
-
Software tool documentation
-
Software tool classification analysis
-
Software Tool Certification Report
Certain tools are easier to qualify than others. For example, Helix QAC (static code analyzer for C and C++) comes with a compliance certificate to make the certification process easier.
What is ASIL (Automotive Safety Integrity Level)?
Automotive Safety Integrity Level (ASIL) is a key component of ISO 26262 and measures the risk of specific system components. The more complex the system, the greater the risk of systemic failures and random hardware failures.
Automotive Safety Integrity Level (ASIL) has four values, ranging from A to D. ASIL A is the lowest risk level and ASIL D is the highest level. From A to D, compliance requirements become more stringent.
There is a fifth option when it comes to determining automotive safety integrity levels – QM (Quality Management). This is used to indicate that there are no security requirements for this component. (But in order to improve product quality, it is usually still recommended to comply)
How to determine ASIL and ASIL level?
ASIL is determined by three factors - severity, exposure and controllability.
severity
Severity measures the severity of damage caused by a system failure, including damage to people and property.
There are four severity levels:
-
S0 : No harm
-
S1 : Mild to moderate injury
-
S2 : Severe to life-threatening (possibly survivable) injury
-
S3 : Life-threatening (uncertain survival) to fatal injury
Exposure
Exposure describes the conditions under which a specific failure may cause a safety hazard.
Each condition is divided into the following five levels according to the probability of occurrence:
-
E0 : Totally impossible
-
E1 : Extremely low probability (injury will occur only under very few operating conditions)
-
E2 : low probability
-
E3 : Medium probability
-
E4 : High probability (injury may occur under most operating conditions)
Controllability
Controllability is the likelihood that harm can be avoided when a hazardous situation occurs. This situation may be caused by the driver's operation or external measures.
The controllability of hazardous situations is divided into four levels:
-
C0 : Overall controllable
-
C1 : Easy to control
-
C2 : Generally controllable (most drivers can take action to prevent injury)
-
C3 : Difficult to control or uncontrollable
Once you determine severity, exposure, and controllability, you can determine the Automotive Safety Integrity Level (ASIL). Table 4 in Part 3 provides guidance on this.
△ Use this chart to determine ASIL based on severity, exposure, and controllability
ASIL Level Compliance Guide + ISO 26262
Whether you are developing traditional automotive components (such as integrated circuits) or virtual components (such as automotive hypervisors), adhering to security standards is important. Maintaining compliance throughout the automotive embedded software development lifecycle is critical.
But meeting compliance can be difficult for development teams. The increasing complexity of systems and code bases makes it difficult to verify and validate software.
You can simplify this process by using software development tools.
Establish traceability
Meeting compliance requirements and proving that you meet them can be a very tedious process. You need to document these requirements and relate them to other artifact libraries, including tests, issues, and source code.
Establishing traceability of requirements can simplify the verification process - especially when using tools such as Helix ALM. It can also help you manage risk during development.
And, if you develop semiconductors for automotive, using tools like Methodics IPLM will help establish verification traceability for your designs. Additionally, Methodics IPLM can help you manage ISO 26262 functional safety certification.
Store your code in Helix Core, the version control system from Perforce, to securely manage the revision history of all your digital assets. You get granular access control, highly transparent audit logs, strong password security, and secure replication. Therefore, you can be confident in your code.
Apply coding standards
Keeping your code safe, secure, and reliable can be difficult. You need to meet specific coding and design guidelines.
Applying coding standards, such as MISRA® or AUTOSAR, makes it easier to verify your code against security standards guidelines. Especially when using a static analysis tool like Helix QAC.
Ensure ASIL-level ISO 26262+ ASIL functional safety with Perforce
Without the right tools, it's difficult to ensure your code is functionally safe. By using Helix QAC, you can easily apply coding standards to verify that your code complies with specific security standard guidelines, such as the ISO 26262 guidelines.
About the Author:
Richard Bellairs _ _ _
Perforce Product Marketing Manager
Richard Bellairs has over 20 years’ experience working across industries. In the 1990s and early 2000s, he held electronics and software engineering positions in the manufacturing, defense, and test and measurement industries before transitioning to product management and product marketing. Now he is responsible for Perforce's market-leading code quality management solution. Richard holds a BEng in Electronic Engineering from the University of Sheffield and a Professional Diploma in Marketing from the Chartered Institute of Marketing (CIM).
Article source: https://bit.ly/45walsS