ISO 26262 is a standard, adapted from the Functional Safety Standard IEC 61508 for Automotive Electric / Electronic Systems. This standard exists due to the exponential increase of software integration into automotive systems and their potential for catastrophic failure. Electronic Systems and software integration are a primary focus of ISO 26262. The standard attempts to address failures which are special, cascading or common cause in nature. To accomplish this, ISO 26262 imposes a process to ensure safety in the design of Electronic Systems integrated into automotive applications.
ISO 26262 provides guidelines and expectations to ensure a case for safety is included in new product planning from concept through decommissioning. This standard supplements the current Advanced Product Quality Planning (APQP) approach used in product and process quality planning. Quality-One has developed and implemented technical risk assessment strategies and methods to ensure your compliance to ISO 26262.
What Does ISO 26262 Require?
ISO 26262 is an electronic / software safety supplement to new product development processes. The standard details expectations and requirements to provide guidance for the following:
Automotive safety life cycle:
- Management, development, production, operation, service and decommissioning.
- APQP with specific electronic and software safety integration.
Tailoring the necessary design and testing activities:
- Assures safety is embedded through all lifecycle phases of the product.
Functional safety guidelines for the entire development process:
- Requirements and Specifications definition
- Design of product
- Implementation of safety in design
- Integration of software and electronics
- Verification through technical risk assessment and testing
- Validation of design and process prior to launch
Automotive-specific approach for determining risk classes:
- ASILs (Automotive Safety Integrity Levels)
- Safety risks are a refinement of FMEA severity rankings of 9 or 10.
- Specifying the necessary safety requirements for achieving an acceptable residual risk.
Requirements for validation and confirmation:
- Ensuring a sufficient and acceptable level of safety is achieved.
What is an ASIL Rating?
ASIL ratings are categories in which safety risk can be placed to prioritize mitigation actions. Highest risks require more detailed mitigation or decomposition. ASIL levels are presented as letters, shown below, from highest to lowest risk:
- ASIL D
- ASIL C
- ASIL B
- ASIL A
- QM (Quality Managed)
QM is important to ASIL for function but is not a safety concern.
The end result of all risk mitigation activity should achieve one of the following outcomes:
Design the product where no failure and resulting Hazard can occur.
- Error / Mistake Proofing (Poka Yoke)
No single component failure (Single Point), can fail at a rate greater than 1 * (10–8), permitting the Hazard to occur.
- System Level Failure Mode and Effects Analysis (FMEA)
Create redundancy and / or safe state default conditions requiring multipoint failures for the Hazard to occur.
Each risk is different and mitigation plans are developed based on the ASIL Hazard and Impact to your organization. Successful mitigation and subsequent verification and validation of counter measures provide evidence, supporting the case for safety.
Learn More About ISO 26262
Quality-One offers Quality and Reliability Support for Product and Process Development through Consulting, Training and Project Support. Quality-One provides Knowledge, Guidance and Direction in Quality and Reliability activities, tailored to your unique wants, needs and desires. Let us help you Discover the Value of ISO 26262 Consulting, ISO 26262 Training or ISO 26262 Project Support.