Among the parameters that define consumer automobiles―cost, efficiency, performance, aesthetics, and longevity come to mind―safety usually ranks paramount. While nearly all modern cars meet basic safety standards, there are stringent and exhaustive requirements for the components and systems that help engineers implement safe designs.
Once electronics began to play a significant role in road vehicles, standards such as IEC 61508―and more recently, ISO 26262―were implemented to apply functional safety throughout the lifecycle of an automotive. We'll explore some of the key requirements of ISO 26262, the most adopted functional safety standard for automotive electronics.
The Automotive Safety Standard: ISO 26262
ISO 26262 is titled, Road Vehicles―Functional Safety. This standards document was developed by the International Organization for Standardization (ISO) to be applied to safety-related systems that utilize electronic components within production passenger cars. Initially published in 2011, ISO 26262 is a 10-part adaptation of the IEC 61508, a series of standards developed by the International Electrotechnical Commission to ensure that electronic systems are designed, implemented, operated, and maintained to operate at a predefined Safety Integrity Level (SIL).
ISO 26262 aims to apply these SILs specifically to passenger vehicles, and therefore modifies the safety system parameter to be the Automotive Safety Integrity Level (ASIL). Ultimately, ISO 26262 is a framework to assist in the development of electronic functional safety systems. The standard uses ASILs to measure the risk of a system component and subsequently influence the level of design requirements that designers and engineers must follow to ensure safe operation.
ASIL: Automotive Safety Integrity Levels
An ASIL defines the risk associated with a system's failure relative to its severity, exposure, and controllability. Depending on the system's ASIL, which is rated on a scale of A-D, designers must meet specific design and operation requirements to deem that system safe, secure, and reliable. The ASIL presents a four-point scale for determining how important the system is from a functional safety perspective and what the danger presented to the driver and passengers would be, should it fail.
The severity of a system failure is measured by the following subscale:
S0: No injuries
S1: Light to moderate injuries
S2: Severe to life-threatening (survival probable) injuries
S3: Life-threatening (survival uncertain) to fatal injuries
The exposure gauges the likelihood of a system failure occurring, and is measured using the following subscale:
E0: Incredibly unlikely
E1: Very low probability (injury could occur in rare operating conditions)
E2: Low probability
E3: Medium probability
E4: High probability (injury could occur under most operating conditions)
The controllability of a system during a failure measures the influence that the driver has on the system, should a failure occur. Controllability is measured using the following subscale:
C0: Controllable in general
C1: Simply controllable
C2: Normally controllable (most drivers could act to prevent injury)
C3: Difficult to control or uncontrollable
This ASIL matrix from Analog Devices helps to define an automotive system ASIL class.
Conclusion: Designing with ISO 26262 Parameters
ISO 26262 provides a broad framework of safety requirements to enable engineers to design, build, operate, and maintain safe electrical systems in consumer automotive road vehicles. Most importantly, ISO 26262 provides standards to ensure that the entire lifecycle of functional safety systems and critical safety electronics meet safety requirements, and that the international automotive industry works within the same parameters.
