ISO 26262 Functional Safety Concept

Reading time: 4 minutes - Difficulty: advanced

Referring back to the previous article, we should remind ourselves that the key points of the ISO 26262 standard includes that of planning, coordinating and monitoring the progress of safety-related activities, as well as the responsibility of ensuring that confirmation measures are carried out throughout the Safety Life Cycle. Let’s focus on a important aspect called the Functional Safety Concept.

Introduction to the Concept vs. Safety Life Cycle

The Functional Safety Concept phase is foreseen in the initial part of the ISO 26262 life cycle, as it establishes the bases to be considered in the design for the achievement of the safety objectives already set with the determination of ASILs with the HARA method.

FSC in iso 26262 lifecycle

The exact definition of the Functional Safety Concept (FSC) is:

specification of the functional safety requirements* with associated information, their assignment to elements within the architecture, and their interaction to achieve safety objectives.

 

*The FSR (Functional Safety Requirement) is instead:

specification of the implementation-independent safety behavior or implementation-independent safety measure, including its safety-related attributes.

 

In the interest of clarity, let’s compare the two definitions:

FS Functional Safety Concept (FSC) Functional Safety Requirement (FSR)
What it refers to Vehicle Systems or sub-systems
Purpose Describes how safety objectives will be achieved Translate the FSC into specific and verifiable requirements for individual components of the system
What it specifies  

  • Functional or degraded behavior of the object in relation to safety objectives
  • Strategies to detect and control relevant faults in a timely manner
  • Measures to achieve fault tolerance or mitigate the effects of faults
  • Assignment of safety requirements to system architecture or external measures
  • Safety functions that the system
    must implement
  • Behaviors required under normal
    and fault conditions
  • Required performance levels (e.g., maximum response time)
Example For an Adaptive Cruise Control (ACC) system, the FSC may specify how the system reacts to sensor failures, such as loss of radar signal, to maintain safety of the vehicle. An FSR for the ACC could specify that the system must automatically disengage and alert the driver in the event of failure of a radar sensor within 2 seconds.

 

In summary, FSC provides an overall view of how safety of the vehicle will be achieved, while FSRs translate this view into practical and measurable requirements for individual components of the system.

 

Do you need immediate assistance for compliance with ISO 26262
(Functional Safety)?

 

Contact us

Would you like to contribute to our page? Follow us on Linkedin

 

Prerequisites of the Functional Safety Concept

The inputs for definition of the FSC are:

  • Definition of the item
  • Hazard analysis and risk assessment report
  • Architectural design of the system
  • Consider any dependencies between systems and interfaces, interactions of the driver and the environment
  • Determine the relationship between faults, safety mechanisms and driver interactions/behaviors

 

All this is reported in the Safety Plan, which is followed by the implementation of the specific requirements; this plan must contain all the necessary information on how to implement, manage over time, and trace the responsibilities related to functional safety.

 

Example of application of the Functional Safety Concept

Let’s see an example of application of the Functional Safety Concept to lane centering systems (ALC, Automatic Level Control).

The assumption is that failure management strategies are generally provided for LAC systems.

This means being able to disengage the ALC system without further actions and without interfering with other systems by transiting in a safe condition, as in the example diagram below, provided by NHTSA: DOT HS 812 573 – Functional Safety Assessment of an Automated Lane Centering System.

iso 26262 functional safety concept example on alc

 

This is an architecture that by way of explanation can support a failure and still keep the ALC system active. In the event of a second failure, a failure management strategy can be followed.

 

However, it remains essential to include specific safety requirements for driver warning systems, i.e., for example, related to the possibility of recording electronic faults in the ALC control modules, or to detect any electronic fault that may have significant effects on the functionality of Automatic Level Control.

In fact, warning the driver is a key element in ensuring that the driver follows the right course of action. The purpose of the warning is to reduce the risk exposure time within an acceptable range, and therefore using indicator lights or tactile signals, such as vibration of the steering wheel or seat, audio or messages on the display.

 

 

Any questions or comments?

 

Share us your feedback

Do you want to help our page grow? Follow us on Linkedin

 

Go back to the blog
Send this to a friend