ISO 26262 is the first comprehensive automotive safety standard that addresses the safety of the growing number of electric/electronic and software intensive features in today's road vehicles. This paper assesses the standard's ability to provide safety assurance. The strengths of the standard are: (1) emphasizing safety management and safety culture; (2) prescribing a system engineering development process; (3) setting up a framework for hazard elimination early in the design process; (4) disassociating system safety risk assessment from component probabilistic failure rate. The third and fourth strengths are noteworthy departure from the philosophy of IEC61508. This standard has taken much-needed and very positive steps towards ensuring the functional safety of the modern road vehicles. SAE publications from industry show a lot of enthusiasm towards this standard.
This paper suggested a number of items to be considered further strengthen the standard's ability to provide safety assurance. First, the Automotive Safety Integrity Level (ASIL) assessment may want to consider only the severity level, so that the subjectivity involved in likelihood assessment is eliminated. The ASIL assessment also needs to be standardized across manufacturers in order to address the tension between safety and business competitiveness. Government, industry consortium, and research institutions may want to work together on ASIL standardization efforts. Second, this standard provides little guidance on how to eliminate hazards in the design, but rather provides details on how to design and evaluate the effectiveness of component failure detection and control mechanisms. This paper identifies research that could be conducted on how to adapt the System Theoretic Accident Modeling and Process model during the design phase. Third, this standard gives detailed guidance on reliability engineering methods for component failures, but little on system safety design methods. Reliability and safety are different attributes of the system. This standard can be improved by further research on adapting system safety engineering methods to this standard. Fourth, the standard also substitutes good software systems engineering practices for software safety, although this is on par with other industry standards. Further research is needed to address software safety assurance. Fifth, the need for more detail in the safety assurance process and plan for product and operation phases of the product are discussed. Last, the needs for better design methods and safety assurance plan concerning driver/vehicle interaction design are also presented.
PresenterQi Van Eikema Hommes, Volpe Transportation Systems Center