ISO 26262 Second Edition Introduces Updates to Functional Safety in Road Vehicles
Whether you’re just entering the automotive market or looking to improve your development process, you’ll need to become extremely familiar with the ISO 26262 standard.
In 2011, ISO 26262 was created to set the standard for the automotive industry and its suppliers around functional safety in electrical and electronic systems development. To address the industry’s rapid evolution and to ensure that these new electronic functions remain functionally safe in the new environment, the International Organization for Standardization (ISO) recently introduced a second edition of ISO 26262 in December 2018.
There are plenty of updates to sort through in the ISO 26262 2018 version, from building motorcycles to providing more guidance for the semiconductor industry.
Given that the first edition of ISO 26262 hung around for roughly seven years before it received an update, you can expect the most recent version to be the standard for driving quality and reducing risk in automotive functional safety for at least the foreseeable future.
What follows is a non-comprehensive overview to help familiarize you with important ISO 26262 second edition updates. However, it’s imperative that developers for the automotive electronics industry independently study and understand the updates and how their process must evolve to accommodate.
With the implementation of the second edition of ISO 26262, all road vehicles are now included – not just those with four wheels and a maximum vehicle gross mass of up to 3500 kg, as was the case in the first edition.
Motorcycles, trucks, buses, trailers and semi-trailers are now all covered in detail. Your development teams will need to familiarize themselves with the specifics. This webinar from Automotive World provides a good summation of the major changes with a particular focus on motorcycle and commercial vehicle development, and we’ll quickly touch on some of the key points.
Whereas passenger vehicles must adhere to an Automotive Safety Integrity Level (ASIL), the latest version of ISO 26262 introduces a Motorcycle Safety Integrity Level (MSIL). And, as such, the hazard analysis and risk assessment for motorcycles been altered to account for the differences. One thing worth noting is since motorcycles are so unique in their performance, there’s a larger emphasis placed on the responsibility of the rider versus the machine itself. For instance, whereas most cars are expected to still perform well in ice and snow, motorcycles are not, and so if a rider makes the choice to drive in those conditions, they are purposely accepting a higher degree of risk.
Since trucks and buses, on the other hand, are primarily defined by their larger size and mass, those factors tie into their controllability and, therefore, exposure to risk. For example, when a large truck is loaded with cargo, it’s going to have few issues with things like wheel spin on a steep hill than when it’s completely empty. And because different trucks, buses and semi-trailers all have unique purposes for use (for instance, long-haul semi-trucks versus city buses) and are typically exposed to different conditions and environments, the second edition of ISO 26262 makes distinctions between the base vehicle types of each. In terms of controllability, for example, concrete trucks should be able to withstand something like an unpaved construction site, whereas buses don’t regularly encounter that sort of terrain.
Development software that’s used to create components for automotive systems must be qualified to do its job in a functional safety design environment. The qualification and classification requirements are described in Clause 11 of ISO 26262, Part 8. Software tools receive a certified qualification report if they are fit for purpose.
It’s worth noting that Jama Connect™ has already been certified fit for developing safety-related products according to ISO 26262 (up to ASIL D) by internationally-recognized testing body TÜV SÜD. That means Jama customers can use the TÜV SÜD certificate as an argument for software solution qualification in projects, instead of having to spend time qualifying it themselves. Jama is the first vendor that is both SaaS and Agile to receive the certification.
In response to increasing security concerns in connected devices in automobiles, ISO 26262 now requires a management plan that incorporates effective communication channels between functional safety and cybersecurity. These necessary channels have been identified at both the functional safety management level and at the system level for product development.
The first edition of ISO 26262 did not include specific guidelines for semiconductors used in automotive application. This caused some confusion and led many automotive teams to create their own functional safety requirements for their semiconductor suppliers.
Now, a new section provides guidelines on and definitions for semiconductor components and semiconductor technologies used in automotive application. This should not only eliminate uncertainty, but also create uniformity when it comes to the design, verification and validation of semiconductors for the automotive industry.
One thing that was left out of the second edition is “the non-systematic and random safety issues that will occur with autonomous systems using neural networks.” Semiconductor Engineering explains that this is because a new standard coming later this year – SOTIF, Safety Of The Intended Functionality – will include new automation technologies for things like autonomous vehicles not covered in ISO 26262:2018.