Challenges Your Automotive Team may Face in ISO 26262 Functional Safety Compliance
The need for functional safety of E/E systems has become imperative in automotive industry. This is mainly due to the inherent complexity of the electronics embedded systems.
The malfunctioning of the electronic components like the Electronic Control Units (ECUs) has serious repercussions on the safety of the driver and passengers.
For instance, if the ECU controlling the braking system of the vehicle malfunctions, a fatal accident might occur.
With the introduction of ISO 26262, a standard for functional safety of electronics and electric system in road vehicles, the Automotive OEMs and Suppliers have a framework to ensure that the automotive ECU is designed according to the defined safety criticality.
However, with hundreds of electronics and electric systems and sub-systems that are part of the modern-day vehicle; the implementation of ISO 26262 standard has become an uphill task.
We will talk about the associated ISO 26262 challenges and some recommended solutions.
But before we discuss the challenges lets understand the ISO 26262 implementation in a nutshell. You can also refer to our first blog on ISO 26262 to get a clear picture.
Source: National Instrument
Understanding ISO 26262 implementation
ISO 26262 standard provides a framework for the entire automotive safety lifecycle i.e. from development to decommissioning. A risk-based approach is followed by ISO 26262 to determine the safety criticality of a component.
Following are some of the critical steps your ISO 26262 consultant may choose to follow:
- Step 1: Hazard analysis and risk assessment are carried out based on the guidelines defined in ISO 26262 functional safety standard.
- Step 2: ASIL (Automotive Safety Integrity Level) is assigned to the components and safety goals are determined.
- Step 3: In the development phase, the safety requirements are classified into software and hardware.
The process may sound easy but in practice, altering the current process of automotive product development and making it ISO 26262 compliant is very challenging.
The functional safety consultant needs to anticipate potential malfunction scenarios of the proposed system right at the onset and recommend solutions to address them.
Major Challenges in achieving ISO 26262 Compliance
- Hazard Analysis and Assigning ASIL Determination of the safety goals along with assigning of ASIL level come across as a major challenge in the course of ISO 26262 implementation.
Hazard analysis helps to identify and analyse the safety goals of the system, which in turn is used to derive the requirements of functional and technical safety. The hardware and software design of the electronic system of a vehicle has to be prepared in accordance with these derivations.
The assigning of ASIL to the automotive components depends on 3 factors viz. severity, exposure, and controllability. These three factors are quite hard to determine without adequate exposure to the use cases.
The factors of severity, exposure and controllability need to be analysed consistently for a particular driving condition in order to prevent the ASIL being reduced. This could happen if we choose the lowest categories of the 3 factors for different driving conditions.
In addition to the determination of the risk parameter, defining them in a qualitative way is a major problem that is faced by the ISO 26262 experts.
- Non-uniformity of Functional Safety Activities Among the OEMs, Suppliers And After-Market CompaniesIn this day and age of globalization, a distributed approach of development is followed in most industries and automotive is no exception. Hundreds of components in a vehicle are outsourced to tier-1 suppliers some of which they outsource to other service providers.
In such a scenario, the safety requirement of the component derived at different levels i.e. at OEM, tier-1 suppliers and after-market suppliers need to be uniform.
Also, the safety requirements need to be shared among them so that there is no incompatibility in the final product.
For instance, the UDS stack for an ECU is being developed by one organisation and the BSP by the other. Now, when both software will be integrated to the ECU, there must not be any sort of incompatibility in terms of ISO 26262 guidelines.
Ensuring this compatibility becomes a major challenge given the distributed nature of product development.
- Quantitative Assessment of Every Hardware componentThe hardware used in the electronic components needs to be tested for failure rates. Quantitative assessment of the hardware is needed for this purpose.
Quantitative assessment refers to analysing the FIT (Failure in Time) rate. It is the number of failures that is expected to occur in 1 billion device hours of operation. Based on the FIT rate the hardware is given ASIL rating.
With several of such hardware involved, analysing each one of them is a challenge. Moreover, the testing of the most parts is performed on ASICs or other such circuits in test environment and their readings cannot be fully relied upon.
- Increase in product development cost Due to ISO 26262 ImplementationFollowing are the three reasons why ISO 26262 compliance adds overhead to the OEMs.
Additional personnel that the OEM has to hire to manage the safety critical components in the vehicle. For every expert or consultant the OEM hires, the cost escalates.
- Automotive OEMs also need to train the existing engineering man-power, to inculcate a “safety culture” in the development process. As ISO 26262 is a relatively new standard, many engineers are not well-versed with it and need some training to get a hands-on experience.
- Additional tests and formal verification processes add to the time invested in the product development. The increased time-to-market and efforts manifest in the cost of the development.
These overheads need to be in check despite taking all measures to ensure functional safety according to ISO 26262 guidelines.
- Increase in Time-to-market due to ISO 26262 ComplianceThe list of features that are being included in the automobiles is getting bigger with each passing day. In such scenario, the OEMs are under constant pressure to release the new features quite rapidly.
Some of these features that are safety critical, need to be complaint with the ISO 26262 standards. This implies additional testing and assigning ASIL ratings etc. which add to the time-to-market. With intense competition among the OEMs, keeping the time-to-market as less as possible is imperative and comes across as a major challenge.
The pain point here for the OEMs is that the customers do not see functional safety as a value-add. Most customers are willing to pay more for active safety features and fuel-saving systems but usually perceive functional safety as a required component of a vehicle.
New features like ESP (Electronic Stability Program), ABS (Anti-lock brake system), and several such advance driver assistance system are being introduced in the automobiles at a very rapid pace. As ISO 26262 is relatively new standard, the challenges are yet to be overcome completely. As the engineers and solution architects get more exposure to the ISO 26262 functional safety standard, we can expect these challenges to get easier to handle.