When ISO 26262 standard was first rolled out, it had kept heavy vehicles and two-wheelers out of the standard’s scope. While the reason to leave them out is best known to the members of the consortium, the need to include these vehicles was definitely felt after 7 years. However, heavy vehicles such as trucks and buses are entirely different from passenger vehicles in terms of size, usage, additional parts, specific functions, so on and so forth.
Vehicle usage scenarios, base vehicle type, environmental conditions and operational system interaction are some of the factors that impact various safety lifecycle activities such as HARA, ASIL determination, FMEA and more. What we are trying to imply is that ISO 26262 mandated functional safety works differently in case of heavy vehicles as compared to passenger cars.
Heavy vehicles such as trucks and buses are different from passenger cars with respect to their manufacturing. Two terms that need to be understood here are- base vehicle and body builder equipment.
A base vehicle is carrier vehicle designed by the OEM. It usually comprises a chassis, engine, and a cabin from where the vehicle is driven. Additional equipment is installed or integrated on the base vehicle.
A body builder equipment is the specialized body part installed or integrated to the base vehicle depending on usage of the vehicle.
The additional requirements for development of software and hardware components for trucks and buses have been listed under following categories:
- Supporting processes in Functional Safety Management
- HARA
- System level validation
- Production, operation, service, and decommissioning
In this blog, our focus will be on the concept phase of safety lifecycle as this is the phase where majority of differences exist. Once the Functional Safety Requirements are set, there is no major difference in the methods applied for ISO 26262 compliance. However, there are certain guidelines about trucks and buses mentioned in functional safety management (Part-2) and Part-8 of the ISO 26262 standard. We will touch upon them in the later sections of the blog.
Differences in ISO 26262 Compliant Hazard Analysis and Risk Assessment for Trucks and Buses
Dynamic characteristics of heavy vehicles such as trucks and buses make them susceptible to several hazards that are not applicable to passenger cars. The kind of load a truck may be carrying, configuration of the vehicle and type of base vehicle are some factors that impact the hazards and associated risks.
In the context of HARA, the impact will be on severity, controllability and exposure which will lead to determination of ASIL and other metrics.
The functional safety experts need to make judgements based on their domain expertise and the project requirements to ascertain the variances such as:
- Type of vehicle
- Vehicle configuration
- Vehicle operation
As per the ISO 26262 standard, the type of base vehicle is one of the major considerations that can impact the hazards and the associated risks.
To make it clearer, we can take an example of a truck’s electronic power steering system. When a trailer is attached to the truck, it may impact the controllability of the vehicle by the driver. Similarly, wheel spin may not be an issue when a truck is not carrying any load; however, it needs to be considered when the truck is loaded. This affects the probability of the exposure. Lastly, the truck bodies owing to their different shapes and sizes and other factors, have different safety properties, thus impacting the severity due to a hazard.
These three attributes- severity, controllability and exposure help classify the hazards during HARA and later determine the ASIL for an automotive component.
Let’s take another example to understand the impact of operational situation. Driving a tractor without its trailer attached to it puts a reduced load on the axle which may lead to reduction in vehicle’s stability. One operation situation can be driving a trailer-less tractor on a public road. While performing HARA for any software or hardware component of the drive axle, it is important to keep such operation situation in mind.
Another condition that must be considered while doing HARA is the impact of variation in the load. When the truck is partially loaded, empty or fully loaded, the center of gravity can also vary. All these parameters may lead to hazards.
How Supporting Processes (Part 8 of ISO 26262) Adapt to Trucks and Buses?
We talked about the body builder equipment that are integrated to the base vehicle. ISO 26262 standard makes it clear that any such external applications related to equipment must not violate any safety goals of the base vehicle that has been developed as per ISO 26262 standard. Clause 15 of Part-8 of the standard has details about these topics. Let us examine them briefly.
There can be many scenarios here to consider. Let us take the examples that have also been mentioned in the ISO 26262 standard:
- A body builder equipment manufacturer can act as an integrator and assemble a commercial vehicle by integrating an ISO 26262 compliant base vehicle with an external equipment. This equipment may be developed using a different standard (such as ISO 13849 safety standard for machinery control system) that apply to commercial vehicles. There has to be an interface between the two standards.
- An ISO 26262 compliant brake system is integrated with an agriculture equipment developed as per relevant standards but not ISO 26262.
In order for both these examples to work in a real-world scenario, the integrator and the base vehicle OEMs must exchange certain requirements. The base vehicle OEM must communicate the extent of modifications that can be permitted to the base vehicle without violating the safety goals. On top of that, the OEM should also identify the modifiable parts and share this information so that the integrator is aware of the components that can be modified. Additional information regarding the safety measures to be applied by the integrator, must also be communicated.
Conclusion
The methods for ISO 26262 compliance explained in other parts of the standard document are more or less the same. The major difference, as explained in this blog, is at the concept level where the ASIL is derived, and functional safety requirements are set. In different parts of the standard, here the product development at system level and software level are discussed, there are minor variations w.r.t trucks and buses.
Embitel is a leading automotive product engineering services company that has adopted the revised ISO 26262 version. We have collaborated with many heavy vehicle OEMs and suppliers and helped them with ISO 26262 compliance at different stages of product development.
