site-logo

Functional Safety for Automotive ECU Development

automotive_spice
Certification-Badge-Nov-2023
logo-2-4
automotive spice

The stakes for functional safety (FuSa) rise with every innovative feature added to vehicles. Whether it is ADAS, autonomous driving system, Electronic power steering or Brake ECUs, functional safety is paramount for all of them.

The proven approach to ensure functional safety is by following ISO 26262 standard. It ensures that functional safety is embedded in the development cycle through the concept phase, development and verification.

At Embitel, we are dedicated to help your automotive solutions meet ISO 26262 standard in letter and spirit.

With 16+ years of domain expertise in Automotive and in-depth know-how of Functional Safety implementation practices, we help you to deliver ISO 26262 compliant solutions for your customers.

We have partnered with customers across Europe, Asia and US for development of various ASIL D compliant automotive solutions including Brake ECU, EPS ECU and more.

Automotive Functional Safety Success Stories

Development of an Invite-Only Website with Progressive Web App for a Leading F&B Retailer

ASIL-D Compliant Electronic Braking ECU

We partnered with an automotive Tier-1 supplier, a pioneer in brake system for ASIL D brake ECU development.

Embitel Solution:
To ensure compliance with ASIL-D functional safety requirements, we performed safety analyses like FMEA, FMEDA etc, and developed key algorithms such as:

  • Auto-Apply: Automatically applies EPB when ignition is off for safety.
  • Manual Apply/Release: Enabled only below 5 km/h and with service brake pressed.
  • Auto-Release on Drive Away: EPB auto-releases when speed > 5 km/h and safety conditions like seatbelt fastening are met..
  • Auto-Hold:EPB auto-engages at stops and releases on driving, aiding in traffic or slopes.

SCADA Solution Development for Solar Tracking System

Design & Development of ASIL-D rated Electric Power Steering (EPS) system

Our automotive engineers collaborated with a Tier 1 supplier from India, for the design and development of Electric Power Steering (EPS).

Embitel Impact:

  • Engineering and implementation support throughout the project development lifecycle.
  • Developed a design based on ASIL-D certified microcontroller - MPC5643L

SCADA Solution Development for Solar Tracking System

Mutation testing project to ensure ASIL-D Compliance of EPS

Collaborated with a Europe based Automotive Engineering Company to execute Mutation Testing of the automotive ECU for their Electric Power Steering project.

Embitel Solution:

  • Analysis and design of the ECU software architecture
  • Mutant code design for different test cases identified at the analysis phase
  • Reporting and analysis of mutant test results

Our Functional Safety (FuSa) Service Offerings

Functional Safety Concept Phase

  • Support for Hazard Analysis and Risk Assessment (HARA) and HAZOP analysis.
  • Defining system-level safety requirements to address identified hazards.
  • Establishing FuSa strategies to achieve safety goals.
  • Allocation of safety measures across system components.
  • Expertise in tools like DOORA, Polarion and JAMA tools.

Functional Safety Engineering

  • ISO 26262 consulting services
  • Tool Qualification
  • Safety Element Out of Context development.
  • Design of software and hardware architectures ensuring non-interference and ASIL decomposition.
  • Gap analysis at technical and functional levels.
  • Model based development using tools- MATLAB, SIMULINK etc.

ISO 26262 Compliant Testing Strategies

  • Static analysis with Polyspace, Helix QAC, and LDRA for MISRA and ISO 26262 compliance.
  • Unit, integration, and system tests using VectorCAST, Tessy, and Cantata.
  • Fault injection testing with Synopsys TestMAX, Razorcat TESSY, and NI TestStand.
  • HIL and SIL validation using dSPACE, ETAS LABCAR, and Simulink Test.
  • Traceability management with Jama Connect, Polarion, and DOORS.

Safety Analyses

  • Software and Hardware Failure Modes & Effect Analysis (FMEA).
  • SPFM, LFM and PMHF Derivation using FMEDA.
  • Fault Tree Analysis and Dependent Failure Analysis.
  • Expertise in tools like Medini Analyzer, Enco SOX tool.

Functional Safety Supporting Processes

  • Support for configuration and change management.
  • Support for ISO 26262 documentation: Development Interface Agreement (DIA), Safety case, Hardware-Software Interface and other documents.
  • Safety case documentation to support certification and assessment processes.

Functional Safety Management

  • Design of modular documentation structures for safety artifacts.
  • Implementation of end-to-end traceability across requirements, designs, and tests.
  • Development of detailed activity plans aligned with the product lifecycle.

Your Functional Safety(FuSa) Journey:

How do we Ensure FuSa Compliance for Automotive Systems

Comprehensive ISO 26262 and FuSa Expertise

Comprehensive Safety Analysis

End-to-End Functional Safety Support

Proven Track Record and Tools

Handbook: Functional Safety (FuSa) Consulting Services

Get more details about our service offerings for the implementation of ISO 26262 based FuSa framework for Automotive Projects

[Video on ISO 26262] How to Derive Automotive Safety Integrity Level (ASIL) Using HARA

Functional Safety Consultants: Team Structure

01

Veteran Functional Safety Managers

who partner with you to achieve compliance with the desired ASIL Grade (ASIL B, ASIL C or ASIL D)

02

Senior ISO 26262 consultant

with 20+years of experience, to partner with you for critical automotive projects for product development and consulting support

03

Senior embedded engineers

Proficient in developing automotive applications as per the latest industry standards including AUTOSAR, ISO 26262 and MBD.

FAQs’:ISO 26262 Consulting, Analysis and Design/Development Services

Ans Functional safety is the absence of risk caused by faults in electronic and electric components of a vehicle. When a fault occurs in an automotive component, it can compromise the safety of the driver and occupants. For example, if the airbag system develops a fault such as a faulty sensor that fails to detect a collision, leading this leads to the airbag not deploying in a critical accident. This would be considered a compromise to functional safety due to a malfunctioning electronic component in the vehicle.

To ensure functional safety in automotive systems, it must be developed as per the guidelines mandated in ISO 26262 standard.

Ans Hazard Analysis and Risk Assessment (HARA) is among the first steps in the journey to ISO 26262 compliance. It identifies potential hazards in electrical and electronic (E/E) systems, assesses the associated risks, and defines safety goals to mitigate these risks. Based on the risk assessment performed during HARA, ASIL rating is allocated to the system under development. Risk for each hazard is evaluated based on 3 factors:

  • Severity: Potential impact of the hazard
  • Exposure: The likelihood of occurrence of hazard
  • Controllability: Ability of the driver to control or avoid the hazard


HARA ensures that safety measures are proportional to the risk associated with each hazard.

Ans The focus of functional safety is to ensure that safety-critical systems in a vehicle operate reliably under all conditions, including during faults or failures. Key principles include:

  1. Hazard and Risk Assessment (HARA):Identifying and analyzing potential risks to assign appropriate ASIL levels, ensuring mitigation strategies are proportionate to the severity of risks.
  2. Fail-Safe Design: Ensuring systems transition to a safe state during malfunctions, with designs that anticipate and handle failures effectively.
  3. Safety Goals and Requirements: Defining clear safety objectives and implementing functional and technical requirements to meet these goals in all conditions.
  4. Verification and Validation: Verifying the system’s adherence to design specifications and validating its performance under real-world scenarios.
  5. Avoidance of Single Points of Failure: Incorporating redundancy in critical functions to ensure reliability in the event of individual component failures.
  6. Safe Degradation: Designing systems to maintain partial functionality while minimizing risk during degraded operating states.
  7. Continuous Monitoring: Implementing diagnostics and monitoring mechanisms to detect, report, and respond to faults in real time.
  8. Traceability: Ensuring safety requirements, implementation, and verification are clearly documented and aligned throughout the development lifecycle.


These principles ensure the reliability of safety-critical systems like ABS, ADAS, and autonomous driving, supporting safe vehicle operation at all times.

Ans Under our ISO26262 Consulting services, we partner with your automotive product development teams for the following:

  • Understanding the framework of ISO26262 Functional Safety Practices
  • Evaluation and identification of critical Checklists , Guidelines, Templates, and Tools ( based on the project requirement)
  • End-to end Technical Consulting, in order to develop a well-define functional safety roadmap.

Ans Post our Functional Safety workshops, we can partner with your design and development teams with in-depth analysis of the system and hardware/software components. Under this engagement, we collaborate to achieve the following

  • Failure Modes and Effects Analysis
  • Concept phase Safety Analysis( HARA for ASIL Determination)
  • System level safety analysis
  • Hardware and Software safety Analysis
  • Independent Review of the product and the process


P.S: We also partner with our customers directly for “Functional Safety Analysis” , as per their requirement and the current stage of their Functional Safety journey.

Ans Our ISO26262 design & development is based on the V-model SDLC (Software Development Lifecycle): For this engagement, our Functional Safety Project Managers and Embedded Product Developers, will partner with your teams for the following action items:

  • Concept Development (HARA)
  • System Requirement Analysis
  • Hardware and Software Safety Analysis (FMEA, FTA and FMEDA) & Architectural Design
  • Design Implementation
  • Testing (Unit testing, Integration Testing & Functional Testing)
  • System Integration and Testing
  • Safety Assessment and Validation

Ans Yes. Our ISO26262 Functional Safety offering is based on an ‘Onsite-Offshore’ model. Our team can perform requirement gathering and analysis of the project, onsite.

The actual ISO 26262 based implementation service can be done onsite or offshore, based on the scope of the project.

In some instances, sensitive work-products that can’t cross the country borders or the customer premises; are managed onsite.

Ans Yes, ISO 26262 recommends the organizations ( auto-manufacturers and suppliers ) to adhere to Quality Assurance standards such as CMMI, ISO/TS 16949 or ISO 9001.

Ans ISO 26262 is an automotive functional safety standard that provides a structured framework for safety-critical automotive solutions development. The standard captures the entire lifecycle from design to production and beyond. ISO 26262 introduces the concept of Automotive Safety Integrity Levels (ASIL) to classify safety-critical functions and determine the level of testing and validation required.

By adhering to ISO 26262, automotive manufacturers and suppliers can ensure vehicles are not only safe for consumers but also comply with global regulatory requirements. This standard is essential for systems like braking, steering, ADAS, and electric vehicle components, where failures could have significant safety implications.

Ans Functional safety ensures that a system operates reliably and minimizes risks when failures occur.

In the automotive domain, every Some of the electronic and electric modules that is aare critical examples of functional safety. These include: include:

  • Anti-lock Braking System (ABS): Prevents wheels from locking during braking to maintain steering control.
  • Electronic Stability Control (ESC): Helps maintain vehicle stability during cornering or slippery conditions.
  • Airbag Systems: Deploys airbags during a collision to protect passengers.
  • Advanced Driver Assistance Systems (ADAS): Features like lane-keeping assist or adaptive cruise control rely on functional safety to ensure reliable operation.
  • Battery Management Systems (BMS): In electric vehicles, these systems ensure safe charging, discharging, and temperature control.


Each module is designed and tested with ISO 26262 standards to meet safety integrity levels (ASIL) appropriate to the risk they manage.

Ans A functional safety plan is a mandatory artifact in the ISO 26262 framework. It provides a comprehensive roadmap for managing safety activities across the lifecycle of an automotive item or element, ensuring compliance with safety goals and ASIL requirements.

Core Components of a Functional Safety Plan:

  1. Scope of Safety Activities:
    • Defines the safety lifecycle phases to be covered (concept, development, production, operation, and decommissioning).
    • Specifies the item or element being addressed.
  2. Roles and Responsibilities: Allocates responsibilities for the Functional Safety Manager and other key stakeholders.
  3. Hazard and Risk Assessment (HARA): Includes strategies to identify hazards, assess risks, and determine ASIL levels.
  4. Safety Lifecycle Tailoring:
    • Details how lifecycle phases will be tailored to meet specific ASIL requirements.
    • Defines interfaces with other processes like system, hardware, and software development.
  5. Verification and Validation Activities: Outlines plans for confirmation reviews, functional safety assessments, and validation against safety goals.
  6. Safety Analysis Methods: Specifies techniques like FTA (Fault Tree Analysis), FMEA (Failure Mode and Effects Analysis), and FMEDA (Failure Mode Effects and Diagnostics Analysis).
  7. Change and Configuration Management: Ensures adherence to controlled processes for managing modifications while maintaining traceability.
  8. Safety Culture and Competence Management: Ensures the team possesses the necessary qualifications and experience for safety-critical development.

Ans As an automotive company, your functional safety responsibility involves:

  • Implementation of organization Specific
  • Safety Policies & Rules
  • Ensuring Safety Culture
  • Management of safety anomalies
  • Competence management
  • Quality management
  • Project-independent tailoring/adaptation of the safety lifecycle

Ans Yes, we have various ISO26262 training programs designed to suit your requirement. Based on your business requirements, you can collaborate with us for any of the following trainings schedules:

  • 1-day training: ISO 26262 Overview
  • 2-days training: Covers the specific topics under the ISO 26262 Safety Standard
  • 5-days training: Detailed ISO 26262 Functional Safety Training


These training programs can be conducted either through online or onsite mode.

Ans. For existing product lines, we will perform Gap analysis at various levels including the process, the management, and the technical level. Gap Analysis will help you understand safety gaps in your product line while identifying measures to close the gap towards functional safety compliance. The entire process involves:

  • Addressing each gap and mitigating them as per the ISO 26262 recommendations
  • Generating Compliance report

Ans Yes, Embitel’ s Functional Safety (FuSa) team can assist you by performing ISO26262 recommended analysis of any SEooC product (Safety Element out of context) to ensure safety compliance.

Ans Not exactly. The ISO 26262 is recommending quality process to ensure functional safety. At the same time, the standard is providing technical guidelines to meet required safety integrity goals/ levels at the hardware and software level.

Knowledge bytes

1

What is Functional Safety in Automotive? What is the role of ISO26262 Standard?

A number of components of a car are safety critical; like, Electronic Steering System, Anti-lock Braking System, Air-bags, electronic stability control, and more.

By safety critical, we mean that the failure of these components can risk the driver or the passengers’ life.

ISO26262 is a standard that defines a framework to implement safety practices during the design, development, and the testing of all the critical electrical and electronic components of a road vehicle. This standard has been derived from IEC61508.

ISO26262 standard comprises of a set of steps that regulate the product lifecycle at the software and the hardware level. ISO26262 provides an extensive set of recommendation for automotive product development, right from the conceptualization to the decommissioning stage.

2

What is ASIL in Automotive Functional Safety?

A number of components of a car are safety critical; like, Electronic Steering System, Anti-lock Braking System, Air-bags, electronic stability control, and more.

By safety critical, we mean that the failure of these components can risk the driver or the passengers’ life.

ISO26262 is a standard that defines a framework to implement safety practices during the design, development, and the testing of all the critical electrical and electronic components of a road vehicle. This standard has been derived from IEC61508.

ISO26262 standard comprises of a set of steps that regulate the product lifecycle at the software and the hardware level. ISO26262 provides an extensive set of recommendation for automotive product development, right from the conceptualization to the decommissioning stage.ASIL (Automotive Safety Integrity Level) is the notation for software or hardware component that signifies its safety-criticality.

ASIL has four categories- ASIL A, ASIL B, ASIL C, and ASIL D. ASIL A indicates least critical level and D indicates the most critical level. There are three factors that determine the ASIL of a software or hardware- probability of exposure, controllability by the driver, and the severity of the outcome if a fault occurs.

ASIL A is almost equivalent to QM level, therefore, ASIL B is usually the minimum requirement, in order to make your product complaint with ISO 26262 Standard for Functional Safety.

Considering the example of an Air-Bag, the analysis will look into how likely it is for the air bag to get activated, what will be the effect on car and how can the driver control it. Considering all these factors, ASIL will be determined, which will most likely be ASIL-D for Air- Bags.

ASIL is determined at the beginning of the automotive software development with the help of HARA. However, it can be done post the development also, but is not recommended. Based on the ASIL rating, safety processes and testing regulations are followed- strictest for D and flexible for A.

Scroll to Top