April 24, 2019

Why SOTIF (ISO/PAS 21448) Is Key For Safety in Autonomous Driving

Security & Compliance
Static Analysis

SOTIF (ISO/PAS 21448) was developed to address the new safety challenges that autonomous (and semi-autonomous) vehicle software developers are facing. This is especially important as artificial intelligence (AI) and machine learning play key roles in the development of autonomous vehicles.

Here, we explain what is SOTIF and its different parts.

Read along or jump ahead to the section that interests you the most:

➡️ enforce SOTIF Now with helix qac

Back to top

What Is SOTIF?

SOTIF is Safety Of The Intended Functionality — ISO/PAS 21448.

What Is SOTIF (ISO/PAS 21448)?

SOTIF (ISO 21448) applies to functionality that requires proper situational awareness in order to be safe. The standard is concerned with guaranteeing the safety of the intended functionality — SOTIF — in the absence of a fault. This is in contrast with traditional functional safety, which is concerned with mitigating risk due to system failure.

The standard provides guidance on design, verification, and validation measures. Applying these measures helps you achieve safety in situations without failure.

Here are some examples that SOTIF (ISO 21448) provides:

  • Design Measure Example: Includes requirement for sensor performance.
  • Verification Measure Example: Includes test cases with high coverage of scenarios.
  • Validation Measure Example: Includes simulations.

Easily apply SOTIF (ISO 21448) with a static code analysis tool.

📕 Related Resource: Learn how to choose the best static analysis tool to meet your needs.
Back to top

Why SOTIF (SO 21448) Is Important?

Verifying automated systems is difficult.

Automated systems have huge volumes of data — and that data is fed to complex algorithms. AI and machine learning are critical for developing these systems.

To avoid potential safety hazards, AI will need to make decisions. This includes scenarios that require situational awareness.

Using SOTIF (ISO 21448) will be key to ensuring that AI is able to make decisions and avoid safety hazards.

Example: Where SOTIF (ISO 21448) Analysis Applies

SOTIF (ISO 21448) applies to safety violations that occur without the failure of a system.

Here’s an example of situational awareness.

The road is icy. An AI-based system might be unable to comprehend the situation — and respond properly. This impacts the vehicle’s ability to operate safely. Without sensing the icy road condition, a self-driving vehicle might drive at a faster speed than is safe for the condition. Fulfilling SOTIF (ISO 21448) means taking that situation into account and making decisions based on probability.

The goal of SOTIF (ISO 21448) is to reduce potential unknown, unsafe conditions. However, that definition is very broad. And it’s difficult to show that you’ve accounted for all potential edge cases.

📕 Related Resource: Learn more about what is ISO 26262 and ASIL.
Back to top

How Is ISO 21448 Related to ISO 26262?

ISO 26262 covers functional safety in the event of system failures. It doesn’t cover safety hazards that result without system failure. That’s why SOTIF (ISO 21448) is necessary.

In fact, SOTIF (ISO 21448) was originally intended to be ISO 26262: Part 14. Because ensuring safety in situations without a system failure is so complicated, SOTIF (ISO 21448) is now a standard on its own.

ISO 26262 vs ISO 21448

ISO 26262 still applies to existing, established systems — such as dynamic stability control (DSC) systems or airbags. For these systems, safety is ensured by mitigating the risk of system failure.

SOTIF (ISO 21448) applies to systems such as emergency intervention systems and advanced driver assistance systems. These systems could have safety hazards — without system failure.

So, SOTIF (ISO 21448) complements ISO 26262.

📕 Related Resource: Learn all about the ISO 26262 standard.
Back to top

How SOTIF (ISO 21448) Helps Ensure Autonomous Driving Functional Safety

Safety has always been critical in automotive software development. And ensuring functional safety remains critical for autonomous driving.

Here’s what development teams will need to do to continue producing safe software.

1. Use Secure Development Processes

One of the biggest challenges with AI and machine learning is security. There’s a lot to consider with cybersecurity and AI. This article covers the basics of getting security and privacy right.

Here are three examples of key secure development processes:

  1. Good programming practices and thorough testing efforts are critical for eliminating security vulnerabilities. This can be achieved by using secure coding standards.
  2. Threat modeling and risk mitigation are key to developing safe components. This can be achieved by doing a hazard and risk analysis.
  3. Control over the build/release environment is key to keeping hackers out — and keeping the build secure. This can be achieved through access controls in your CI/CD environment.

2. Apply Automation to Design, Verification, and Validation

AI. Machine Learning. Self-driving cars. There’s plenty for automotive software developers to worry about as they strive to produce safe software.

Applying automation to design, verification, and validation processes makes development teams more efficient.

SOTIF (ISO 21448) gave the following examples (listed earlier):

  • Design Measure Example: Includes requirement for sensor performance.
  • Verification Measure Example: Includes test cases with high coverage of scenarios.
  • Validation Measure Example: Includes simulations.

Using a requirements management tool can help you fulfill a requirement for sensor performance. This contributes to the safer design of the automotive embedded software.

Using a test case management tool can help you ensure high coverage of different scenarios. This helps with software verification.

Using a static analysis tool can help you simulate potential run-time scenarios. This helps with software validation.

3. Comply With Functional Safety Standards

SOTIF (ISO 21448) will be important for functional safety in autonomous driving. But compliance with established functional safety standards will remain important, too — especially ISO 26262.

Best practices — and recommendations based on ASIL from ISO 26262 — will still need to be followed to ensure safe software for autonomous vehicles.

Back to top

Ensure Autonomous Functional Safety with Perforce

Ensuring that your code is functionally safe can be difficult without the right tools. By using Helix QAC, you are able to easily apply a coding standard to verify that your code meets the specific safety standard guidelines.

Register for a free trial to experience how simple Helix QAC makes it to ensure the functional safety of your code.

➡️ Sign Up for Helix QAC free trial

Back to top