What Is ISO 26262? An Overview
ISO 26262 is a functional safety standard used in the automotive industry. It’s titled “Road vehicles — functional safety”.
Complying with this standard is critical for . OEMs, their suppliers, and developers of automotive components all need to comply.
Here, we give an overview of ISO 26262 and ASIL (Automotive Safety Integrity Level) — plus compliance tips for software development teams.
ISO 26262 Functional Safety Overview
ISO 26262 is a risk-based safety standard that’s derived from IEC 61508. It applies to electric and/or electronic systems in production vehicles. This includes driver assistance, propulsion, and vehicle dynamics control systems.
ISO 26262 covers functional safety aspects of the entire development process:
Why ISO 26262 Is Important
The goal of ISO 26262 is to ensure safety throughout the lifecycle of automotive equipment and systems.
Specific steps are required in each phase. This ensures safety from the earliest concept to the point when the vehicle is retired.
By complying with this standard, you’ll avoid or control systematic failures. And you’ll detect or control random hardware failures. (Or, you’ll mitigate the effects of failure.)
Parts of ISO 26262
There are ten parts to ISO 26262.
- Part 1: Vocabulary.
- Part 2: Management of functional safety.
- Part 3: Concept phase.
- Part 4: Product development at the system level.
- Part 5: Product development at the hardware level.
- Part 6: Product development at the software level.
- Part 7: Production and operation.
- Part 8: Supporting processes.
- Part 9: ASIL-oriented and safety-oriented analysis.
- Part 10: Guideline on ISO 26262.
ISO 26262 For Software Developers
ISO 26262 Part 6 is the most important part for software developers. It details the steps developers must take to ensure the safety of each component.
Part 6 includes several tables that define the methods that must be considered in order to achieve compliance with the standard.
ISO 26262 Tool Qualification
Any tools used in automotive development need to be qualified. Part 8 of ISO 26262 provides guidance for tool qualification.
It requires the following:
- Software tool qualification plan.
- Software tool documentation.
- Software tool classification analysis.
- Software tool qualification report.
Some tools are easier to qualify than others. For instance, Helix QAC — a — comes with certificates of compliance that make the qualification process easier.
What Is ASIL (Automotive Safety Integrity Level)?
ASIL — Automotive Safety Integrity Level — is a key component of ISO 26262. ASIL is used to measure risk of a specific system component. The more complex the system, the greater the risk of systematic failures and random hardware failures.
There are four ASIL values, named A–D. ASIL A is the minimum level of risk. And ASIL D is the maximum. So, ASIL D has stricter compliance requirements than ASIL A.
When determining ASILs, there’s also a fifth option — QM (quality management). This is used to note that there isn’t a safety requirement for that component. (But it’s typically still a good idea to comply in order to improve product quality.)
How to Determine ASIL
ASIL is determined by three factors — severity, exposure, and controllability.
Severity measures how serious the damages are of a system failure. Damages include both people and property.
There are four classes of severity:
- S0: No injuries.
- S1: Light to moderate injuries.
- S2: Severe to life-threatening (survival probable) injuries.
- S3: Life-threatening (survival uncertain) to fatal injuries.
Exposure is the likelihood of the conditions under which a particular failure would result in a safety hazard.
The probability of each condition is ranked on five-point scale:
- E0: Incredibly unlikely.
- E1: Very low probability (injury could happen only in rare operating conditions).
- E2: Low probability.
- E3: Medium probability.
- E4: High probability (injury could happen under most operating conditions).
Controllability is a measure of the probability that harm can be avoided when a hazardous condition occurs. This condition might be due to actions by the driver or by external measures.
The controllability of a hazardous situation is ranked on a four-point scale:
- C0: Controllable in general.
- C1: Simply controllable.
- C2: Normally controllable (most drivers could act to prevent injury).
- C3: Difficult to control or uncontrollable.
Once you’ve determined severity, probability, and controllability, you can determine the ASIL. Table 4 of Part 3 (ISO 26262-3) provides guidance on this.
Guide to ISO 26262 Software Compliance
ISO 26262 compliance is important, whether you’re developing traditional automotive components (e.g., integrated circuits) or virtual ones (e.g., ). And it’s critical to maintain compliance throughout your software development lifecycle.
But complying can be difficult for development teams. Systems and codebases grow complex. And that makes it difficult to verify and validate software.
Here’s how to make it easier.
Fulfilling compliance requirements — and proving you met them — is a tedious process. You need to document the requirements and trace them to other artifacts — including tests, issues, and source code.
Establishing requirements traceability makes your verification process easier — especially with a tool like Helix ALM. And it helps you manage risk in the development process.
Storing your code in — version control from Perforce — securely manages revision history for all your digital assets. You'll get fine-grained access controls, high-visibility audit logs, strong password security, and secure replication. So, you can be confident in your code.
Learn more about leveraging traceability for ISO 26262 compliance.
Ensuring that code is safe, secure, and reliable can be difficult. You need to fulfill specific coding and design guidelines.
Applying a coding standard, such as Helix QAC.® or , makes it easier to verify your code against ISO 26262 guidelines. Especially when you use a static analyzer like
Learn more about applying coding standards for ISO 26262 compliance.