The automobiles that we use to commute from one place to the other, have transformed into intelligent machines. In the last couple of decades, we have seen many electronic functions including software in a car that can help the driver in making informed decisions, and at the same time perform required tasks by itself, thus enabling enhanced user experience and safety. However, the presence of such complex functions, which are safety critical systems, can also increase the risk of failure. This is where risk assessment as part of ISO 26262 is implemented in the concept phase of the development process to ensure functional safety in the automobile.
Most of the electronic functions related to safety are enabled due to the presence of software. In the last blog, we discussed that ISO 26262 standard is applicable through the entire process of development. The SOPs that are created by a company are based on the standard and it is devised to adhere to the requirements laid out in the standard. It is aimed at streamlining the development process and enhancing safety in automobiles. When we talk about streamlining, we will have to talk about identifying the potential risks, classifying them, documenting and addressing them.
This process is known as H&RA (Hazard & Risk Analysis) and it provides an automotive specific risk-based approach for determining different risk classes. The overall aim of the analysis is to identify and classify the potential hazards in the procedure and to formulate safety goals related to the prevention or mitigation of these hazards in order to achieve an acceptable residual risk. Each safety goal that is defined is associated with an ASIL, and the ASIL is determined by a systematic evaluation of the risk situations. In determining the ASIL, the estimation is done based on four factors: severity, probability of exposure and controllability.
When we are conducting risk assessment, we need to be able to estimate the possible damage it may do in a specific situation and based on that classify them into different categories. However, it has to be approached carefully as a systematic procedure.
Lets take a look at the approach we can take to conduct H&RA according to ISO 26262.
Analyzing the situation and risk assessment
The situation and the operating modes in which the vehicle malfunctions, has to be considered while analyzing the failure. These situations, operating modes, and the potential risks it poses have to be recorded and then analyzed effectively. The potential risks can be identified using various tools or field trials in a controlled environment. This will help in identifying the hazards based on the consequences.
Classifying the Hazards
Once you have identified potential hazards. they have to be classified based on three different factors. These factors are defined according to ISO 26262 – severity, controllability, and probability of exposure.
Each hazard may have a different severity level, as not all hazard or failure may lead to a fatal problem. The main question that needs to be asked is how much of a potential damage does it cause to the passengers, or the driver. On the basis of ISO 26262, we can draw different severity levels.
|When there are no probability of injuries to the driver or passenger
|When there is a probability of light or moderate injuries
|When there is probability of severe/life threatening injuries, survival probable
|Probability of fatal injuries with no certainty of survival
Probability of Exposure
Just as there are different levels of severity, there are also different classes of probability of exposure. The probability of exposure is always different depending on the operational situation. The probability of exposure can be assigned to relevant classes depending on the hazard based on the estimation.
|Very low probability
Another factor that needs to be determined is that in case of a hazardous event, will the driver or passenger be able to have any control over it? Controllability has to be determined and it has to be classified accordingly. Again, controllability can be classified in different levels.
ASIL (Automotive Safety Integrity Level) is a risk classification system defined by ISO 26262. As seen before, there are four levels of ASILs that have been defined in ISO 26262 starts from ASIL A to ASIL D, with D being the highest level. The ASIL levels are determined based on the above discussed points- severity, controllability, and probability of exposure.
There are various automotive systems such as anti-lock braking technique, power steering, and airbags that require an ASIL-D as the risks associated with their failure are the highest. On the other hand, components such as rear lamps require an ASIL-A grade, while headlamps and brake lights require an ASIL-B, and cruise control systems come under ASIL-C.
Forming Safety Goals
Safety goals are nothing but top-level security requirements. A safety goal can be determined for each hazard evaluated in the hazard analysis. They are not part of the technological solution but they are part of the functional objectives of the development lifecycle. One potential hazard could have multiple safety goals.
There are various other factors that can be incorporated in fulfilling your functional safety requirements. Understanding these approaches and implementing them effectively will help in addressing functional safety requirements according to the standards. This in turn improves the overall driving experience and safety. eInfochips leverages its experience around various automotive smart systems like ADAS, Telematics, Infotainment and Clusters, Multimedia Systems etc. eInfochips is well versed with automotive standards like ISO 26262 and has experience of delivering systems that are certified according to various regulatory standards. To know more about our automotive expertise, get in touch with us.