Understanding ASIL in ISO 26262

Our cars have evolved into intelligent machines due to the presence of complex electronic components. Automotive trends and technologies have been evolving over the years, which has transformed our cars from being mere mechanical machines to a point where the vehicle can drive itself. This have been made possible due the presence of electronic systems in the car.

We now see various safety critical components in a car that enhances the overall driving experience. It becomes important to reduce risks and prevent any kind of harm that may happen to the driver/ passengers. Functional safety, according to ISO 26262, is the absence of unreasonable risk due to hazards caused by malfunction of electronic systems or subsystems.

We saw through the last couple of blogs, how ISO 26262 defines functional safety in a car and the different parts of risk assessment and hazard analysis (HARA). These parts play a key role in ensuring functional safety and classifying the risk levels of different components.

What is ASIL?

One part of the IS0 26262 standard is Automotive Safety Integrity Level (ASIL), which helps in classifying the risk levels of systems and subsystems. Though classification is not new, ASIL as a term was introduced only in 2011. The rail industry uses SIL and avionics uses DAL for risk classification, while the automotive industry uses ASIL. It is the outcome of HARA, and the levels are established based on the probability of harm and its acceptability for automotive components to be compliant with ISO 26262.

Every electronic component inside a vehicle is measured by three main variables – Severity, Exposure, and Controllability. These three factors help in deciding the extent of the damage that can occur while the electronic functions are in operation.

How are ASIL levels determined?

There are four levels of risk classification under ASIL, starting from level A to level D, where level A being the lowest level of risk and D being the highest.

There are various automotive systems such as anti-lock braking technique, steering control system, and airbags that require an ASIL-D as the risks associated with their failure are the highest and the outcome could be life threatening. On the other hand, components such as rear lamps require an ASIL-A grade, while headlamps and brake lights require an ASIL-B, and cruise control systems come under ASIL-C.

• Severity (S): It defines the severity of the consequences that can befall to the life of the passengers in the car, other commuters, and public property due to the failure that may occur. Severity levels are divided into sub categories, where S1 classifies situations where there is a possibility of light and moderate injuries; S2 for severe life-threatening injuries (with possibility of survival), and S3 for life-threatening accidents with no probability of survival.
• Exposure (E): measures the level of harm a vehicle can cause in a situation to people and public property. Just as we saw in Severity, there are different levels of exposure E1: very low probability, E2: low probability, E3: medium probability, and E4: high probability. These levels are assigned to a system or subsystem while being evaluated.
• Controllability (C): It determines the extent to which the driver will be able to control the vehicle should a safety goal be breached due to the failure or malfunctioning of the automotive system being evaluated. C1 is when the situation is easily controllable for the driver and C3 denotes that it will very difficult for the driver to control.

The combination of these hazard levels together help in determining the specific ASIL level for each component.

However, there are also certain challenges that one may face while determining ASIL levels for different automotive systems. Let us try to understand these challenges.

Challenges of ASIL

ISO 26262 does not provide prescriptive definitions for defining ASIL; rather it provides more of informative definitions. Therefore, lot of it is left to the understanding and interpretation of the engineers.  When there are lot of adverbs used in the vocabulary, it leaves a lot of room for apply one’s interpretation. That is why; you need a team or a partner that has great awareness of the standard. Another fact is that ASILs will evolve with the emergence of new concepts and it will constantly be updated with time. This is not possible without a team that has very good knowledge of the standard for seamless implementation.

Wrapping up

ASIL classification will help in preventing harm to the driver and passengers and ensure a smooth driving experience. Overall, it will also ensure that systems and subsystems are held to the highest standards in the market by following required parameters and procedures.

eInfochips leverages its expertise across ADAS, Telematics, Connected Vehicles, EV Charging and Multimedia Sub-systems to help OEMs and Tier1s across the world to deliver superior experience, safety and efficiency. Our services covers every part of the product lifecycle, AUTOSAR compliant ECU software development, HMI design & testing, to next-gen technology enablement (edge computing, cloud, AI/ML, data analytics). eInfochips also adheres to ISO 26262 standard and builds systems that are accepted globally. To know more about our automotive expertise, get in touch with us.