As automotive electronic systems increased in complexity and expanded into systems beyond clocks and radios in automotive development, it was inevitable that functional safety standards would arise to govern the design, development, and implementation of those systems.
ISO 26262 introduced those standards to the automotive industry in 2011; rapid technological advancements in the last several years required an update to the standard in 2018.
ISO 26262 requires that hardware and software safety concerns be addressed and documented throughout the product lifecycle. Though safety design was considered part of general requirements activity in the past, hardware and software teams working in isolation in automotive development does not guarantee the kind of functional safety coverage required by ISO 26262. While many tools do a great job of requirements management and traceability during a particular phase, they don’t provide a good auditable trail for traceability between phases.
Learn some of the most common mistakes of functional safety automotive development in our white paper, “Top 15 ISO 26262 Snafus.”
By documenting attention throughout the development, decision-making, and selection process of supporting tools, ISO 26262 offers a broader, holistic approach that aims to bridge the gaps between high-level design phase and low-level component creation, integration, and testing portions of the lifecycle. When teams aren’t set up with the right tools, implementation strategies, and best practices, compliance with ISO 26262 becomes an afterthought — and an auditing nightmare.
ISO 26262: An Evolving Functional Safety Standard
Rapidly evolving automotive technology resulted in a new standard published in 2018. The standard has now expanded to cover all road vehicles, including motorcycles, trucks, buses, trailers, and semi-trailers.
Other changes include guidelines for:
- Safety of the Intended Functionality (SOTIF)
With rapid advancement of autonomous vehicle technology, there will likely be additional updates to the standard. While these additional updates are necessary, they add levels of complexity to compliance that require thoughtful planning and consideration.
Read why prominent consultancy group Frost & Sullivan says Jama Connect helps reduce risk during development in our white paper, “Safeguarding Regulated Products Amidst Growing Complexity.”
Tool Impact for ISO 26262
Software tools and tool chains used in the development of electronic automotive systems must be suitable for safety-intense systems, according to ISO 26262. The standard describes a qualification process, but qualification depends on how the tool is used and what impact it can have on safety. Someone must assign a confidence level to the tool or flow within the tool, estimating the probability that it will insert or cause an error combined with the likelihood that the error will be detected during the development process.
Unfortunately, confusion has arisen around who assigns confidence levels. Though solutions or vendors provide their own tool confidence level (TCL), ultimately, the company using the tool bears the responsibility of defining the TCL based on intended use. The recently-updated standard requires that development software used to create components for automotive systems must be qualified to operate in a functional safety design environment.
Implementation Strategies for ISO 26262
Of course, both tools and process qualifications must be initiated to fully implement ISO 26262. Working with the standard’s process requires a number of basic steps:
- Determine “where we are now” by reviewing current embedded hardware and software development processes and tool chains.
- Perform a gap analysis to establish “where we would like to be,” identifying current challenges and efficiency improvements.
- Provide design-for-safety training and instruction to address the gaps.
- Apply the knowledge gained to a pilot project.
Best Practices of ISO 26262
The holistic approach to functional safety exemplifies several key elements of good systems engineering processes that build on each other. It begins with collaboration. ISO 26262 requires documenting formal and informal interactions and decision points in the collaborative development. However, with team members and global partners in the supply chain located across geographies, documentation must be done with as little intrusion as possible.
See firsthand how Jama Connect improves automotive development in our demo video.
Clear traceability of requirements, functions, implementations, and tests throughout the lifecycle process helps tool vendors ensure that new versions of a solution won’t break existing software or hardware. Traceability also provides a path for verification of requirements and validation of the system. Verification and validation (V&V) makes sure engineers are designing the right thing and building it right. Noncompliant development processes might not have the same level of rigor and consistency required for functional safety.
Functional safety is achieved by determining, analyzing, and mitigating risk hazards. ISO 26262 shows teams how to assign an acceptable risk level and document the overall mitigation process. Vendors need to convince customers that their tools won’t introduce problems; traceability offers a way to ensure that new versions of a tool won’t break existing software or hardware.
A Path to ISO 26262 Compliance
The ISO 26262 standard is designed to help ensure functional safety in automotive development, but ensuring that safety while still minimizing development disruption and meeting market demands can put a lot of pressure on teams. Jama Connect provides:
- Traceable communication
- Documented decisions and actions
- Fit-for-purpose tool qualification
- All product and systems info organized and contextualized from concept to launch
To learn more about how the ISO 26262 standard impacts automotive development, download our white paper.