What is ISO 26262?

Definition

ISO 26262 mandates a functional safety development process (from specification all the way through production release) that automotive OEMs and suppliers must follow and document (for compliance) to have their devices qualified to run inside commercial (passenger) vehicles. It outlines a risk classification system (Automotive Safety Integrity Levels, or ASILs) and aims to reduce possible hazards caused by the malfunctioning behavior of electrical and electronic (E/E) systems.

ISO (the International Organization for Standardization) collaborates closely with the International Electrotechnical Commission (IEC). ISO 26262 specifications were officially released in 2011 as an adaptation of IEC 61508, the generic functional safety standard for E/E systems.

How is ISO 26262 different from other automotive standards?

ISO 26262 focuses on functional safety―ensuring that automotive components do what they’re supposed to do, precisely when they’re supposed to do it. It provides an automotive-specific approach for determining risk classes known as ASILs.

AEC-Q100 (established by the Automotive Electronics Council) focuses on reliability, specifically stress testing for integrated circuits in automotive applications.

The Society of Automotive Engineers (SAE) has long provided standards for rating automotive horsepower and now defines best practices for cybersecurity in SAE J3061. The SAE is actively involved in defining vehicle autonomy levels and, more recently, developing automotive testing standards.

MISRA (Motor Industry Reliability Association) guidelines focus on security―defining the process for developing safe, secure, and portable software code in vehicle control systems.

How does ISO 26262 work?

Specifies a vocabulary (careful definitions of key terms like “fault” vs. “error” vs. “failure”)
Defines standards for the safety lifecycle of individual automotive products
- Concept phase
- Product development at the system level, hardware level, and software level
- Production and operation
- Service and decommissioning
Provides an automotive-specific risk-based approach for determining risk classes (ASILs)
- Identifies and assesses safety risks
- Establishes requirements to reduce those risks to acceptable levels
- Tracks requirements to ensure that an acceptable level of safety is achieved in the delivered product

Overview of the ISO 26262 series of standards

Image source: iso.org

How is ISO 26262 evolving?

In 2018, ISO 26262 underwent a major update and added two new standards: requirements for semiconductors and for motorcycles, trucks, and buses. Guidance was added on model based development, software safety analysis, dependent failure analysis, fault tolerance, and more.

ISO 26262’s Automotive Safety Integrity Levels (ASILs) are based on three variables: severity, probability of exposure, and controllability by the driver. Since ISO 26262 assumes that someone is driving the vehicle, it doesn’t directly pertain to fully autonomous vehicles. But as full vehicle autonomy is on the roadmap for the automotive industry, functional safety remains mission-critical and the ISO 26262 standard will continue to evolve.

What are the challenges of ISO 26262?

Adherence to ISO 26262 requires extensive documentation and testing, which can be extremely time-consuming. It requires that engineers first assess their design software for Tool Confidence Levels.

Although ISO 26262 provides a shared vocabulary for automotive safety, several of the definitions in the ASIL classification are more informative than they are prescriptive―leaving room for interpretation among automotive component suppliers. In response, the SAE issued J2980 – Considerations for ISO 26262 ASIL Hazard Classification, providing more explicit guidance for assessing hazard levels.

The 2018 edition of ISO 26262 contains an extended vocabulary with more detailed objectives.

What are the benefits of ISO 26262?

ISO 26262 ensures that a high level of safety is built into car components from the start. It provides guidance for the entire automotive safety lifecycle, from overall risk management to individual component development, production, operation, service, and decommissioning. Using ISO 26262, OEMs can vet their supply chain and ensure that E/E safety hazards don’t pop up later in the production process, when issues are far costlier to fix.

ISO 26262 accounts for the fact that in a growing majority of automotive electronic systems, vendors will try to save development time by designing hardware and software in tandem. The ISO 26262 Committee outlined extensive guidelines for concurrent hardware/software development and testing, noting that they must be tested together to achieve the highest levels of safety.

How does Synopsys help you achieve ISO 26262 compliance?

Since ISO 26262’s official release in 2011, we have been proactively performing ISO 26262-compliance testing and adding documentation to our portfolio. We offer ASIL B & D Ready IP as well as test automation, simulation, prototyping, and software security testing solutions that are ISO 26262 certified.