ISO 26262, (formally titled “Road vehicles — functional safety”), is a functional safety standard used in the automotive industry.
Complying with this safety standard is critical for automotive product development.
Cars are changing. While a few years back, the main challenges in designing a car were in its mechanics, the new challenge is the design and integration of electronic systems.
I still remember my first car: The most sophisticated bit of electronics was the after-market CD player I installed.
Nowadays, electronics lie behind everything: Complex infotainment systems are taking over the centre console, engines are controlled by complex engine management units, and safety systems such as pedestrian recognition, adaptive cruise control and blind spot monitoring are becoming commonplace.
Mixed-signal ASICs are used in driver assistance systems where analogue sensor based applications need to be conditioned to interface with the digital world, and, they are playing an increasing role in driver safety systems and this highlights the ever increasing requirement of functional safety.
After all, if your exhaust gas sensor system fails it would not represent an immediate safety threat, but a failure in your electronic steering or the control of the ABS would.
How ISO26262 is Being Applied Today?
This is where the ISO 26262 standard comes in. Its goal is to provide a unifying safety standard for all automotive electronic and electrical (E/E) safety-related systems.
It builds on IEC 61508, which is a functional safety standard developed for industrial applications, but with the difference that it is specifically focused on automotive electronics and software. An important concept from IEC61508, the Safety Integrity Levels (SIL), where 4 levels are defined, based on the average probability of failure on demand, was enhanced and adapted for automotive needs.
For applications that have no associated hazards and where safety requirements are not applicable, Automotive Safety Integrity Levels (ASIL) now contain a 5th level, referred to as Quality Management (QM). ISO26262 has been approved as international standard in 2011, and, while there is no direct legal requirement to comply with this standard, it is considered “state of the art”, which means legally highly relevant.
Airbag System Example
Let’s take the example of the airbag system. If it activates at the wrong time, there is a serious risk of injury, which is a condition that is typically categorised as ASIL D, the highest safety classification. The challenge is now to define a functional safety concept.
A manufacturer may choose to implement an additional, independent sensor and processing chain, and only activate the airbag if both sensors trigger.
Further steps could include self-diagnosis features, where each sensor continually checks itself, and a mismatch between the two sensors is logged and reported for further investigation.
The challenge this poses in the development is that the translation from ASILs to technical concepts is a highly complex process, and it typically involves multiple parties, from the car manufacturer down to the ASIC design authority.
ISO26262 is the common language, and this means that the ASIC designers must understand ISO26262 and be able to work with system and car manufacturers to add relevant self-diagnosis features and controls that enable the design of systems that can be safe enough to fulfil the safety goals defined in ASILs.
And the Effect on Cost?
In a cost conscious market like the automotive industry, building in layers of safety means increased expense.
However, the safety of critical parts can be, quite literally, a matter of life or death so a workable safety system needs to be implemented.
As a system designer implementing ISO26262, and with cost and weight budgets to meet, to commission a mixed-signal ASIC, you will need to consider system design aspects like diagnostics, redundancy and failure modes and rates.
Of course, functional safety requirements in accordance with ISO 26262 affect the entire system engineering approach from the design of the ASIC through to processes and quality management. It is imperative that the ASIC developer and the system supplier work very closely together, by collaborating on external diagnosis functions that will assist in the ASIC’s operation, which then ensures the optimised implementation of the safety features.
Richard Mount, Sales Director, SWINDON Silicon Systems
The full article was first published on the Electronics Weekly website –>>
