Functional Safety is the detection of a potentially dangerous condition, activating a protective/corrective device or mechanism to prevent hazardous events, arising or providing mitigation for reducing consequences. Functional Safety is part of the overall safety where a system or equipment operates correctly in response to an input.
Electric and Electronic (E/E) Systems have been used for many years to perform Functional Safety tasks in a wide range of industries; lately, they have evolved with the advance of complex programmable electronics. Functional Safety is fundamental to enable safety-related complex technologies while making sure those will offer the required risk-reduction to assure safety.
A Functional Safety compliance (driven by regulations, legislation, or customer requirements) determines if the product meet the standards and performance requirements created to protect against hazards and risks —including injuries or even death. For the automotive industry, the International Electrotechnical Commision (IEC) 61508 and the International Standards Organization (ISO) 26262 standards are mandatory.
The IEC 61508 standard is considered an "umbrella" for Functional Safety and has been applied by diverse and large safety-critical industries. IEC 61508 attempted each industry to provide their own specific standards as needed; that is why there are relationships between IEC 61508 and other IEC standards like IEC 62061 (machine safety), IEC 61511 (process control), or IEC 61513 (nuclear).
For IEC 61508, Functional Safety is part of the overall safety related to the EUC (Equipment Under Control) and EUC control system that depends on the correct functioning of the E/E/PE (Electrical/Electronic/Programmable Electronic) Safety-Related Systems and other risk reduction measures. Basically, the IEC 61508 standard give details to manage the entire Safety Lifecycle of safety systems using an hazard and risk analysis built in two variables:
- Occurrence, it ranges six classes from “frequent” to “incredible”
- Consequence, it ranges four classes from "catastrophic” to “negligible”
These variables are analyzed into a risk class matrix:
Where Class I is unacceptable. Class II is undesirable (tolerable only if risk reduction is impracticable or if the costs are disproportionate to the improvement). Class III is tolerable if the cost of risk reduction would exceed the improvement. Class IV is acceptable (but it might need to be monitored).
Because automotive embedded systems are usually OEM products, the ISO 26262 standard was created as an extension of IEC 61508. ISO 26262 is focused on manufacturers of the E/E systems in vehicles.
The ISO 26262 standard provides for the development of safety-related systems not only a definition of an automotive safety life cycle, but a risk-based approach based on Automotive Safety Integrity Levels (ASIL). ISO 26262 standard also defines the use of ASILs for specifying the requirements to be met while developing the system to avoid unreasonable risks.
The ISO 26262 sets ASILs considering extended hazard and risk analysis built on three variables:
- Severity: the potential hazard and injuries a product can cause to the driver, passengers, or surrounding drivers. It ranges in four classes: no injuries, light and moderate injuries, severe and life-threatening injuries (survival probable), and life-threatening injuries (survival uncertain) to fatal injuries.
- Probability of exposure ranges in five classes from very low, low, medium to high probability.
- Controllability: control the driver has over the vehicle. It ranges from Controllable in general, too difficult to control or uncontrollable
The ASIL level can be determined for each hazardous event as:
Where QM means Quality Management and Levels from D (being the most safety critical level that should follow the strictest tests) to A (the lowest level).
Developing IEC 61508 and ISO 26262 compliance automotive embedded applications is one of the most difficult challenges that design engineers face in the automotive industry. The automotive industry is under pressure to provide improved and new vehicle safety systems who meet IEC 61508 and ISO 26262 Functional Safety standards, from basic airbag deployment systems to extremely complex ADAS (Advanced Driver-Assistance Systems) with accident prediction and avoidance capabilities.