what is functional Safety in automotive

What Is Functional Safety In Automotive, Purpose, Applications

Hello guys, welcome back to our blog. Here in this article, we will discuss what is functional safety in the automotive, the purpose of functional safety, and its applications of it in various fields.

If you have any electrical, electronics, and computer science doubts, then ask questions. You can also catch me us Instagram – CS Electrical & Electronics.

Also read:

Functional Safety In Automotive

Functional safety (FuSa) was coined in 2009 by ISO 26262. It is a part of the overall safety of a system or a piece of equipment that depends on automatic protection operating correctly in response to its input or failure in a predictable manner.

The automatic protection system should properly handle human errors, hardware failures, and operational/environmental stress. ISO 26262 is a functional safety standard used in the automotive industry. It applies to electric or electronic systems for on-road vehicles. 

Functional safety is applicable for electrical, electronics, and programmable electronic equipment and safety-related systems installed in series-produced passenger automobiles with a maximum gross vehicle mass of up to 3,500 kg and are targeted for application of ISO 26262.

ISO 26262, titled “Road vehicles-Functional safety” of electrical and electronics systems in the production of automobiles was defined by the international organization for standardization (ISO) in 2011. Also, it is defined as the absence of unreasonable risk due to hazards caused by the malfunctioning behavior of electrical or electronic systems.

After 2011, cars are emerging in electronic control units so that unintentional faults in the electrical and electronic circuits are vast in range. There are many automobiles recalls on their products due to brake failure, airbag failure, etc. Functional safety employs product development in the requirement, implementation, design, testing, verification, validation, etc.

The terminologies used in functional safety are safety, risk, severity, exposure, and control. Safety is the absence of unreasonable risk. The problem should be avoided or acceptable if there is some faulty circumstance. The risk defined in functional safety is the probability of occurrence and severity of harm. The severity is the quantifiable measure of the harm. The exposure is in the operational condition during the hazard situation for the given failure mode under analysis. Control is how to bring the system under control. Some of the functional safety criteria should be considered while designing an automobile.

Need for functional safety in the automotive industry

In the last several years, autonomous driving has been a hot topic, prompting many trials from tech and automakers alike. There is a long way to go before fully autonomous driving becomes the norm. Still, the future certainly seems bright with the proliferation of ever more sophisticated Advanced Driver Assistance Systems (ADAS) and media-rich In-Vehicle Infotainment (IVI).

Examples of intriguing contexts where functional safety is required are the proliferation of the industrial Internet of Things and the advent of drones of varying sizes. Historically, functional safety for Silicon IP was a niche activity, confined to a small group of chip and system developers in the automotive, industrial, aerospace, and related applications.

In contrast, the diversity of automobile applications has increased substantially during the last decade. Moreover, several markets would gain tremendously from introducing additional electronics, provided the systems are operationally secure. Two examples are medical electronics and aerospace.

Challenges and difficulties face while implementing functional safety standards

Cost is one of the main obstacles to assuring safety. Functional safety is one of the reasons why some automakers place less emphasis on it. However, safety is a vital component of cars and must be addressed while following the rules.

Ineffective tools and processes: As new technologies enter the market, the currently in-use tools and processes might not be sufficient to implement new features and functionalities. Putting standards into practice entails making the necessary adjustments to your development process and the tools you use. Implementing this standard might take time since your employees must be trained to use the new development methods and tools.

Automotive Safety Integrity Level (ASIL)

The Automotive Safety Integrity Levels (ASILs) described in the ISO 26262 series are vital because they provide a risk-based method for identifying hazards. These are determined by doing a risk assessment of probable hazards and factoring in their severity, likelihood of exposure, and degree of driver control. Hazard analysis and risk assessment (HARA) for the related automobile hardware and software is utilized to determine the Automotive Safety Integrity Level (ASIL).

Because of this, they are determining ASIL is the first step in creating a car’s system. This implies that every feasible risk and danger scenario is assessed for a selected automotive component, and the outcome might profoundly affect the car’s safety. Therefore, it is important to anticipate and plan for any safety concerns, such as the airbags’ deployment or the brakes’ failure.

The international standard ISO 26262 identifies four different ASILs: ASIL A, ASIL B, ASIL C, and ASIL D. ASIL D represents the maximum degree of automotive risk, whereas ASIL A represents the lowest degree. A further level is called the QM level, which stands for the Quality Management level. This level indicates risks that do not need any specific safety standards. 

To guarantee the greatest levels of functional safety, the automobile industry uses the safety objective definition (ASIL) for both hardware and software processes. Three main factors establish these security thresholds: The vehicle’s likelihood of being in an incident that might damage other persons or their property is quantified by a statistic called “exposure” (E). The examined car part is given an “exposure” rating between 1 and 4, where 1 indicates the lowest likelihood and four is the highest.

If an automobile component fails or malfunctions and compromises a safety target, how much controllability (C) the driver still has over the vehicle is a key criterion in the evaluation process. Controlling C1 is simple. However, C3 is difficult.

Severity (S) describes the degree of the ramifications to the lives of passengers, other road users, and property due to violating the safety aim. Injuries ranging from mild to moderate are classified as S1, while those classified as S2 and S3 are considered critical.

The procedures for establishing Anti-Braking System (ABS) Integrity Levels like

  • Malfunctioning
  • Risk assessment
  • The Analysis of Hazard
  • Evaluation for ASIL

Generally, after the evaluation of HARA, the other factors are considered as the qualification of hardware components, software components, and proven in-use arguments.

Functional safety failures

The FuSa failures are categorized into systematic failures and random failures. The systematic failures are further classified into design errors and tool errors. The random failures are classified into hardware errors and software errors. 

Hardware failures and their effects:  Permanent damage causing faults. For example, stuck at faults, single event latch-up. Transient faults: Bit flip faults, single event upset is a bit flip in a memory element of a semiconductor device which can cause failures but not damage the hardware.

Hardware-level functional safety

In terms of hardware, the objectives are to identify and manage random hardware errors and to anticipate systemic design flaws. Problems in the design and construction of vehicles are common throughout the process. Hardware errors may occur at any point throughout its useful life due to random errors or simple wear and tear.

Safety analysis methods like failure mode and effect analysis (FMEA) are used for qualitative evaluations of systematic problems. Taking a systematic approach to design following tried and true design principles, verification, and testing is essential to avoid systemic error.

Failure mode, effect, and diagnostic analysis (FMEDA) are used to statistically evaluate random hardware defects to establish that the design reaches the desired ASIL level (automotive safety integrity level). Opens and shorts are examples of permanent hardware defects, whereas bit flips caused by ionizing radiation are examples of transitory hardware problems. Safeguards can identify these threats and reduce their impact.

Hardware safety requirements

Safety mechanisms, detection, indication, and control of internal faults, failures external to the hardware, tolerance time, target value for hardware metrics, and failure rates. Hardware faults must be classified according to whether and how they violate safety goals. Evidence must be provided that hardware faults that occur do not violate safety goals and are not permanently present in the vehicles without being detected.

Metrics on the effectiveness of the safety mechanisms have to be created, and the average probability of failure per hour has to be calculated. Compliances with ASIL-specific limits are an argument for the suitability of the hardware.

Hardware integration and verification for automotive application

ISO 26262 requires the plan, specification, performance, and evaluate the hardware integration and test/verification.

  • Specify test cases using methods
  • Provide evidence of implementation of hardware safety requirements.
  • Provide evidence of the robustness of the hardware
  • Apply industry standard test methods, e.g., function testing, electrical testing, and EMC testing.

The hardware test must be performed successfully according to industry standards.

Software-level functional safety

The term “functional safety” refers to reducing danger in operational systems. Active systems are required for functional safety, and these systems are accompanied by procedures for handling risks concerning the inputs and anticipated outputs of the system. The software in various control units of automotive is sensors and actuators. Functional safety at the software level contributes to the vehicle’s safety and does not endanger safety. More specifically, the software must be error-free in keeping with its specifications.

Failure mode and effects analysis( FMEA)

It is a design tool for assessing the risk associated with the different ways a part or system can fail, identifies the effects of those failures, and offers a framework for modifying the design as needed to manage risk. The inductive process asks questions, ‘If this failure occurred, what could happen? It provides a method for quantitative analysis of risk. Useful for comparing design concepts and refining designs. Documents safety review in an easy-to-read format. 

The FMEA process steps involved are:

  1. Identify the modes of failure
  2. Identify consequences and related systems for each mode
  3. Rate the severity (S) of each effect
  4. Determine possible reasons for each failure mode
  5. Rate the probability of occurrence (O) for each root cause
  6. Identify the process control and indicators
  7. Rate detectability of each mode/root cause
  8. Calculate risk priority 
  9. Use design to mitigate high-risk or highly critical failures and reassess to ensure goals have been achieved.

Functional safety application in other fields

01. Functional safety in accredited certification bodies

Many Certification Bodies (CB) worldwide have created certification procedures for functional safety under IEC 61508. Each organization has established different schemes regarding IEC 61508 and other functional safety requirements. The plan details the standards they’ve cited and the steps they’ve taken to outline their testing techniques, auditing practices, and public documentation guidelines. Several internationally renowned CB, including Intertek, SGS, TÜV Rheinland, TÜV SÜD, and UL, provide functional safety certification programs following IEC 61508.

02. Functional safety in military aerospace

MIL-STD-882E is a standard for military aerospace and defense systems that deals with functional hazard assessments (FHA) and identifying which hardware and software functions are crucial to the system’s safety. The army, nuclear, and airline sectors pioneered the system safety concepts that govern functional safety; subsequent adopters included the rail transport, control activities, and manufacturing sectors.

03. Functional safety in aviation

The Functional Design Assurance Levels (FDALS) for civil/commercial transport aircraft are specified in SAE ARP4754A. System-wide functional safety analysis levels (FDLs) are the primary factor in determining the scope of the study. Identifying precise functional failure conditions and hazard severity of the safety-critical activities is essential for determining the level of rigor (LOR) or safety duties to guarantee acceptable risk (SCF). Embedded software’s functional behavior is often carefully examined and verified to guarantee the system continues operating as expected in case of believable faults and failures.

04. Functional safety in space

The NASA standard and guidelines are based on ISO 12207, a software practice standard, not a safety-critical standard. Because of this, NASA had to add a lot of documentation compared to when it used a standard like IEC EN 61508 that was made for a specific purpose.

05. Functional safety in medical

Development methods for medical devices must adhere to safety, performance, and quality standards as set out by the Medical Device Directive and the Food and Drug Administration (FDA). 

The purpose of EN 60601-1 is multifold:

  • The standard governs the procedures for verifying and ensuring the electrical safety of medical equipment. It establishes requirements for a medical device’s mechanical safety, regulates the marking and tagging of medical electrical equipment, and so on. It requires a life cycle framework to develop, implement, and maintain electrically programmable medical systems (PEMS).
  • It specifies the electromagnetic compatibility standards that medical equipment must meet and controls the methods through which dangers associated with electromagnetic radiation and high temperatures may be mitigated.

This was about “Functional Safety In Automotive“. I hope this article may help you all a lot. Thank you for reading.

Also, read:

About The Author

Share Now