ISO 26262 Changes in Revision 2018 - ASQF...2016/06/19 · Revision of ISO 26262:2018 was released in December 2018 Version 2 contains some strutural and content changes Revision

ISO 26262Changes in Revision 2018

ASQF-Forum

06.06.2019

Klaus Lamm

Method Park Consulting GmbH

© Method Park

ISO 26262 Revision 2018

▪ Introduction

▪ Further Norms in Context

▪ Main changes in Edition 2

▪ Structure of ISO 26262:2018

▪ ISO 26262:2018 Part 1-12

ISO26262:2018 2/31

© Method Park


▪ Introduction




▪ ISO 26262:2018 Part 1-12

ISO26262:2018 – Introduction 3/31

© Method Park

▪ ISO 26262 is the international Standard for Functional Safety forRoad Vehicles

▪ Revision of ISO 26262:2018 was released in December 2018

▪ Version 2 contains some strutural and content changes

▪ Revision is now also valid

▪ for motorcycles (Part 12)

▪ für trucks, busses, trailers (higher 3,5t)

▪ Revision 2 contains now a guideline for semiconductors (Part 11)

Introduction

ISO26262:2018 – Introduction 4/31

© Method Park


▪ Introduction




▪ ISO 26262:2018 Part 1-12

ISO26262:2018 – Further Norms in Context 5/31

© Method Park

Norms in context

▪ ISO 26262: Road vehicles — Functional safety

▪ 2nd Revision released in 12/2018

▪ ISO 21434: Road vehicles – Cybersecurity engineering

▪ Draft (CD) exists; Release planned for 11/2020

▪ ISO 21448: Road vehicles – Safety of the intendedFunctionality (SOTIF)

▪ PAS (Public Available Specification) publication in 01/2019

▪ 1st Revision planned for 2022

▪ standard for automated driving systems

▪ ISO 15288: Systems- and Software-Engineering

▪ Last Revision in 2015

ISO26262:2018 – Further Norms in Context 6/31

© Method Park


▪ Introduction




▪ ISO 26262:2018 Part 1-12

ISO26262:2018 – Main changes in Revision 2 7/31

© Method Park

The Revision 2018 includes the following main changes

▪ Requirements for trucks, buses, trailers and semi-trailers (several parts)

▪ Extension of the vocabulary (Part 1)

▪ More detailed objectives (all parts)

▪ Objective oriented confirmation measures (all parts)

▪ Management of safety anomalies (Part 2)

▪ References to cyber security (Part 2)

▪ Updated target values for hardware architecture metrics (Part 5)

Main Changes (I)


© Method Park

Additionally the following changes were included

▪ Guidance on model based development and software safety analysis (Part 6)

▪ Evaluation of hardware elements (Part 5)

▪ Additional guidance on dependent failure analysis (Part 9)

▪ Guidance on fault tolerance (Part 10), safety-related special characteristics (Part 10), and software tools (Part 8)

▪ Guidance for semiconductors (Part 11)

▪ Requirements for motorcycles (Part 12)

▪ General restructuring of all parts for improved clarity (All Parts)

Main Changes (II)


© Method Park


▪ Introduction




▪ ISO 26262:2018 Part 1-12

ISO26262:2018 – Structure of ISO 26262:2018 10/31

© Method Park

Structure

ISO26262:2018 – Structure of ISO 26262:2018 11/31

© Method Park


▪ Introduction




▪ ISO 26262:2018 Part 1-12

ISO26262:2018 – ISO 26262:2018 Part 1-12 12/31

© Method Park

Part 1: Vocabulary - Excerpt

▪ Chapter Normative References included(General Description of References)

▪ Term body builder equipment included

▪ machine, body, or cargo carrier installed on the T&B base vehicle

▪ Term semi-trailer included

▪ trailer that is designed to be towed by means of a kingpin coupled to a tractor that imposes a substantial vertical load on the towing vehicle

▪ Term remanufacturing included

▪ dismantling and retrofitting a Truck and Bus vehicle with new or restored parts after a period of service according to the original specifications

ISO26262:2018 – Part 1: Vocabulary 13/31

© Method Park

Part 1: Vocabulary - Excerpt

▪ Term safety anomaly included

▪ conditions that deviate from expectations and that can lead to harm

▪ EXAMPLE Deviation can be on requirements, specifications, design documents, user documents, standards, or on experience

▪ Term safety element out of context (SEooC) included

▪ safety-related element which is not developed in the contextof a specific item

▪ Example: A generic wiper system with assumed safety requirements to be integrated in different OEM systems

▪ Term fault detection time interval (FDTI) included

▪ time-span from the occurrence of a fault to its detection

ISO26262:2018 – Part 1: Vocabulary 14/31

© Method Park

Part 2: Annex – Cyber Security

▪ Annex E: Guidance on potential interaction of functional safety with cybersecurity added

▪ Potential interaction (examples)

▪ plans and milestones for cybersecurity activities shall be planned in order to consider dependencies

▪ cybersecurity threats shall be analyzed as a hazard form a functional safety perspective

▪ determine potential impacts of cybersecurity attacks in order to define safety goals or safety concepts.

ISO26262:2018 – Part 2: Management of functional safety 15/31

© Method Park

Part 4: Prod. dev. at the system level

ISO26262:2018 – Part 4: Product development at the system level 16/31

New Example of product development at system level

▪ Technical safety requirements changed to Technical safety concept

▪ Deriviation of TSC to Subsystems

26262:2018

© Method Park

Part 5: Prod. dev. at the hw level

▪ Small changes in Examples

▪ Annex removed

▪ Annex F: Application of scaling factors

Annex extended

▪ Annex F: Example for rationale that objectives of Clause 9 in accordance with 4.2 (Requirements for Compliance)are met

▪ Annex G (informative) Example of a PMHF budgetassignment for an item consisting of two systems.

▪ Annex H (informative) Example of latent fault handling

ISO26262:2018 – Part 5: Prod. dev. at the hw level 17/31

© Method Park

Part 6: Prod. dev. at the sw level

ISO26262:2018 – Part 6: Production development at the software level 18/31

▪ Release for Production and Functional Safety assessment in overview removed

(now in Part 7 resp. 3 and objectives)

▪ Specification of software safety requirementsadded

Old structure New Structure

© Method Park

Part 6: Reference Phase Model


© Method Park



26262:201826262:2011

© Method Park



26262:201826262:2011

© Method Park

Part 6: Mechanisms for error detection/handling

▪ Former Table 4— Mechanisms for error detection at the software architectural level removed

▪ Former Table 5 — Mechanisms for error handling at the software architectural level removed

▪ New: Methods for tests of the embedded software

▪ New: Methods for deriving tc for the test of the embedded sw

▪ Several Changes in existing tables


© Method Park

Part 6: Methods for verification of swintegration


▪ Method 1d:’test’ replaced by ‘evaluation’

▪ Method 1d (ASIL A,B,C) changed from ‘+’ to ‘++’

▪ Method 1f, Method 1g, Method 1h added

© Method Park

Part 6: Annex B, E

▪ Annex B: Model-based development approaches enhanced

▪ Annex E: Application of safety analysis and analyses of dependent failures at the software architectural level added


© Method Park

Part 8: Characteristics of requirements

Characteristics of requirements extended:

▪ Maintained: unambiguous; comprehensible; atomic (singular);internally consistent; verifiable.

▪ Changed: feasible → feasible and achievable

▪ New: necessary; implementation free; complete; conforming.

ISO26262:2018 – Part 8: Supporting processes 25/31

© Method Park

Part 8: Characteristics of documents

Characteristics of documents extended:

▪ Maintained: precise and concise, structured in a clear manner,

easy to understand by the intended users,

maintainable.

▪ New: verifiable

ISO26262:2018 – Part 8: Supporting processes 26/31

© Method Park

Part 10: Guideline on ISO 26262

ISO26262:2018 – Part 10: Guidelines on ISO 26262 27/31

▪ Guidance for system development with safety-related availability requirements added (Fault tolerance)

▪ Guidance on safety-related special characteristics

▪ Special characteristics (Besondere Merkmale): procedure to ensure that manufactured products or their elements provide the level of safety and quality required by customers

▪ Special characteristics can be product characteristics or manufacturing process parameters.

▪ Guidance for Identification, Specification, Monitoring of special characteristics.

© Method Park

Part 11: Guideline for semiconductors

ISO26262:2018 – Part 11: Guideline for semiconductors 28/31

▪ New Part; intended as a guideline for semiconductors

Content:

1 Scope

2 Normative references

3 Terms and definitions

4. A semiconductor component and its partitioning

▪ 4.1 How to consider semiconductor components

▪ 4.2 Dividing a semiconductor component in parts

▪ …

5 Specific semiconductor technologies and use cases

▪ 5.1 Digital components and memories

▪ 5.2 Analogue/mixed signal components

▪ …

Annex

▪ Several Examples of usage and analysis for digital and analogue components

© Method Park

Part 12: Adaptation of ISO26262for motorcycles

ISO26262:2018 – Part 12: Adaptation for motorcycles 29/31

New Structure (new Part)

▪ New Part; specifies adaptation for motorcyles including

▪ general topics for adaptation for motorcycles

▪ safety culture

▪ confirmation measures

▪ hazard analysis and risk assessment

▪ vehicle integration and testing

▪ safety validation.

© Method Park

Part 12: Terms and MSIL

New Terms:

▪ expert rider

▪ motorcycle

▪ Motorcycle Safety Integrity Level (MSIL)

▪ Controllability Classification Panel

ISO26262:2018 – Part 12: Adaptation for motorcycles 30/31

© Method Park

Vielen Dank

für Ihre

Aufmerksamkeit!

Thank you

for your kind

attention!

Documents

ISO 26262 Changes in Revision 2018 - ASQF...2016/06/19 · Revision of ISO 26262:2018 was released in December 2018 Version 2 contains some strutural and content changes Revision