How to “Survive” a Safety Case According to ISO 26262

Abstract

Modern road vehicles are equipped with driver assistance systems which support the safety of the vehicle in case of driver inattention. Ford is currently designing Lane Assistance functions which warn the driver haptically when leaving the lane or even generate a steering torque which brings the vehicle back into lane. The overlay of a steering torque includes the risk that an incorrectly performed function could lead to a safety issue. The ISO 26262 standard describes the process which has to be applied from a safety point of view. As with most standards the execution of the rules as laid down leaves room for interpretation and implementation which need to be solved in order to have a closed process. Another trap which has been identified as crucial is the level of detail. A too high level of detail contains the risk that the overview might get lost whereas a too low level of details contains the risk that safety issues might be overlooked. Ford, in conjunction with SystemA Engineering, has applied practical tools and methods which support the safety process according to ISO 26262. The safety steps and methods PHA, Safety Concept, FTA, FMDEA, Safety Requirements, as well as Validation and Verification are applied as an integrated approach which forms a part of the overall Ford development process. Practical experience has driven the methods and the interfaces between the various methods as well as the level of detail necessary for the safety case. This paper and the presentation will show a practical example how a great portion of the ISO 26262 safety case can be developed, documented, evaluated and managed without loosing the overall picture. The example will also cover interfaces between different disciplines as well as between OEM and supplier.