Scientific Sunday — What’s Functional Safety and What Does It Do?
By B. Oosthoek
Before diving into the why and how regarding Functional Safety in the automotive industry, let’s start with some history regarding Automotive Safety. Automotive Safety ensures that vehicles will be developed and manufactured in such a way that the occurrence and effects of automobile accidents are minimized, protecting the people inside the vehicle as well as protecting pedestrians (predominant victims).
From the first vehicles ever made Safety was in the picture and studies showed the positive effect of padded dashboards and seatbelts. However, in the old days, Safety was mainly seen (with some exceptions) as unsporting and thus unmarketable and found some resistance of the car manufacturers. This all changed in 1965 when political activist Ralph Nader published his book “Unsafe at any Speed” revealing the resistance of implementing Safety. The following years Safety gained more popularity in the form of more and more active (to assist the driver and prevent accident) and passive (to lower the effect/harm if an accident occurred) safety systems.
Among other systems, these Safety applications also caused a growth in more and more complex systems within a vehicle and E/E systems were needed to support these. In the early 1980ies the German industry recognized that very complex systems can also introduce dangerous situation caused by unintended behavior. To provide a method to evaluate these complex systems as part of a Safety function the DIN V VDE 0801 standard was introduced which grew over time to the mother of the Functional Safety standards for E/E systems, the IEC — 61508. Due to the fact that every industry has their own way of working, a number of industries specific standards are created based on the IEC 61508. For automotive this is the in 2011 released ISO 26262 standard for road vehicles.
What Is Functional Safety?
Functional Safety is the part of overall Safety of a system whereupon it depends to operate correctly in the response of its inputs with the sole objective to remove the unacceptable risk of injuries. In other words, functional safety ensures that all systems in the vehicle will not cause any injury or harm in any case (e.g. If components break down or under extreme system inputs). A clear example is the unintended deployment of an airbag, not at the time of an accident, due to a broken wire caused by vibrations.. Functional Safety in systems will either prevent the failure that causes the dangerous undesired behavior or lower the effects by e.g. warning the driver or putting the system into a safe operation mode (e.g. disabling the system if it’s deemed to be unreliable).
How Can Functional Safety Be Achieved?
As mentioned above Functional Safety can be achieved by ensuring that the desired behavior (the actual design intent) will be guaranteed under all conditions. To do so the risks of the system need to be identified so that the Safety functions can be implemented to cope with these risks. Every Safety function also needs to be assessed for their effectiveness (how good are they in reducing the identified risks).
Above method sounds easy enough, but due to the complexity of automotive systems, it can be very hard to find risks or define effective Safety Functions. Most notorious is the Toyota unintended acceleration incident (not the only acceleration related incident). Although nothing was found which directly blamed Toyota for the incidents, Toyota struggled to show the US government that they did everything in their power to prevent the incidents to happen. The media held a frenzy and Toyota suffered losses and bad publicity (eventually the floor mats were blamed).
The Toyota example also showed that for achieving functional Safety the effectiveness of Safety functions needs to be made measurable (the famous SIL level) and verifiable/verified. To be sure an external evaluation is also needed in some cases (assessments and audits). The Functional Safety standards help the developers (manufacturers and their suppliers) to achieve Functional Safety by providing development requirements and guidelines (Safety development life cycle).
What Is to Come?
Currently the manufacturers and their suppliers are getting their development processes more and more in line with the ISO 26262 described Safety life cycle. Although the standard only covers road vehicles (< 3.5 tons) at this time the Truck manufacturers are already getting ready for the planned ISO 26262 for heavy duty vehicles(> 3.5 tons). The biggest challenge is to adopt years of experience to cope with the new ISO 26262 standard and techniques within the tough time to market deadlines and ever increasing complexity
of automotive systems.