Scientific Sunday — What’s Functional Safety and What Does It Do?

  • June 2, 2013

By B. Oosthoek

Before div­ing into the why and how regard­ing Func­tional Safety in the auto­mo­tive indus­try, let’s start with some his­tory regard­ing Auto­mo­tive Safety. Auto­mo­tive Safety ensures that vehi­cles will be devel­oped and man­u­fac­tured in such a way that the occur­rence and effects of auto­mo­bile acci­dents are min­i­mized, pro­tect­ing the peo­ple inside the vehi­cle as well as pro­tect­ing pedes­tri­ans (pre­dom­i­nant victims).

From the first vehi­cles ever made Safety was in the pic­ture and stud­ies showed the pos­i­tive effect of padded dash­boards and seat­belts. How­ever, in the old days, Safety was mainly seen (with some excep­tions) as unsport­ing and thus unmar­ketable and found some resis­tance of the car man­u­fac­tur­ers. This all changed in 1965 when polit­i­cal activist Ralph Nader pub­lished his book “Unsafe at any Speed” reveal­ing the resis­tance of imple­ment­ing Safety. The fol­low­ing years Safety gained more pop­u­lar­ity in the form of more and more active (to assist the dri­ver and pre­vent acci­dent) and pas­sive (to lower the effect/harm if an acci­dent occurred) safety systems.



Among other sys­tems, these Safety appli­ca­tions also caused a growth in more and more com­plex sys­tems within a vehi­cle and E/E sys­tems were needed to sup­port these. In the early 1980ies the Ger­man indus­try rec­og­nized that very com­plex sys­tems can also intro­duce dan­ger­ous sit­u­a­tion caused by unin­tended behav­ior. To pro­vide a method to eval­u­ate these com­plex sys­tems as part of a Safety func­tion the DIN V VDE 0801 stan­dard was intro­duced which grew over time to the mother of the Func­tional Safety stan­dards for E/E sys­tems, the IEC — 61508. Due to the fact that every indus­try has their own way of work­ing, a num­ber of indus­tries spe­cific stan­dards are cre­ated based on the IEC 61508. For auto­mo­tive this is the in 2011 released ISO 26262 stan­dard for road vehicles.



What Is Func­tional Safety?


Func­tional Safety is the part of over­all Safety of a sys­tem where­upon it depends to oper­ate cor­rectly in the response of its inputs with the sole objec­tive to remove the unac­cept­able risk of injuries. In other words, func­tional safety ensures that all sys­tems in the vehi­cle will not cause any injury or harm in any case (e.g. If com­po­nents break down or under extreme sys­tem inputs). A clear exam­ple is the unin­tended deploy­ment of an airbag, not at the time of an acci­dent, due to a bro­ken wire caused by vibra­tions.. Func­tional Safety in sys­tems will either pre­vent the fail­ure that causes the dan­ger­ous unde­sired behav­ior or lower the effects by e.g. warn­ing the dri­ver or putting the sys­tem into a safe oper­a­tion mode (e.g. dis­abling the sys­tem if it’s deemed to be unreliable).


How Can Func­tional Safety Be Achieved?


As men­tioned above Func­tional Safety can be achieved by ensur­ing that the desired behav­ior (the actual design intent) will be guar­an­teed under all con­di­tions. To do so the risks of the sys­tem need to be iden­ti­fied so that the Safety func­tions can be imple­mented to cope with these risks. Every Safety func­tion also needs to be assessed for their effec­tive­ness (how good are they in reduc­ing the iden­ti­fied risks).



Above method sounds easy enough, but due to the com­plex­ity of auto­mo­tive sys­tems, it can be very hard to find risks or define effec­tive Safety Func­tions. Most noto­ri­ous is the Toy­ota unin­tended accel­er­a­tion inci­dent (not the only accel­er­a­tion related inci­dent). Although noth­ing was found which directly blamed Toy­ota for the inci­dents, Toy­ota strug­gled to show the US gov­ern­ment that they did every­thing in their power to pre­vent the inci­dents to hap­pen. The media held a frenzy and Toy­ota suf­fered losses and bad pub­lic­ity (even­tu­ally the floor mats were blamed).


The Toy­ota exam­ple also showed that for achiev­ing func­tional Safety the effec­tive­ness of Safety func­tions needs to be made mea­sur­able (the famous SIL level) and verifiable/verified. To be sure an exter­nal eval­u­a­tion is also needed in some cases (assess­ments and audits). The Func­tional Safety stan­dards help the devel­op­ers (man­u­fac­tur­ers and their sup­pli­ers) to achieve Func­tional Safety by pro­vid­ing devel­op­ment require­ments and guide­lines (Safety devel­op­ment life cycle).


What Is to Come?


Cur­rently the man­u­fac­tur­ers and their sup­pli­ers are get­ting their devel­op­ment processes more and more in line with the ISO 26262 described Safety life cycle. Although the stan­dard only cov­ers road vehi­cles (< 3.5 tons) at this time the Truck man­u­fac­tur­ers are already get­ting ready for the planned ISO 26262 for heavy duty vehi­cles(> 3.5 tons). The biggest chal­lenge is to adopt years of expe­ri­ence to cope with the new ISO 26262 stan­dard and tech­niques within the tough time to mar­ket dead­lines and ever increas­ing com­plex­ity


of auto­mo­tive systems.

vacancies

Looking for automotive challanges?

See all our job offerings

Brace for Companies

If you want to find out how we can help your company?

Just get in contact with us. And we're happy to explain

ingenious