Scientific Sunday — What’s Functional Safety and What Does It Do?

  • June 2, 2013

By B. Oosthoek

Before div­ing into the why and how regard­ing Func­tional Safety in the auto­mo­tive indus­try, let’s start with some his­tory regard­ing Auto­mo­tive Safety. Auto­mo­tive Safety ensures that vehi­cles will be devel­oped and man­u­fac­tured in such a way that the occur­rence and effects of auto­mo­bile acci­dents are min­i­mized, pro­tect­ing the peo­ple inside the vehi­cle as well as pro­tect­ing pedes­tri­ans (pre­dom­i­nant victims).

From the first vehi­cles ever made Safety was in the pic­ture and stud­ies showed the pos­i­tive effect of padded dash­boards and seat­belts. How­ever, in the old days, Safety was mainly seen (with some excep­tions) as unsport­ing and thus unmar­ketable and found some resis­tance of the car man­u­fac­tur­ers. This all changed in 1965 when polit­i­cal activist Ralph Nader pub­lished his book “Unsafe at any Speed” reveal­ing the resis­tance of imple­ment­ing Safety. The fol­low­ing years Safety gained more pop­u­lar­ity in the form of more and more active (to assist the dri­ver and pre­vent acci­dent) and pas­sive (to lower the effect/harm if an acci­dent occurred) safety systems.

Among other sys­tems, these Safety appli­ca­tions also caused a growth in more and more com­plex sys­tems within a vehi­cle and E/E sys­tems were needed to sup­port these. In the early 1980ies the Ger­man indus­try rec­og­nized that very com­plex sys­tems can also intro­duce dan­ger­ous sit­u­a­tion caused by unin­tended behav­ior. To pro­vide a method to eval­u­ate these com­plex sys­tems as part of a Safety func­tion the DIN V VDE 0801 stan­dard was intro­duced which grew over time to the mother of the Func­tional Safety stan­dards for E/E sys­tems, the IEC — 61508. Due to the fact that every indus­try has their own way of work­ing, a num­ber of indus­tries spe­cific stan­dards are cre­ated based on the IEC 61508. For auto­mo­tive this is the in 2011 released ISO 26262 stan­dard for road vehicles.

What Is Func­tional Safety?

Func­tional Safety is the part of over­all Safety of a sys­tem where­upon it depends to oper­ate cor­rectly in the response of its inputs with the sole objec­tive to remove the unac­cept­able risk of injuries. In other words, func­tional safety ensures that all sys­tems in the vehi­cle will not cause any injury or harm in any case (e.g. If com­po­nents break down or under extreme sys­tem inputs). A clear exam­ple is the unin­tended deploy­ment of an airbag, not at the time of an acci­dent, due to a bro­ken wire caused by vibra­tions.. Func­tional Safety in sys­tems will either pre­vent the fail­ure that causes the dan­ger­ous unde­sired behav­ior or lower the effects by e.g. warn­ing the dri­ver or putting the sys­tem into a safe oper­a­tion mode (e.g. dis­abling the sys­tem if it’s deemed to be unreliable).

How Can Func­tional Safety Be Achieved?

As men­tioned above Func­tional Safety can be achieved by ensur­ing that the desired behav­ior (the actual design intent) will be guar­an­teed under all con­di­tions. To do so the risks of the sys­tem need to be iden­ti­fied so that the Safety func­tions can be imple­mented to cope with these risks. Every Safety func­tion also needs to be assessed for their effec­tive­ness (how good are they in reduc­ing the iden­ti­fied risks).

Above method sounds easy enough, but due to the com­plex­ity of auto­mo­tive sys­tems, it can be very hard to find risks or define effec­tive Safety Func­tions. Most noto­ri­ous is the Toy­ota unin­tended accel­er­a­tion inci­dent (not the only accel­er­a­tion related inci­dent). Although noth­ing was found which directly blamed Toy­ota for the inci­dents, Toy­ota strug­gled to show the US gov­ern­ment that they did every­thing in their power to pre­vent the inci­dents to hap­pen. The media held a frenzy and Toy­ota suf­fered losses and bad pub­lic­ity (even­tu­ally the floor mats were blamed).

The Toy­ota exam­ple also showed that for achiev­ing func­tional Safety the effec­tive­ness of Safety func­tions needs to be made mea­sur­able (the famous SIL level) and verifiable/verified. To be sure an exter­nal eval­u­a­tion is also needed in some cases (assess­ments and audits). The Func­tional Safety stan­dards help the devel­op­ers (man­u­fac­tur­ers and their sup­pli­ers) to achieve Func­tional Safety by pro­vid­ing devel­op­ment require­ments and guide­lines (Safety devel­op­ment life cycle).

What Is to Come?

Cur­rently the man­u­fac­tur­ers and their sup­pli­ers are get­ting their devel­op­ment processes more and more in line with the ISO 26262 described Safety life cycle. Although the stan­dard only cov­ers road vehi­cles (< 3.5 tons) at this time the Truck man­u­fac­tur­ers are already get­ting ready for the planned ISO 26262 for heavy duty vehi­cles(> 3.5 tons). The biggest chal­lenge is to adopt years of expe­ri­ence to cope with the new ISO 26262 stan­dard and tech­niques within the tough time to mar­ket dead­lines and ever increas­ing com­plex­ity

of auto­mo­tive systems.


comment