Functional safety on a off-highway automatic transmission

For a transmission supplier in the Off-highway industry that builds hydrodynamic transmissions BRACE worked on the developments needed to end up with a Functional Safety compliant product. Process steps were followed together with technical experts of the customer and BRACE designed technical requirements and solutions to create a safe transmission.

A typical difficulty in safe operation of a transmission is that the transmission should never by itself switch from Neutral to Drive or Reverse. Regardless on whether this could occur to Electromagnetic fields, failure of hydraulic valves or short circuits in switches or wiring harness. Also the transmission plays a role in engine braking which on heavy vehicles is needed in addition to the wheel brakes to be able to drive safely downhill. Therefore the transmission must in all cases maintain engine braking when the driver asks for it.

The processes followed require that a Hazard and Risk Analysis is performed out of which Safety Goals are formulated. Then Functional Concepts and Requirements can be written that are converted in Technical concepts and requirements. Also the validation of compliance to both technical and functional levels is a part of development.

The transmission needed to become complaint to ISO 25119 AgPL level D and ISO 13849 PL level D. It needed to be ISO 26262 compliance ready. BRACE developped the SafteySystem using System Engineering and Model Based Design (Mathworks Simulink). The target for implementation was a Dual Core MCU (Freescale, Qorivva Dual Core 32-bit). BRACE was involved in the complete lifecycle development (Functional, System, HW and SW).