ISO 26262 is the automotive adaptation of IEC 61508 for functional safety of electrical and/or electronic (E/E) systems installed in series-production road vehicles. First published in 2011 and revised in 2018, the second edition extends the scope from passenger cars to all road vehicles (except mopeds). It provides a risk-based safety framework and lifecycle spanning concept, development, production, operation, service, and decommissioning.
Key ideas
- Safety lifecycle with defined work products from concept to decommissioning, including hazard analysis and risk assessment (HARA), safety goals, functional and technical safety concepts, safety requirements, verification/validation, and safety case with confirmation measures
- Risk classification via Automotive Safety Integrity Levels (ASIL A–D; D highest) derived from severity (S), exposure (E), and controllability (C); below ASIL A is quality management (QM)
- System, hardware, and software development with requirements for architecture (e.g., independence and freedom from interference), diagnostics and safety mechanisms, hardware metrics (e.g., single-point and latent fault metrics), and software design/verification
- Supporting processes including configuration/change management, tool qualification, qualification of existing components, documentation management, and independent reviews, audits, and assessments
Structure (2018 edition)
- Vocabulary
- Management of functional safety
- Concept phase (incl. HARA and safety goals)
- Product development at the system level (functional/technical safety concepts, allocation)
- Product development at the hardware level (safety mechanisms, hardware metrics)
- Product development at the software level (requirements, design, implementation, verification)
- Production, operation, service, and decommissioning
- Supporting processes (configuration/change management, tool and component qualification, documentation)
- ASIL-oriented and safety analyses (e.g., FMEA/FMEDA, DFA, dependent failure analysis)
- Guidelines on ISO 26262 (interpretation and guidance)
- Guidelines on application to semiconductors
- Adaptation for motorcycles
Quality Attributes Required or Emphasized
The standard centers on functional safety and systematically addresses attributes that help achieve and demonstrate safety of E/E systems.
| Attribute | Relevance in ISO 26262 |
|---|---|
| Auditability | Confirmation measures (independent reviews, audits, assessments) and safety case evidence enable external evaluation. |
| Availability | Indirectly managed: safety-related functions must be available as required for safety or move to a defined safe state; availability trade-offs are analyzed during HARA and design. |
| Compliance | Conformance with normative requirements and documented tailoring to demonstrate adherence to the standard. |
| Configurability | Variants and parameterization are controlled via configuration/change management to maintain safety across product lines. |
| Dependability | Umbrella attribute (availability, reliability, maintainability, safety) supported by the safety lifecycle, analyses, and confirmation measures. |
| Fault Isolation | Freedom from interference and partitioning prevent cascading effects between elements of different criticality. |
| Fault Tolerance | Redundancy, diagnostics, and safety mechanisms ensure continued safe operation or controlled transition to a safe state. |
| Integrity | Integrity of safety-related data and control flows avoids erroneous actuation and supports freedom from interference. |
| Maintainability | Controlled change and configuration management preserve safety after modifications across the lifecycle. |
| Observability | Diagnostic coverage and monitoring detect faults and support safe reactions. |
| Portability / Reusability | Qualification and integration of existing SW/HW and pre-qualified components enable safe reuse across platforms. |
| Reliability | Random hardware faults and failure modes are analyzed (FMEA/FMEDA) to support hardware metrics and safety targets. |
| Robustness | Architectural and implementation measures handle faults and perturbations without loss of safety. |
| Safety | Core objective: reduce unreasonable risk from hazards due to malfunctions using a defined safety lifecycle and ASIL-based risk reduction. |
| Security | Coordinated with ISO/SAE 21434; security controls are considered where necessary to prevent threats from causing safety hazards. |
| Testability | Extensive verification and validation across all lifecycle phases, including coverage-based testing and regression. |
| Traceability | End-to-end traceability from safety goals through requirements, design, implementation, tests, and safety case. |
References
Official Standards Documents
- ISO 26262-1:2018 — Road vehicles — Functional safety — Part 1: Vocabulary: ISO Online Browsing Platform
Related Standards
- IEC 61508 — Functional safety of E/E/PE systems
- ISO/PAS 21448 — Safety of the Intended Functionality (SOTIF)
- ISO/SAE 21434 — Road vehicles — Cybersecurity engineering
- SAE J2980 — Considerations for ISO 26262 ASIL hazard classification
- Automotive SPICE (ASPICE)