ISO 26262: Road vehicles — Functional safety
ISO 26262 is the automotive adaptation of IEC 61508 for functional safety of electrical and/or electronic (E/E) systems installed in series-production road vehicles. First published in 2011 and revised in 2018, the second edition extends the scope from passenger cars to all road vehicles (except mopeds). It provides a risk-based safety framework and lifecycle spanning concept, development, production, operation, service, and decommissioning.
Key ideas
- Safety lifecycle with defined work products from concept to decommissioning, including hazard analysis and risk assessment (HARA), safety goals, functional and technical safety concepts, safety requirements, verification/validation, and safety case with confirmation measures
- Risk classification via Automotive Safety Integrity Levels (ASIL A–D; D highest) derived from severity (S), exposure (E), and controllability (C); below ASIL A is quality management (QM)
- System, hardware, and software development with requirements for architecture (e.g., independence and freedom from interference), diagnostics and safety mechanisms, hardware metrics (e.g., single-point and latent fault metrics), and software design/verification
- Supporting processes including configuration/change management, tool qualification, qualification of existing components, documentation management, and independent reviews, audits, and assessments
Structure (2018 edition)
- Vocabulary
- Management of functional safety
- Concept phase (incl. HARA and safety goals)
- Product development at the system level (functional/technical safety concepts, allocation)
- Product development at the hardware level (safety mechanisms, hardware metrics)
- Product development at the software level (requirements, design, implementation, verification)
- Production, operation, service, and decommissioning
- Supporting processes (configuration/change management, tool and component qualification, documentation)
- ASIL-oriented and safety analyses (e.g., FMEA/FMEDA, DFA, dependent failure analysis)
- Guidelines on ISO 26262 (interpretation and guidance)
- Guidelines on application to semiconductors
- Adaptation for motorcycles
Quality Attributes Required or Emphasized
The standard centers on functional safety and systematically addresses attributes that help achieve and demonstrate safety of E/E systems.
| Attribute | Relevance in ISO 26262 | |
|---|---|---|
| Auditability | Confirmation measures (independent reviews, audits, assessments) and safety case evidence enable external evaluation. | |
| Availability | Indirectly managed: safety-related functions must be available as required for safety or move to a defined safe state; availability trade-offs are analyzed during HARA and design. | |
| Compliance | Conformance with normative requirements and documented tailoring to demonstrate adherence to the standard. | |
| Configurability | Variants and parameterization are controlled via configuration/change management to maintain safety across product lines. | |
| Dependability | Umbrella attribute (availability, reliability, maintainability, safety) supported by the safety lifecycle, analyses, and confirmation measures. | |
| Fault Isolation | Freedom from interference and partitioning prevent cascading effects between elements of different criticality. | |
| Fault Tolerance | Redundancy, diagnostics, and safety mechanisms ensure continued safe operation or controlled transition to a safe state. | |
| Integrity | Integrity of safety-related data and control flows avoids erroneous actuation and supports freedom from interference. | |
| Maintainability | Controlled change and configuration management preserve safety after modifications across the lifecycle. | |
| Observability | Diagnostic coverage and monitoring detect faults and support safe reactions. | |
| Portability / Reusability | Qualification and integration of existing SW/HW and pre-qualified components enable safe reuse across platforms. | |
| Reliability | Random hardware faults and failure modes are analyzed (FMEA/FMEDA) to support hardware metrics and safety targets. | |
| Robustness | Architectural and implementation measures handle faults and perturbations without loss of safety. | |
| Safety | Core objective: reduce unreasonable risk from hazards due to malfunctions using a defined safety lifecycle and ASIL-based risk reduction. | |
| Security | Coordinated with ISO/SAE 21434; security controls are considered where necessary to prevent threats from causing safety hazards. | |
| Testability | Extensive verification and validation across all lifecycle phases, including coverage-based testing and regression. | |
| Traceability | End-to-end traceability from safety goals through requirements, design, implementation, tests, and safety case. |
References
Official Standards Documents
- ISO 26262-1:2018 — Road vehicles — Functional safety — Part 1: Vocabulary (ISO Store): https://www.iso.org/standard/68383.html
- ISO Online Browsing Platform (Part 1 – Vocabulary): https://www.iso.org/obp/ui/#iso:std:iso:26262
ed-2:v1:en
Related Standards
- IEC 61508 — Functional safety of E/E/PE systems
- ISO/PAS 21448 — Safety of the Intended Functionality (SOTIF)
- ISO/SAE 21434 — Road vehicles — Cybersecurity engineering
- SAE J2980 — Considerations for ISO 26262 ASIL hazard classification
- Automotive SPICE (ASPICE)
Additional Resources
- ISO 26262 (Wikipedia): https://en.wikipedia.org/wiki/ISO_26262
- Vector: ISO 26262 overview — https://www.vector.com/int/en/know-how/technical-articles/iso-26262/
- TÜV SÜD: ISO 26262 functional safety — https://www.tuvsud.com/en/services/functional-safety/iso-26262