Functional safety in the automobile – ISO 26262
ISO 26262 is confronting developers in the automotive industry with a formidable challenge. On the one hand, it has taken ten volumes, which together with their explanatory notes amount to more than 450 pages, to describe the requirements relating to the functional safety of electronic control elements with a safety function in the automotive industry. (The draft for the 2nd edition, meanwhile, comprises 12 volumes with approx. 750 pages). On the other, operational practice, i.e. the current state of technology in the automotive industry as it is at the present day, is still not in a position – more than 6 years following publication of the standard – to provide a satisfactory answer to the question of how all its requirements can be implemented properly and effectively.
This puts the developers on the horns of a dilemma: on the one hand they are supposed to deliver inexpensive solutions – depending on the situation at the outset, the extra expenditure incurred in the interests of functional safety can amount to up to 30% of the overall development costs; on the other, negligent handling of the requirements relating to the functional safety of their products or incorrect interpretation of the standard can mean that they risk not just the success of their project but, under extreme circumstances, the very existence of their company. Functional safety is an area which, unlike the requirements of the RfQ in the context of release for series production, cannot be comprehensively verified. Thus there is a danger that under certain circumstances, deficiencies in functional safety may not be discovered until years after SOP, for example as a result of an accident or an official investigation. This is the worst possible case for the supplier concerned, since he cannot remedy the defect in the area of functional safety at short notice. To do that, he would almost always have to go right back through the development again from the beginning, which would take months, if not years. But no OEM is prepared or in a position to stop his production, no motorist to mothball his vehicle until a product which has been reworked to conform to the standard finally becomes available. In other words, the OEM is forced to buy back the vehicles which are not operationally safe from the market and to transfer ongoing production to a competitor. Against this backdrop, it is not merely recommendable but nothing short of essential to exercise great diligence in finding out how the requirements relating to functional safety can be properly fulfilled in terms of their content and in terms of the law. Without clearly structured, close coordination with the OEM on each individual application project, and without documentation that does justice to the legal requirements, this is simply not feasible.
[June 15th, 2017]