In automobiles, safety functions are increasingly implemented by electronics. The International Organization for Standardization (ISO) developed ISO 26262 to enable the design of vehicle electronic systems that can prevent dangerous failures and control or minimize them if they occur. ISO 26262 is an automotive adaptation of the International Electrotechnical Commission’s (IEC’s) IEC 61508, an industrial standard for functional safety.
An increasing number of industrial control systems require IEC 61508 safety certification. The requirement for functional safety is also becoming more common and stringent in markets such as solar energy and aviation, as well as FDA Class III medical applications. The electronic systems in these industrial markets typically must operate with minimal faults in harsh environments.
IEC 61508 specifies/defines Safety Integrity Levels (SILs) to help developers more easily attain system compliance with SIL- 1 to 4 system compliance indicating either the probability of failure on demand (PFD) or probability of failure per hour (PFH) going from lowest (SIL 1) to highest (SIL 4) dependability levels. A device or system must meet the requirements for both hardware safety integrity and systematic safety integrity categories to achieve a given SIL. A sensor is important for both categories.
In contrast, ISO26262 specifies Automotive Safety Integrity Level (ASIL) ratings at one of four levels but classifies these as A to D to identify the safety measures to apply for avoiding an unreasonable residual risk based on Severity, Exposure and Controllability, with ASIL D representing the most and ASIL A the least stringent levels. The appropriate ASIL is determined through hazard analysis and risk assessment performed at the vehicle level. As a key system component, sensors contribute to the overall ASIL rating.
