In response to the rapid advancement and increasingly sophisticated functions of automobile electronic systems, ISO 26262 standard, which was released in 2011, provides a complete functional safety design process and certification system to ensure the safety of car driving, and has been accepted by major car makers and suppliers around the world. For Taiwan makers, it's the time for them to take actions to comply with the standard, so that they can move into the growing automobile electronics market and grab more business opportunities.
The Scope of ISO 26262 Standard
"Automobile electronic systems comprise a wide range of electronic, electrical, software, and machinery components and subsystems. Any mistake of the system design may result in functional failure and cause serious damages," Gerhard Rieger, Branch Manager of Functional Safety Division at TUV NORD Systems, said. "Therefore, how to ensure the functional safety of automobile electronic systems have become one of the top design tasks for car makers."
The current ISO 26262 standard is in its 2011 version, which applies to safety-related systems that are installed in production passengers cars with maximum gross vehicle mass up to 3.5 ton. Those systems are of safety level from ASIL A (lowest) to ASIL D (highest), including electronic control unit (ECU), microcontroller, battery management system, advanced driver assistance systems (ADAS), safety-related software development tool, and so on.
It is expected that its latest version will be released in 2018, in which motorcycles, trucks, and buses will be also included. For car makers, complying with the state-of-the-art ISO 26262 showcases that they have taken the full responsibility to ensure the safety of product designs and to protect customers' rights. Therefore, in the future, developments and implementations of new products in automobiles must be compliant with ISO 26262 to be accepted by the global market.
According to Rieger, ISO26262 aims to protect the following three safety risks. Firstly, common cause failure, which is resulted from the external factors such as temperature, environment. Secondly, random failure, which is caused by aging of hardware components and can be mitigated by quantitative calculation. The third one, and also the most important one, is systematic failure, which is due to the manual errors in development and production processes and will cause the highest level of risks.
In order to cope with the different levels of functional failure risks, ISO 26262 has established a comprehensive safety design processes and guidelines to guarantee the functional safety of the overall safety chain.
Starting from car OEMs' concept design, they will first conduct risk analysis for the safety design of the system, and then tell their first-tier suppliers about the system demands. The demands will be passed on to second-tier suppliers, including chip, sensor, and development tool vendors, and production contractors such as packaging, testing, and foundry makers.
"ISO26262 is a broad and complicated standard which covers the complete functional safety confirmation from the concept design to final product," Rieger stressed. "Additionally, it also defines DIA (Development Interface Agreement) to clarify responsibilities among suppliers in case of system malfunction. In fact, the implementation of the standard is a top-down management practice, which clearly specifies the rules and liabilities among suppliers of different levels and can be used to as a reference for future insurance claims."
Functional Safety Matters
In recent years, many recalls in automobile industry are due to the malfunction of electronic/electrical systems. This not only jeopardizes consumers' individual safety, but also impacts car makers' corporate images and will cause expensive handling costs. As a result, ISO 26262 has become the prevailing standard in automobile industry nowadays.
"At first, ISO 26262 was mainly driven by European car makers," Kevin Huang, Great China Functional Safety Product Manager, said. "Now, as the functions of automobile electronic systems get increasingly complicated, any hardware, software and system failure may cause fatal incidents. Therefore, ISO 26262 has become a global standard after it was finalized. At present, car makers in the US and Japan also have adopted this standard. Moreover, China has considered it a national standard."
ISO 26262 is not a mandatory standard or legal requirement. However, because it is widely accepted around the world and it provides a means of improving safety and reducing recalls in the future, all manufacturers are now integrating the standard into their products and processes.
On the other hand, with the rapid progress of connected and self-driving cars, the safety risks of automobile electronic systems will be much higher. "Self-driving car is a revolution as well as a brand new challenge for automobile industry," Rieger stressed. "Currently, major car makers are heavily investing in this technology and will bring new business opportunities for suppliers. Take Ford as an example, the company plans to launch self-driving cars by 2021. It is expected that this application will get matured in five years."
"Its next version, 2.0, will include all these more advanced systems. For suppliers of automobile electronic systems, now it's the right time for them to implement the standard."
According to Huang, "Some Taiwan makers already received inquiries that ask for ISO 26262 compliance. We believe that as the applications of connected cars get more popular, such inquiries will also be on the rise. If companies want to move into the automobile supplier chain, they have to integrate the standard into their product designs from now, otherwise, they may lose huge business opportunities in the future."
ISO 26262 aims to provide regulations and recommendations throughout the product development process. Therefore, major car makers and their supply chain vendors are taking actions to comply with the standard. However, this is not the case for vendors of after-service market, because their products don't have to meet OEMs' safety requirement. As for Taiwan market, semiconductor companies, including assembly and testing, foundry, and IC design, will all be impacted.
TUV NORD Understands and Helps Customers Move into Automobile Supply Chain
"Taiwanese companies used to focus on consumer market in the past. But as automobile market rises, it is inevitable for them to comply with the standard of functional safety procedures," Rieger said. "In practice, for those who already have ISO 9001 or ISO TS certifications, they can consider the parallel approach. It means that companies can still use their existing processes to develop consumer products, so there is no need to change in this regard. But, they will need to implement new processes for automobile products. By using two design flows separately, companies can have better flexibility and cost effectiveness."
The implementation of new standard will surely increase the development cost. But the cost will be justified if companies consider the risks of future recalls, failure liabilities, and the possibilities of losing business. Moreover, as the number of design projects increases, eventually companies will have a better return on the investment.
Rieger introduced that TUV NPRD functional safety team is a third-party accreditation organization ensured by Germany authority DAkks. We provides personnel, process, product, tool, SEooC(Safety Element out of context) certifications, as well as consulting and coaching services for component manufacturers. With rich and in-depth experiences, we have customers all over the world, including leading car makers, system suppliers, chip vendors, tool providers, and major electrical vehicle makers in China.
"We have deployed Chinese experts in Great China market. Together with our strong Germany teams, we can truly understand customers' requirements and make the best efforts to help them integrate ISO 26262 into their design processes. Also, we will conduct gap analysis for customers to help them analyze the gap between their existing design flows to those of ISO 26262 in detail and then come up with an implementation plan accordingly. Our certification services also include functional safety management certification, functional safety product certification, and development tool certification."
He stressed that having comprehensive certification services is one of TUV NORD's key advantages. "Not only automotive, we provide certification services for medical, railway, aviation, process control technology and more. Our customers can obtain certifications for other industries in a more cost effective way when they get the automotive certifications, so that they can expand their target markets more easily."
Gerhard Rieger, branch manager of functional safety division & Kevin Huang, Great China functional safety product manager
DIGITIMES' editorial team was not involved in the creation or production of this content. Companies looking to contribute commercial news or press releases are welcome to contact us.