[Skip to content]

Search our Site

In-vehicle safety standard released for consultation

First publishedin ITS International
2009 September October
[ Zoom ]
Mercedes saloon driving on a wet surface
Although the current iteration of ISO 26262 concentrates on discrete safety systems, such as stability control, future iterations will also look at interaction cooperative infrastructures. Infrastructure stakeholders are therefore being encouraged to get involved in the consultation process which will lead to a finalised standard.

The new ISO 26262 standard for safety-related vehicle systems is now available for comment. MIRA's David Ward talks to ITS International about what the standard will mean for vehicle and road safety in the future.

The publication on 8 July this year of ISO 26262 as a Draft International Standard (DIS) marks an important progression for the automotive - and, in time, the cooperative infrastructure - industries. A couple of years from now, automotive OEMs will be able to subscribe to a unifying standard for safety-related control systems for vehicles. It will allow them to streamline production processes whilst demonstrating that the issue of safety continues to be taken seriously. And, although the current iteration of the standard relates more to current-generation vehicle control and safety systems, the appearance of ISO 26262 means that there is already an opportunity for those with an interest from the infrastructure side to consider how future technologies and applications will interact.

Interpretation

ISO 26262 grew out of IEC 61508. The latter is a generic standard for safety-related electronic systems which came from the process control industry and relates to lifecycle, process and design requirements. However, its direct application to vehicular systems has proven difficult and it has long been the aspiration that specific industries develop their own interpretations.

ISO 26262 therefore relates to any system the failure of which would have implications for vehicles, their passengers or those in the vicinity. At this point in time, that means vehicle dynamics systems such as those for chassis, steering and braking control as well as both passive and active safety systems.

UK engineering consultants Mira took a lead role in developing software standards within ISO 26262. The organisation's David Ward, who was the UK's Principal Expert on the ISO Working Group which formulated the standard, explains its history:

"Prior to ISO 26262, the automotive industry had two principal sets of guidance: IEC 61508 and industry guidelines published by the Motor Industry Software Reliability Association [MISRA].

"What was missing was a single international standard dealing with functional safety which was automotive-specific. The absence of a single standard which stands up to scrutiny within national legal frameworks causes difficulties in some countries.

"There were three main technological drivers for ISO 26262's development: the increasing complexity of onboard systems; their increasing number; and the increasing levels of software content. Software is both directly and indirectly responsible for around 85 per cent of the functions on a modern vehicle. To put that in perspective, around 20-30 per cent of the value of a modern car is in its electronic systems and a luxury model can carry around 100 microprocessors. That might seem like a high figure but not all of those will be used for high-level control; even door closures will incorporate some form of micro-controller."

Timeline

Work on standards unification started in the UK in 1990 and there were also activities elsewhere at the national level, particularly in France and Germany. Over 2003/4, those efforts began to be drawn together in a more concerted manner and in November 2005 work officially started on the new ISO standard. France and Germany tabled draft documents for review and input by experts from Europe, Japan and North America. A Committee Draft was released to national bodies for review and that led to the DIS which appeared in July. The appearance of the DIS, Ward notes, means that there is the opportunity for a much wider range of people to provide comment, and he is keen that relevant stakeholders become engaged.

"We still don't have a full international standard but what we have is open for public review," he states.

[ Zoom ]
EMC testing
EMC testing: with modern cars containing up to 100 microprocessors and software controlling around 85 per cent of a vehicle's functions there was a need for a more specific standard than the generic IEC 61508. ISO 26262 addresses that need.

Guiding factors

Factors which guided ISO 26262's formulation included the state of the art of technological processes for developing vehicle electronic systems within automotive OEMs and their suppliers. According to Ward, IEC 61508 fails to cover some of the more specific factors within the automotive sector. These include, for example, the common use of model-based development and the complexity of the automotive industry's supply chain.

"It's not uncommon for the OEMs to come up with a specification which they take to their Tier One suppliers," he continues. "The Tier Ones will then often subcontract work to their suppliers, the Tier Twos. It was important to find a mechanism by which we could cascade safety standards." At present, ISO 26262 is firmly routed in current-generation vehicle safety systems. These tend to be discrete and it has not considered cooperative infrastructure systems thus far. Ward says that this reflects the urgent need for a standard in some quarters.

"Some countries simply needed a standard now and there was a fear that any attempt to include cooperative infrastructure systems would lead to a dilution of the task at hand. Other countries, the UK among them, considered that cooperative systems should have been included in this initial version.

"Standards, though, have a long shelf-life and every three years they pass through a review process. It's entirely possible to include cooperative systems then but such standards do already exist: MISRA released safety analysis guidelines in November 2007 which, while the processes they describe apply to current-generation vehicle safety systems, can also apply to cooperative infrastructures. These standards have been embraced by vehicle manufacturers and the various national infrastructure projects which have been set up to test the concepts and applications involved."

Good practice

Experts from a total of nine countries have worked together on ISO 26262. They represent vehicle manufacturers, component suppliers and a small number of engineering consultancies such as MIRA, which was selected to represent all levels of the automotive supply chain in the UK; Ward says that it is the intention going forward that there should be one representative organisation from each participating country.

By achieving common levels of good practice, it is expected that common ground will be found in terms of system development.

"At present a major automotive supplier is effectively forced to follow numerous standards. ISO 26262 is intended to be a single standard which is acceptable to all customers. It will add value to the industry by reducing duplication of effort. It will also allow the automotive industry to demonstrate that it continues to take the safety issue seriously - manufacturers will be able to stand up and say, 'Look, we do have robust processes in place'."

A five-month period for comment on the DIS will run until the beginning of December this year. The Working Group will then reconvene to consider inputs and vote on a formal draft. A Final Draft International Standard, essentially an editorial proof rather than a document which will undergo further technical review, will follow. This will lead to a full and final standard by mid-2011 at the latest.

"It's important at this stage that people know the DIS is available," Ward says. "Those who consider themselves stakeholders should get hold of a copy and provide comment. Those in the infrastructure sector in particular need to consider what the implications might be and what issues might be raised when it comes to vehicle-to-vehicle and vehicle-to-infrastructure communications and systems."

Companies in this article

Motor Industry Software Reliability Association
www.misra.org.uk

Share this page

Page Comments