Experience building an IEC 61508 safety case and gathering evidence for it will certainly be invaluable to anyone building the safety case for an ISO 26262 system. But unlike IEC 61508, ISO 26262 is “not a reliability standard. It doesn’t set precise numbers for acceptable probabilities of failure. ASILs are not determined in the same manner as IEC 61508 SILs.
When defining SILs, IEC 61508 considers the target failure measures for systems acting in low demand, high demand, or continuous mode. For example, a software component certified to continuous mode SIL 3 is required to have a probability of dangerous failure below 1 in 10 million per hour of operation. IEC 61508 SILs can thus be considered one-dimensional, in the sense that they involve only the probability of failure in the stated operating mode.
ASIL's, though, are three dimensional, involving three variables: severity, probability of exposure, and controllability. ISO 26262-3, section 7 “Hazard analysis and risk assessment” provides tables that break these three variables down into classes. Probability of exposure has five classes: “Incredible” to “High probability” (E0-E4). Severity has four classes: “No injuries” to “Life-threatening injuries (survival uncertain), fatal injuries” (S0-S3). Controllability, which means controllability by the driver, not by the vehicle electronic systems, has four classes: “Controllable in general” to “Difficult to control or uncontrollable.”
read it entirely, clicking here...............
No comments:
Post a Comment