A question I normally receive during an ISO 26262 training is, “is this really required?” Typically, my first response to this question is to point to the iso.org website, which describes ISO as the “largest developer of VOLUNTARY International Standards.”
However, the word “voluntary” has some feeling of electiveness to it. It makes me think this response isn’t rewarding enough, or at least it cannot quench the thirst of the original question. I follow up by clarifying some liability-related topics; although, even these can be murky in the U.S. (where liability follows principles of case law).
The question of “is this required?” leads to some reflection. I remember my college days working on power electronics. My passion in those days was to someday reduce our dependency on fossil fuels. This passion led me to a career into the automotive sector, developing hybrid electric vehicles.
At some point while sitting behind my computer screen, staring at an endless stream of simulation and test results, I realized that my passion had shifted. What became more important for me was safety. My manifesto became supporting the development of a vehicle safe enough for my family to ride in; the same vision that drives me today.
“Is this really required?” The question comes back to me, in trainings and in daily interactions with clients. You can tell by the tone that the questioner is hoping for a specific answer…something like “No not really,” or “It depends.” But as a practitioner of functional safety, I truly believe that the ISO 26262 standard can lead to a safer developed vehicle. So, for me, “this” is required. I don’t need a law or a code to understand this, I just need to know “this” is right.
When I engage into discussion with our clients, time after time, many of them tell me how little direction they get from their clients. Here are some common questions we receive at kVA:
- An OEM customer claims their product is not ISO 26262 relevant; however, the supplier’s internal HARA shows otherwise. Should we develop according to ISO 26262 or to our customer’s KLH?
- One OEM requests a higher ASIL than another, for the same exact product. Do we develop under two separate ISO 26262 processes? Do we make one product to the highest ASIL?
- ISO 26262 is required by the OEM; however, insufficient high level safety requirements are provided to fully develop according to the ISO 26262 standard. Therefore, they can’t expect me to deliver an ISO 26262 product, right?
Questions like these make me want to run to the peak of Machu Picchu and scream as loud as possible!
Adherence to the relevant clauses of the ISO 26262 standard is the responsible way to develop automotive systems. That goes even for suppliers who don’t get complete information from their OEM customers. If you believe a product is safety relevant, then you are responsible for using known and well-established safety methods for developing it. That expectation doesn’t disappear when your OEM customer doesn’t know much about ASILs; or doesn’t set clear requirements. If interfacing information (such as higher-level requirements, or external safety mechanisms) aren’t provided, then you must revert to a Safety-Element-out-of-Context (SEooC) methodology to clarify those interfaces. Most importantly, if you are not getting what you need from an OEM customer, ask for it! We will not make things safer by hiding our questions.
There’s a clear responsibility for OEM customers to share relevant information with their suppliers, related to safety requirements, V&V expectations, target metric values, etc., as required in Part 8, Clause 5. As the industry progresses, OEMs need to step up their game and communicate better with suppliers what they need for their vehicle to be safer. They need to take their responsibilities as an integrator seriously. The ISO 26262 standard is built upon the assumption that a strong, capable integrator is there to coordinate the safety process at the vehicle level. If the OEM doesn’t perform that role, who will?
In the end, we can’t ignore the ISO 26262 standard or the expectations that it creates. It’s there, it makes us safe, and it’s now being widely implemented in the industry. Ignorance of the relevant safety standards isn’t a strategy… it’s a weakness. With the second edition of the ISO 26262 standard around the corner, it is past due to ask yourself, is ignorance really bliss?