Search Results

Exposure in ISO 26262 is defined as the state of being in an operational situation that can be hazardous if coincident with the failure mode under analysis. An operational situation is defined as a scenario that can occur during a vehicle's life with examples given such as driving, parking, or maintenance. Accurately predicting exposure is one of the more difficult tasks in the ASIL determination. ISO 26262 Part 3 attempts to provide guidance in Annex B through tables of potential operational situations and associated exposure levels. However, the contents of these tables may not allow for an accurate prediction of exposure and may lead to an exposure value that is too high or too low. In this paper, we describe a potential method for determining exposure that considers a potential mishap scenario as a composition of multiple coincident operational situations rather than considering a single operational situation as indicated in the tables in Annex B of Part 3.

Execution of a software safety program is an accepted best practice to help verify that potential software hazards are identified and their associated risks are mitigated. Successful execution of a software safety program involves selecting and applying effective analysis methods and tasks that are appropriate for the specific needs of the development project and that satisfy software safety program requirements. This paper describes the effective application of a set of software safety methods and tasks that satisfy software safety program requirements for many applications. A key element of this approach is a tightly coupled fault tree analysis and failure modes and effects analysis. The approach has been successfully applied to several automotive embedded control systems with positive results.