Functional Safety – Identification of Hazards

The first main task when starting a FuSa activity based on the function description (item definition) is to identify the hazards that may arise from the functionality to be developed and to assign the required ASIL. For hazards that are identified as potential sources of harm for an ADF, the possible risk that might result under specific situational circumstances shall be evaluated. This process will lead to integrity requirements for the development of the ADF. At the definition phase of the development process, only a few details about the implementation of the ADF might be known. This is not necessarily a drawback for the analysis of relevant hazards, since the analysis of the ADF is agnostic to the potential causes of a specific implementation. Causes will be identified later during the development process, if a need for hazard mitigation arises from this first step.

Specific consideration during this activity has to be given to the driver. The driver and other involved traffic participants play an important role in mitigating a certain hazard by actively reacting to a certain hazardous scenario and taking appropriate action(s) to avoid harm or damage. In this context the infrastructure might also be relevant. ADF-specific aspects, such as an ADF that does not require a take-over-ready driver, need to be reflected in the analysis. On this basis, the risks are assessed. 

Safety management at an organisational level is an important factor in ensuring the correct processes are used and the relevant stakeholder groups within the organisation are engaged to ensure a quality outcome. This includes the implementation and maintenance of a robust organisational safety culture, as per ISO 26262:2018, Part 5.

Main Question

Is possible malfunctioning behaviour and the related hazardous events analysed?

Sub-Questions

1. Are the relevant hazards identified for the considered function based on its description (item definition)?
2. For relevant ADFs, is inadequate control by a driver or a function identified?
3. Has the Hazard Analysis and Risk Assessment (HARA) method, as detailed within ISO 26262:2018, been implemented?
4. For relevant ADFs, is malfunctioning behaviour identified for cases where the vehicle is in manual driving mode and in automated driving mode?
5. Is malfunctioning behaviour being clearly documented?
6. For relevant ADFs, is the potential absence of a fallback ready user considered in terms of the impact on the controllability of the vehicle (UNECE R157, 2021)?
7. Is the role of the infrastructure considered?
8. For relevant ADFs, is the vehicle reaction in case of a failure defined, in order to avoid malfunctioning behaviour when no fallback ready user is present?

References

• UN Regulation No. 157 – Automated Lane Keeping Systems (ALKS). Available at: https://unece.org/transport/documents/2021/03/standards/un-regulation-no-157-automated-lane-keeping-systems-alks (Accessed: 12 February 2024)