SOTIF – Identification and Evaluation of Risks

A hazard analysis is employed to identify the different hazards that may arise from a function or its environment and may lead to hazardous events that could bring potential harm to the AV. The SOTIF activities / measures should be derived from the hazard analysis, which can help to identify all the potential hazards that may occur during a driving task. The identification of SOTIF activities / measures of an ADF shall be conducted in an earlier phase of development of SOTIF. Later, the SOTIF risk identification and evaluation shall be conducted, which includes a consistency check of the FuSa concept in the Functional Safety topic.

Based on the identification of hazardous events caused by hazards from the system or external environment, the systematic identification and evaluation of SOTIF risks can be executed to ensure the safety and reliability of intended functionalities. This process can be achieved by applying the methods proposed in ISO 26262-3:2018  (ISO 26262-1-12, 2018) . For this purpose, the same items, such as the severity, exposure and controllability of the hazardous events, need to be derived by the method proposed by ISO 26262-1-12 (2018). In the context of SOTIF, severity and controllability are considered to determine the scenario for which a credible harm can result from functional insufficiencies of the intended functionality or foreseeable misuse. Not only the direct and intended effects within the scope of ADF’s limits (e.g. limit of detection and perception of objects in road by sensor suite); but also indirect and unintended effects beyond the scope of detection and perception limits are in the scope of assessment (such as behavioural adaptations or car surroundings, after a long-term automated driving task).

Main Question

Is there a systematic identification and evaluation of SOTIF risks including possible hazardous events arising from the system or external environment?

Sub-Questions

1. Is there a hazard analysis in order to conduct the identification of necessary SOTIF activities / measures?
2. Is there an assessment of severity and controllability to determine whether a credible harm can result of the SOTIF risk?
3. Does the assessment of safety impact look at not only the direct intended effects of ADF but also the indirect and unintended effects?

References

• ISO (2018) 26262-1-12: Road vehicles — Functional safety part 1-12, Part 1 availabe at: https://www.iso.org/standard/68383.html (Accessed: 18 October 2023)