ISO 26262:2018 Part 4 specifies the requirements for safety analyses that shall be performed on the system architectural design, with one of the key objectives being to identify (and then mitigate) failure causes and the effects of hardware faults. Deductive and or inductive analysis techniques can be used (for example Fault Tree Analysis (FTA) and or Failure Modes and Effects Analysis (FMEA) respectively), depending on the ASIL level.
A clear structure of the requirements for an ADF and a systematic approach to eliciting requirements are key to establishing safety for any vehicle function. Using safety analyses to support the process of breaking down the requirements from one level of detail to the next and identifying gaps in the requirements structure at the same time, are common practice when defining requirements.
Main Question:
Are the included safety mechanisms based on accompanying safety analysis?
Sub-Questions:
- Is a systematic approach (e.g. FMEA, FTA, STPA, and HAZOP) used for the analysis?
- Is there a clear concept regarding how to avoid the propagation of faults through the function and avoid an unsafe function reaction?
- On which level of the function architecture are failures addressed?
- Do child-requirements (sub requirements) fully cover the higher-level requirements, in terms of correctness and completeness?