The new ISO 26262 standard for safety-related vehicle systems is now available for comment. MIRA's David Ward talks to ITS International about what the standard will mean for vehicle and road safety in the future. The publication on 8 July this year of ISO 26262 as a Draft International Standard (DIS) marks an important progression for the automotive - and, in time, the cooperative infrastructure - industries. A couple of years from now, automotive OEMs will be able to subscribe to a unifying standard for s
The new ISO 26262 standard for safety-related vehicle systems is now available for comment. MIRA's David Ward talks to ITS International about what the standard will mean for vehicle and road safety in the future.
The publication on 8 July this year of ISO 26262 as a Draft International Standard (DIS) marks an important progression for the automotive - and, in time, the cooperative infrastructure - industries. A couple of years from now, automotive OEMs will be able to subscribe to a unifying standard for safety-related control systems for vehicles. It will allow them to streamline production processes whilst demonstrating that the issue of safety continues to be taken seriously. And, although the current iteration of the standard relates more to current-generation vehicle control and safety systems, the appearance of ISO 26262 means that there is already an opportunity for those with an interest from the infrastructure side to consider how future technologies and applications will interact.Interpretation
ISO 26262 grew out of IEC 61508. The latter is a generic standard for safety-related electronic systems which came from the process control industry and relates to lifecycle, process and design requirements. However, its direct application to vehicular systems has proven difficult and it has long been the aspiration that specific industries develop their own interpretations.ISO 26262 therefore relates to any system the failure of which would have implications for vehicles, their passengers or those in the vicinity. At this point in time, that means vehicle dynamics systems such as those for chassis, steering and braking control as well as both passive and active safety systems.
UK engineering consultants
"Prior to ISO 26262, the automotive industry had two principal sets of guidance: IEC 61508 and industry guidelines published by the
"What was missing was a single international standard dealing with functional safety which was automotive-specific. The absence of a single standard which stands up to scrutiny within national legal frameworks causes difficulties in some countries.
"There were three main technological drivers for ISO 26262's development: the increasing complexity of onboard systems; their increasing number; and the increasing levels of software content. Software is both directly and indirectly responsible for around 85 per cent of the functions on a modern vehicle. To put that in perspective, around 20-30 per cent of the value of a modern car is in its electronic systems and a luxury model can carry around 100 microprocessors. That might seem like a high figure but not all of those will be used for high-level control; even door closures will incorporate some form of micro-controller."
Timeline
Work on standards unification started in the UK in 1990 and there were also activities elsewhere at the national level, particularly in France and Germany. Over 2003/4, those efforts began to be drawn together in a more concerted manner and in November 2005 work officially started on the new ISO standard. France and Germany tabled draft documents for review and input by experts from Europe, Japan and North America. A Committee Draft was released to national bodies for review and that led to the DIS which appeared in July. The appearance of the DIS, Ward notes, means that there is the opportunity for a much wider range of people to provide comment, and he is keen that relevant stakeholders become engaged."We still don't have a full international standard but what we have is open for public review," he states.
Guiding factors
Factors which guided ISO 26262's formulation included the state of the art of technological processes for developing vehicle electronic systems within automotive OEMs and their suppliers. According to Ward, IEC 61508 fails to cover some of the more specific factors within the automotive sector. These include, for example, the common use of model-based development and the complexity of the automotive industry's supply chain."It's not uncommon for the OEMs to come up with a specification which they take to their Tier One suppliers," he continues. "The Tier Ones will then often subcontract work to their suppliers, the Tier Twos. It was important to find a mechanism by which we could cascade safety standards." At present, ISO 26262 is firmly routed in current-generation vehicle safety systems. These tend to be discrete and it has not considered cooperative infrastructure systems thus far. Ward says that this reflects the urgent need for a standard in some quarters.
"Some countries simply needed a standard now and there was a fear that any attempt to include cooperative infrastructure systems would lead to a dilution of the task at hand. Other countries, the UK among them, considered that cooperative systems should have been included in this initial version.
"Standards, though, have a long shelf-life and every three years they pass through a review process. It's entirely possible to include cooperative systems then but such standards do already exist: MISRA released safety analysis guidelines in November 2007 which, while the processes they describe apply to current-generation vehicle safety systems, can also apply to cooperative infrastructures. These standards have been embraced by vehicle manufacturers and the various national infrastructure projects which have been set up to test the concepts and applications involved."
Good practice
Experts from a total of nine countries have worked together on ISO 26262. They represent vehicle manufacturers, component suppliers and a small number of engineering consultancies such as MIRA, which was selected to represent all levels of the automotive supply chain in the UK; Ward says that it is the intention going forward that there should be one representative organisation from each participating country.By achieving common levels of good practice, it is expected that common ground will be found in terms of system development.
"At present a major automotive supplier is effectively forced to follow numerous standards. ISO 26262 is intended to be a single standard which is acceptable to all customers. It will add value to the industry by reducing duplication of effort. It will also allow the automotive industry to demonstrate that it continues to take the safety issue seriously - manufacturers will be able to stand up and say, 'Look, we do have robust processes in place'."
A five-month period for comment on the DIS will run until the beginning of December this year. The Working Group will then reconvene to consider inputs and vote on a formal draft. A Final Draft International Standard, essentially an editorial proof rather than a document which will undergo further technical review, will follow. This will lead to a full and final standard by mid-2011 at the latest.
"It's important at this stage that people know the DIS is available," Ward says. "Those who consider themselves stakeholders should get hold of a copy and provide comment. Those in the infrastructure sector in particular need to consider what the implications might be and what issues might be raised when it comes to vehicle-to-vehicle and vehicle-to-infrastructure communications and systems."
