36 Essential Concepts

ISO 26262 ConceptsClear, Practical Summaries

Master 36 core concepts that power functional safety excellence. From Technical Safety Concept and HARA to FMEA, Safety Mechanisms, and beyond, each explained with practical examples, interactive videos, and real-world case studies.

Agile Development & ISO 26262

Integration strategies for agile methodologies (Scrum, SAFe) with ISO 26262 processes. Addresses safety backlog management, ASIL-aware definition of done, incremental safety case development, and sprint-level traceability. Covers continuous integration for safety artifacts, automated verification gates, and alignment of release trains with safety milestones and functional safety assessments. Practical examples of balancing iterative development flexibility with systematic safety assurance requirements.

ASIL Decomposition

ASIL decomposition methodology per ISO 26262-9 enabling allocation of lower ASILs to redundant elements while maintaining overall safety integrity. Covers valid decomposition schemes (e.g., ASIL D to ASIL B(D) + ASIL B(D)), independence requirements (temporal, spatial, functional), and sufficiency of separation. Addresses common decomposition patterns for hardware and software, argumentation strategies for demonstrating independence, and practical limitations. Includes verification approaches and assessment evidence requirements.

Confirmation Measures

Confirmation measures ensuring work product quality and process compliance per ISO 26262-2 and -8. Covers reviews (design, code, safety analysis), walkthroughs, inspections, and audits with ASIL-dependent formality and independence requirements. Addresses functional safety audits, functional safety assessments (FSA), and management of findings. Includes planning confirmation activities, selecting appropriate independence levels, and integrating confirmation evidence into the overall safety case.

Development Interface Agreement (DIA)

Development Interface Agreement (DIA) per ISO 26262-8 establishing clear division of safety responsibilities, requirements allocation, and work product exchange between customer and supplier. Covers DIA content including organizational interfaces, technical requirements, safety goals, assumptions, verification responsibilities, and deliverables schedule. Addresses common ambiguities in distributed development, change management protocols, and assessment coordination. Essential for managing complex supply chains and ensuring seamless safety case integration.

E-Gas Concept

E-Gas monitoring concept developed by German automotive industry as foundational safety architecture for electronic throttle control. Establishes patterns for function monitoring, plausibility checking, independent monitoring paths, degradation strategies, and limp-home modes. While pre-dating ISO 26262, E-Gas principles inform modern fail-operational architectures for powertrain, braking, and steering. Covers monitoring computer design, sensor redundancy, actuator control, and applicability to contemporary ECU architectures.

Faults and Failures

Fundamental failure taxonomy covering single-point faults, residual faults, latent faults, and safe faults per ISO 26262-5. Distinguishes transient vs. permanent failures, systematic vs. random faults, and common-cause failures. Maps failure classifications to diagnostic coverage requirements, fault detection time intervals (FDTI), and safety mechanism strategies. Includes practical examples from hardware components, software errors, and system-level failure propagation scenarios.

FMEA (Failure Modes and Effects Analysis)

FMEA provides systematic bottom-up analysis of component failure modes and their system-level effects. It identifies single-point faults, residual faults, and latent failures, supporting hardware metrics calculations (SPFM/LFM). Covers scoping strategies, severity and occurrence rating, detection method specification, and linkage to safety mechanisms. Integrates with DFMEA and PFMEA methodologies, supporting diagnostic coverage validation and verification planning for ISO 26262 compliance.

Freedom From Interference (FFI)

FFI ensures safety-critical elements remain unaffected by lower-integrity components through temporal, spatial, communication, and data partitioning per ISO 26262-6 and -9. Covers memory protection units (MPU), hypervisors, time-triggered scheduling, bus monitoring, and software architectural measures. Includes analysis techniques for demonstrating independence, practical partitioning strategies for multi-core processors and AUTOSAR platforms, and evidence generation for assessments.

FTA (Fault Tree Analysis)

FTA employs deductive, top-down logic to model how component failures combine to cause hazardous events. Uses Boolean gates (AND, OR) and probabilistic calculations to quantify failure probability, supporting PMHF calculations and cut-set analysis. Covers tree construction, common-cause failure identification, minimal cut-set derivation, and quantitative reliability predictions. Complements FMEA by revealing architectural vulnerabilities and validating safety mechanism coverage requirements.

Functional Safety Assessment (FSA)

Functional Safety Assessment (FSA) per ISO 26262-2 providing independent evaluation of functional safety activities and work products. Covers assessment planning, assessor qualifications, assessment execution across lifecycle phases, and reporting of findings. Addresses assessment preparation, evidence package assembly, common non-conformities, corrective action tracking, and final assessment report generation. Essential for demonstrating due diligence and supporting product release decisions.

Functional Safety Concept (FSC)

The Functional Safety Concept transforms HARA-derived safety goals into functional safety requirements at the vehicle level. It defines safe states, fault detection and reaction strategies, controllability measures, and operational assumptions. FSC establishes the foundation for TSC decomposition, specifying degradation strategies, fail-safe behaviors, and functional redundancy patterns essential for ASIL-rated system architectures.

HARA (Hazard Analysis and Risk Assessment)

HARA systematically identifies vehicle-level hazards and determines Automotive Safety Integrity Levels (ASIL A-D) through structured assessment of Severity, Exposure, and Controllability. The process covers operational situation analysis, hazard event formulation, risk parameter classification according to ISO 26262-3 tables, and ASIL derivation. Includes practical techniques for ensuring consistency, managing edge cases, establishing traceability to safety goals, and documenting assumptions.

Hardware Engineering in ISO 26262

Hardware development lifecycle per ISO 26262-5 from hardware safety requirements through architectural design, detailed design, and implementation. Covers hardware-software interface specification, hardware element selection, architectural metrics achievement (SPFM, LFM, PMHF), and integration of safety mechanisms. Addresses design for testability, dependent failure analysis, hardware-software integration, and hardware verification strategies. Includes practical guidance on ASIC/FPGA development, PCB design considerations, and EMC for safety-critical hardware.

Hardware Metrics (SPFM/LFM/PMHF)

Quantitative hardware safety metrics per ISO 26262-5: Single-Point Fault Metric (SPFM), Latent Fault Metric (LFM), and Probabilistic Metric for Hardware Failures (PMHF). Covers ASIL-dependent targets, failure rate data sources (IEC 61709, FIDES), diagnostic coverage calculations, base failure rate determination, and systematic capability evaluation. Includes calculation methodologies, common pitfalls, tool support, and strategies for achieving compliance targets with realistic assumptions.

Hardware Qualification

Hardware qualification processes per ISO 26262-8 for pre-existing IP, COTS components, and proven-in-use elements. Covers qualification routes (development to ASIL, analysis of development, proven-in-use), evaluation criteria, usage domain restrictions, and evidence packages. Addresses microcontroller qualification, sensor validation, communication controller assessment, and argumentation strategies for demonstrating safety capability within specific application contexts.

Markov Chains in Safety

Markov chain modeling for quantitative safety analysis of multi-state systems with degradation, repair, and fault tolerance. Models state transitions including healthy, degraded, failed safe, and failed unsafe states with transition rates derived from failure rates and diagnostic coverage. Supports PMHF validation for complex redundant architectures, evaluation of diagnostic intervals, and assessment of repair strategies. Includes practical model construction, tool support, and validation against simplified calculations.

Motorcycle Adaptation

ISO 26262-12 adaptations addressing motorcycle-specific characteristics including single-track vehicle dynamics, rider exposure and vulnerability, lean angle considerations, and reduced fault tolerance compared to four-wheel vehicles. Covers modified controllability assessments accounting for rider skill and vehicle dynamics, adjusted ASIL ratings, motorcycle-specific hazard scenarios (lowside/highside falls), and tailored safety requirements for ABS, traction control, and electronic suspension systems while maintaining safety integrity.

Safety Analyses Overview

Integrated framework for applying complementary safety analysis methods throughout ISO 26262 lifecycle. HARA establishes top-level hazards and ASILs; FMEA identifies component failure modes; FTA quantifies failure combinations; STPA captures emergent hazards. Covers method selection criteria, analysis sequencing, traceability establishment across analyses, consistency checking, and evidence integration. Practical guidance on avoiding redundancy while ensuring comprehensive hazard coverage.

Safety Case

Structured argumentation approach organizing claims, evidence, and reasoning into coherent safety case per Goal Structuring Notation (GSN) or Claims-Arguments-Evidence (CAE) frameworks. Addresses safety case development strategy, modular structure, integration of ISO 26262 work products, argument patterns, and confidence assessment. Covers incremental safety case development aligned with agile sprints, change impact analysis, and maintenance throughout product lifecycle. Essential for demonstrating comprehensive assurance and supporting certification decisions.

Safety Design Patterns

Reusable architectural patterns for achieving functional safety including redundancy (homogeneous, heterogeneous, diverse), monitoring and supervision, graceful degradation, plausibility checking, watchdog timers, and fail-operational/fail-safe strategies. Each pattern mapped to applicable ASIL levels, hazard types, failure modes, and verification approaches. Includes implementation guidance, trade-offs, and real-world automotive examples from powertrain, chassis, and ADAS domains.

Safety Management

Organizational safety management per ISO 26262-2 establishing functional safety culture, responsibilities, and processes. Covers safety manager role definition, competency management and training programs, change management procedures, anomaly handling and lessons learned systems, and continuous improvement mechanisms. Addresses practical implementation of quality management interfaces, resource allocation, safety culture assessment, and organizational measures supporting safety lifecycle activities across projects.

Safety Measures vs. Mechanisms

Distinction between safety measures (organizational and process-based) and safety mechanisms (technical product features). Safety measures include reviews, analyses, testing, configuration management, and change control preventing systematic faults. Safety mechanisms include diagnostics, redundancy, and fault handling addressing random hardware failures. Covers appropriate selection based on fault type, integration of measures and mechanisms in comprehensive safety strategy, and proper allocation of safety requirements to each category.

Safety Mechanisms & Diagnostics

Comprehensive coverage of safety mechanisms including plausibility checks, range monitoring, redundancy comparison, watchdogs, CRC/checksums, memory tests (RAM/ROM), and E2E protection. Addresses diagnostic coverage calculation, fault detection time intervals (FDTI), fault reaction timing, and safe state transitions. Links mechanisms to SPFM/LFM metrics, FMEA findings, and verification requirements. Practical guidance on mechanism selection, implementation patterns, and validation strategies.

Safety Plan

The Safety Plan orchestrates all functional safety activities throughout the development lifecycle per ISO 26262-2. It defines roles and responsibilities, competency requirements, safety milestones, work product deliverables, and tailoring rationales. Includes templates for activity scheduling, resource allocation, change management procedures, and audit readiness strategies to maintain compliance evidence across iterative development cycles.

SEooC (Safety Element out of Context)

Safety Element out of Context (SEooC) development per ISO 26262-8 enabling reusable safety components without specific vehicle or item context. Covers assumption specification for operational environment and system integration, safety capability definition, interface requirements, and validation strategies. Addresses assumption tracking and verification during integration, evidence reuse, and managing safety element portfolios. Essential for platform components, software frameworks, and supplier-developed subsystems.

Software Architectural & Unit Design

Software architecture and detailed design principles per ISO 26262-6 emphasizing modularity, hierarchical structure, restricted complexity, and strong interfaces. Covers architectural patterns for fault isolation, safety mechanism integration, resource management, and timing predictability. Unit design addresses low coupling, high cohesion, design-by-contract, defensive programming, and testability. Includes notation guidance (UML, SysML), design verification methods, and practical examples from automotive software.

Software Coding Guidelines

Coding standard selection and enforcement per ISO 26262-6 including MISRA C/C++, CERT C, and AUTOSAR C++ guidelines. Covers rule selection and tailoring, deviation management, static analysis tool configuration, and compliance verification. Addresses defensive programming techniques, complexity metrics (cyclomatic, nesting depth), and linkage between coding violations and potential failure modes. Practical approaches for integrating guideline checking into CI/CD pipelines and code review processes.

Software Critical Path Analysis

Identification and analysis of safety-critical software execution paths from safety-related inputs through processing to safety-critical outputs. Employs control flow analysis, data flow analysis, and call graph examination to determine critical paths requiring heightened scrutiny. Supports risk-based prioritization of verification activities, focused code reviews, targeted testing, and strategic placement of safety mechanisms. Essential for optimizing verification effort and ensuring thorough coverage of paths contributing to safety goals.

Software Development Process

End-to-end software development lifecycle per ISO 26262-6 from requirements specification through architectural design, unit implementation, integration, and verification. Covers bidirectional traceability, configuration management, change control, and ASIL-dependent quality gates. Includes practical guidance on toolchain qualification, work product templates, review criteria, and integration with AUTOSAR methodology. Addresses Model-Based Development, code generation, and continuous integration practices.

Software Qualification

Software component qualification per ISO 26262-8 for operating systems, middleware, libraries, and COTS software. Establishes confidence through development history analysis, field experience evaluation, and targeted testing. Covers usage domain definition, assumption specification, interface analysis, and evidence combination strategies. Addresses AUTOSAR BSW qualification, RTOS validation, and practical approaches for balancing testing rigor with argumentation for acceptable residual risk.

Standards Comparison

Comparative analysis of functional safety and quality standards including ISO 26262 (automotive), IEC 61508 (generic functional safety), ISO/PAS 21448 SOTIF (safety of the intended functionality), and Automotive SPICE process assessment. Covers scope differences, process overlaps, complementary requirements, and integrated compliance strategies. Addresses harmonization approaches for multi-standard projects, evidence reuse opportunities, and practical guidance for organizations navigating multiple automotive safety and quality frameworks.

STPA (System-Theoretic Process Analysis)

STPA applies system-theoretic accident modeling to identify unsafe control actions arising from complex interactions, timing issues, and emergent behaviors beyond traditional failure modes. Particularly valuable for autonomous systems, software-intensive architectures, and adaptive algorithms. Identifies hazardous scenarios through control structure analysis, unsafe control action identification, and loss scenario derivation. Integrates with ISO 26262 HARA and FMEA for comprehensive hazard coverage.

Supporting Processes

Supporting processes per ISO 26262-8 providing infrastructure for safety lifecycle activities: configuration management, change management, documentation management, problem resolution, and verification independence. Covers baseline management, version control strategies, change impact assessment, traceability maintenance, and independent verification planning. Addresses practical implementation with modern toolchains, integration with ALM systems, and process tailoring. Essential foundation enabling consistent, auditable safety development.

Technical Safety Concept (TSC)

The Technical Safety Concept bridges functional requirements and hardware/software implementation. It defines system architecture, allocates safety requirements to components, specifies safety mechanisms, diagnostic coverage targets, and hardware-software interfaces. Includes FMEA integration, failure mode analysis, and validation strategies for ASIL compliance.

Tool Confidence & Qualification

Tool qualification per ISO 26262-8 determining when development and verification tools require qualification based on Tool Confidence Level (TCL 1-3) derived from Tool Impact (TI), Tool Error Detection (TD), and ASIL. Covers qualification methods (increased confidence from use, evaluation of tool development, validation), tool classification, qualification evidence packages, and practical strategies for compilers, static analyzers, requirements management, and test automation tools.

Verification & Validation (V&V)

Comprehensive verification and validation strategies per ISO 26262-4, -5, and -6 covering reviews, inspections, analyses, and multi-level testing (unit, integration, system, vehicle). Addresses ASIL-dependent coverage criteria (statement, branch, MC/DC), independence requirements, test case derivation from requirements, and back-to-back testing for code generation. Includes hardware-in-the-loop (HIL), software-in-the-loop (SIL), and fault injection testing methodologies with practical evidence management approaches.