Change Impact Analysis for Carryover & Modified Systems
10 chapters Most automotive programs are brownfield. Learn how ISO 26262-2 Clause 6.4.3 and ISO 26262-8 Clause 8 keep carryover parts, variants, and facelifts safe through a disciplined six-step impact analysis that decides what must be re-verified.
How You Learn
Video and text stay in sync. As you scroll through the chapter, the video jumps to the matching explanation automatically.
Learning Objectives
Run a six-step impact analysis
Describe a change precisely, identify and propagate to affected work products, assess safety goals, scope re-activities, and document for approval.
Classify changes and scope ripple effects
Sort any change into one of seven categories and use the required-activity matrix to predict where its effects propagate.
Validate carryover and SEooC assumptions
Check a safety manual line by line against a new context and run a structured gap analysis before reusing an element.
Define risk-based regression scope
Apply the four-zone test triage and ASIL-scaled justification to re-verify what matters without re-running everything.
Chapters
Most Projects Are Brownfield
Why disciplined change and impact analysis is the everyday reality of automotive safety work, since well over 70% of reused electronic control unit (ECU) software is carried over with only minor modifications.
Modifications in ISO 26262
Where change is governed in the standard: Part 2 impact analysis at lifecycle initiation (Sections 6.4.3 and 6.4.4) versus Part 8 Clause 8 change management during and after development.
The Impact-Analysis Method
A documented, traceable six-step process (Section 8.4.3) that determines which lifecycle activities must be repeated, partially updated, or reused after a change.
Carryover & Reuse Arguments
What must be re-examined when an existing element is reused in a new context, centred on validating Safety Element out of Context (SEooC) assumptions and operational design domain changes.
Classifying Changes
Seven change categories, each with characteristic ripple patterns, mapped through a change-type to required-activity matrix and a cascade-effect propagation model.
Regression & Re-Verification
A risk-based regression strategy that avoids both dangerous under-testing and wasteful over-testing, using a four-zone test triage and ASIL-scaled justification for evidence reuse.
Configuration & Baselines
Configuration management (Part 8 Clause 7) as the prerequisite that makes impact analysis possible, anchoring every analysis to a controlled, reconstructable baseline.
Change-Management Workflow
The end-to-end flow from change request to re-release, covering roles, records, independence requirements, and the link back to confirmation measures.
Worked Example
A completed impact-analysis table for swapping a narrow-field radar for a wide-field radar on an existing lane-keeping platform, where a "simple sensor swap" turns into 12 affected work products.
Pitfalls & Checklist
The most dangerous patterns seen across audits and field post-mortems, paired with a practical review checklist for any change impact analysis report.
Diagrams & Visuals
Brownfield Reality Schematic
Maps the spectrum of brownfield work, from calibration tweaks to architectural changes, against the ISO 26262 mechanisms that govern each.
Impact Ripple Propagation Map
Animates how a single change spreads laterally to interfaces and upward through requirement allocations to affect safety goals.
Carryover & Reuse Argument Flow
Walks through validating SEooC assumptions and closing coverage, metrics, and evidence gaps before confident reuse.
Change Classification Decision Tree
Routes a change request through its category to surface the characteristic ripple pattern and required activities.
Regression Strategy Matrix
Triages each test domain into one of four re-verification zones and scales the strategy by ASIL level.
Configuration Baseline Timeline
Tracks development, release, safety case, and field baselines so every impact analysis anchors to a defined snapshot.
Swapping a Front Radar on an Existing Lane-Keeping System
A facelift replaces a Supplier A narrow-field radar (15 degrees, 80 m) with a Supplier B wide-field radar (60 degrees, 120 m) on an ASIL C lane-keeping and highway driving assist system. Change request CR-HDA-2024-047 walks through a full impact-analysis table.
- Item definition and system boundary updated for the new sensor
- Hazard analysis re-examined because the wider field of view introduces new scenarios
- Technical safety concept timing re-analysed as latency rises from 20 ms to 22 ms
- FMEDA re-run with Supplier B failure rate data flagged as the PMHF critical path
- Lane-keeping control software reused after static call-graph analysis proves independence
- Twelve affected work products versus one validly reused, with owners assigned in the safety plan
Impact Analysis Table: CR-HDA-2024-047
Master Change Impact Analysis for Real Brownfield Programs
Work through the full method, the change-management workflow, and a completed worked example to keep carryover and modified systems safe.
Start Learning Now