What is a Technical Safety Concept (TSC) in ISO 26262?

The Technical Safety Concept (TSC) is a key work product defined in ISO 26262 Part 4 that translates functional safety requirements into implementable technical safety requirements (TSRs). It specifies the technical solutions, safety mechanisms, hardware/software architecture allocation, and diagnostic coverage needed to achieve the safety goals. The TSC bridges the gap between the Functional Safety Concept (what needs to be safe) and the actual hardware and software design (how to make it safe).

What is the difference between TSC and FSC in ISO 26262?

The Functional Safety Concept (FSC) describes WHAT safety functions are needed at a functional level, while the Technical Safety Concept (TSC) describes HOW those functions are technically implemented. The FSC defines functional safety requirements, safe states, and fault tolerance strategies. The TSC details the specific technical solutions: safety mechanisms (watchdogs, plausibility checks, redundancy), architecture patterns (1oo2, 2oo2, 1oo2D), hardware-software interfaces, and quantitative hardware metrics (SPFM, LFM, PMHF) that realize the FSC requirements.

What are Technical Safety Requirements (TSRs)?

Technical Safety Requirements (TSRs) are derived from functional safety requirements and specify the necessary safety behavior at the technical implementation level. Each TSR inherits the ASIL from its parent requirement and must be traceable, verifiable, and allocated to specific hardware or software elements. TSRs include requirements for safety mechanisms (e.g., "Torque monitoring shall detect deviations > 5 Nm within 20 ms"), interface specifications, timing constraints, and diagnostic coverage targets.

What are SPFM, LFM, and PMHF in ISO 26262?

SPFM (Single-Point Fault Metric) measures the effectiveness of safety mechanisms against single-point faults, with targets of >= 90% for ASIL B, >= 97% for ASIL C/D. LFM (Latent Fault Metric) measures the effectiveness against latent faults that could contribute to multi-point failures, with targets of >= 60% for ASIL B, >= 80% for ASIL C/D. PMHF (Probabilistic Metric for random Hardware Failures) is the overall probability of a safety goal violation due to random hardware failures, with targets of < 10^-7/h for ASIL D and < 10^-8/h for highest integrity. These metrics are defined in ISO 26262 Part 5.

What safety mechanisms are used in a Technical Safety Concept?

Common safety mechanisms in a TSC include: Hardware mechanisms (watchdog timers, voltage monitors, memory protection units, ECC RAM, dual-core lockstep processors), Software mechanisms (program flow monitoring, plausibility checks, range checks, CRC verification, alive counters), Communication mechanisms (E2E protection per AUTOSAR, message counters, timeouts, CAN bus monitoring), and System-level mechanisms (safe state transitions, degraded operation modes, driver warnings). The selection depends on the failure modes identified during malfunction analysis and the required ASIL.

What is a Hardware-Software Interface (HSI) in ISO 26262?

The Hardware-Software Interface (HSI) specification documents the boundary between hardware and software elements in the safety architecture. It includes signal definitions (analog/digital inputs and outputs), timing constraints (sampling rates, latency budgets, response times), register maps and memory-mapped I/O, shared resource management rules, diagnostic interfaces and status registers, and safety-relevant configuration parameters. The HSI is a mandatory work product in ISO 26262 Part 4 and Part 6 that ensures hardware and software teams have a shared, unambiguous contract for safe system integration.

How is the TSC verified in ISO 26262?

TSC verification per ISO 26262-4 includes: Requirements verification (reviewing TSRs for completeness, consistency, traceability to FSC), Architecture verification (checking allocation correctness, ASIL consistency, interface completeness), Safety analysis (FMEA/FTA at system level to confirm safety mechanism coverage), Quantitative analysis (SPFM, LFM, PMHF calculations against ASIL targets), and Integration testing (verifying safety mechanisms work correctly in the actual hardware/software integration). Each verification activity produces evidence required for the safety case.

What architecture patterns are used in a TSC?

Common architecture patterns include: Single-Channel with Monitoring (1oo1D) where one processing channel has a separate safety monitor, suitable up to ASIL C. Dual-Channel Monitor (1oo2D) with two independent channels and a comparator, suitable for ASIL D. Dual-Channel Redundant (1oo2) with two fully redundant channels for highest integrity. Triple Modular Redundancy (TMR/2oo3) using majority voting across three channels for fault masking. The choice depends on the required ASIL, cost constraints, performance requirements, and whether the system must maintain function (fail-operational) or only reach a safe state (fail-safe).

Complete Learning Module

Technical Safety Concept

16 chapters Learn how to turn safety goals into real hardware and software requirements, from deriving Technical Safety Requirements through FTTI analysis, ASIL decomposition, safety mechanism selection, HSI specification, dependent failure analysis, and hardware metric validation (SPFM, LFM, PMHF), all aligned with ISO 26262 Part 4.

Start Learning View Curriculum

How You Learn

Video and text stay in sync. As you scroll through the chapter, the video jumps to the matching explanation automatically.

Scroll SyncVideo follows your reading position

Click to JumpClick any cue to jump the video

Chapter NavNavigate from video or content

BookmarksSave sections, resume anytime

iso26262.academy/concepts/technical-safety-concept

...

Saved

08:12

Ch 2

Synced to reading position

Learning Objectives

Derive Technical Safety Requirements

Transform functional safety requirements into implementable, testable technical safety requirements with full ASIL (Automotive Safety Integrity Level) attribution.

Allocate Requirements to Architecture

Systematically allocate TSRs (Technical Safety Requirements) to hardware, software, and external measures with justified design decisions.

Select Appropriate Safety Mechanisms

Choose and specify safety mechanisms that achieve required diagnostic coverage for your ASIL (Automotive Safety Integrity Level) level.

Calculate HW (Hardware) Architectural Metrics

Apply PMHF (Probabilistic Metric for random Hardware Failures), SPFM (Single-Point Fault Metric), and LFM (Latent Fault Metric) calculations and verify compliance against ISO 26262 Part 5 targets.

Chapters

What is a TSC (Technical Safety Concept)?

Understand the purpose, scope, and critical role of the Technical Safety Concept as the bridge between functional safety requirements and hardware/software design in the ISO 26262 lifecycle.

TSC in the Safety Lifecycle

Trace the TSC through ISO 26262-4 phases and understand its inputs from the FSC, outputs to HW/SW development, and dependencies on HARA and safety goals.

Development Workflow

Follow the complete TSC development process from initial inputs through iterative refinement, covering workflow gates, review checkpoints, and tool-supported activities.

Writing Technical Safety Requirements

Learn how to derive verifiable, ASIL-attributed TSRs from functional safety requirements with proper traceability, testability criteria, and allocation rationale.

FTTI & Safe States

Master Fault Tolerant Time Interval (FTTI) analysis, safe state definition, FDTI/FRTI/EOTTI/MFTTI timing parameters, and emergency operation strategies for degraded modes.

Architecture & Patterns

Compare safety architecture patterns (1oo1D, 1oo2, 1oo2D, TMR/2oo3) and allocate technical safety requirements to hardware, software, and external measures with ASIL decomposition rationale.

ASIL Decomposition

Apply ASIL decomposition per ISO 26262-9 with freedom from interference (FFI) arguments, independence criteria, coexistence analysis, and decomposition algebra for complex architectures.

Safety Mechanisms

Survey the complete catalog of hardware, software, communication, and system-level safety mechanisms with diagnostic coverage values, ASIL applicability, and implementation trade-offs.

Interfaces & Communication Safety

Define safe communication protocols, E2E protection mechanisms, bus monitoring, and inter-element interface requirements for CAN, LIN, Ethernet, and SPI.

HSI Specification

Document the Hardware-Software Interface with signal definitions, register maps, timing constraints, diagnostic interfaces, and safety-relevant attributes per ISO 26262-4 Clause 6.5.

Malfunction Analysis

Perform systematic malfunction analysis at system level to identify failure modes, effect propagation paths, fault coverage gaps, and residual risks using FMEA and FTA.

Dependent Failure Analysis (DFA)

Analyze common cause failures (CCF), cascading failures, and common mode failures per ISO 26262-9 with systematic identification methods and mitigation strategies.

Hardware Metrics

Calculate SPFM, LFM, and PMHF in the TSC context, verify compliance against ASIL B/C/D targets, apply failure rate data, and validate diagnostic coverage assumptions.

Verification & Release

Plan and execute TSC verification activities including requirements reviews, architecture analysis, safety analysis confirmation, metric verification, and integration testing.

Complete Worked Example

Walk through a complete ASIL D powertrain TSC from FSC inputs through TSR derivation, architecture allocation, safety mechanism selection, metric calculation, and verification evidence.

Toolkit & Advanced Reference

Access TSC templates, checklists, clause-by-clause ISO 26262-4 reference, assessor preparation guides, common pitfalls, and a comprehensive glossary of 100+ safety terms.

Interactive Tools

Architecture Pattern Selector

Compare Single-Channel, Dual-Channel Monitor, Dual-Channel Redundant, and TMR (Triple Modular Redundancy) patterns with ASIL capability and trade-offs.

Safety Mechanisms Chart

Interactive scatter plot of safety mechanisms by effectiveness vs. complexity, with clickable data points showing ASIL applicability and characteristics.

Failure-to-Mechanism Mapper

Select failure types (sensor stuck-at, CPU lockup, memory corruption, CAN message loss) and see detection and mitigation mechanisms with diagnostic coverage.

Hardware Metrics Visualization

SPFM (Single-Point Fault Metric), LFM (Latent Fault Metric), and PMHF (Probabilistic Metric for random Hardware Failures) charts with target vs. achieved comparisons and formula displays.

Requirements Allocation Chart

Visualize how technical safety requirements are allocated to hardware and software elements with ASIL decomposition rationale.

FMEDA (Failure Modes, Effects, and Diagnostic Analysis) Simulator

Featured

Full interactive simulator to develop and validate safety mechanisms with failure rate inputs, diagnostic coverage calculations, and ASIL compliance checks.

Explore Simulators

Real-World Application

Complete EPS (Electric Power Steering) Technical Safety Concept

See how a real-world EPS system translates functional safety goals into technical requirements, system architecture allocation, and safety mechanisms with full traceability.

Safety goal SG-01 decomposed into 7 traceable TSRs (Technical Safety Requirements) with ASIL D inheritance
Dual-processor monitoring architecture with cross-channel comparison at 10 ms cycle
FMEA (Failure Mode and Effects Analysis)-driven safety mechanism selection: torque plausibility, end-stop detection, watchdog
HSI (Hardware-Software Interface) specification with 47 signals and timing budgets
PMHF (Probabilistic Metric for random Hardware Failures) calculation: 2.3 × 10⁻⁸ h⁻¹ against ASIL D target of < 10⁻⁷ h⁻¹

TSR (Technical Safety Requirement) Allocation Matrix

SG-01 → TSR-01: Torque monitoring response < 20 ms [ASIL D]

Unlock in course

Ready to Master Technical Safety Concepts?

Start your journey through 16 comprehensive chapters covering FTTI analysis, ASIL decomposition, DFA, safety mechanisms, HSI specification, hardware metrics, and a complete ASIL D worked example.

Start Learning Now

12 Chapters6 ToolsCase StudyVideo

Technical Safety Concept

Learning Objectives

Derive Technical Safety Requirements

Transform functional safety requirements into implementable, testable technical safety requirements with full ASIL (Automotive Safety Integrity Level) attribution.

Allocate Requirements to Architecture

Systematically allocate TSRs (Technical Safety Requirements) to hardware, software, and external measures with justified design decisions.

Select Appropriate Safety Mechanisms

Choose and specify safety mechanisms that achieve required diagnostic coverage for your ASIL (Automotive Safety Integrity Level) level.

Calculate HW (Hardware) Architectural Metrics

Apply PMHF (Probabilistic Metric for random Hardware Failures), SPFM (Single-Point Fault Metric), and LFM (Latent Fault Metric) calculations and verify compliance against ISO 26262 Part 5 targets.

Chapters

What is a TSC (Technical Safety Concept)?

Understand the purpose, scope, and critical role of the Technical Safety Concept as the bridge between functional safety requirements and hardware/software design in the ISO 26262 lifecycle.

TSC in the Safety Lifecycle

Trace the TSC through ISO 26262-4 phases and understand its inputs from the FSC, outputs to HW/SW development, and dependencies on HARA and safety goals.

Development Workflow

Follow the complete TSC development process from initial inputs through iterative refinement, covering workflow gates, review checkpoints, and tool-supported activities.

Writing Technical Safety Requirements

Learn how to derive verifiable, ASIL-attributed TSRs from functional safety requirements with proper traceability, testability criteria, and allocation rationale.

FTTI & Safe States

Master Fault Tolerant Time Interval (FTTI) analysis, safe state definition, FDTI/FRTI/EOTTI/MFTTI timing parameters, and emergency operation strategies for degraded modes.

Architecture & Patterns

Compare safety architecture patterns (1oo1D, 1oo2, 1oo2D, TMR/2oo3) and allocate technical safety requirements to hardware, software, and external measures with ASIL decomposition rationale.

ASIL Decomposition

Apply ASIL decomposition per ISO 26262-9 with freedom from interference (FFI) arguments, independence criteria, coexistence analysis, and decomposition algebra for complex architectures.

Safety Mechanisms

Survey the complete catalog of hardware, software, communication, and system-level safety mechanisms with diagnostic coverage values, ASIL applicability, and implementation trade-offs.

Interfaces & Communication Safety

Define safe communication protocols, E2E protection mechanisms, bus monitoring, and inter-element interface requirements for CAN, LIN, Ethernet, and SPI.

HSI Specification

Document the Hardware-Software Interface with signal definitions, register maps, timing constraints, diagnostic interfaces, and safety-relevant attributes per ISO 26262-4 Clause 6.5.

Malfunction Analysis

Perform systematic malfunction analysis at system level to identify failure modes, effect propagation paths, fault coverage gaps, and residual risks using FMEA and FTA.

Dependent Failure Analysis (DFA)

Analyze common cause failures (CCF), cascading failures, and common mode failures per ISO 26262-9 with systematic identification methods and mitigation strategies.

Hardware Metrics

Calculate SPFM, LFM, and PMHF in the TSC context, verify compliance against ASIL B/C/D targets, apply failure rate data, and validate diagnostic coverage assumptions.

Verification & Release

Plan and execute TSC verification activities including requirements reviews, architecture analysis, safety analysis confirmation, metric verification, and integration testing.

Complete Worked Example

Walk through a complete ASIL D powertrain TSC from FSC inputs through TSR derivation, architecture allocation, safety mechanism selection, metric calculation, and verification evidence.

Toolkit & Advanced Reference

Access TSC templates, checklists, clause-by-clause ISO 26262-4 reference, assessor preparation guides, common pitfalls, and a comprehensive glossary of 100+ safety terms.

Interactive Tools

Architecture Pattern Selector

Compare Single-Channel, Dual-Channel Monitor, Dual-Channel Redundant, and TMR (Triple Modular Redundancy) patterns with ASIL capability and trade-offs.

Safety Mechanisms Chart

Interactive scatter plot of safety mechanisms by effectiveness vs. complexity, with clickable data points showing ASIL applicability and characteristics.

Failure-to-Mechanism Mapper

Select failure types (sensor stuck-at, CPU lockup, memory corruption, CAN message loss) and see detection and mitigation mechanisms with diagnostic coverage.

Hardware Metrics Visualization

SPFM (Single-Point Fault Metric), LFM (Latent Fault Metric), and PMHF (Probabilistic Metric for random Hardware Failures) charts with target vs. achieved comparisons and formula displays.

Requirements Allocation Chart

Visualize how technical safety requirements are allocated to hardware and software elements with ASIL decomposition rationale.

FMEDA (Failure Modes, Effects, and Diagnostic Analysis) Simulator

Featured

Full interactive simulator to develop and validate safety mechanisms with failure rate inputs, diagnostic coverage calculations, and ASIL compliance checks.

Explore Simulators

Complete EPS (Electric Power Steering) Technical Safety Concept

See how a real-world EPS system translates functional safety goals into technical requirements, system architecture allocation, and safety mechanisms with full traceability.

Safety goal SG-01 decomposed into 7 traceable TSRs (Technical Safety Requirements) with ASIL D inheritance

Dual-processor monitoring architecture with cross-channel comparison at 10 ms cycle

FMEA (Failure Mode and Effects Analysis)-driven safety mechanism selection: torque plausibility, end-stop detection, watchdog

HSI (Hardware-Software Interface) specification with 47 signals and timing budgets

PMHF (Probabilistic Metric for random Hardware Failures) calculation: 2.3 × 10⁻⁸ h⁻¹ against ASIL D target of < 10⁻⁷ h⁻¹