Functional Safety: Ensuring Safety In The Automotive Industry
The advancement in electronics and safety requirements has posed huge challenges to the mobility sectors, especially the automotive and aerospace industries. In January 2023, automaker BMW recalled over 14,000 electric vehicles for a software malfunction that may lead to a loss of power and an increased risk of a crash.
Covered under this recall are some of their top-selling models, iX SUVs, and the i4 and i7 sedans produced between October 14, 2021, and October 28, 2022 (Business-Standard). The recall notice read “The high voltage battery electronic control unit (ECU) software may cause an interruption of electrical power”.
Luckily in this case the risk was mitigated via the recall which otherwise might have resulted in bodily harm or damage to life and property. The image below shows similar incidents that have plagued the auto and aerospace industries in the recent past.
The above incidents have a massive financial impact on businesses due to costs of recalls, loss of life or bodily harm to the drivers or passengers, damage to the brand’s reputation, loss of sales, and consequent redundant R&D costs to rectify the issues.
The impact of such incidents on smaller companies could be devastating. The common cause in all the above incidents could be inadequate functional safety measures.
Functional Safety
Functional safety is part of the overall safety of a system or equipment that depends on its ‘operating correctly’ in response to its inputs. A safety-related system is a system whose failure can result in harm to people, damage to equipment, or environmental damage.
In the automotive industry, ISO 26262 standard is intended for developing functionally safe systems. The risks of safety-related failures are assessed, and Automotive Safety Integrity Levels (ASIL) are assigned. A higher ASIL needs higher levels of risk reduction measures.
Managing Risks and Undesirable Outcomes
In general, risk management is the process of identifying, assessing, prioritizing risks, and implementing strategies to mitigate or eliminate them. In the context of functional safety, effective risk management is at the heart of the process.
The first step is to identify the hazards, assess the risk, and derive safety goals for any given system. The risks on the end users are assessed through “exposure”, “controllability”, and “severity” points of view. Any risks that are deemed unacceptable will be assigned with an ASIL and a Safety goal is derived.
The next phase is the identification of functional failures that can lead to violation of safety goals. Methods like FMEA (Failure Modes and Effects Analysis) and FTA (Fault Tree Analysis) are typically used to construct the argument of identifying functional failures.
The basic mantra of functional safety is the prevention or detection, and mitigation of safety-relevant functional failures. A safe state is defined as part of the overall strategy where the vehicle or system can be in limited capability state or stops functioning so that users are not exposed to an unreasonable level of risk.
Fault Tolerant Time Interval
Time is a critical component of complex safety systems. Let us take the failure of an Electric Steering system into context. Consider a vehicle on a motorway at 70 mph and a malfunction occurs leading to excessive steering torque, leading the vehicle to deviate from its lane.
Let’s assume any deviation of more than 2.0° – 4.0° yaw rate can put the vehicle and passengers at risk as the vehicle will now be in a different lane. To detect an unintended change in yaw rate of 2.5° – 3.5° while travelling at 70 mph will compute an approximate time of 1s to put the system back into safe state i.e. Within 1s, a fault shall be detected, and a safe state shall be achieved.
Importance of Following ISO 26262
The traditional generation of vehicles has various safety hazards, like unintended acceleration or steering.
However, high voltage (HV) electric drive systems pose unique safety hazards such as electrocution and thermal events. Moreover, the ASIL levels for the same hazards as unintended acceleration would be higher for EVs as opposed to IC engine powered vehicles.
As vehicles become more complex, new features such as advanced driver assistance systems (ADAS), autonomous driving, and vehicle-to-everything (V2X) communication introduce new potential hazards/risks, including hacking, cybersecurity breaches, and system malfunctions. Here is where international safety standards like ISO 26262, ISO 21448 etc. become critical.
ISO 26262 provides a framework for the development of safety-related systems and components in passenger vehicles, trucks, and motorcycles. The standard outlines the processes and methods to be followed during the development of safety-related systems and components, from the concept phase to the decommissioning phase. Adherence to this standard is crucial for ensuring functional safety in the automotive industry.
Functional Safety In Motorcycle SIL (MSIL)
The Motorcycle Safety Integrity Level (MSIL) defines the safety level of a motorcycle system. Determining the MSIL involves identifying potential hazards, estimating the probability and severity of the consequences of the hazard, and ascertaining the risk level. The risk level then determines the right MSIL for the system or component. MSIL to Automotive Safety Integrity Level (ASIL) mapping is the process of converting the MSIL to the appropriate ASIL used in passenger cars and trucks.
Summary
Ensuring functional safety in the automotive industry is critical to protect the safety and well-being of drivers and passengers and to keep up the reputation of automotive companies.
Vehicles with high voltage (HV) electric drive systems pose unique safety hazards requiring special attention like Electrocution hazards and Battery hazards as opposed to a traditional IC engine vehicle. The complexity of vehicle systems and components is increasing, and with them comes a growing risk of hazards that require a strong understanding of system design and functional safety processes to mitigate the risk.
By adhering to international safety standards, effective risk management strategies, and identifying and addressing potential hazards, automotive companies can ensure that their products meet required safety levels and remain competitive in the evolving automotive industry.
If you have further questions on the above topics, reach out to us at enquiries@3sk.co.uk
In our next blog, we will cover more unique Functional safety cases and discuss some of the key enablers that are needed for Functional Safety Development.
Until then
Cheers!
