Functional Safety

Getting started with ISO 26262

Introduction

Achieving functional safety in automotive and industrial systems is essential for compliance, reliability, and customer trust. ISO 26262 is the international standard that guides organizations through a comprehensive lifecycle approach to ensure that electronic systems meet rigorous safety goals.

At Audesse, we provide the expertise, hardware, and software solutions necessary to support you at every stage of this process. This article is intended to provide you with a starting point on your functional safety journey.

Safety Management and Initiation

The journey begins with the initiation and management of functional safety. Organizations must establish a safety culture, define responsibilities, and set up a safety management system.

Audesse assists in this foundational phase by helping you implement best practices, providing training, and ensuring that your team is prepared to meet ISO 26262 requirements.

Concept Phase: Hazard Analysis and Safety Concept

The concept phase focuses on identifying potential hazards and assessing risks through Hazard Analysis and Risk Assessment (HARA). This critical step determines the Automotive Safety Integrity Level (ASIL) required for your project.

The ASIL classification is calculated based on three factors:

  • Severity (S): The potential impact of a hazard on vehicle occupants or other road users.
  • Exposure (E): The likelihood of the vehicle being in operational conditions where the hazard could occur.
  • Controllability (C): The probability that a typical driver could avoid harm if the hazard were to arise.

Each hazard is scored across these dimensions, and the combination determines whether the safety goal falls into QM (Quality Management), ASIL A, B, C, or D.

Once the ASIL level is established, the Functional Safety Concept (FSC) is developed to define high-level safety requirements. To meet these requirements, risk mitigation strategies are applied, such as:

  • Redundancy: Multiple independent channels or components (e.g., dual microcontrollers, redundant sensors).
  • Diversity: Different technologies or approaches for the same function (e.g., radar + camera fusion).
  • Monitoring and Diagnostics: Detecting latent faults early through built-in self-tests and system health checks.
  • Safe State Design: Ensuring the system enters a safe fallback mode (e.g., limp-home) if a fault occurs.

Audesse provides documentation templates and expert assistance to guide you through HARA and FSC creation. Our hardware platforms support ASIL decomposition, enabling you to distribute safety requirements across multiple components and meet compliance more efficiently.

System Architecture

System architecture represents how system functionality is mapped into hardware and software components, including their external interactions. In ISO 26262 projects, the components, signals, functions, and architecture requirements are each assigned appropriate ASIL ratings that must be satisfied.

For both prototype and production projects, Audesse works with customers to create clear architecture diagrams that show all system elements. From there, we help define architecture requirements that specify interfaces, dependencies, and timing constraints between elements.

We emphasize:

  • ASIL Decomposition: Splitting safety goals across independent elements to meet requirements with greater efficiency.
  • Traceability: Ensuring a clear line of requirements from HARA → FSC/FSR → TSC/TSR → implementation → verification.
  • Tool Qualification: Supporting compliance when model-based design tools (e.g., MATLAB/Simulink) or other automated environments are used.

FSR / FSC

At the system level, the architecture is analyzed against the safety goals from the HARA. The Functional Safety Requirements (FSRs) describe how the system must detect, control, or mitigate faults that could compromise safety.

Safety analyses — typically FMEA (Failure Modes and Effects Analysis) and FTA (Fault Tree Analysis) — are applied here to confirm that the FSC (Functional Safety Concept) meets the HARA-defined safety goals.

The FSC allocates safety requirements and cascades ASIL ratings down to specific elements of the system. While the FSC is often provided by the vehicle integrator, Audesse has developed FSCs for multiple programs and provides review or development support at this level.

TSC / TSR

The Technical Safety Requirements (TSRs) and corresponding Technical Safety Concept (TSC) define how the requirements in the FSC are realized in hardware and software design. They refine and allocate the FSC to specific elements, specify interface requirements, and define the details of the safety mechanisms for each component.

Typical mechanisms include:

  • Watchdog timers
  • Plausibility checks across redundant signals
  • End-to-end communication protection (CRCs, counters)
  • Graceful degradation or limp-home strategies

Analysis tools such as FMEA, FTA, and FMEDA (Failure Modes, Effects, and Diagnostic Analysis) are used here. FMEDA is particularly important for calculating diagnostic coverage and probabilistic metrics for hardware failure (PMHF), which are required for ASIL C/D compliance.

TSRs and TSCs may exist at multiple hierarchical levels. Audesse often receives high-level TSRs/TSCs from vehicle integrators and then develops the internal TSRs/TSCs specific to our modules.

In parallel, item-level verification and integration test plans are created to ensure that TSRs and TSCs will be verifiable during later phases.

System Design Specification

The System Design Specification (SDS) encompasses both the Technical Safety Concept and the non-safety-related design aspects. It is the complete blueprint from which both hardware and software requirements are derived.

Audesse helps customers develop SDS documents that maintain compliance, integrate safety and cybersecurity considerations, and prepare for seamless downstream implementation.

Product Development: System, Hardware, and Software

With the architecture and safety concepts defined, product development begins. At the system level, technical safety requirements are translated into a concrete design.

Audesse’s FlexCase and FlexConnect platforms provide flexible, expandable architectures compatible with industry-standard tools like MATLAB and Simulink. Our solutions support diversified ASIL decomposition and can be tailored to meet your specific application.

Hardware and software are then developed and integrated using best practices for both safety and cybersecurity. Audesse supplies pre-configured solutions, comprehensive documentation, and integration support to help reduce risk and accelerate time to market.

Production, Operation, Service, and Decommissioning

After development, safety must continue through production, operation, service, and eventual decommissioning.

Audesse offers turnkey production support, calibration, and ongoing engineering assistance to help you maintain compliance and reliability across the entire product lifecycle.

Supporting Processes: Verification, Validation, and Documentation

Verification and validation activities span the entire ISO 26262 lifecycle. Rigorous testing confirms that safety requirements are satisfied at unit, integration, and system levels. Validation ensures that the final product meets the original safety goals.

Supporting processes include:

  • Configuration and Change Management to ensure modifications do not compromise safety.
  • Tool Qualification where required by ISO 26262.
  • Comprehensive Documentation to maintain traceability across all artifacts.

Audesse provides validation support, documentation templates, and expert guidance to ensure compliance and efficiency at every step.

Why Choose Audesse

Partnering with Audesse gives you:

  • Accelerated integration and reduced time to market
  • End-to-end hardware and software solutions
  • TUV-SÜD-certified functional safety experts
  • Validated products designed to meet ISO 26262 (up to ASIL D) and ISO 21434 cybersecurity requirements

This ensures confidence in both the safety and security of your systems.

Supported Use Cases

Our FlexCase hardware and FlexConnect connectivity platform are well-suited for:

  • Advanced Driver Assistance Systems (ADAS)
  • Powertrain and chassis control
  • Connected vehicle gateways
  • Fleet management with telematics
  • Custom automotive applications requiring high safety integrity

While our products are ISO 26262 capable, full compliance is only achieved in concert with careful end-application development and deployment. That is why engaging with our team throughout your build is strongly recommended.

Services and Support

Audesse provides comprehensive lifecycle support, including:

  • Safety concept development
  • Compliance documentation
  • Custom hardware and software engineering
  • Production, calibration, and ongoing service

Get Started

If you are ready to begin your functional safety journey or need support at any stage, contact Audesse to discuss your project. We are committed to helping you achieve ISO 26262 compliance efficiently and effectively so you can focus on innovation and delivering value to your customers.