Core Framework and Development Model of Functional Safety in Automotive Concept Phase

The core framework and development model of automotive functional safety in the concept phase is a key aspect specified in Part 3 of the ISO 26262 standard. The primary goal is to define relevant items, analyze risks, and design safety plans through a systematic process, laying the foundation for subsequent system development, hardware and software design. From the standard framework perspective, the concept phase mainly includes three core activities: Item Definition, Hazard Analysis and Risk Assessment (HARA), and the establishment of the Functional Safety Concept (FSC). These activities run through the safety lifecycle of the product and are crucial to ensuring that vehicle functions can avoid unreasonable risks even in abnormal conditions. The development model of the concept phase presents an L-shaped process flow, which can be divided into four core steps. First, all existing information related to the relevant items must be collected, including functional definitions, use case descriptions, and product design documents, to form the 'Item Definition' document. This step is fundamental for all subsequent analyses, and the accuracy of its output directly affects the effectiveness of risk assessment. Secondly, based on the item definition, HARA activities are conducted, relying on external inputs, such as VDA 702 (scenario classification standard) and ISO 21448 (intended functional safety), resulting in a hazard analysis and risk assessment report. Since the results of HARA will directly determine the safety level requirements for downstream suppliers, the review of this process must meet the highest level of independence (I3), meaning that it should be audited by non-interest parties from different organizations to avoid risk misjudgments due to conflicts of interest. After the HARA activities, it is necessary to integrate the safety goals derived from risk assessments with functional or system architecture design, transforming them into specific functional safety concepts. The core of this process is to derive Functional Safety Requirements (FSR), clarifying the safety mechanisms that must be adopted by the system in case of failures. Finally, the functional safety concept needs to undergo an acceptance review and verification review, resulting in a verification report to ensure compliance with safety goals and effective mitigation or avoidance of hazards. Throughout the entire process, each step's output must undergo strict document control and review to guarantee traceability and compliance of the development process. Item Definition is the starting point of the concept phase, focusing on clarifying the scope and boundaries of relevant items. According to ISO 26262, relevant items refer to systems or combinations of systems that achieve complete or partial functions at the vehicle level, such as Adaptive Cruise Control (ACC), Electronic Stability Program (ESP), and Power Steering Systems. These systems directly affect the vehicle's dynamic behavior, and functional anomalies can lead to hazardous events. In contrast, 'elements' (such as sensors, chips, actuators) are components that support the functions of relevant items but do not directly implement the vehicle functions themselves, thus needing to be developed as 'safety elements independent of the environment' and not included in the scope of relevant item definitions. The distinction between item definition and functional definition lies in the fact that functional definitions focus on the concrete performance of a single function (such as the torque range of the power steering or the deceleration of the braking system), while item definitions integrate dependencies between functions and systems from the vehicle perspective. For instance, the definition of power steering might specify 'providing 5N·m of assistance torque at a speed of 30 km/h,' while the item definition would need to explain 'the interaction of the power steering system with driver operations, road surface friction, and ESP system.' This integrative description is foundational for subsequent hazard analysis, ensuring that risk assessments do not overlook any inter-system dependencies. The preparation of the item definition document should integrate information from multiple sources, including but not limited to: regulatory and standard requirements (like GB 7258, ISO 26262), functional use cases, pre-experimental results, and product design documents. The document must clearly outline key information such as the functional goals of the relevant items, methods of interaction with the driver, operational environment limitations, dependencies on other relevant items, and known safety issues. HARA is a core activity in the concept phase aimed at identifying hazardous events that may arise from functional anomalies, assessing risk levels, and determining corresponding safety goals. The implementation of HARA follows a systematic process to ensure coverage of all potential risks. The identification of functional anomalies involves determining behaviors that deviate from expected functions, using methods such as HAZOP (Hazard and Operability Analysis). HAZOP combines guiding words with functional parameters to systematically list potential anomalies. Hazards are classified based on the six degrees of freedom in vehicle movement, focusing on the vehicle-level consequences rather than the functional anomalies themselves. Hazard events are constructed by combining hazards with operating situations, which must cover factors such as environment, road conditions, and traffic participants. Risk levels are assessed based on exposure, severity, and controllability, ultimately mapping to ASIL levels or QM (quality management). The safety goals are established for each hazard event, with ASIL levels derived from the combinations of exposure, severity, and controllability. The functional safety concept is designed based on these safety goals, transforming them into actionable functional safety requirements (FSR) that are allocated down to the system or component level. The verification of the functional safety concept must demonstrate compliance with safety goals through independent reviews, simulation validations, and prototype testing, forming a comprehensive documentation process. The concept phase of automotive functional safety is foundational to safety development, focusing on clearly defining boundaries through item definitions, identifying risks through HARA, and designing safety plans through FSC. Document standardization and independent reviews are crucial as the outputs of the concept phase directly influence subsequent development stages. Companies should establish cross-departmental collaboration mechanisms to ensure coordination among product, safety, and engineering teams, while also accumulating scenario libraries and failure cases to enhance the accuracy of HARA. With the increasing prevalence of complex functions such as advanced driver assistance systems, the concept phase must also consider anticipated functional safety and risks arising from performance limitations to achieve more comprehensive safety assurances.