In the first of our three-part blog series on the recently published Publicly Available Specification ISO/PAS 21448:2019 ‘Road vehicles – Safety of the intended functionality’ (SOTIF), we focus on the key terminology associated with scenes, scenarios and situations.
The specification is a good introduction to the subject of functional insufficiencies of the intended functionality and the foreseeable misuse by humans. One or two diagrams need updating and a definition of an ego vehicle is certainly required to stop people such as myself envisaging a car with an attitude.
We will visit the human factors aspects in more detail later in the blog series.
The definition of a scene as a snapshot of the environment including the scenery, dynamic elements, all actor and observer self-representations and the relationships between these entities, takes a bit of getting your head around.
Scene
When considering the real world and the number of stationary elements that may actually be dynamic i.e. someone standing looking at their phone, or stationary elements that may be interpreted as dynamic e.g. lifelike statues beside the road, there are many challenges in defining such scenes.
The paper from the team at the Institute of Control Engineering, Technische Universität Braunschweig, Ref 1 in SOTIF, is an excellent read and helps shed light on the definition of a scene. However, when reading this reference you also appreciate the great difference in personal opinion amongst subject experts. The analogy of the scene relating to a theatre is also a helpful one. One example cited, on a car driving parallel to a cyclist in a bike lane defines the bike as always being part of a scene rather than the goals and values (transient – mission or operator commands; permanent – regulatory, societal). More examples of this nature would be helpful in the SOTIF specification to improve clarity and understanding for the reader.
Perhaps another area where more definition would be beneficial in SOTIF is how the terms scene, scenario and situation can be incorporated in the work product activities. The steps in generating the Functional and System Specification, and equally so the evaluation of hazards or evaluation of triggering events, are clear and concise but guidance on the scenario and situation implications would be very helpful.
As in many technical specifications or standards, SOTIF does present some good practical examples, particularly relating to system design and architecture.
In part 2 of this blog series we will focus on the SOTIF workflow and work products.
By Alastair Walker, Functional Safety Consultant
Do you want to learn more about the implementation of ISO DIS 21448, ISO 26262 or any other standard in the Automotive or Medical Device sector? We work remotely with you. Please contact us at info@lorit-consultancy.com for bespoke consultancy or join one of our upcoming online courses.