{"id":4240,"date":"2020-06-10T08:46:13","date_gmt":"2020-06-10T08:46:13","guid":{"rendered":"https:\/\/lorit-consultancy.com\/2020\/06\/quantifying-iso-26262-dependent-failures-analysis\/"},"modified":"2025-04-29T13:24:58","modified_gmt":"2025-04-29T11:24:58","slug":"quantifying-iso-26262-dependent-failures-analysis","status":"publish","type":"post","link":"https:\/\/lorit-consultancy.com\/de\/2020\/06\/quantifying-iso-26262-dependent-failures-analysis\/","title":{"rendered":"Quantifying ISO 26262 Dependent Failures Analysis"},"content":{"rendered":"

In this blog we revisit the subject of dependent failures as defined in ISO 26262<\/a><\/strong> (Read also our DFA blog ISO 26262 Part 11: Dependent Failure Analysis<\/a>) and more to the point how they can be quantified. Depending on the item under development, the number of potential dependent failures initiators (DFI)<\/strong> can be large and at present there is no clear way defined on how to quantify these failures.<\/p>\n

\"\"<\/a><\/p>\n

Figure 1: Coupling factor classes for dependent failures<\/p>\n

The 7 types of coupling factors<\/strong> are applicable to system, hardware, and software levels as defined in ISO 26262<\/a>:<\/p>\n\n\n\n\n\n\n\n\n\n\n\n
Coupling factor<\/th>\nExample system level<\/th>\nExample hardware level<\/th>\nExample software level<\/th>\n<\/tr>\n<\/thead>\n
Shared Information Input<\/td>\nExternal messages e.g. CAN<\/td>\nSensor output<\/td>\nVariable global to 2 functions<\/td>\n<\/tr>\n
Communication<\/td>\nBetween to ECUs in the same system<\/td>\nElectrical connection between 2 elements<\/td>\nData flow via global variables<\/td>\n<\/tr>\n
Identical Type<\/td>\nSame type of sensor<\/td>\nSame microcontroller<\/td>\nSame C macro<\/td>\n<\/tr>\n
Unintended Interface<\/td>\nOne function overruling another due to lack of synchronization<\/td>\nCrosstalk between signal paths<\/td>\nSame memory space<\/td>\n<\/tr>\n
Shared Resource<\/td>\nPower supply<\/td>\nclock<\/td>\nI\/O routines<\/td>\n<\/tr>\n
Systematic coupling<\/td>\nIdentical production processes<\/td>\nIdentical production processes<\/td>\nSame compiler<\/td>\n<\/tr>\n
Environmental immunity<\/td>\nMechanical coupling<\/td>\nEMC<\/td>\nN\/A<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Table 1: Examples of System, Hardware and Software DFI<\/p>\n

With the large number of potential DFI how far should teams go in mitigating the potential failures? Ultimately many items will require to be addressed early so that the dependent failures are mitigated by inherent good design, rather than introducing a \u2018sticky bandaid\u2019 approach later in the design lifecycle.<\/p>\n

IEC 61508 Quantification<\/strong><\/h2>\n

IEC 61508 – the standard from which ISO 26262 was derived – does use a technique to quantify dependent failures or rather common cause failures, by posing a set of 37 questions around the diversity of each aspect of the development<\/strong>. As an organisation we use a similar technique in ISO 26262 projects but scoring each of the 7 coupling factors based on the impact it might have on safety goals. This takes the form of an FMEA<\/strong> and requires the corresponding rigour in the safety mechanism to ensure that the DFI has been adequately mitigated.<\/p>\n<\/div><\/div><\/div>

\"\"<\/picture>\n\n\n<\/svg><\/div>

Alastair Walker, Consultant<\/p>\n<\/div><\/div>

Need support with ISO 26262<\/a>,<\/strong> IATF 16949<\/strong><\/a>, or IEC 60664<\/strong><\/a>? We offer remote consultancy and training to boost your automotive functional safety.
\nGet in touch via contact form<\/a> or join an upcoming online course<\/a>.<\/p>\nErfahre mehr<\/span><\/a><\/div><\/div><\/div><\/div>

\n

Dependent Failures Initiators (DFI) Mitigation<\/h2>\n

As mentioned above, we want to prevent DFI occurring where possible to reduce rework time and expense. Clear guidelines within an organisation can help ensure the major issues are avoided e.g. the same microcontroller in redundant paths. For less obvious scenarios a rating system can be extremely helpful<\/strong>. The acceptance criteria can be defined and a process then put in place rather to avoid than mitigate scenarios. Typical scoring might be as indicated in Figure 3:<\/p>\n\n\n\n\n\n\n\n\n\n\n\n
DFI Group<\/strong><\/td>\nDFI Type<\/strong><\/td>\nDetail<\/strong><\/td>\nScore<\/strong><\/td>\n<\/tr>\n
Shared Resource<\/td>\nClock<\/td>\nSame clock source for both channels no checks<\/td>\n10<\/td>\n<\/tr>\n
Test only for stuck at faults<\/td>\n7<\/td>\n<\/tr>\n
Test for stuck at, jitter, DC, drift<\/td>\n4<\/td>\n<\/tr>\n
Full independent clock monitoring<\/td>\n1<\/td>\n<\/tr>\n
Power Supply<\/td>\nIdentical Power Supply<\/td>\n10<\/td>\n<\/tr>\n
Same technology but different PSU implementation<\/td>\n7<\/td>\n<\/tr>\n
Different power supply technology<\/td>\n4<\/td>\n<\/tr>\n
Different power supply technology, with independent monitoring, level, transient and oscillation<\/td>\n1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Table 2: DFI Rating System<\/p>\n

The acceptance criteria may be only to accept DFI below a given value or perhaps a level for the total DFI ranking for the item or element.<\/p>\n

How companies approach this topic varies dramatically, but certainly recommended is some form of acceptance criteria for dependent failures to guide teams through this challenging activity in ISO 26262<\/a>.<\/p>\n

By Alastair Walker, Consultant<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

In this blog we revisit the subject of dependent failures as defined in ISO 26262 (Read also our DFA blog ISO 26262 Part 11: Dependent Failure Analysis) and more to the point how they can be quantified. Depending on the item under development, the number of potential dependent failures initiators (DFI) can be large and […]<\/p>\n","protected":false},"author":7,"featured_media":3831,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[87,93],"tags":[],"class_list":["post-4240","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-functional-safety","category-automotive"],"acf":[],"_links":{"self":[{"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/posts\/4240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/comments?post=4240"}],"version-history":[{"count":11,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/posts\/4240\/revisions"}],"predecessor-version":[{"id":8473,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/posts\/4240\/revisions\/8473"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/media\/3831"}],"wp:attachment":[{"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/media?parent=4240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/categories?post=4240"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/tags?post=4240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}