Quantifying ISO 26262 Dependent Failures Analysis
In this blog we revisit the subject of dependent failures as defined in ISO 26262 (Read also our DFA blog ISO 26262 Part 11: Dependent Failure Analysis) and more to the point how they can be quantified. Depending on the item under development, the number of potential dependent failures initiators (DFI) can be large and at present there is no clear way defined on how to quantify these failures.
Figure 1: Coupling factor classes for dependent failures
The 7 types of coupling factors are applicable to system, hardware, and software levels as defined in ISO 26262:
| Coupling factor | Example system level | Example hardware level | Example software level |
|---|---|---|---|
| Shared Information Input | External messages e.g. CAN | Sensor output | Variable global to 2 functions |
| Communication | Between to ECUs in the same system | Electrical connection between 2 elements | Data flow via global variables |
| Identical Type | Same type of sensor | Same microcontroller | Same C macro |
| Unintended Interface | One function overruling another due to lack of synchronization | Crosstalk between signal paths | Same memory space |
| Shared Resource | Power supply | clock | I/O routines |
| Systematic coupling | Identical production processes | Identical production processes | Same compiler |
| Environmental immunity | Mechanical coupling | EMC | N/A |
Table 1: Examples of System, Hardware and Software DFI
With the large number of potential DFI how far should teams go in mitigating the potential failures? Ultimately many items will require to be addressed early so that the dependent failures are mitigated by inherent good design, rather than introducing a ‘sticky bandaid’ approach later in the design lifecycle.
IEC 61508 Quantification
IEC 61508 – the standard from which ISO 26262 was derived – does use a technique to quantify dependent failures or rather common cause failures, by posing a set of 37 questions around the diversity of each aspect of the development. As an organisation we use a similar technique in ISO 26262 projects but scoring each of the 7 coupling factors based on the impact it might have on safety goals. This takes the form of an FMEA and requires the corresponding rigour in the safety mechanism to ensure that the DFI has been adequately mitigated.
Alastair Walker, Consultant
Need support with ISO 26262, IATF 16949, or IEC 60664? We offer remote consultancy and training to boost your automotive functional safety.
Get in touch via contact form or join an upcoming online course.
