ARP 4761 vs ISO 26262: Safety Doesn’t Fall From The Sky, But Inspiration Could

      The cars cannot fly (yet!), but our safety process may be inspired by aviation

      Diving into automotive topics as a safety engineer, but carrying baggage from aviation industry, some comparison was bound to happen.

      Whether flying or driving, safety and reliability are a priority, and for both industries, there is a dedicated standard providing regulations to ensure safe operation. But, if we need to comply to a required, industry suitable standard, it doesn’t necessarily mean that the other one is off the limits for guidance, if supplementary, or inspiration. While automotive systems are subject to different stressors and operational conditions compared to aircraft, many underlying principles (redundancy, failure modes, risk quantification) are common and can prompt a valuable cross-industry exchange.

      Let’s pick a centrepiece for today

      In automotive industry supported by ISO 26262, much of focus is placed upon FTA, FMEA, or HAZOP. So not to neglect DFA, we might put it in spotlight here.

      Dependant Failure Analysis (DFA) was already discussed in our previous blogs, related to enhancements made in second edition of ISO 26262, or in terms of quantification of potential dependent failure initiators (DFI), where we also reflected on IEC 61508 and its qualitative assessment ways.

      Here, we will turn to aviation’s SAE International ARP4761™A, which defines common cause methodology, a rigorous framework built out of a set of methods. The results of these analyses support the claim that the independence requirements have been met by the implementation.

      Source: https://new.express.adobe.com/

      Independence Principles and Common Mode Analysis

      Certain features of system architecture – redundancy, protection, monitoring – might require independence between their elements due to “no single point of failure” requirements or requirements related to development assurance level (DAL) assignment. This independence request is defined as an Independence Principle in ARP4761™A.

      A single failure, error, or event that produces undesirable effects on two or more systems, equipment, items, or functions is defined as a common cause.

      A common cause affecting multiple redundant elements of a system might compromise the availability safety objectives. A common cause affecting both the protection and the protected function, or the monitoring elements and the monitored function of a system might compromise the integrity safety objectives.

      The need for independence in achieving safety objectives should be identified and captured in formal independence requirements (with help of a CMA questionnaire).

      Two commonly used methods to identify Independence Principles are:

      1. Design Analysis, and

      2. Fault Tree Analysis, with two submethods

                a. AND-Gate Analysis, and

                b. Cut Set Analysis.

      The defined Independance Principles are then fed into common cause methods for an assessment. The method most comparable to automotive’s DFA, in aviation world, would be Common Mode Analysis (CMA).

      One method to plan CMA activities is to use the CMA questionnaire (or set of questionnaires). The CMA questionnaire is a task identification tool, tailored to identify the type and the source of the common causes within the particular scope of work. They are derived based on the example data presented in ARP4761™A (not exhaustive) and previous experiences. The level of detail of these questionnaires changes with the complexity of the system or novelty of the technology and is adjusted to the level of analysis.

      The CMA process can also be used in terms of FDAL or IDAL assignment and is conducted in a similar way. But in this case, there is a different aim – instead of recognizing potential failures, the activities focus on identifying potential error sources within the development/design process which might compromise the intended independence of functions and items. The emphasis here is on ensuring an adequate independence, as applicable, to comply with the DAL assignment.

      Let’s scrutinize, for some cross-domain inspiration!

      Nataša Simanić John - Lorit Consultancy FuSa Consultant

      Nataša Simanić John, Functional safety consultant

      Need expert support for your aviation safety and certification processes?
      With extensive experience in ARP4761 and ARP4754, Nataša Simanić John brings deep insight into safety assessments, standard compliance, implementation of safety mechanisms, and process optimization throughout the development lifecycle.

      📩 Reach out to us at info@lorit-consultancy.com to learn how we can support your next aviation project.

      Learn more

      Iterating Safety Assessment Continuously

      ARP4761 embeds CMA throughout the design, development, and certification phases in an iterative process. This ensures that common mode risks are re-evaluated as the system evolves.

      Automotive industry could also benefit from similarly stressing the continuous integration of common-mode evaluations rather than treating it as a final check per ISO 26262.

      Diagram 1. Development Phase and Verification Phase CMA

      Enhancing Rigor by Qualitative Judgments AND Quantitative Measures

      Techniques like Fault Tree Analysis (FTA) and Dependence Diagrams are integral to CMA and help in systematically mapping out failure propagation across redundant systems. ISO 26262 mentions usability of these techniques, but including the analytical tools within the analysis process more extensively could lead to a more refined understanding of interdependencies.

      ARP4761’s CMA process often employs both qualitative scenario assessments and quantitative analyses (such as probability estimations) to evaluate the likelihood and impact of common mode failures. Incorporating a mix of qualitative insights—especially in complex, interdependent systems—might improve their robustness.

      Emphasizing Detailed Documentation and Traceability

      ARP4761 stresses the importance of comprehensive record keeping. Every decision, assumption, and finding from the CMA is documented and traced to build an auditable safety case.

      ISO 26262 could enhance its processes with similar strategies, ensuring that every common cause and dependency is thoroughly documented, which in turn could not only simplify certification but also supports inevitable future modifications.

      For certification in aviation safety, the evidence gathered through CMA plays a critical role in demonstrating compliance with certifiers. As automotive safety standards evolve—especially with demands for higher confidence in autonomous systems—a similar level of documented rigor could support more robust safety cases and foster greater trust from regulatory bodies.

      By Nataša Simanić John, Functional Safety Consultant

      Learn
      more

      Looking to elevate your safety processes with cross-industry insights?

      With years of experience in international, cross-disciplinary teams, we bring deep expertise in ARP4761, ARP4754, and ISO 26262. Our hands-on approach to safety assessments, standards compliance, and process optimization offers valuable guidance for teams navigating complex safety challenges.

      Let’s talk about making your systems not just compliant, but truly robust.

      CONTACT

      Form

      We look forward to hearing from you.

        Show privacy policy

        Contact

        Address Austria:
        Lorit Consultancy GmbH
        Siezenheimer Straße 35
        5020 Salzburg / Austria

        Tel: +43 676 338 8884
        info@lorit-consultancy.com

        Address UK:
        Lorit Consultancy Ltd
        1 Craigathie Road
        Roslin Midlothian / Scotland EH25 9BG

        Tel: +44 7708 360023
        info@lorit-consultancy.com

        Partner of
        • Copyright © 2025
        • To top