03. Functional Safety Requirements

Lane Keeping Assistance Functional Safety Requirement

For the lane keeping assistance function, the malfunction was that there was no time limit, and the driver could treat the system as if it were designed for autonomous driving. We determined a safety goal saying the "lane keeping assistance function shall be time limited and the additional steering torque shall end after a given timer interval so that the driver can not misuse the system for autonomous driving". In other words, the lane assistance system should stop applying extra torque after a certain amount of time.

In this example as well, we can still meet the safety requirement by merely adding functionality to the power steering ECU. For the lane keeping assistance function, we'll define a new requirement that "the electronic power steering ECU shall ensure that the lane keeping assistance torque is applied for only Max_Duration".

Safety Analysis Methods

We have used some basic logic to derive functional safety requirements from the safety goals.

There are also more formal methods for deriving functional safety requirements. These methods are not only used in functional safety but also in general systems engineering. In functional safety, these methods can be used in a variety of situations:

• Deriving safety requirements
• Identifying conditions and causes that could lead to requirement violations
• Identifying other hazards not identified in the Hazard Analysis and Risk Assessment

Different companies might use different methods including:

• Failure Modes and Effects Analysis (FMEA)

• Hazard and Operability Study (HAZOPS) Note that HAZOP differs from the other items here in that it is a technique that used to derive hazards similar to the methods used in ISO 26262 HARA .

• Failure Modes Effects and Diagnostic Analysis FMEDA

• Fault Tree Analysis (FTA)

• Reliability Block Diagram

• ETA