1.Functional Safety and Intrinsic Safety
Functional Safety
“Functional safety” indicates functional tweaks (functions for ensuring safety: safety functions below) made to ensure a level of acceptable safety
Intrinsic Safety
“Intrinsic safety” indicates measures taken to reduce or eliminate harm to humans or the environment caused by changes in equipment or structures
For example, a railroad crossing where road traffic crosses a railroad track
- Idea of “functional safety”
A “railroad crossing” is often equipped with bells that start ringing to warn of approaching trains and barriers that force traffic to stop. These safety measures lower the risk of accidents to an acceptable level.
- Idea of “intrinsic safety”
A “grade separation” is a method to have trains and road vehicles cross each other on separate levels to prevent accidents and ensure safety.
Note: A grade separation places the railroad above road traffic or vice versa. However, accidents could still cause a wide variety of harm. For example, falling objects, issues in the construction of fences or the complete collapse of the overpass due to a natural disaster or other calamity could occur, so a grade separation does not mean absolute safety. However, in terms of railroad crossing safety, a grade separation is an example of intrinsic safety since it ensures safety by eliminating the crossing (the cause of the problem) itself.
A background to the idea of safety
Europe and North America
Even though the manufacturing industry aims for zero defects, things still fail and are damaged, a design may contain bugs and people make mistakes. (The idea that safety was a goal to strive for but impossible to achieve had taken hold.) As systems increase in complexity, it becomes more difficult to ensure complete safety through intrinsic safety. This has led to the standardization of the “functional safety” idea to compensate for the shortcomings of intrinsic safety and to prevent, to the greatest possible extent, injury to humans through product failures or bugs.
Japan
The manufacturing industry has striven for the complete achievement of “intrinsic safety” through greater reliability and 0 defects based on the concepts of design quality improvements and continuous manufacturing improvements. As a result, “Made in Japan” has become internationally famous for high quality that does not easily break down. To launch a product on the world market, it must meet the standards of each specific country and the increasing application of functional safety standards has made the idea known and accepted also in Japan.
Background to the formulation of ISO 26262 automotive functional safety standard
The fault* of a single part in an automobile could make it impossible to control the engine, operate the steering wheel, stop the vehicle or other malfunction and such a malfunction must not immediately lead to harm of human beings (driver, passengers or people outside the car).
The obfuscation of individual functions through the proliferation of electronics in automobiles, the complexity of managing operations between ECUs (Electronic Control Units) and complexity of design developed by multiple suppliers lead to faults* and errors*. In the event that a failure* leads to an accident, it becomes necessary to determine who is responsible for the resulting human injury and property damage.
The manufacturer will be able to fulfill accountability for safety and provide evidence if taken to court by revealing the entire development process of striving for 0 accidents from automobile failure under the idea of “functional safety.”
For this reason, the ISO 26262 safety standard was prepared on the basis of the IEC 61508 to specifically reduce the probability of hazardous events caused by malfunctioning behavior of electrical and electronic (E/E) systems.
*Fault・・・An abnormal condition that can cause system or vehicle failure.
*Error・・・Discrepancy between a computed, observed or measured value or condition and the true, specified, or
theoretically correct value or condition.
*Failure・・・Termination caused by a fault of the ability of a system or vehicle to perform a function as required.
Safety Mechanisms for Functional Safety
“Functional safety” indicates functional tweaks made to ensure a level of acceptable safety.
Automotive systems, components, electronic circuit and software can achieve “functional safety” by adding safety mechanisms.
Safety mechanisms include fail-stop and fail-operational (continued functionality) and it is necessary to provide ASIL compliant safety mechanisms.
2.What is ASIL?
ASIL refers to Automotive Safety Integrity Level, a risk classification system defined by the ISO 26262 standard.
ASILs establish safety requirements - based on the probability and acceptability of harm - for automotive components to be compliant with ISO 26262.
ISO 26262 identifies four degrees of ASILs - A, B, C and D. ASIL-A represents the lowest degree and ASIL-D the highest degree of automotive hazard.
Systems such as airbags, anti-lock brakes or power steering require an ASIL-D grade - the highest rigor applied to safety assurance - because the risks associated with their failure is the highest. In addition, all electrical and electronic systems must undergo a safety analysis, for example, the rear lamps and other components are categorized as ASIL-A, headlamps and brake lamps as ASIL-B, while adaptive cruise control is categorized as ASIL-C to D.
Example of implementation of safety mechanisms
Redundant design
A method of design where a backup function takes over to prevent accidents or problems to reduce harm if the main function fails.
Failure detection
A measure to add functions using other parts to monitor for anomalies in main functions or make them known before they happen to protect from harm.
ABLIC ICs assist in building functional safety into product design
Automobiles use multiple MCUs.
If an MCU abnormality is assumed,
- add a voltage detector to monitor and notify MCU malfunctions caused by overvoltage or low voltage in the power supply.
- add a watchdog timer to monitor and notify if the MCU program is out of control or has stopped running due to a software bug.
If anomalies are assumed in a lithium-ion battery in an electric vehicle (HEV, EV, etc.),
- add a lithium-ion battery protection ICs to monitor and notify overvoltage, overdischarge.
The automotive ICs described below also assist in building functional safety into product design.
- Magnetic sensor ICs (Hall effect ICs):Monitoring of sliding door and seat position, etc.
- Timer IC:Regular monitoring of sensors, etc.
- EEPROM:Saving all manner of calibration data, logs, etc.
ABLIC's FuSa Product Categories
FuSa process compliant | FuSa capable | FuSa supportive | |
---|---|---|---|
IATF16949-Process Compliant | ✔ | ✔ | ✔ |
ISO26262-Process Compliant | ✔ | - | - |
Functional safety process certificate | ✔ | - | - |
FMEA | ✔ | ✔ | ✔ |
Pin FMEA | ✔ | ✔ | ✔ |
Functional safety FIT rate calculation | ✔ | ✔ | ✔ |
FMEDA | ✔ | ✔ | - |
Functional safety manual | ✔ | - | - |
※Contact our sales representatives for materials provided.
Application examples
If you click on the product name, it will link to the product overview page.
※S-19192 Series is "FuSa process compliant" and can be applied to systems that require a higher level of functional safety.
※Our automotive products are "FuSa supportive" and we can provide FIT values calculated according to suit your specifications.
For more information regarding our FIT rate calculation, contact our sales representatives.