The release of ISO 26262 is only about three months after the 2011 World Congress. However, there are still some contentious aspects that can introduce challenges or cause a disproportionate effort. In this paper, we will show how to avoid these problems.
ISO 26262 provides a detailed method for classifying the Automotive Safely Integrity Level (ASIL) of in-vehicle electronic systems. However, the ASIL value for a specific function/product can vary significantly across the industry. Applying a lower level than the industry norm can cause substantial liability problems. Applying a higher level can initiate an “arms race” with competitors. This is particularly true if there are no vehicle-related reasons for choosing the higher level or if it doesn't make the product any safer. To encourage international harmonization, this paper will define ASIL classifications for the main automotive components.
Most functions/products are currently being developed using parts of existing products. These existing products haven't been formally designed according to ISO 26262, but they are covered by the “proven-in-use” approach of the standard, which is far beyond the state of the art. Consequently, this paper will also describe when a proven-in-use approach is necessary and when it can be replaced by other methods.
Qualifying tools can also cause a tremendous effort, since development organizations can use more than a thousand tools. Consequently, this paper will also describe how the number of tool qualifications can be limited by focusing on a detailed classification of tool use-cases.