The reason I was interested in this issue is because I happened to hear someone saying ISO26262 will be a mandatory package in order to sell vehicles in Europe. And I had also read from another magazine that some automakers and suppliers in Japan had not been ready for this. (I’m not exactly sure about the situation right now in February 2012.)
The following is a digest I made from the magazine article I read in Japanese. (NIKKEI ELECTRONICS, the 2011.1.10 issue)
Overview:
1. ISO26262 is a standard for systematic safety in electronic products of automobiles.
2. The reason it came into being is that another safety standard (IEC61508) had already been set out, but it was not suitable to evaluate. It was not practical.
IEC61508 vs. ISO26262:
IEC61508 was issued in 1999 in order to be a standard for electric and electronic fields. But it was not established to meet the requirements for automobile production. After some trials period, the article says, some automobile companies came to realize that IEC61508 was not suitable to implement in their automobile production systems.
[Reasons]
i) IEC61508 was originally issued for petroleum chemical plants. (It was not intended to evaluate the mass production system of automobiles.)
ii) Probabilistic theory has a lot to do with an evaluation for IEC61508. But it is out of the point.
Some automakers in Germany and France thought this standard wouldn’t work as expected, so that another one (ISO26262) should be created.
A CUSTOMIZED VERSION OF IEC61508?
So it might be natural to think ISO26262 is a customized version of IEC61508. But it is only a part of it. - ISO26262 is more like an enhanced version of IEC61508 in that another point of view was adopted besides just functional safety issues.
Problems with IEC61808:
Since IEC61808 was issued in 1999, some experts in safety measures have pointed out that it does not fit the automobile components production with the following reasons.
1. Relying on the probabilistic theory will be misleading. It may make the problem become more complex:
IEC61808 is focusing too much on the probabilistic theory in order to detect an error of an individual part. This will cause the functionality to be more complicated because an effort will have to be made to reduce the occurrence of errors. This will likely cause a problem to the whole system.
2. Part-to-part evaluation is not enough to prove safety:
Evaluation is conducted on the part-to-part level in IEC61508. Meaningful as it appears, it actually doesn’t fully prove the safety. Reliability and safety, the article says, are 2 different things. One part can have a different level of risk according to which other parts it will be associated with. Risk will not be generated from just one single part, but from multiple parts combined.
3. It is not practical:
In addition to #1 and #2, IEC61808 has another problem. It doesn’t have a concept to overview the system in order to evaluate safety. The probabilistic approach was criticized for having no academic reasoning or practicality.
Conclusion:
ISO26262 was created by referencing the system safety measure, and it was adopted in the aerospace and defense industries in the U.S. This approach has arisen and developed after the World War II. And it is more focused on macro-perspective regarding safety, where an interaction of subsystems will be evaluated. And that makes ISO26262 look differently from another existing standard, IEC61808.
