ASIL Certification – Overview and its benefits

ASIL certification

Over 6 million motor vehicle crashes are reported annually on average, according to statistics on motor vehicle safety provided by the Bureau of Transportation Statistics (BTS). According to the Society of Indian Automobile Manufacturers (SIAM), between 2021 and 2022, more than 8.6 lakh two-wheelers and more than 4.6 lakh four-wheelers were recalled in India because of safety concerns.

This can be caused by a variety of things, including as tire problems, structural integrity problems with the vehicle, and electrical and electronic equipment malfunction.

Therefore, safety becomes the primary need for developing an automotive application. Functional safety is an extremely important concept for an automobile vehicle, in particular, at every step of manufacture and decommissioning.

There’s a good possibility that if you work in the field of automobile functional safety, you’ve come across the term “ASIL ratings” at some point. Let’s attempt to clarify what ASIL ratings are today and how ISO 26262 determines them. It is advised that you quickly read this if you are just starting out in the field of functional safety.

Understanding ASIL 

ASIL known as Automotive Safety Integrity Levels, are generally tiers of risk evaluations. According to the ISO 26262 standard, there seem to be four ASILs: ASIL A, ASIL B, ASIL C, and ASIL D. ASIL D sets the highest security integrity standards for the product, while ASIL A places the lowermost. The fifth categorization is termed QM (quality management), and it applies when a risk is not significant enough to call for a specific safety objective. For instance, the steering control system, which is rated with the extremely safety-critical ASIL D, poses a significant risk of disaster in the case of a failure while the vehicle is moving. In contrast, malfunction of the infotainment system’s parts, like the radio or video player, is categorized as ASIL A because it does not pose a major risk to anyone’s safety.

The system or collection of systems used to implement a function that serves as an input for the Hazard Analysis and Risk Assessment (HARA) are specified in the item specification. With the assistance of feature/system specialists and safety authorities, HARA is normally finished by outlining all potential risks and hazards. The intensity of each risk assessment then has to be determined.

By considering the Exposure, Severity, and Controllability of the vehicular scenario, risk management of a potential hazard is performed to determine the ASIL. The ASIL standards are then carried by the safety objective for that risk.

How does ASIL Work?

As determined above, HARA helps to determine the level of probability of injury to property and individuals for failures of a specific function at the vehicle level. Once finished, the classification aids in determining the steps and depth of risk mitigation required to attain a tolerable risk. To achieve the highest levels of functional safety, the safety objective definition (ASIL) is utilized both in hardware and software processes in vehicle design.

The ASIL requirement is determined by a combination of three elements.

Severity: How dangerous might a system failure be if it affected the driver, passengers, or surrounding vehicles and pedestrians? The levels of severity are as follows: S1 for minor and moderate injuries; S2 for serious and life-threatening injuries; and S3 for incidents that pose a serious risk of death.

Exposure: The chance of an operational circumstance that, if it coincides with the failure mode being examined, might be dangerous. The automobile component under evaluation is given different exposure levels, like E1: extremely low probability, E2: low probability, E3: medium probability, and E4: high probability.

Controllability: How likely is it that the individuals involved in the operating scenario will act promptly to avoid hazards if the system fails? The definition of the order of controllability is C1<C2<C3 (the difficulty increases from C1 to C3).

ISO 26262 ASIL Allocation Table

Probability Class Controllability Class
C1 C2 C3
Severity Class S1 E1 QM QM QM
E2 QM QM QM
E3 QM QM A
E4 QM A B
S2 E1 QM QM QM
E2 QM QM A
E3 QM A B
E4 A B C
S3 E1 QM QM A
E2 QM A B
E3 A B C
E4 B C D

 

The following table from ISO 26262 helps us establish the ASIL rating based on the three variables mentioned above. For ASIL D, software analysis is strongly advised; for other levels, it is optional. Software must undergo Modified Condition Decision Coverage (MC/DC) structural testing, according to ISO 26262. Tables in ISO 26262 list techniques and categorize them as highly recommended methods or recommended ways based on the ASIL to determine how often MC/DC analysis is required for each level of ASIL.

According to a table in ISO 26262, the ASIL levels of A, B, C, and D are assigned.
  • The combination of S3, E4, and C3 (the extremes of the three criteria) refers to a condition that is extremely dangerous and is designated ASIL D, meaning that it calls for the highest standards of safety precautions and has the potential to seriously threaten life.
  • When S1, E1, and C1 (the three parameters with the lowest safety-criticality levels) are combined, QM levels are required, indicating that the component is not risky and does not require management in accordance with ISO 26262.
  • Similar to this, combinations of the medium levels, like S2, E4, and C3 or S2, E3, and C2, indicate both an ASIL C and an ASIL B component.

Experts may create the S, E, and C classification in a variety of ways, but a fault tree analysis, or FTA, takes a more technical approach. Finding the causes of a certain event is done through fault tree analysis. The S, E, and C ratings for an event may be determined using a probability technique once each root cause has been determined.

Benefits of ASIL

While reducing risks is undoubtedly advantageous, one of the key advantages that ASIL certification offers the car industry is an effort at uniformity. The ASIL framework outlines a process for monitoring and tracking requirements. This is significant, particularly in view of the supply chain’s complexity. The final products that vehicle manufacturers release onto the market are therefore more reliable because there is essentially a detailed checklist provided for them to follow.

Drawbacks of ASIL

This certification program needs to cover a few more gaps while being an excellent place to start overall. A vehicle’s electrical systems or subsystems are controlled by one or even more electronic control units (ECUs), often referred to as electronic control modules (ECMs), which are found in many modern automobiles. The inclusion of verification hardware and safety mechanisms, including such built-in self-test (BiST), redundancy of crucial components, error correction codes, system watchdogs, or cyclic-redundancy checks, is necessary for creating ECUs that are ASIL-compliant from an implementation aspect.

It may be more challenging to identify potential concerns because of the abundance of data and the interconnectivity that comes with this trend. Developing technology can make terms like controllability difficult to define. Standards will probably need to be modified when innovations such as self-driving cars become more prevalent.

How should the ASIL rating be viewed in terms of feature development?

Is it possible to classify an entire feature, piece of software, or piece of hardware using a single ASIL rating? Well, maybe not always. Safety officers must descend several layers to identify which interfaces contribute to the specific safety risk since ASIL ratings are applied in relation to a specific danger.

Take the Cruise Control system as an example. An actuator controller actually applies the control to the throttle, which will cause acceleration, in a cruise control system after a software component calculates the control force input to the engine. In this instance, the signal from the software component for the control force will categorize as QM and the input to the actuators will be classed as ASIL C if the risk is acceleration over a specific threshold.

Why ASIL is Necessary?

“Prevent damage” is ISO 26262’s stated objective. We can create a safety system using a goal-based approach thanks to ASIL ratings. ASIL ratings make it simpler to manage and track safety standards and aid in planning and prioritizing safety objectives.

We are happy that the Vadzo Developer Toolkit satisfies the requirements of ISO 26262 when it comes to the creation of safety-related software for any ASIL. In terms of establishing the place of our service and automotive cybersecurity in broader industry standards as a means of securing IoT devices used in vehicle components, we believe this certification to be a success.

Vadzo Imaging has experience with design, development and manufacturing of camera systems comprising of ASIL certified Imaging sensors from Sony, Onsemi and Omnivision coupled with ASIL certified Image Signal Processors that also supports features such as fusion HDR, On-board dewarping, etc. Our experts shall be glad to address any queries you have.

We are delighted to assist you with the requirements your project must meet.

Feel free to Contact Us

 

Cheers,

filename