ISO26262-5:2018
Product development at the hardware level
1 Scope
2 Normative references
3 Terms and definitions
4 Requirements for compliance
4.2 General requirements
4.3 Interpretations of tables
4.4 ASIL-dependent requirements and recommendations
4.5 Adaptation for motorcycles
4.1 Purpose
4.6 Adaptation for trucks, buses, trailers and semi-trailers
5 General topics for the product development at the hardware level
5.1 Objectives
5.2 General
6 Specification of hardware safety requirements
6.2 General
6.3 Inputs to this clause
6.1 Objectives
6.3.1 Prerequisites
6.3.2 Further supporting information
6.4 Requirements and recommendations
6.5 Work products
7 Hardware design
7.2 General
7.3 Inputs to this clause
7.1 Objectives
7.3.1 Prerequisites
7.3.2 Further supporting information
7.4 Requirements and recommendations
7.4.2 Hardware detailed design
7.4.3 Safety analyses
7.4.4 Verification of hardware design
7.4.5 Production, operation, service and decommissioning
7.4.1 Hardware architectural design
7.5 Work products
8 Evaluation of the hardware architectural metrics
8.2 General
8.4 Requirements and recommendations
8.3 Inputs of this clause
8.5 Work products
8.1 Objectives
8.3.1 Prerequisites
8.3.2 Further supporting information
9 Evaluation of safety goal violations due to random hardware failures
9.3 Inputs to this clause
9.4 Requirements and recommendations
9.2 General
9.5 Work products
9.1 Objectives
9.3.1 Prerequisites
9.3.2 Further supporting information
9.4.2 Evaluation of Probabilistic Metric for random Hardware Failures (PMHF)
9.4.3 Evaluation of Each Cause of safety goal violation (EEC)
9.4.4 Verification review
9.4.1 General
10 Hardware integration and verification
10.3 Inputs of this clause
10.4 Requirements and recommendations
10.2 General
10.5 Work products
10.1 Objectives
10.3.1 Prerequisites
10.3.2 Further supporting information
achieve compliance with the ISO 26262
interpret the applicability of each clause
interpret the tables used in the ISO 26262
See ISO 26262-12
(T&B) is indicated
describe the functional safety activities during the individual subphases of hardware development
activities and processes for the product development at the hardware level include:
- the HW implementation of the TSC
- the analysis of potential hardware faults and their effects
- coordination with SW development.
Clause 8 describes two metrics to evaluate the effectiveness of the HW architecture of the itemand the implemented SM to cope with random HW failures.
As a complement to Clause 8, Clause 9 describes two alternative methods to evaluate whether the residual risk of SG violations is sufficiently low, either by using a global probabilistic approach (see 9.4.2, PMHF method) or by using a cut-set analysis (see 9.4.3, EEC method) to study the impact of each identified fault of a HW element upon the violation of the SG.
specify the HW safety requirements. They are derived from the TSC and the system architectural design specification
refine the hardware-software interface (HSI) specification initiated in ISO 26262-4:2018, 6.4.7
verify that the hardware safety requirements and the hardware-software interface (HSI) specification are consistent with the TSC and the system architectural design specification
The TSRs are allocated to HW and SW. The requirements that are allocated to both are further partitioned to yield hardware-only safety requirements. The HW safety requirements are further detailed considering design constraints and the impact of these design constraints on the HW.
— TSC in accordance with ISO 26262-4:2018, 6.5.2;
— system architectural design specification in accordance with ISO 26262-4:2018, 6.5.3; and
— (HSI) specification in accordance with ISO 26262-4:2018, 6.5.4.
SW safety requirements specification (see ISO 26262-6:2018, 6.5.1);
HW specifications (from an external source).
provide evidence that the residual risk of a safety goal violation, due to random hardware failures of the item, is sufficiently low
Two alternative methods (see 9.4) are proposed to evaluate whether the residual risk of safety goal violations is sufficiently low
1- PMHF, 2- ECC.
evaluate single-point faults, residual
faults, and plausible dual-point faults.
exposure duration will be considered as well for dual-point faults
— hardware safety requirements specification in accordance with 6.5.1
— hardware design specification in accordance with 7.5.1; and
— hardware safety analysis report in accordance with 7.5.2.
1- TSC
2- system architectural design specification