Short series: safety analysis (FMEA)

Hi, this is Jody Nelson with SRES Shorts. In this short, I want to discuss about safety analysis.  Specifically, I want to talk about the qualitative FMEA that we talked about in ISO 26262. And I want to explain why we should not be using RPM values like what we see in SAE J1739 or what’s similarly presented in the action priority AP method in the VDA. Now first of all, all safety analysis are the same. They ask a question to get an answer. Now that’s why a fault tree asks a different question than an FMEA. So because it asks a different question, we give a different response so it gets a different answer and we find out potentially something different.

Now looking into these ratings, we start with S severity and this is where in ISO 26262 we handle severity in the hazard analysis and risk assessment at the vehicle level where it should be, not at the component level. So already when we perform the HARA, we get an ASIL level which has baked into it the severity level so there’s no purpose, no reason why we should reintroduce the idea of severity at the component level. Next one being O occurrence, well we also handle this differently in ISO 26262, we have a quantified safety analysis, commonly referred to as FMEDA, where we evaluate the risk to random hardware failures. So this is where we handle occurrence, not in the safety FMEA.

And then lastly, we have detection, D. And for us, in detection, we deal a lot with an ISO 26262, our online monitoring, our software diagnostics, hardware diagnostics, whereas detection a lot of times in these RPN type FMEAs deals with what actions we do in the V&V process. So a lot of times we do some testing, so we give ourselves credit. We do some analysis, so we give ourselves credit. However, that’s not how we deal with this kind of detection of safety in ISO 26262.