A Complete Guide to Automotive Safety Integrity Levels (ASIL): Part 1
|
This is part 1 of a two-part blog series covering our eBook, “A Complete Guide to Automotive Safety Integrity Levels (ASIL)” in which we discuss this important automotive safety standard and how to comply with it. We will share the link to part 2 when it publishes. In the meantime, you can download the eBook HERE.
A Complete Guide to Automotive Safety Integrity Levels (ASIL)
Introduction
The new revolution in automotive technology is not just on the horizon, it’s here. From the rapid proliferation of electric vehicles to self-driving cars, automobiles have advanced swiftly from the days of mechanical systems. These advancements are exciting and welcome for a variety of reasons, but they bring along ever-increasing challenges and considerations for developers of everything from windshield wipers to microchips to built-in cameras. As drivers grow increasingly dependent on systems that make getting from point A to point B easier and more fun, they also need to have the assurance that those systems are safe and reliable.
In this new automotive reality, adhering to safety guidelines has never been more important. As developers and manufacturers work to achieve compliance with ISO 26262, they must understand Automotive Safety Integrity Levels, or ASIL, to know what level of rigor to apply.
What is ASIL
ASIL stands for Automotive Safety Integrity Level, and it is a risk classification system for the functional safety of road vehicles. ASIL is defined by the ISO 26262 standard, part nine, and is adapted from the Safety Integrity Level (SIL) guidance published in IEC 61508.
While compliance with ISO 26262 is not mandatory, it is a state-of-the-art practice within the industry, and ASIL is a key piece of the standard. ASIL determines how rigorous the process for developing a product should be based on the risk of that product harming a person if it fails. By doing a full safety assessment of each component, module, or system based on a variety of factors, teams can come to a reasonable expectation of risks and outcomes in the event of failure and implement mitigation efforts to reduce risks.
ASIL is determined after a full hazard analysis and risk assessment, or HARA. Engineers or developers assess each component or system with an eye toward risks and hazards presented by the potential failure of that component or system. How likely is the system to fail? What will happen if it fails? Can a driver compensate or manage through the failure without injury? Is injury likely to occur in the event of failure, and if so, how severe will the injury be? Once the hazard analysis and risk assessment are complete, teams can assign the ASIL.
Related: The Impact of ISO 26262 on Automotive Development
What are the different ASILs?
ASIL classifies hazards in one of four levels, denoted as A through D, with a fifth additional level for non-hazardous systems or components. ASIL D represents the highest level of risk, while ASIL A represents the lowest risk level. The additional level, QM, stands for Quality Management and denotes nonhazardous items that require only standard quality management compliance.
In general, systems such as anti-lock brakes or airbags require an ASIL D classification because the risks associated with failure are the highest in those systems. At the other end of the spectrum, a system such as rear lights would only require an ASIL A classification; while there is certainly a safety component associated with rear lights, most drivers could mitigate those risks, and the potential severity of injury is typically not high.
What factors determine an ASIL?
To determine an ASIL, developers and engineers consider three factors:
- Severity (potential severity of injuries caused by a hazardous event)
- Exposure (frequency of conditions that would potentially cause injury)
- Controllability (likelihood that the driver could act to prevent injury)
Within each of the three factors are additional levels as expressed numerically:
Related: Ensuring Safety and Security for Automotive Development
How do I choose my ASIL?
What factors determine an ASIL?
To determine the ASIL, development teams should put each system, module, or component through a full hazard analysis and risk assessment (HARA). The purpose of this assessment is to identify all of the malfunctions that could lead to hazards or failures and evaluate the risks associated with those failures. Any manufacturer who is aiming for ISO 26262 compliance on any product should conduct a HARA and assign an ASIL .
During the HARA, teams assign the levels of severity, exposure, and controllability as established by the chart above. Once these levels are established within those categories, teams can use the chart below to arrive at the ASIL:
PLEASE NOTE: While this guide may help you generally identify your ASIL, it should not serve as an official ASIL determination.
Stay tuned for Part 2 of this blog series. To read the entire eBook, download it HERE
Subject matter experts from Jama Software provide guidance and best practices on requirements management, test management, compliance and regulation, risk management, and complex product and software development.
Latest posts by Jama Software (see all)
- The Clear Choice: Why Jama Connect® Surpasses Codebeamer for Requirements Management and End-to-End Traceability - November 12, 2024
- Jama Connect® Receives Buyer’s Choice for 2025 on TrustRadius! - October 30, 2024
- Buyer’s Guide: Selecting a Product Requirements Management and Traceability Solution for Energy - October 29, 2024