1 Scope
This part of GB/T 34590 provides an overview of GB/T 34590, as well as giving additional explanations, and is intended to enhance the understanding of the other parts. It has an informative character only and describes the general concepts of GB/T 34590 in order to facilitate comprehension. The explanation expands from general concepts to specific contents.
This standard is applicable to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars
It is not applicable to unique E/E systems in special purpose vehicles such as vehicles designed for drivers with disabilities.
Systems and their components released for production, or systems and their components already under development prior to the publication date of this standard, are exempted from the scope. For further development or alterations based on systems and their components released for production prior to the publication of this standard, only the modifications will be developed in accordance with this standard.
This standard addresses possible hazards caused by malfunctioning behaviour of E/E safety-related systems, including interaction of these systems. It does not address hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy and similar hazards, unless directly caused by malfunctioning behaviour of E/E safety-related systems.
This standard does not address the nominal performance of E/E systems, even if dedicated functional performance standards exist for these systems (e.g. active and passive safety systems, brake systems, Adaptive Cruise Control).
In the case of inconsistencies between this part and another part of this standard, the requirements, recommendations and information specified in the other part of this standard apply.
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 34590.1-2017 Road Vehicles — Functional Safety — Part 1: Vocabulary (ISO 26262-1:2011, MOD)
GB/T34590.2-2017 Road Vehicles — Functional Safety — Part 2: Management of Functional Safety (ISO 26262-2:2011, MOD)
GB/T34590.3-2017 Road Vehicles — Functional Safety — Part 3: Concept Phase (ISO 26262-3:2011, MOD)
GB/T34590.4-2017 Road Vehicles — Functional Safety — Part 4: Product Development at the System Level (ISO 26262-4:2011, MOD)
GB/T34590.5-2017 Road Vehicles — Functional Safety — Part 5: Product Development at the Hardware Level (ISO 26262-5:2011, MOD)
GB/T 34590.6-2017 Road Vehicles — Functional Safety — Part 6: Product Development at the Software Level (ISO 26262-6:2011, MOD)
GB/T 34590.8-2017 Road Vehicles — Functional Safety — Part 8: Supporting processes (ISO 26262-8:2011, MOD)
GB/T 34590.9-2017 Road Vehicles — Functional Safety — Part 9: Automotive Safety Integrity Level (ASIL)-oriented and Safety-oriented Analyses (ISO 26262-9:2011, MOD)
3 Terms, Definitions and Abbreviated Terms
For the purposes of this document, the terms, definitions and abbreviated terms given in GB/T 34590.1-2017 apply.
4 Key Concepts of GB/T 34590
4.1 Functional Safety for Automotive Systems (Relationship with GB/T 20438)
GB/T 20438, Functional safety of electrical/electronic/programmable electronic safety-related systems, is designated by IEC as a generic standard and a basic safety publication. This means that industry sectors will base their own standards for functional safety on the requirements of GB/T 20438.
In the automotive industry, there are a number of issues with applying GB/T 20438 directly. Some of these issues and corresponding differences in GB/T 34590 are described below.
GB/T 20438 is based upon the model of “equipment under control”, for example an industrial plant that has an associated control system as follows:
a) A hazard analysis identifies the hazards associated with the equipment under control (including the equipment control system), to which risk reduction measures will be applied. This can be achieved through E/E/PE systems, or other technology safety-related systems (e.g. a safety valve), or external measures (e.g. a physical containment of the plant). GB/T 34590 contains a normative automotive scheme for hazard classification based on severity, probability of exposure and controllability.
b) Risk reduction allocated to E/E/PE systems is achieved through safety functions, which are designated as such. These safety functions are either part of a separate protection system or can be incorporated into the plant control. It is not always possible to make this distinction in automotive systems. The safety of a vehicle depends on the behaviour of the control systems themselves.
GB/T 34590 uses the concept of safety goals and a safety concept as follows:
— a hazard analysis and risk assessment identifies hazards and hazardous events that need to be prevented, mitigated or controlled;
— a safety goal is formulated for each hazardous event;
Foreword II
Introduction IV
1 Scope
2 Normative References
3 Terms, Definitions and Abbreviated Terms
4 Key Concepts of GB/T 34590
4.1 Functional Safety for Automotive Systems (Relationship with GB/T 20438)
4.2 Item, System, Element, Component, Hardware Part and Software Unit
4.3 Relationship between Faults, Errors and Failures
5 Selected Topics Regarding Safety Management
5.1 Work Product
5.2 Confirmation Measures
5.3 Understanding of Safety Cases
6 Concept Phase and System Development
6.1 General
6.2 Example of Hazard Analysis and Risk Assessment
6.3 An Observation Regarding Controllability Classification
6.4 External Measures
6.5 Example of Combining Safety Goals
7 Safety Process Requirement Structure — Flow and Sequence of Safety Requirements
8 Concerning Hardware Development
8.1 The Classification of Random Hardware Faults
8.2 Example of Residual Failure Rate and Local Single-point Fault Metric Evaluation
8.3 Further Explanation Concerning Hardware
9 Safety Element out of Context
9.1 Safety Element out of Context Development
9.2 Use Cases
10 An Example of Proven in Use Argument
10.1 General
10.2 Item Definition and Definition of the Proven in Use Candidate
10.3 Change Analysis
10.4 Target Values for Proven in Use
11 Concerning ASIL Decomposition
11.1 Objective of ASIL Decomposition
11.2 Description of ASIL Decomposition
11.3 An example of ASIL Decomposition
Annex A (Informative) GB/T 34590 and Microcontrollers
Annex B (Informative) Fault Tree Construction and Applications
Bibliography
1 Scope
This part of GB/T 34590 provides an overview of GB/T 34590, as well as giving additional explanations, and is intended to enhance the understanding of the other parts. It has an informative character only and describes the general concepts of GB/T 34590 in order to facilitate comprehension. The explanation expands from general concepts to specific contents.
This standard is applicable to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars
It is not applicable to unique E/E systems in special purpose vehicles such as vehicles designed for drivers with disabilities.
Systems and their components released for production, or systems and their components already under development prior to the publication date of this standard, are exempted from the scope. For further development or alterations based on systems and their components released for production prior to the publication of this standard, only the modifications will be developed in accordance with this standard.
This standard addresses possible hazards caused by malfunctioning behaviour of E/E safety-related systems, including interaction of these systems. It does not address hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy and similar hazards, unless directly caused by malfunctioning behaviour of E/E safety-related systems.
This standard does not address the nominal performance of E/E systems, even if dedicated functional performance standards exist for these systems (e.g. active and passive safety systems, brake systems, Adaptive Cruise Control).
In the case of inconsistencies between this part and another part of this standard, the requirements, recommendations and information specified in the other part of this standard apply.
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 34590.1-2017 Road Vehicles — Functional Safety — Part 1: Vocabulary (ISO 26262-1:2011, MOD)
GB/T34590.2-2017 Road Vehicles — Functional Safety — Part 2: Management of Functional Safety (ISO 26262-2:2011, MOD)
GB/T34590.3-2017 Road Vehicles — Functional Safety — Part 3: Concept Phase (ISO 26262-3:2011, MOD)
GB/T34590.4-2017 Road Vehicles — Functional Safety — Part 4: Product Development at the System Level (ISO 26262-4:2011, MOD)
GB/T34590.5-2017 Road Vehicles — Functional Safety — Part 5: Product Development at the Hardware Level (ISO 26262-5:2011, MOD)
GB/T 34590.6-2017 Road Vehicles — Functional Safety — Part 6: Product Development at the Software Level (ISO 26262-6:2011, MOD)
GB/T 34590.8-2017 Road Vehicles — Functional Safety — Part 8: Supporting processes (ISO 26262-8:2011, MOD)
GB/T 34590.9-2017 Road Vehicles — Functional Safety — Part 9: Automotive Safety Integrity Level (ASIL)-oriented and Safety-oriented Analyses (ISO 26262-9:2011, MOD)
3 Terms, Definitions and Abbreviated Terms
For the purposes of this document, the terms, definitions and abbreviated terms given in GB/T 34590.1-2017 apply.
4 Key Concepts of GB/T 34590
4.1 Functional Safety for Automotive Systems (Relationship with GB/T 20438)
GB/T 20438, Functional safety of electrical/electronic/programmable electronic safety-related systems, is designated by IEC as a generic standard and a basic safety publication. This means that industry sectors will base their own standards for functional safety on the requirements of GB/T 20438.
In the automotive industry, there are a number of issues with applying GB/T 20438 directly. Some of these issues and corresponding differences in GB/T 34590 are described below.
GB/T 20438 is based upon the model of “equipment under control”, for example an industrial plant that has an associated control system as follows:
a) A hazard analysis identifies the hazards associated with the equipment under control (including the equipment control system), to which risk reduction measures will be applied. This can be achieved through E/E/PE systems, or other technology safety-related systems (e.g. a safety valve), or external measures (e.g. a physical containment of the plant). GB/T 34590 contains a normative automotive scheme for hazard classification based on severity, probability of exposure and controllability.
b) Risk reduction allocated to E/E/PE systems is achieved through safety functions, which are designated as such. These safety functions are either part of a separate protection system or can be incorporated into the plant control. It is not always possible to make this distinction in automotive systems. The safety of a vehicle depends on the behaviour of the control systems themselves.
GB/T 34590 uses the concept of safety goals and a safety concept as follows:
— a hazard analysis and risk assessment identifies hazards and hazardous events that need to be prevented, mitigated or controlled;
— a safety goal is formulated for each hazardous event;
Contents of GB/T 34590.10-2017
Foreword II
Introduction IV
1 Scope
2 Normative References
3 Terms, Definitions and Abbreviated Terms
4 Key Concepts of GB/T 34590
4.1 Functional Safety for Automotive Systems (Relationship with GB/T 20438)
4.2 Item, System, Element, Component, Hardware Part and Software Unit
4.3 Relationship between Faults, Errors and Failures
5 Selected Topics Regarding Safety Management
5.1 Work Product
5.2 Confirmation Measures
5.3 Understanding of Safety Cases
6 Concept Phase and System Development
6.1 General
6.2 Example of Hazard Analysis and Risk Assessment
6.3 An Observation Regarding Controllability Classification
6.4 External Measures
6.5 Example of Combining Safety Goals
7 Safety Process Requirement Structure — Flow and Sequence of Safety Requirements
8 Concerning Hardware Development
8.1 The Classification of Random Hardware Faults
8.2 Example of Residual Failure Rate and Local Single-point Fault Metric Evaluation
8.3 Further Explanation Concerning Hardware
9 Safety Element out of Context
9.1 Safety Element out of Context Development
9.2 Use Cases
10 An Example of Proven in Use Argument
10.1 General
10.2 Item Definition and Definition of the Proven in Use Candidate
10.3 Change Analysis
10.4 Target Values for Proven in Use
11 Concerning ASIL Decomposition
11.1 Objective of ASIL Decomposition
11.2 Description of ASIL Decomposition
11.3 An example of ASIL Decomposition
Annex A (Informative) GB/T 34590 and Microcontrollers
Annex B (Informative) Fault Tree Construction and Applications
Bibliography