• Twitter
  • LinkedIn
  • Xing
+49 7353 981781
Heicon Ulm
  • HOME
  • COMPANY
  • PRODUCTS
  • HEICON BLOG
  • English
    • Deutsch
    • English
  • Menu Menu
You are here: Home1 / FuSa_Automotive2 / ISO 26262 ASIL Decomposition – Pros and Cons!

ISO 26262 ASIL Decomposition – Pros and Cons!

FuSa_Automotive

ISO 26262 ASIL Decomposition: Part 9 of ISO26262 defines a scheme for dividing a requirement with a specific ASIL level into two requirements with lower ASIL levels.

In the following blog post I will address the question when the ASIL decomposition can be applied in practice and what are the advantages. At the same time, however, some practice is critically questioned in the projects regarding the ASIL decomposition.

A very important prerequisite for the meaningful application of ASIL decomposition is freedom of interference. You can find more on this topic in the blog post ISO26262: Freedom from Interference – What is that?

ISO 26262 ASIL decomposition statements in the norm

ISO 26262 specifies the following in part 9, chapter 5.2:

ASIL decomposition is a method of ASIL tailoring during the concept and development phases. During the safety requirements allocation process, benefit can be obtained from architectural decisions including the existence of sufficient independent architectural elements. This offers the oppertunity

  • To implement safety requirements redundantly by these independent architectural elements, and
  • To assign a potentially lower ASIL to (some of) these decomposed safety requirements.

If the architectural elements are not sufficiently independent, then the redundant requirements and the architectural elements inherit the initial ASIL.

Opportunities arising from ASIL decomposition

The technical advantage lies in the chance to make the architecture of the system more safe by adding redundancy. However, this only applies if common cause errors are prevented and freedom of interference is ensured.

An economic advantage results from the reduction of development costs. Experience shows that significant cost savings can be realized. Especially, if the ASIL decomposition is performed so that the majority of the software is classified as QM or ASIL A/B instead of ASIL C or D. The advantage increases further when the part of the software that is subject to frequent changes becomes QM or ASIL A/B software too.

Good safety architectures are characterized by the fact that only a small part of the software, which is not frequently modified, is to be developed according to high ASIL levels.

Mistakes that can be made with ASIL decomposition

The most common error results from the fact that an ASIL decomposition is performed isolated for individual requirements without considering the software architecture.

In this case there is no improvement of the architecture. Likewise no cost advantage can be realized, since in the end all requirements often have to be developed according to the highest ASIL level.

A further disadvantage, which often arises here, is that with such an approach, the development team is no longer able to keep track of the safety process and then often the acceptance of the ISO26262 methods is no longer guaranteed. This is a very serious disadvantage because there are many other negative consequences.

Are you ready for a functional safety workshop, to identify improvement potentials in your development process? Send a mail to: info[at]heicon-ulm.de or call +49 (0) 7353 981 781.

30. November 2019/by HEICON Global Engineering GmbH
Tags: ASIL, Decomposition, Freedom from Interference, ISO26262
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
https://heicon-ulm.de/wp-content/uploads/2020/03/DI1A6086_klein_Automotive.jpg 533 684 HEICON Global Engineering GmbH https://heicon-ulm.de/wp-content/uploads/2020/07/heicon-logo-5.png HEICON Global Engineering GmbH2019-11-30 21:25:532021-02-05 21:42:44ISO 26262 ASIL Decomposition – Pros and Cons!
You might also like
Functional SafetyGood safety development process – What is it?
Requirement EngineeringHow many level of Software requirements are necessary and useful?
Requirement EngineeringRequirement and Test Traceability – Any added value?
Functional SafetyFunctional Safety – What is it?
Functional SafetyFreedom from Interference – The practice in Industry!
Functional SafetyChallenges when determining the structural source code coverage on the target!

Categories

  • A_Requirement Engineering
  • B_Validation and Verification
  • C_Config- / Change Management
  • D_Security
  • FuSa__General
  • FuSa_Aerospace
  • FuSa_Agriculture
  • FuSa_Automotive
  • FuSa_Industrial
  • FuSa_Railway

Contact

HEICON Global Engineering GmbH
Dipl. Ing. (FH) Martin Heininger
Kreuzweg 22
88477 Schwendi

Phone: +49 7353 – 98 17 81
Mobile: +49 176 – 24 73 99 60

Email: info[at]heicon-ulm.de

IMPRINT  |  DATA PROTECTION

EN 50128 and EN 50657 support toolsRailwayRequirement EngineeringRequirement and Test Traceability – Any added value?
Scroll to top