Functional Safety New Vehicle Development: Vehicle Platforms
Functional Safety New Vehicle Development: Vehicle Platforms
Introduction: Functional Safety - Purpose
Generally, the implementation of Functional Safety (FuSa) across vehicle platforms becomes a critical engineering discipline. Furthermore, the ISO 26262 standard provides the framework, but the actual deployment of safety mechanisms—across hardware, software, and system integration—requires disciplined, traceable engineering practices.
Overall, as vehicles become increasingly autonomous and electrified, ensuring consistent Functional Safety across entire platforms is more critical than ever. Moreover, shifting from component-level certification to system-level validation demands new engineering disciplines and rigorous processes. Therefore, this article aligns with the previous publications by focusing on practical ISO 26262 implementation—providing actionable guidance on standards, lifecycle phases, and trade‑offs for OEMs and Tier 1 suppliers.
Transition from Component-Level to System-Level Safety
Historically, Functional Safety practices focused on component-level compliance, with individual ECUs or sensors certified against ASIL (Automotive Safety Integrity Level) targets. Today, however, the industry is shifting to platform-level implementation, where vehicle-wide interactions must be validated across diverse domains—powertrain, ADAS, body electronics, infotainment, and more.
Consequently, this shift demands a deeper integration of FuSa concepts early in platform development. Safety goals must be decomposed into technical safety requirements (TSRs) and mapped across subsystems with well-defined interfaces. For example, braking redundancy is no longer limited to hydraulic backups—it must now include electronic fallbacks involving traction control systems and lateral motion estimation.
Safety Element Out of Context (SEooC): Practical Trade-Offs
Naturally, suppliers frequently use SEooC-certified components to speed development. However, their integration into OEM platforms must be validated under in-context operating conditions. For example, an ASIL-D microcontroller in a steering ECU may still require additional diagnostic coverage or watchdog support when used in a specific chassis configuration.
Therefore, to avoid mismatches, OEM safety engineers must re-evaluate the assumptions used in the supplier’s SEooC documentation. Moreover, validation testing—such as software fault injection or hardware failure emulation—is essential to ensure real-world safety goals are met.
Failure Mode Diagnostics and Monitoring Architecture
Furthermore, to implement Functional Safety effectively, OEM platforms must embed robust diagnostic and monitoring strategies across system layers:
- Sensor Inputs: Redundant sensing (e.g., radar + camera) and plausibility checks reduce false positives.
- Actuation Systems: PWM feedback, position encoders, and torque monitoring ensure actuator performance.
- Power Management: On-board diagnostic controllers (OBDCs) validate voltage and current parameters.
- Communication Buses: CRC monitoring and watchdog timers detect timing or packet errors in CAN/FlexRay/Ethernet networks.
Simultaneously, rather than treating each layer in isolation, platform architects must model fault propagation across the vehicle. Therefore, safety mechanisms like safe-state fallback or partial system shutdown must be coordinated across multiple ECUs, especially for shared control domains like steer-by-wire or brake-by-wire.
ASIL Decomposition and Interface Contracts
As mentioed before in the previous article, ASIL decomposition is a common approach used to manage safety targets without over-designing hardware. For instance, two ASIL-B channels—each with independent power and timing paths—can meet an ASIL-D requirement when properly monitored. However, the success of this strategy relies heavily on clear interface contracts between software modules, hardware IPs, and signal lines.
Furthermore, in modern vehicle platforms, these contracts must be traceable across a toolchain that includes AUTOSAR configuration, model-based design (e.g., Simulink), and requirements management systems like IBM DOORS or Polarion.
Integration with Cybersecurity and Over-the-Air Updates
Consequently, a crucial emerging challenge is the convergence of Functional Safety with cybersecurity and over-the-air (OTA) update capabilities. A faulty update that disables a watchdog or misconfigures a sensor calibration table could lead to latent Functional Safety risks. As a result, OEMs must design their update infrastructure with dual validation—ensuring both safety and security integrity are preserved.
For instance, a secure bootloader must verify both the digital signature and the safety checksum before accepting a new software image. Rollback mechanisms should be tied to vehicle state detection to avoid disabling recovery modes during active driving.
Post-SOP (Start of Production) Safety Activities
Finally, Functional Safety doesn’t end at SOP. Ongoing field monitoring, warranty failure tracking, and software hotfixes must feed back into the safety lifecycle. Many OEMs now deploy cloud-based analytics to identify fault clusters or near-miss events based on diagnostic trouble codes (DTCs) and CAN bus snapshots.
Furthermore, ASIL-D systems often require periodic re-certification or updates to the safety case when significant platform changes occur—such as adding new actuators, integrating Level 3 autonomy functions, or updating sensor fusion strategies.
Next, we will explore “The Role of Functional Safety in ADAS and Autonomous Systems”, focusing on the unique safety challenges introduced by perception and decision-making algorithms, high-performance computing clusters, and AI-driven software stacks.
Series Positioning & Next Steps
Real-World Case Studies & Lessons Learned
Regulatory Compliance & Supplier Roles
Validation & Verification Techniques
Functional Safety in EV/ADAS/SDV
Emerging Trends: AI & Over-the-Air Updates
Series Index: Functional Safety in Automotive
- Foundations & Frameworks: An ISO 26262 Guide to Automotive Functional Safety: https://georgedallen.com/functional-safety-new-vehicle-development-compliance/
- ISO 26262 Design Process: From Safety Goals to Implementation: https://georgedallen.com/why-functional-safety-matters-new-vehicle-development/
- ASIL Decomposition and Redundancy Management: https://georgedallen.com/functional-safety-new-vehicle-development-iso-standards/
- Functional Safety Implementation in Vehicle Platforms: ← You are here
- The Role of Functional Safety in ADAS and Autonomous Systems
- Why Functional Safety still fails
- Designing for Lifecycle Assurance and Post-SOP Safety Monitoring
Other References:
- International Organization for Standardization. ISO 26262: Road vehicles — Functional safety. 2018.
- W. Steiner, “ASIL Determination and Application in Automotive Design,” SAE International Journal of Passenger Cars – Electronic and Electrical Systems, vol. 11, no. 3, pp. 175‑183, 2019.
- K. Jackson and T. Gallagher, “Design for Functional Safety,” in Advanced Automotive Technologies, Springer, 2020, pp. 45‑68.
- S. Chen, “Fault Containment Zones in Automotive Architectures,” IEEE Transactions on Vehicular Technology, vol. 69, no. 5, pp. 5032‑5042, 2020.
- Bosch GmbH, “Automotive Safety Handbook,” Bosch, 2021.
Systems Engineering References:
- V-Model reference: https://georgedallen.com/systems-v-model-strategy-in-automotive-design/
- HARA reference: https://www.embitel.com/blog/embedded-blog/hara-by-iso-26262-standard-for-your-functional-safety-project
- ASIL reference: https://www.jamasoftware.com/requirements-management-guide/automotive-engineering/guide-to-automotive-safety-integrity-levels-asil/
- https://georgedallen.com/new-engineering-ethics-fundamentals-of-product-development/
- https://georgedallen.com/objectivist-philosophy-in-new-engineering-ethics/
About George D. Allen Consulting:
George D. Allen Consulting is a pioneering force in driving engineering excellence and innovation within the automotive industry. Led by George D. Allen, a seasoned engineering specialist with an illustrious background in occupant safety and systems development, the company is committed to revolutionizing engineering practices for businesses on the cusp of automotive technology. With a proven track record, tailored solutions, and an unwavering commitment to staying ahead of industry trends, George D. Allen Consulting partners with organizations to create a safer, smarter, and more innovative future. For more information, visit www.GeorgeDAllen.com.
Contact:
Website: www.GeorgeDAllen.com
Email: inquiry@GeorgeDAllen.com
Phone: 248-509-4188
Unlock your engineering potential today. Connect with us for a consultation.
