ISO 21448:2022

Soveltamisala

This document provides a general argument framework and guidance on measures to ensure the safety of the intended functionality (SOTIF), which is the absence of unreasonable risk due to a hazard caused by functional insufficiencies, i.e.: This document provides guidance on the applicable design, verification and validation measures, as well as activities during the operation phase, that are needed to achieve and maintain the SOTIF. This document is applicable to intended functionalities where proper situational awareness is essential to safety and where such situational awareness is derived from complex sensors and processing algorithms, especially functionalities of emergency intervention systems and systems having levels of driving automation from 1 to 5[2]. This document is applicable to intended functionalities that include one or more E/E systems installed in series production road vehicles, excluding mopeds. Reasonably foreseeable misuse is in the scope of this document. In addition, operation or assistance of a vehicle by a remote user or communication with a back office that can affect vehicle decision making is in scope of this document when it can lead to safety hazards. This document does not apply to: This document is not intended for functions of existing systems for which well-established and well-trusted design, verification and validation (V&V) measures exist (e.g. dynamic stability control systems, airbags).

Sisällysluettelo

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Overview and organization of SOTIF activities

4.1 General
4.2 SOTIF principles
4.3 Use of this document
4.4 Management of SOTIF activities and supporting processes

5 Specification and design

5.1 Objectives
5.2 Specification of the functionality and considerations for the design
5.3 System design and architecture considerations
5.4 Performance insufficiencies and countermeasures considerations
5.5 Work products

6 Identification and evaluation of hazards

6.1 Objectives
6.2 General
6.3 Hazard identification
6.4 Risk evaluation
6.5 Specification of acceptance criteria for the residual risk
6.6 Work products

7 Identification and evaluation of potential functional insufficiencies and potential triggering conditions

7.1 Objectives
7.2 General
7.3 Analysis of potential functional insufficiencies and triggering conditions
7.4 Estimation of the acceptability of the system's response to the triggering conditions
7.5 Work products

8 Functional modifications addressing SOTIF-related risks

8.1 Objectives
8.2 General
8.3 Measures to improve the SOTIF
8.4 Updating the input information for “Specification and design”
8.5 Work products

9 Definition of the verification and validation strategy

9.1 Objectives
9.2 General
9.3 Specification of integration and testing
9.4 Work products

10 Evaluation of known scenarios

10.1 Objectives
10.2 General
10.3 Sensing verification
10.4 Planning algorithm verification
10.5 Actuation verification
10.6 Integrated system verification
10.7 Evaluation of the residual risk due to known hazardous scenarios
10.8 Work products

11 Evaluation of unknown scenarios

11.1 Objectives
11.2 General
11.3 Evaluation of residual risk due to unknown hazardous scenarios
11.4 Work products

12 Evaluation of the achievement of the SOTIF

12.1 Objectives
12.2 General
12.3 Methods and criteria for evaluating the SOTIF
12.4 Recommendation for SOTIF release
12.5 Work products

13 Operation phase activities

13.1 Objectives
13.2 General
13.3 Topics for observation
13.4 SOTIF issue evaluation and resolution process
13.5 Work products

Annex A General guidance on SOTIF (informative)
Annex B Guidance on scenario and system analyses (informative)
Annex C Guidance on SOTIF verification and validation (informative)
Annex D Guidance on specific aspects of SOTIF (informative)

Bibliography

Näytä kaikki

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Overview and organization of SOTIF activities

4.1 General
4.2 SOTIF principles
4.3 Use of this document
4.4 Management of SOTIF activities and supporting processes

5 Specification and design

5.1 Objectives
5.2 Specification of the functionality and considerations for the design
5.3 System design and architecture considerations
5.4 Performance insufficiencies and countermeasures considerations
5.5 Work products

6 Identification and evaluation of hazards

6.1 Objectives
6.2 General
6.3 Hazard identification
6.4 Risk evaluation
6.5 Specification of acceptance criteria for the residual risk
6.6 Work products

7 Identification and evaluation of potential functional insufficiencies and potential triggering conditions

7.1 Objectives
7.2 General
7.3 Analysis of potential functional insufficiencies and triggering conditions
7.4 Estimation of the acceptability of the system's response to the triggering conditions
7.5 Work products

8 Functional modifications addressing SOTIF-related risks

8.1 Objectives
8.2 General
8.3 Measures to improve the SOTIF
8.4 Updating the input information for “Specification and design”
8.5 Work products

9 Definition of the verification and validation strategy

9.1 Objectives
9.2 General
9.3 Specification of integration and testing
9.4 Work products

10 Evaluation of known scenarios

10.1 Objectives
10.2 General
10.3 Sensing verification
10.4 Planning algorithm verification
10.5 Actuation verification
10.6 Integrated system verification
10.7 Evaluation of the residual risk due to known hazardous scenarios
10.8 Work products

11 Evaluation of unknown scenarios

11.1 Objectives
11.2 General
11.3 Evaluation of residual risk due to unknown hazardous scenarios
11.4 Work products

12 Evaluation of the achievement of the SOTIF

12.1 Objectives
12.2 General
12.3 Methods and criteria for evaluating the SOTIF
12.4 Recommendation for SOTIF release
12.5 Work products

13 Operation phase activities

13.1 Objectives
13.2 General
13.3 Topics for observation
13.4 SOTIF issue evaluation and resolution process
13.5 Work products

Annex A General guidance on SOTIF (informative)
Annex B Guidance on scenario and system analyses (informative)
Annex C Guidance on SOTIF verification and validation (informative)
Annex D Guidance on specific aspects of SOTIF (informative)

Bibliography

Tuoteryhmä(t)

43.040.10 Electrical and electronic equipment »

Sidokset

Velvoittavat viittaukset

ISO 26262-1 Road vehicles — Functional safety — Part 1: Vocabulary

Tekninen komitea

ISO/TC 22/SC 32 Electrical and electronic components and general system aspects »

Vahvistuspäivä

30.06.2022

Julkaisupäivä

30.06.2022

Painos

2022

Sivumäärä

181

Julkaisun kieli

englanti