Functional Safety Case with FTA and FMEDA Consistency Approach

Abstract

Based on the hazard and risk analysis of ISO 26262 possible malfunctions are analysed for different situations and rated by Severity, Exposure, and Controllability which leads to a QM, or ASIL A-D ranking. For each ASIL A-D case a safety goals is formatted. And for each safety goal with a rating of ASIL C or ASIL D an FTA (Fault Tree Analysis) and FMEDA (Failure Modes Effects and Diagnostics Analysis) are methods which are highly recommended. Both methods calculate an overall FIT (Failure in Time) and both consider a diagnostic coverage. In this paper an approach is described of how to assure in FTA (top down analysis) and FMEDA the same overall FIT calculated (bottom up analysis). The paper creates a use case scenario for the example “Function 2” in ISO 26262:2011 part 5 Annex E. The example used in the ISO 26262:2011 part 5 Annex E. [1] does not contain background information on system level. This paper adds the missing background information and shows how the system safety concept decisions are mapped onto hardware architecture decisions.