ISO / PAS 21448

ISO 21448 is a standard of the International Organization for Standardization (ISO), which was published as a Publicly Available Specification ( PAS ) and is only available in English.

ISO 21448 Road vehicles - Safety of the intended functionality (" Safety of the intended functionality "), SOTIF for short , considers unacceptable risks that arise from inadequacies in the intended functionality (target function) or from foreseeable use (misuse that is reasonably foreseeable) can. The standard is intended to provide guidance on a suitable design of the system and verification / validation. In addition, the standard provides information on the properties of the product (" What should it be able to do when it is finished ?"), On the test and also on the product development process (" What must be done so that nothing is overlooked ?")

Important terms of the standard

The standard introduces some terms that are specifically relevant to SOTIF:

Intended function describes the intended function. This assumes that a system performs a function that is precisely described in a specification. A deviation (malfunction) can also be recognized through the description of the desired behavior.
Misuse is abuse, i.e. the deliberate use of a function, although the result can be damage or danger.

SOTIF does not consider abuse, but foreseeable use (previously also foreseeable misuse ). The misuse can occur, for example, out of convenience (usage rules are ignored) or because the operation is not clear enough for the user. Misuse is permitted by many national legislators, every product sold to end users must therefore be protected against dangerous failure (in the sense of personal injury, death).

Scene (scene, situation) is a snapshot that contains dynamic elements (e.g. road users), describes the environment (e.g. road course, fixed obstacles, environmental conditions) and the system that is in this situation
Scenario is a compilation of scenes that run in chronological order. The order can be different or branched. As branches in the scenario, decide actions (such as: actions) or events (such as: events).

Differentiation from other standards

The standard provides some information on how to distinguish it from other standards

The intrinsic safety of the electrical / electronic components (E / E system) remains the task of functional safety according to ISO 26262

These are malfunctions that are already dealt with in the context of functional safety or that depend on the technology of the system, with the standard citing eye damage caused by a laser sensor as an example

The standard only sees misuse in certain areas; it assigns additional tasks to ISO 26262 and European standards ( European statement of principal on the design of humanmachine-interface ).
The risks of the technology are assigned to specific standards (e.g. dangers from Li-Ion technology)
Cybersecurity, so external attacks are by the standards ISO / SAE 21434 and SAE J3061 are covered
Communication with the road infrastructure and other vehicles ( Car2x ) should be considered by ISO 20077 Road Vehicles - Extended vehicle (ExVe) .

content

The standard contains the following chapters (in the original in English):

Scope
Normative references
Terms and definitions
Overview of this document's activities in the development process
Functional and system specification (intended functionality content)
Identification and evaluation of hazards caused by the intended functionality.
Identification and evaluation of triggering events
Functional modifications to reduce SOTIF related risks
Definition of the verification and validation strategy
Verification of the SOTIF (Area 2)
Validation of the SOTIF (Area 3)
Methodology and criteria for SOTIF release

The annexes are informative, not normative:

A. Examples of the application of SOTIF activities

B. Example for definition and validation of an acceptable false alarm rate in AEB systems

C. Validation of SOTIF applicable systems

D. Automotive perception systems verification and validation

E. Method for deriving SOTIF misuse scenarios

F. Example construction of scenario for SOTIF safety analysis method

G. Implications for off-line training

Bibliography

literature

Lars Schnieder, René S. Hosse: Guide to Safety of the Intended Functionality . 2nd Edition. Springer Fachmedien GmbH, Wiesbaden 2020, ISBN 978-3-658-30037-1 .

Web links

ISO / PAS 21448: 2019 Road vehicles - Safety of the intended functionality on the ISO website

Webinar Functional Safety and SOTIF - Principles and Practice offered by Vector Informatik 2019 (English)

Webinar SOTIF Training Preview (Dr. Arnulf Braatz) offered by Vector computer science in 2019 (English)

Individual evidence

↑ ^a ^b See Chapter 1 Scope of ISO / PAS 21448: 2019
↑ See Chapter 5 Functional and system specification (intended functionality content) of ISO / PAS 21448: 2019
↑ See Chapter 4 Overview of this document's activities in the development process of ISO / PAS 21448: 2019
↑ See Chapter 3 Terms and definitions of ISO / PAS 21448: 2019
↑ See Table 1 in the Introduction section of ISO / PAS 21448: 2019

[Scope-1] See Chapter 1 Scope of ISO / PAS 21448: 2019

[2] See Chapter 5 Functional and system specification (intended functionality content) of ISO / PAS 21448: 2019

[3] See Chapter 4 Overview of this document's activities in the development process of ISO / PAS 21448: 2019

[4] See Chapter 3 Terms and definitions of ISO / PAS 21448: 2019

[5] See Table 1 in the Introduction section of ISO / PAS 21448: 2019