Road vehicles -- Functional safety

ISO 26262 is intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars with a maximum gross vehicle mass up to 3 500 kg. ISO 26262 does not address unique E/E systems in special purpose vehicles such as vehicles designed for drivers with disabilities. Systems and their components released for production, or systems and their components already under development prior to the publication date of ISO 26262, are exempted from the scope. For further development or alterations based on systems and their components released for production prior to the publication of ISO 26262, only the modifications will be developed in accordance with ISO 26262. ISO 26262 addresses possible hazards caused by malfunctioning behaviour of E/E safety-related systems, including interaction of these systems. It does not address hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy and similar hazards, unless directly caused by malfunctioning behaviour of E/E safety-related systems. ISO 26262 does not address the nominal performance of E/E systems, even if dedicated functional performance standards exist for these systems (e.g. active and passive safety systems, brake systems, Adaptive Cruise Control). ISO 26262-1:2011 specifies the terms, definitions and abbreviated terms for application in all parts of ISO 26262.

Véhicules routiers -- Sécurité fonctionnelle

General Information

Status
Replaced
Publication Date
13-Nov-2011
Withdrawal Date
13-Nov-2011
Current Stage
6060 - International Standard published
Start Date
29-Jun-2011
Completion Date
14-Nov-2011
Ref Project

RELATIONS

Buy Standard

Standard
ISO 26262-1:2011 - Road vehicles -- Functional safety
English language
23 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO
STANDARD 26262-1
First edition
2011-11-15
Road vehicles — Functional safety —
Part 1:
Vocabulary
Véhicules routiers — Sécurité fonctionnelle —
Partie 1: Vocabulaire
Reference number
ISO 26262-1:2011(E)
ISO 2011
---------------------- Page: 1 ----------------------
ISO 26262-1:2011(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2011

The reproduction of the terms and definitions contained in this International Standard is permitted in teaching manuals, instruction

booklets, technical publications and journals for strictly educational or implementation purposes. The conditions for such reproduction are:

that no modifications are made to the terms and definitions; that such reproduction is not permitted for dictionaries or similar publications

offered for sale; and that this International Standard is referenced as the source document.

With the sole exceptions noted above, no other part of this publication may be reproduced or utilized in any form or by any means,

electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or

ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2011 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 26262-1:2011(E)
Contents Page

Foreword ............................................................................................................................................................ iv

Introduction ......................................................................................................................................................... v

Scope ................................................................................................................................................................... 1

1 Terms and definitions ................................................................................................................................. 1

2 Abbreviated terms ..................................................................................................................................... 18

Bibliography ...................................................................................................................................................... 21

Alphabetical index ............................................................................................................................................ 22

© ISO 2011 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 26262-1:2011(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies

(ISO member bodies). The work of preparing International Standards is normally carried out through ISO

technical committees. Each member body interested in a subject for which a technical committee has been

established has the right to be represented on that committee. International organizations, governmental and

non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the

International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of technical committees is to prepare International Standards. Draft International Standards

adopted by the technical committees are circulated to the member bodies for voting. Publication as an

International Standard requires approval by at least 75 % of the member bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO 26262-1 was prepared by Technical Committee ISO/TC 22, Road vehicles, Subcommittee SC 3,

Electrical and electronic equipment.

ISO 26262 consists of the following parts, under the general title Road vehicles — Functional safety:

— Part 1: Vocabulary
— Part 2: Management of functional safety
— Part 3: Concept phase
— Part 4: Product development at the system level
— Part 5: Product development at the hardware level
— Part 6: Product development at the software level
— Part 7: Production and operation
— Part 8: Supporting processes

— Part 9: Automotive Safety Integrity Level (ASIL)-oriented and safety-oriented analyses

— Part 10: Guideline on ISO 26262
iv © ISO 2011 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 26262-1:2011(E)
Introduction

ISO 26262 is the adaptation of IEC 61508 to comply with needs specific to the application sector of electrical

and/or electronic (E/E) systems within road vehicles.

This adaptation applies to all activities during the safety lifecycle of safety-related systems comprised of

electrical, electronic and software components.

Safety is one of the key issues of future automobile development. New functionalities not only in areas such

as driver assistance, propulsion, in vehicle dynamics control and active and passive safety systems

increasingly touch the domain of system safety engineering. Development and integration of these

functionalities will strengthen the need for safe system development processes and the need to provide

evidence that all reasonable system safety objectives are satisfied.

With the trend of increasing technological complexity, software content and mechatronic implementation, there

are increasing risks from systematic failures and random hardware failures. ISO 26262 includes guidance to

avoid these risks by providing appropriate requirements and processes.

System safety is achieved through a number of safety measures, which are implemented in a variety of

technologies (e.g. mechanical, hydraulic, pneumatic, electrical, electronic, programmable electronic) and

applied at the various levels of the development process. Although ISO 26262 is concerned with functional

safety of E/E systems, it provides a framework within which safety-related systems based on other

technologies can be considered. ISO 26262:

a) provides an automotive safety lifecycle (management, development, production, operation, service,

decommissioning) and supports tailoring the necessary activities during these lifecycle phases;

b) provides an automotive-specific risk-based approach to determine integrity levels [Automotive Safety

Integrity Levels (ASIL)];

c) uses ASILs to specify applicable requirements of ISO 26262 so as to avoid unreasonable residual risk;

d) provides requirements for validation and confirmation measures to ensure a sufficient and acceptable

level of safety being achieved;
e) provides requirements for relations with suppliers.

Functional safety is influenced by the development process (including such activities as requirements

specification, design, implementation, integration, verification, validation and configuration), the production

and service processes and by the management processes.

Safety issues are intertwined with common function-oriented and quality-oriented development activities and

work products. ISO 26262 addresses the safety-related aspects of development activities and work products.

Figure 1 shows the overall structure of this edition of ISO 26262. ISO 26262 is based upon a V-model as a

reference process model for the different phases of product development. Within the figure:

— the shaded “V”s represent the interconnection between ISO 26262-3, ISO 26262-4, ISO 26262-5,

ISO 26262-6 and ISO 26262-7;

— the specific clauses are indicated in the following manner: “m-n”, where “m” represents the number of the

particular part and “n” indicates the number of the clause within that part.
EXAMPLE “2-6” represents Clause 6 of ISO 26262-2.
© ISO 2011 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO 26262-1:2011(E)
Figure 1 — Overview of ISO 26262
vi © ISO 2011 – All rights reserved
1. Vocabulary
2. Management of functional safety

2-6 Safety management during the concept phase 2-7 Safety management after the item´s release

2-5 Overall safety management
and the product development for production

3. Concept phase 4. Product development at the system level 7. Production and operation

4-5 Initiation of product
4-11 Release for production
3-5 Item definition 7-5 Production
development at the system level
4-10 Functional safety assessment
7-6 Operation, service
3-6 Initiation of the safety lifecycle
4-6 Specification of the technical
(maintenance and repair), and
safety requirements
decommissioning
4-9 Safety validation
3-7 Hazard analysis and risk
assessment
4-7 System design 4-8 Item integration and testing
3-8 Functional safety
concept
5. Product development at the 6. Product development at the
hardware level software level
5-5 Initiation of product 6-5 Initiation of product
development at the hardware level development at the software level
5-6 Specification of hardware
safety requirements
5-7 Hardware design 6-7 Software architectural design
5-8 Evaluation of the hardware 6-8 Software unit design and
architectural metrics implementation
5-9 Evaluation of the safety goal
6-9 Software unit testing
violations due to random hardware
failures
6-10 Software integration and
5-10 Hardware integration and
testing
testing
6-11 Verification of software safety
requirements
8. Supporting processes
8-5 Interfaces within distributed developments 8-10 Documentation

8-6 Specification and management of safety requirements 8-11 Confidence in the use of software tools

8-7 Configuration management 8-12 Qualification of software components
8-8 Change management 8-13 Qualification of hardware components
8-9 Verification 8-14 Proven in use argument
9. ASIL-oriented and safety-oriented analyses

9-5 Requirements decomposition with respect to ASIL tailoring 9-7 Analysis of dependent failures

9-6 Criteria for coexistence of elements 9-8 Safety analyses
10. Guideline on ISO 26262
---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO 26262-1:2011(E)
Road vehicles — Functional safety —
Part 1:
Vocabulary
Scope

ISO 26262 is intended to be applied to safety-related systems that include one or more electrical and/or

electronic (E/E) systems and that are installed in series production passenger cars with a maximum gross

vehicle mass up to 3 500 kg. ISO 26262 does not address unique E/E systems in special purpose vehicles

such as vehicles designed for drivers with disabilities.

Systems and their components released for production, or systems and their components already under

development prior to the publication date of ISO 26262, are exempted from the scope. For further

development or alterations based on systems and their components released for production prior to the

publication of ISO 26262, only the modifications will be developed in accordance with ISO 26262.

ISO 26262 addresses possible hazards caused by malfunctioning behaviour of E/E safety-related systems,

including interaction of these systems. It does not address hazards related to electric shock, fire, smoke, heat,

radiation, toxicity, flammability, reactivity, corrosion, release of energy and similar hazards, unless directly

caused by malfunctioning behaviour of E/E safety-related systems.

ISO 26262 does not address the nominal performance of E/E systems, even if dedicated functional

performance standards exist for these systems (e.g. active and passive safety systems, brake systems,

Adaptive Cruise Control).

This part of ISO 26262 specifies the terms, definitions and abbreviated terms for application in all parts of

ISO 26262.
1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
1.1
allocation
assignment of a requirement to an architectural element (1.32)

NOTE Intent is not to divide an atomic requirement into multiple requirements. Tracing of an atomic system (1.129) level

requirement to multiple lower level atomic requirements is allowed.
1.2
anomaly

condition that deviates from expectations, based, for example, on requirements, specifications, design

documents, user documents, standards, or on experience

NOTE Anomalies can be discovered, among other times, during the review (1.98), testing (1.134), analysis,

compilation, or use of components (1.15) or applicable documentation.
© ISO 2011 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO 26262-1:2011(E)
1.3
architecture

representation of the structure of the item (1.69) or functions or systems (1.129) or elements (1.32) that

allows identification of building blocks, their boundaries and interfaces, and includes the allocation (1.1) of

functions to hardware and software elements
1.4
assessment
examination of a characteristic of an item (1.69) or element (1.32)

NOTE A level of independence (1.61) of the party or parties performing the assessment is associated with each

assessment.
1.5
audit
examination of an implemented process
1.6
Automotive Safety Integrity Level
ASIL

one of four levels to specify the item's (1.69) or element's (1.32) necessary requirements of ISO 26262 and

safety measures (1.110) to apply for avoiding an unreasonable residual risk (1.97), with D representing the

most stringent and A the least stringent level
1.7
ASIL decomposition

apportioning of safety requirements redundantly to sufficiently independent elements (1.32), with the objective

of reducing the ASIL (1.6) of the redundant safety requirements that are allocated to the corresponding

elements
1.8
availability

capability of a product to be in a state to execute the function required under given conditions, at a certain

time or in a given period, supposing the required external resources are available

1.9
baseline

version of a set of one or more work products, items (1.69) or elements (1.32) that is under configuration

management and used as a basis for further development through the change management process

NOTE See ISO 26262-8:2011, Clause 8.
1.10
branch coverage
percentage of branches of the control flow that have been executed
NOTE 1 100 % branch coverage implies 100 % statement coverage (1.127).

NOTE 2 An if-statement always has two branches - condition true and condition false - independent of the existence of

an else-clause.
1.11
calibration data
data that will be applied after the software build in the development process

EXAMPLE Parameters (e.g. value for low idle speed, engine characteristic diagrams); vehicle specific parameters

(adaptation values) (e.g. limit stop for throttle valve); variant coding (e.g. country code, left-hand/right-hand steering).

NOTE Calibration data cannot contain executable or interpretable code.
2 © ISO 2011 – All rights reserved
---------------------- Page: 8 ----------------------
ISO 26262-1:2011(E)
1.12
candidate

item (1.69) or element (1.32) whose definition and conditions of use are identical to, or have a very high

degree of commonality with, an item or element that is already released and in operation

NOTE This definition applies where candidate is used in the context of a proven in use argument (1.90).

1.13
cascading failure

failure (1.39) of an element (1.32) of an item (1.69) causing another element or elements of the same item to

fail

NOTE Cascading failures are dependent failures (1.22) that are not common cause failures (1.14). See Figure 2,

Failure A.
Figure 2 — Cascading failure
1.14
common cause failure
CCF

failure (1.39) of two or more elements (1.32) of an item (1.69) resulting from a single specific event or root

cause

NOTE Common cause failures are dependent failures (1.22) that are not cascading failures (1.13). See Figure 3.

Figure 3 — Common cause failure
1.15
component

non-system (1.129) level element (1.32) that is logically and technically separable and is comprised of more

than one hardware part (1.55) or of one or more software units (1.125)
NOTE A component is a part of a system.
1.16
configuration data

data that is assigned during software build and that controls the software build process

EXAMPLE Pre-processor instructions; software build scripts (e.g. XML configuration files).

© ISO 2011 – All rights reserved 3
---------------------- Page: 9 ----------------------
ISO 26262-1:2011(E)
NOTE 1 Configuration data cannot contain executable or interpretable code.

NOTE 2 Configuration data controls the software build. Only code, or data selected by configuration data can be

included in the executable code.
1.17
confirmation measure

confirmation review (1.18), audit (1.5) or assessment (1.4) concerning functional safety (1.51)

1.18
confirmation review

confirmation that a work product meets the requirements of ISO 26262 with the required level of

independence (1.61) of the reviewer
NOTE 1 A complete list of confirmation reviews is given in ISO 26262-2.
NOTE 2 The goal of confirmation reviews is to ensure compliance with ISO 26262.
1.19
controllability

ability to avoid a specified harm (1.56) or damage through the timely reactions of the persons involved,

possibly with support from external measures (1.38)

NOTE 1 Persons involved can include the driver, passengers or persons in the vicinity of the vehicle's exterior.

NOTE 2 The parameter C in hazard analysis and risk assessment (1.58) represents the potential for controllability.

1.20
dedicated measure

measure to ensure the failure rate (1.41) claimed in the evaluation of the probability of violation of safety

goals (1.108)

EXAMPLE Design feature [such as hardware part (1.55) over-design (e.g. electrical or thermal stress rating) or

physical separation (e.g. spacing of contacts on a printed circuit board)]; special sample test of incoming material to

reduce the risk (1.99) of occurrence of failure modes (1.40) which contribute to the violation of safety goals; burn-in test;

dedicated control plan.
1.21
degradation

strategy for providing safety (1.103) by design after the occurrence of failures (1.39)

NOTE Degradation can include reduced functionality, reduced performance, or both reduced functionality and

performance.
1.22
dependent failures

failures (1.39) whose probability of simultaneous or successive occurrence cannot be expressed as the

simple product of the unconditional probabilities of each of them
NOTE 1 Dependent failures A and B can be characterized when
P  P  P
AB A B
where
P is the probability of the simultaneous occurrence of failure A and failure B;
P is the probability of the occurrence of failure A;
P is the probability of the occurrence of failure B.

NOTE 2 Dependent failures include common cause failures (1.14) and cascading failures (1.13).

4 © ISO 2011 – All rights reserved
---------------------- Page: 10 ----------------------
ISO 26262-1:2011(E)
1.23
detected fault

fault (1.42) whose presence is detected within a prescribed time by a safety mechanism (1.111) that

prevents the fault from being latent

EXAMPLE The fault can be detected by a dedicated safety mechanism (1.111) (e.g. detection of the error (1.36) and

notifying the driver via an alerting device on the instrument panel) as defined in the functional safety concept (1.52).

1.24
development interface agreement
DIA

agreement between customer and supplier in which the responsibilities for activities, evidence or work

products to be exchanged by each party are specified
1.25
diagnostic coverage

proportion of the hardware element (1.32) failure rate (1.41) that is detected or controlled by the

implemented safety mechanisms (1.111)

NOTE 1 Diagnostic coverage can be assessed with regard to residual faults (1.96) or with regard to latent multiple-

point faults (1.77) that might occur in a hardware element.

NOTE 2 The definition can be represented in terms of the equations given in ISO 26262-5.

NOTE 3 Safety mechanisms implemented at different levels in the architecture (1.3) can be considered.

1.26
diagnostic test interval

amount of time between the executions of online diagnostic tests by a safety mechanism (1.111)

1.27
distributed development

development of an item (1.69) or element (1.32) with development responsibility divided between the

customer and supplier(s) for the entire item or element, or for subsystems
NOTE Customer and supplier are roles of the cooperating parties.
1.28
diversity

different solutions satisfying the same requirement with the aim of independence (1.61)

EXAMPLE Diverse programming; diverse hardware.

NOTE Diversity does not guarantee independence, but addresses certain types of common cause failures (1.14).

1.29
dual-point failure

failure (1.39) resulting from the combination of two independent faults (1.42) that leads directly to the

violation of a safety goal (1.108)
NOTE 1 Dual-point failures are multiple-point failures (1.76) of order 2.

NOTE 2 Dual-point failures that are addressed in ISO 26262 include those where one fault affects a safety-related

element (1.113) and another fault affects the corresponding safety mechanism (1.111) intended to achieve or maintain a

safe state (1.102).

NOTE 3 For a dual-point failure to directly violate a safety goal, the presence of both independent faults is necessary,

i.e. the violation of a safety goal due to a combination of a residual fault (1.96) with a safe fault (1.101) is not considered

a dual-point failure since the residual fault leads to a violation of a safety goal with or without the presence of a second

independent fault.
© ISO 2011 – All rights reserved 5
---------------------- Page: 11 ----------------------
ISO 26262-1:2011(E)
1.30
dual-point fault

individual fault (1.42) that, in combination with another independent fault, leads to a dual-point failure (1.29)

NOTE 1 A dual-point fault can only be recognized after the identification of dual-point failure, e.g. from cut set analysis

of a fault tree.
NOTE 2 See also multiple-point fault (1.77).
1.31
electrical and/or electronic system
E/E system

system (1.129) that consists of electrical and/or electronic elements (1.32), including programmable

electronic elements

EXAMPLE Power supply; sensor or other input device; communication path; actuator or other output device.

1.32
element

system (1.129) or part of a system including components (1.15), hardware, software, hardware parts (1.55),

and software units (1.125)
1.33
embedded software
fully-integrated software to be executed on a processing element (1.32)

NOTE The processing element is normally a micro-controller, a field programmable gate array (FPGA) or an application-

specific integrated circuit (ASIC), but it can also be a more complex component (1.15) or subsystem.

1.34
emergency operation

degraded functionality from the state in which a fault (1.42) occurred until the transition to a safe state (1.102)

is achieved as defined in the warning and degradation concept (1.140)
1.35
emergency operation interval

specified time-span that emergency operation (1.34) is needed to support the warning and degradation

concept (1.140)
NOTE Emergency operation is part of the warning and degradation concept (1.140).
1.36
error

discrepancy between a computed, observed or measured value or condition, and the true, specified or

theoretically correct value or condition

NOTE 1 An error can arise as a result of unforeseen operating conditions or due to a fault (1.42) within the system

(1.129), subsystem or component (1.15) being considered.

NOTE 2 A fault can manifest itself as an error within the considered element (1.32) and the error can ultimately cause a

failure (1.39).
1.37
exposure

state of being in an operational situation (1.83) that can be hazardous (1.57) if coincident with the failure

mode (1.40) under analysis
1.38
external measure

measure that is separate and distinct from the item (1.69) which reduces or mitigates the risks (1.99)

resulting from the item
6 © ISO 2011 – All rights reserved
---------------------- Page: 12 ----------------------
ISO 26262-1:2011(E)
1.39
failure

termination of the ability of an element (1.32), to perform a function as required

NOTE Incorrect specification is a source of failure.
1.40
failure mode
manner in which an element (1.32) or an item (1.69) fails
1.41
failure rate

probability density of failure (1.39) divided by probability of survival for a hardware element (1.32)

NOTE The failure rate is assumed to be constant and is generally denoted as “”.
1.42
fault
abnormal condition that can cause an element (1.32) or an item (1.69) to fail

NOTE 1 Permanent, intermittent and transient faults (1.134) (especially soft-errors) are considered.

NOTE 2 An intermittent fault occurs time and time again, then disappears. This type of fault can occur when a

component (1.15) is on the verge of breaking down or, for example, due to a glitch in a switch. Some systematic faults

(1.131) (e.g. timing marginalities) could lead to intermittent faults.
1.43
fault model
representation of failure modes (1.40) resulting from faults (1.42)

NOTE Fault models are generally based on field experience or reliability handbooks.

1.44
fault reaction time

time-span from the detection of a fault (1.42) to reaching the safe state (1.102)

See Figure 4.
Fault Fault Detection
Possible
Hazard
Normal Safe State
Operation
T <=Diagnostic test Time
interval
Fault Reaction T ime
Fault tolerant time interval
Figure 4 — Fault reaction time and fault tolerant time interval
© ISO 2011 – All rights reserved 7
---------------------- Page: 13 ----------------------
ISO 26262-1:2011(E)
1.45
fault tolerant time interval

time-span in which a fault (1.42) or faults can be present in a system (1.129) before a hazardous (1.57)

event occurs
1.46
field data

data obtained from the use of an item (1.69) or element (1.32) including cumulative operating hours, all

failures (1.39) and in-service anomalies
NOTE Field data normally comes from customer use.
1.47
formal notation
description technique that has both its syntax and semantics completely defined

EXAMPLE Z notation (Zed); NuSMV (symbolic model checker); Prototype Verification System (PVS); Vienna

Development Method (VDM).
1.48
formal verification

method used to prove the correctness of a system (1.129) against the specification in formal notation (1.47)

of its required behaviour
1.49
freedom from interference

absence of cascading failures (1.13) between two or more elements (1.32) that could lead to the violation of

a safety requirement

EXAMPLE 1 Element 1 is free of interference from element 2 if no failure (1.39) of element 2 can cause element 1 to

fail.

EXAMPLE 2 Element 3 interferes with element 4 if there exists a failure of element 3 that causes element 4 to fail.

1.50
functional concept

specification of the intended functions and their interactions necessary to achieve the desired behaviour

NOTE The functional concept is developed during the concept phase (1.89).
1.51
functional safety

absence of unreasonable risk (1.136) due to hazards (1.57) caused by malfunctioning behaviour (1.73) of

E/E systems (1.31)
1.52
functional safety concept

specification of the functional safety requirements (1.53), with associated information, their allocation (1.1)

to architectural elements (1.32), and their interaction necessary to achieve the safety goals (1.108)

1.53
functional safety requirement

specification of implementation-independent safety (1.103) behaviour, or implementation-independent safety

measure (1.110), including its safety-related attributes

NOTE 1 A functional safety requirement can be a safety requirement implemented by a safety-related E/E system

(1.31), or by a safety-related system (1.129) of other technologies (1.84), in order to achieve or maintain a safe state

(1.102) for the item (1.69) taking into account a determined hazardous event (1.59).

NOTE 2 The functional safety requirements might be specified independently of the technology used in the concept

phase (1.89), of product development.
NOTE 3 Safety-related attributes include information about ASIL (1.6).
8 © ISO 2011 – All rights reserved
---------------------- Page: 14 ----------------------
ISO 26262-1:2011(E)
1.54
hardware architectural metrics

metrics for the assessment (1.4) of the effectiveness of the hardware architecture (1.3) with respect to

safety (1.103)

NOTE The single-point fault (1.122) metric and the latent fault (1.71) metric are the hardware architectural metrics.

1.55
hardware part
hardware which cannot be subdivided
1.56
harm
physical injury or damage to the health of persons
1.57
hazard

potential source of harm (1.56) caused by malfunctioning behaviour (1.73) of the item (1.69)

NOTE This definition is restricted to the scope of ISO 26262; a more general definition is potential source of harm.

1.58
hazard analysis and risk assessment

method to identify and categorize hazardous events (1.59) of items (1.69) and to specify safety goals

(1.108) and ASILs (1.6) related to the prevention or mitigation of the associated hazards in order to avoid

unreasonable risk (1.136)
1.59
hazardous event
combination of a hazard (1.57) and an operational situation (1.83)
1.60
homogeneous redundancy
multiple but identical implementations of a requirement
1.61
independence

absence of dependent failures (1.22) between two or more elements (1.32) that could lead to the violation of

a safety requirement, or or
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.