ISO 26262-12:2018

INTERNATIONAL ISO
STANDARD 26262-12
First edition
2018-12
Road vehicles — Functional safety —
Part 12:
Adaptation of ISO 26262 for
motorcycles
Véhicules routiers — Sécurité fonctionnelle —
Partie 12: Adaptation de l'ISO 26262 pour les motocycles
Reference number
©
ISO 2018
© ISO 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2018 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 2
3 Terms and definitions . 2
4 Requirements for compliance . 2
4.1 Purpose . 2
4.2 General requirements . 2
4.3 Interpretations of tables . 3
4.4 ASIL-dependent requirements and recommendations . 3
4.5 Adaptation for motorcycles . 4
4.6 Adaptation for trucks, buses, trailers and semi-trailers. 4
5 General topics for adaptation for motorcycles . 4
5.1 Objectives. 4
5.2 General . 4
6 Safety culture . 5
6.1 Objective . 5
6.2 Requirements and recommendations . 5
7 Confirmation measures . 6
7.1 Objective . 6
7.2 Requirements and recommendations . 6
8 Hazard analysis and risk assessment .11
8.1 Objectives.11
8.2 General .12
8.3 Input to this clause .12
8.3.1 Prerequisites .12
8.3.2 Further supporting information .12
8.4 Requirements and recommendations .12
8.4.1 Initiation of the hazard analysis and risk assessment .12
8.4.2 Situation analysis and hazard identification.12
8.4.3 Classification of hazardous events .13
8.4.4 Determination of safety goals .17
8.4.5 Verification .17
8.5 Work products .18
9 Vehicle integration and testing .18
9.1 Objective .18
9.2 Requirements and recommendations .18
9.2.1 Vehicle integration .18
9.2.2 Test goals and test methods during vehicle testing .18
10 Safety validation .20
10.1 Objective .20
10.2 General .21
10.3 Inputs to this clause .21
10.3.1 Prerequisites .21
10.3.2 Further supporting information .21
10.4 Requirements and recommendations .21
10.4.1 Safety validation environment .21
10.4.2 Specification of safety validation .21
10.4.3 Execution of safety validation . .22
10.4.4 Evaluation .23
10.5 Work products .23
Annex A (informative) Overview of and workflow of adaptation of the ISO 26262 series of
standards for motorcycles .24
Annex B (informative) Hazard analysis and risk assessment for motorcycles .30
Annex C (informative) Example of controllability classification techniques .38
Bibliography .42
iv © ISO 2018 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www .iso .org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 22, Road vehicles, Subcommittee SC 32,
Electrical and electronic components and general system aspects.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
A list of all parts in the ISO 26262 series can be found on the ISO website.
Introduction
The ISO 26262 series of standards is the adaptation of IEC 61508 series of standards to address the
sector specific needs of electrical and/or electronic (E/E) systems within road vehicles.
This adaptation applies to all activities during the safety lifecycle of safety-related systems comprised
of electrical, electronic and software components.
Safety is one of the key issues in the development of road vehicles. Development and integration of
automotive functionalities strengthen the need for functional safety and the need to provide evidence
that functional safety objectives are satisfied.
With the trend of increasing technological complexity, software content and mechatronic
implementation, there are increasing risks from systematic failures and random hardware failures,
these being considered within the scope of functional safety. ISO 26262 series of standards includes
guidance to mitigate these risks by providing appropriate requirements and processes.
To achieve functional safety, the ISO 26262 series of standards:
a) provides a reference for the automotive safety lifecycle and supports the tailoring of the activities
to be performed during the lifecycle phases, i.e., development, production, operation, service and
decommissioning;
b) provides an automotive-specific risk-based approach to determine integrity levels [Automotive
Safety Integrity Levels (ASILs)];
c) uses ASILs to specify which of the requirements of ISO 26262 are applicable to avoid unreasonable
residual risk;
d) provides requirements for functional safety management, design, implementation, verification,
validation and confirmation measures; and
e) provides requirements for relations between customers and suppliers.
The ISO 26262 series of standards is concerned with functional safety of E/E systems that is achieved
through safety measures including safety mechanisms. It also provides a framework within which
safety-related systems based on other technologies (e.g. mechanical, hydraulic and pneumatic) can be
considered.
The achievement of functional safety is influenced by the development process (including such
activities as requirements specification, design, implementation, integration, verification, validation
and configuration), the production and service processes and the management processes.
Safety is intertwined with common function-oriented and quality-oriented activities and work
products. The ISO 26262 series of standards addresses the safety-related aspects of these activities and
work products.
Figure 1 shows the overall structure of the ISO 26262 series of standards. The ISO 26262 series of
standards is based upon a V-model as a reference process model for the different phases of product
development. Within the figure:
— the shaded “V”s represent the interconnection among ISO 26262-3, ISO 26262-4, ISO 26262-5,
ISO 26262-6 and ISO 26262-7;
— for motorcycles:
— ISO 26262-12:2018, Clause 8 supports ISO 26262-3;
— ISO 26262-12:2018, Clauses 9 and 10 support ISO 26262-4;
— the specific clauses are indicated in the following manner: “m-n”, where “m” represents the number
of the particular part and “n” indicates the number of the clause within that part.
vi © ISO 2018 – All rights reserved

EXAMPLE “2-6” represents ISO 26262-2:2018, Clause 6.
Figure 1 — Overview of the ISO 26262 series of standards
INTERNATIONAL STANDARD ISO 26262-12:2018(E)
Road vehicles — Functional safety —
Part 12:
Adaptation of ISO 26262 for motorcycles
1 Scope
This document is intended to be applied to safety-related systems that include one or more electrical
and/or electronic (E/E) systems and that are installed in series production road vehicles, excluding
mopeds. This document does not address unique E/E systems in special vehicles such as E/E systems
designed for drivers with disabilities.
NOTE Other dedicated application-specific safety standards exist and can complement the ISO 26262 series
of standards or vice versa.
Systems and their components released for production, or systems and their components already under
development prior to the publication date of this document, are exempted from the scope of this edition.
This document addresses alterations to existing systems and their components released for production
prior to the publication of this document by tailoring the safety lifecycle depending on the alteration.
This document addresses integration of existing systems not developed according to this document and
systems developed according to this document by tailoring the safety lifecycle.
This document addresses possible hazards caused by malfunctioning behaviour of safety-related E/E
systems, including interaction of these systems. It does not address hazards related to electric shock,
fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy and similar
hazards, unless directly caused by malfunctioning behaviour of safety-related E/E systems.
This document describes a framework for functional safety to assist the development of safety-
related E/E systems. This framework is intended to be used to integrate functional safety activities
into a company-specific development framework. Some requirements have a clear technical focus to
implement functional safety into a product; others address the development process and can therefore
be seen as process requirements in order to demonstrate the capability of an organization with respect
to functional safety.
This document does not address the nominal performance of E/E systems.
This document specifies the requirements for adaptation for motorcycles, including the following:
— general topics for adaptation for motorcycles;
— safety culture;
— confirmation measures;
— hazard analysis and risk assessment;
— vehicle integration and testing; and
— safety validation.
Annex A provides an overview on objectives, prerequisites and work products of this document.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 26262-1, Road vehicles — Functional safety — Part 1: Vocabulary
ISO 26262-2:2018, Road vehicles — Functional safety — Part 2: Management of functional safety
ISO 26262-3:2018, Road vehicles — Functional safety — Part 3: Concept phase
ISO 26262-4:2018, Road vehicles — Functional safety — Part 4: Product development at the system level
ISO 26262-5:2018, Road vehicles — Functional safety — Part 5: Product development at the hardware level
ISO 26262-6:2018, Road vehicles — Functional safety — Part 6: Product development at the software level
ISO 26262-7:2018, Road vehicles — Functional safety — Part 7: Production, operation, service and
decommissioning
ISO 26262-8:2018, Road vehicles — Functional safety — Part 8: Supporting processes
ISO 26262-9:2018, Road vehicles — Functional safety — Part 9: Automotive Safety Integrity Level (ASIL)-
oriented and safety-oriented analyses
3 Terms and definitions
For the purposes of this document, the terms, definitions and abbreviated terms given in
ISO 26262-1 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http: //www .electropedia .org/
— ISO Online browsing platform: available at https: //www .iso .org/obp
4 Requirements for compliance
4.1 Purpose
This clause describes how:
a) to achieve compliance with the ISO 26262 series of standards;
b) to interpret the tables used in the ISO 26262 series of standards; and
c) to interpret the applicability of each clause, depending on the relevant ASIL(s).
4.2 General requirements
When claiming compliance with the ISO 26262 series of standards, each requirement shall be met,
unless one of the following applies:
a) tailoring of the safety activities in accordance with ISO 26262-2 has been performed that shows
that the requirement does not apply; or
b) a rationale is available that the non-compliance is acceptable and the rationale has been evaluated
in accordance with ISO 26262-2.
2 © ISO 2018 – All rights reserved

Informative content, including notes and examples, is only for guidance in understanding, or for
clarification of the associated requirement, and shall not be interpreted as a requirement itself or as
complete or exhaustive.
The results of safety activities are given as work products. “Prerequisites” are information which shall
be available as work products of a previous phase. Given that certain requirements of a clause are
ASIL-dependent or may be tailored, certain work products may not be needed as prerequisites.
“Further supporting information” is information that can be considered, but which in some cases is not
required by the ISO 26262 series of standards as a work product of a previous phase and which may be
made available by external sources that are different from the persons or organizations responsible for
the functional safety activities.
4.3 Interpretations of tables
Tables are normative or informative depending on their context. The different methods listed in a table
contribute to the level of confidence in achieving compliance with the corresponding requirement. Each
method in a table is either:
a) a consecutive entry (marked by a sequence number in the leftmost column, e.g. 1, 2, 3), or
b) an alternative entry (marked by a number followed by a letter in the leftmost column, e.g. 2a, 2b, 2c).
For consecutive entries, all listed highly recommended and recommended methods in accordance with
the ASIL apply. It is allowed to substitute a highly recommended or recommended method by others
not listed in the table, in this case, a rationale shall be given describing why these comply with the
corresponding requirement. If a rationale can be given to comply with the corresponding requirement
without choosing all entries, a further rationale for omitted methods is not necessary.
For alternative entries, an appropriate combination of methods shall be applied in accordance with the
ASIL indicated, independent of whether they are listed in the table or not. If methods are listed with
different degrees of recommendation for an ASIL, the methods with the higher recommendation should
be preferred. A rationale shall be given that the selected combination of methods or even a selected
single method complies with the corresponding requirement.
NOTE A rationale based on the methods listed in the table is sufficient. However, this does not imply a bias
for or against methods not listed in the table.
For each method, the degree of recommendation to use the corresponding method depends on the ASIL
and is categorized as follows:
— “++” indicates that the method is highly recommended for the identified ASIL;
— “+” indicates that the method is recommended for the identified ASIL; and
— “o” indicates that the method has no recommendation for or against its usage for the identified ASIL.
4.4 ASIL-dependent requirements and recommendations
The requirements or recommendations of each sub-clause shall be met for ASIL A, B, C and D, if not
stated otherwise. These requirements and recommendations refer to the ASIL of the safety goal.
If ASIL decomposition has been performed at an earlier stage of development, in accordance with
ISO 26262-9:2018, Clause 5, the ASIL resulting from the decomposition shall be met.
If an ASIL is given in parentheses in the ISO 26262 series of standards, the corresponding sub-clause
shall be considered as a recommendation rather than a requirement for this ASIL. This has no link with
the parenthesis notation related to ASIL decomposition.
4.5 Adaptation for motorcycles
For items or elements of motorcycles for which requirements of this document are applicable, the
requirements of this document supersede the corresponding requirements in other parts.
4.6 Adaptation for trucks, buses, trailers and semi-trailers
Content that is intended to be unique for trucks, buses, trailers and semi-trailers (T&B) is indicated
as such.
5 General topics for adaptation for motorcycles
5.1 Objectives
The objective of this clause is to give an overview of the adaptation of the ISO 26262 series of standards
for motorcycles.
5.2 General
In order for E/E systems on motorcycles to comply with the ISO 26262 series of standards, all of the
requirements of ISO 26262-2 through ISO 26262-9 shall be met. However, as described in 4.5, some
requirements may require a degree of tailoring in order to apply to motorcycles. In such cases, these
tailored requirements supersede the corresponding requirements of the ISO 26262 series of standards.
The specific requirements for motorcycles described in this document correspond to requirements of
ISO 26262-2:2018, 5.4.2, requirements in ISO 26262-2:2018, 6.4.9, requirements in ISO 26262-3:2018,
Clause 6, ISO 26262-3:2018, Annex B, requirements in ISO 26262-4:2018, 7.4.4, and requirement in
ISO 26262-4:2018, Clause 8.
NOTE The following definitions and abbreviations are specific for motorcycles and are used in this
document. These are described in ISO 26262-1:
— expert rider;
— motorcycle;
— Motorcycle Safety Integrity Level (MSIL); and
— Controllability Classification Panel (CCP).
Annex A provides the overview of and work flow for motorcycles to implement ISO 26262-2:2018,
ISO 26262-3:2018 and ISO 26262-4:2018.
Annex B gives a general explanation of the hazard analysis and risk assessment.
Annex C provides examples of controllability evaluation techniques considering motorcycle dynamics
in the context of conventional product development.
Figure 2 shows the relation of this document and the other parts of ISO 26262.
4 © ISO 2018 – All rights reserved

Figure 2 — Overview of this document and the relation to the other parts
6 Safety culture
6.1 Objective
To provide a tailoring of ISO 26262-2:2018, 5.4.2 for motorcycles.
6.2 Requirements and recommendations
6.2.1 The organization shall create, foster, and sustain a safety culture that supports and encourages
the effective achievement of functional safety for motorcycles.
NOTE ISO 26262-2:2018, Annex B provides more details of what can constitute a safety culture.
6.2.2 The organization shall institute, execute and maintain organization-specific rules and processes
to achieve and maintain functional safety and to comply with the requirements of the ISO 26262 series of
standards.
NOTE Such organization-specific rules and processes can include the creation and maintenance of generic
plans (e.g. a generic safety plan) or generic process descriptions.
6.2.3 The organization shall institute and maintain effective communication channels between
functional safety, cybersecurity, and other potentially interacting disciplines that are related to the
achievement of functional safety, if applicable.
EXAMPLE 1 Communication channels between functional safety and cybersecurity in order to exchange
relevant information (e.g. in the case it is identified that a cybersecurity issue might violate a safety goal or a
safety requirement, or in the case a cybersecurity requirement might compete with a safety requirement).
EXAMPLE 2 Communication channels between functional safety and quality.
NOTE Guidance on potential interaction of functional safety with cybersecurity is given in ISO 26262-2:2018,
Annex E.
6.2.4 During the execution of the safety lifecycle, the organization shall perform the required safety
activities, including the creation and management of the associated documentation in accordance with
ISO 26262-8:2018, Clause 10.
6.2.5 The organization shall provide the resources required for the achievement of functional safety.
NOTE Resources include human resources, tools, databases, guidelines and work instructions.
6.2.6 The organization shall institute, execute and maintain a continuous improvement process,
based on:
— learning from the experiences gained during the execution of the safety lifecycle of other items,
including field experience; and
— derived improvements for application on subsequent items.
6.2.7 The organization shall ensure that the persons responsible for achieving or maintaining
functional safety, or for performing or supporting the safety activities, are given sufficient authority to
fulfil their responsibilities.
7 Confirmation measures
7.1 Objective
The objective of this clause is to define the independency requirements of confirmation measures
associated with ASIL.
7.2 Requirements and recommendations
7.2.1 The functional safety of the item and its elements shall be confirmed, based on:
a) confirmation reviews to judge whether the key work products, i.e. those included in Table 1, provide
sufficient and convincing evidence of their contribution to the achievement of functional safety,
considering the corresponding objectives and requirements of the ISO 26262 series of standards, in
accordance with Table 1 and ISO 26262-2:2018, 6.4.10;
NOTE 1 For motorcycles, Table 1 of this document replaces ISO 26262-2:2018, Table 1.
NOTE 2 The confirmation reviews are performed for those work products that are specified in Table 1
and required by the safety plan.
b) a functional safety audit to judge the implementation of the processes required for functional
safety, in accordance with Table 1 and ISO 26262-2:2018, 6.4.11; and
6 © ISO 2018 – All rights reserved

NOTE 3 The reference processes required for functional safety are defined in the ISO 26262 series of
standards. The processes pertaining to an item or element are defined through the activities referenced or
specified in the safety plan.
c) a functional safety assessment to judge the achieved functional safety of the item, or the
contribution to the achievement of functional safety by the developed elements, in accordance with
Table 1 and ISO 26262-2:2018, 6.4.12.
NOTE 4 The aim of the independence defined in Table 1 is to ensure an objective, unbiased viewpoint and
to avoid conflict of interest. The use of the term independence in this document relates to organizational
independence.
NOTE 5 Guidance for the confirmation measure is given in ISO 26262-2:2018, Annex C.
NOTE 6 A report that is a result of a confirmation measure includes the name and revision number of the
work products or process documents analysed (see ISO 26262-8:2018, Clause 10).
NOTE 7 If the item changes subsequent to the completion of confirmation measures, then the pertinent
confirmation measures will be repeated or supplemented (see ISO 26262-8:2018, 8.4.5.2).
NOTE 8 Confirmation measures such as confirmation reviews and functional safety audits can be merged
and combined with the functional safety assessment to support the handling of comparable variants of an item.
Table 1 — Required confirmation measures, including the required level of independence
Level of
a
independence
applies to
Confirmation measures Scope
ASIL ASIL ASIL
QM
A B C
Judgement of whether the impact
analysis in accordance with ISO 26262-
2:2018, 6.4.3 correctly identified the
item as being a new item, a modifica-
Confirmation review of the impact analysis tion of an existing item or an existing
at item level (see ISO 26262-2:2018, 6.5.1) item with a modified environment.
I3 I3 I3 I3
Independence with regard to those creating Judgement of whether the impact
the work product analysis in accordance with ISO 26262-
2:2018, 6.4.3 adequately identified
the implications on functional safety
caused by the modification(s); and the
safety activities to be performed.
Judgement of whether the selection of
the operational situations pertinent to
the hazardous events and the defi-
nitions of the hazardous events are
appropriate.
Confirmation review of the hazard analysis
Judgement of whether the determined
and risk assessment (see Clause 8)
ASILs, quality management (“QM”)
I3 I3 I3 I3
ratings of the identified hazardous
Independence with regard to those creating
events for the item and the parameters
the work product
resulting in no ASIL e.g. C0/S0/E0 are
correct.
Judgement of whether the specified
safety goals cover the identified haz-
ardous events.
Confirmation review of the safety plan (see
ISO 26262-2:2018, 6.5.3)
Independence with regard to those creating
the work product
NOTE 1 A confirmation review of the safety
plan includes a review of the impact anal-
yses at element level performed due to the
reuse of existing elements (see ISO 26262-
2:2018, 6.5.2).
Applies to the highest ASIL among the
— I1 I1 I2
safety requirements
NOTE 2 The safety plan includes the proven
in use arguments (analysis, data and credit)
of the proven in use candidates and the
corresponding tailoring, if applicable (see
ISO 26262-2:2018, 6.4.6 and ISO 26262-
8:2018, Clause 14).
NOTE 3 The safety plan includes tailoring
due to the use of software tools, if applicable
(see ISO 26262-2:2018, 6.4.6 and ISO 26262-
8:2018, Clause 11).
8 © ISO 2018 – All rights reserved

Table 1 (continued)
Level of
a
independence
applies to
Confirmation measures Scope
ASIL ASIL ASIL
QM
A B C
Confirmation review of the Functional Safety
Concept (see ISO 26262-3:2018, Clause 7),
supported by the results of the correspond-
ing-safety analyses and dependent failure
Applies to the highest ASIL among the
— I1 I1 I2
analyses (see ISO 26262-9:2018, Clause 8 and
safety goals of the item
ISO 26262-9:2018, Clause 7, respectively)
Independence with regard to those creating
the work product
Confirmation review of the Technical Safety Applies to the highest ASIL among the
Concept (see ISO 26262-4:2018, Clause 6), functional safety requirements from
supported by the results of the correspond- which the technical safety require-
ing safety analyses and dependent failure ments are derived.
— I1 I1 I2
analyses (see ISO 26262-9:2018, Clause 8 and
If ASIL decomposition has been applied
ISO 26262-9:2018, Clause 7, respectively)
to the functional safety concept then
Independence with regard to those creating the resulting ASIL from the decomposi-
the work product tion may be considered.
Confirmation review of the integration
and test strategy (see ISO 26262-4:2018,
Applies to the highest ASIL among the
Clause 7)
— I0 I1 I2
safety requirements
Independence with regard to those creating
the work product
Confirmation review of the safety valida-
tion specification (see ISO 26262-4:2018,
Applies to the highest ASIL among the
Clause 8)
— I0 I1 I2
safety requirements
Independence with regard to those creating
the work product
Confirmation review of the safety anal-
yses and the dependent failure analy-
ses (see ISO 26262-9:2018, Clause 8 and
Applies to the highest ASIL among the
— I1 I1 I2
ISO 26262- 9:2018, Clause 7, respectively)
safety requirements
Independence with regard to those creating
the work product
Confirmation review of the safety case (see
ISO 26262-2:2018, 6.5.4)
Applies to the highest ASIL among the
— I1 I1 I2
safety requirements
Independence with regard to the authors of
the safety case
Table 1 (continued)
Level of
a
independence
applies to
Confirmation measures Scope
ASIL ASIL ASIL
QM
A B C
Functional safety audit in accordance with
ISO 26262-2:2018, 6.4.11
Applies to the highest ASIL among the
— — I0 I2
safety requirements
Independence with regard to the developers
of the item and project management
Functional safety assessment in accordance
with ISO 26262-2:2018, 6.4.12
Applies to the highest ASIL among the
— — I0 I2
safety requirements
Independence with regard to the developers
of the item and project management
NOTE  Figure 3 shows a simplified structure for a better understanding of independence. In different compa-
nies, the organizational units could be named differently.
a
The indicated levels of independence are intended to represent minimum requirements. The notations are
defined as follows:
—  —: no requirement and no recommendation for or against regarding this confirmation measure;
—  I0: the confirmation measure should be performed; however, if the confirmation measure is performed, it
shall be performed by a different person in relation to the person(s) responsible for the creation of the consid-
ered work product(s);
—  I1: the confirmation measure shall be performed, by a different person in relation to the person(s) respon-
sible for the creation of the considered work product(s);
—  I2: the confirmation measure shall be performed, by a person from a team that is different from that re-
sponsible for the creation of the considered work product(s), i.e. by a person not reporting to the same direct
superior; and
—  I3: the confirmation measure shall be performed, by a person from a different department or organization,
i.e. not reporting to the same department leader responsible for the release of the work product(s).
10 © ISO 2018 – All rights reserved

Figure 3 — Independence levels for confirmation reviews
7.2.2 The persons who carry out a confirmation measure shall have access to, and shall be supported
by, the persons and organizational entities that carry out safety activities during the item development.
7.2.3 The persons who carry out a confirmation measure shall have access to the relevant information
and tools.
8 Hazard analysis and risk assessment
8.1 Objectives
The objectives of this clause are:
a) to specify the necessary requirements that need to be complied with in order to perform a
motorcycle specific hazard analysis and risk assessment;
b) to identify and classify the hazardous events caused by malfunctioning behaviour of the item; and
c) to formulate the safety goals with their corresponding ASILs, mapped from MSILs, related to the
prevention or mitigation of the hazardous events, in order to avoid unreasonable risk.
8.2 General
Due to the fact that the dynamic behaviour of motorcycles differs greatly from that of other vehicles
within the scope of the ISO 26262 series of standards, and that controllability of motorcycle specific
hazardous events could place more emphasis on the rider, it is recognised that the method of performing
risk assessment requires a degree of tailoring to best suit motorcycle specific hazardous events.
Hazard analysis, risk assessment and MSIL determination are used to determine the safety goals for the
item. For this, the item is evaluated with regard to its potential hazardous events. Safety goals and their
assigned MSIL are determined by a systematic evaluation of hazardous events. The MSIL is determined
by considering severity, probability of exposure and controllability. It is based on the item’s functional
behaviour; therefore, the detailed design of the item does not need to be known.
NOTE Product development processes and technical solutions within the motorcycle industry differ
from those of the automobile industry. The worldwide established level of technology (“state-of-the-art”)
in the motorcycle industry suggests that ASIL classification is inappropriate for motorcycles. Therefore
MSIL classification as the output of the HARA is used. An alignment between MSIL and ASIL classification is
established to use requirements as defined in other parts of ISO 26262 and accommodate worldwide capability
of the motorcycle industry.
8.3 Input to this clause
8.3.1 Prerequisites
The following information shall be available:
— item definition in accordance with ISO 26262-3:2018, 5.5.1.
8.3.2 Further supporting information
The following information can be considered:
— relevant information on other items (from an external source).
8.4 Requirements and recommendations
8.4.1 Initiation of the hazard analysis and risk assessment
8.4.1.1 The hazard analysis and risk assessment shall be based on the item definition.
8.4.1.2 The item without internal safety mechanisms shall be evaluated during the hazard analysis
and risk assessment, i.e. safety mechanisms intended to be implemented or that have already been
implemented in predecessor items shall not be considered in the hazard analysis and risk assessment.
NOTE 1 In the evaluation of an item, available and sufficiently independent external measures can be
beneficial.
NOTE 2 Safety mechanisms of the item that are intended to be implemented or that have already been
implemented are incorporated as part of the functional safety concept.
8.4.2 Situation analysis and hazard identification
8.4.2.1 The operational situations and operating modes in which an item's malfunctioning behaviour
will result in a hazardous event shall be described; both when the vehicle is correctly used and when it is
incorrectly used in a reasonably foreseeable way.
12 © ISO 2018 – All rights reserved

NOTE 1 Operational situations describe conditions within which the item is assumed to behave in a safe manner.
NOTE 2 Hazards resulting only from the item behaviour, in the absence of any item failure, are outside the
scope of this document.
EXAMPLE 1 A normal motorcycle is not expected to travel on unimproved or unpaved surfaces at high speed.
EXAMPLE 2 A normal motorcycle is not expected to be used for road race, motocross or trial events.
8.4.2.2 The hazards shall be determin
...