Workflow between ISO 26262 and ISO 21448 Standards for Autonomous Vehicles

Abstract

Assuring safety is important in autonomous vehicles. The safety related to autonomous vehicles can be primarily viewed from two perspectives: the functional safety (FuSa) perspective and the safety of the intended functionality (SOTIF) perspective. While FuSa ensures the system has an acceptable risk with respect to malfunctions of electrical and electronic components, SOTIF ensures the system has an acceptable risk with respect to functional insufficiencies and performance limitations. ISO 26262 and ISO 21448 are the state-of-the-art international standards used to ensure compliance with FuSa and SOTIF for autonomous automotive systems, respectively. The ISO 21448 standard mentions the need for alignment of ISO 26262 activities with the ISO 21448 activities and describes the mapping at a very high level. However, given the iterative nature of SOTIF activities in ISO 21448, the workflow between the two standards is not a direct one-toone mapping. Hence, we need a clear understanding how we can align ISO 26262 and ISO 21448 activities, and on how analysis done in one standard can impact the other. To achieve this, in this paper we propose a detailed workflow between ISO 26262 and ISO 21448 standards. We discuss guidelines on how to find if a change to design due to SOTIF modification can affect FuSa analysis and vice versa. We also discuss the aspects we need to consider for agile development when we want to ensure the system being