Functional Safety for ISO 26262

These systems rely on sophisticated semiconductors that manage vast data while balancing power efficiency and complex hardware-software interactions. Ensuring their safe operation throughout the product lifecycle is critical, guided by ISO 26262, the standard for functional safety in road vehicle electronics.

In IC development, ISO 26262 mandates a rigorous process for delivering safe products. Despite its establishment, compliance remains challenging, driving up costs, resource demands, and development time.

This Verification Academy portal provides a deep dive into the key challenges project teams face and how Questa One AI-powered functional safety harmonize safety activities across the lifecycle, reducing cost and ensuring your product meets the highest standards of functional correctness and fail-safe assurance.

Education

To meet the demands of ISO 26262, project teams must develop methodologies and deploy tools to address systematic failures and random failures.

Systematic Failures

A systematic failure is a failure related to a deterministic cause, meaning it results from inherent design, implementation, or manufacturing errors rather than random hardware defects. Systematic failures are repeatable and occur under specific conditions due to flaws in requirements, specifications, design processes, software, or development methodologies.

To mitigate systematic failures, ISO 26262 mandates a structured safety lifecycle, incorporating rigorous verification, validation, and process control measures to detect and eliminate potential design flaws before deployment. Techniques such as goal-oriented coverage-driven verification, formal verification, static analysis, and fault injection help ensure systematic failures are identified and addressed. Systematic failures must be prevented at the source through robust requirement driven design and verification methodologies. All implementation and verification artifacts must be traced back to requirements.

Random Failures

A random hardware failure is defined as a failure that occurs unpredictably over the lifetime of the silicon. Random failures are statistical in nature and can be quantified using failure rate models such as IEC 62380 and SN29500.

To mitigate random failures, ISO 26262 requires fault detection, mitigation, and tolerance mechanisms, such as hardware redundancy, error correction codes (ECC), built-in self-test (BIST), and fail-safe architectures. These mechanisms ensure that failures are either detected and corrected or transitioned to a safe state. Work products such as Failure Mode, Effects, and Diagnostic Analysis (FMEDA), Fault Tree Analysis (FTA), Common Cause Analysis, and more are expected to prove the effectiveness of random failure mitigation and demonstrate ASIL metric compliance for the target criticality (ASIL A – D). 

Beyond systematic failures and random hardware failures, ISO 26262 mandates several process-oriented activities essential for achieving functional safety compliance. Successful teams must rigorously implement these practices to ensure safety throughout the development lifecycle. Key activities include:

1. Tool Qualification (ISO 26262-8, Clause 11)

• Ensures that software tools used in development (e.g., EDA tools, compilers, verification tools) do not introduce errors affecting safety.
• Requires teams to classify tools based on their impact on safety and define tool confidence levels (TCLs).
• Qualification methods include validation, proven-in-use evidence, and tool development according to safety standards.

2. Configuration Management (ISO 26262-8, Clause 8)

• Establishes structured version control and change management to track design modifications.
• Ensures that changes are systematic, documented, and traceable to prevent unintended safety impacts.
• Covers hardware, software, and associated safety artifacts throughout the product lifecycle.

3. Verification & Confirmation Measures (ISO 26262-8, Clause 9)

• Defines independent review processes such as safety assessments, audits, and functional safety confirmation reviews.
• Requires teams to have independent verification of safety-critical artifacts to avoid bias and errors.

4. Safety Management & Organizational Processes (ISO 26262-2, Clause 5-7)

• Establishes roles and responsibilities for safety management across all phases.
• Requires a functional safety manager (FSM) to oversee compliance and decision-making.
• Defines policies for competency management, ensuring engineers working on safety-critical projects are adequately trained.

5. Change & Impact Analysis (ISO 26262-8, Clause 7)

• Ensures that any modification (hardware, software, or process) undergoes structured impact assessment to verify it doesn’t introduce new risks.
• Covers design updates, technology changes, and production variations.

6. Requirements & Traceability Management (ISO 26262-8, Clause 6)

• Establishes bidirectional traceability between safety requirements, design, verification, and validation.
• Ensures no requirements are missed, misinterpreted, or inadequately tested.

Challenges

Project teams continue to face substantial challenges in delivering compliant silicon to the market. The standard significantly influences businesses, impacting product development, governance processes, and workforce expertise.

From a product development perspective, teams confront unique challenges throughout the lifecycle. They must adhere to strict safety processes and a requirements-driven workflow to produce silicon that is both free from design defects and capable of safely managing random failures. This requires addressing multiple interconnected activities, including comprehensive requirements management and traceability, artifact generation and maintenance, safety analysis, failure mode identification, and developing a safety architecture that achieves ASIL compliance with minimal impact on power, performance, and area (PPA). Ultimately, these efforts culminate in producing a safety case that provides clear and comprehensive evidence of compliance across engineering activities.

Achieving this goal is often easier said than done. The 2024 Siemens Wilson Research Survey concluded that on average, 42% of an overall project development cycle is consumed performing functional safety activities. The overhead in terms of cost and engineering resources can skyrocket without implementing robust and efficient verification and validation strategies to eliminate systematic failures and ensure resilience against random failures.

Learn more about specific challenge areas and Questa One Functional Safety workflows and automation deployed to address those challenges.

Questa One Requirements and Traceability

Questa One Safety Analysis

Learn about how advanced formal and structural safety analysis engines provide early-cycle insights into safety architecture, achievable metrics, and reduce the amount of downstream fault campaign effort.

Questa One Random Failure Workflow

Learn about how Questa One optimizes random failure analysis leveraging next generation FMEDA capabilities, seamless requirements traceability, and seamless integration with safety engines.

Evaluating Analog Circuitry for Random Failures

Learn about how broader Siemens solutions are deployed to deliver ISO 26262 metrics for analog circuitry.

Tool Qualification

Learn about Siemens approach to tool qualification and how it saves your team time and cost by performing tool qualification and providing the audit documentation.

^{Note: All Questa One Functional Safety tool documentation can be found on Siemens Support Center.}

Blog Posts

Read about other ISO 26262 topics.