Understanding Functional Safety and Ensuring Reliability in Critical Systems

In an increasingly automated world, the safety and reliability of systems are paramount. Functional safety is a critical aspect of this, ensuring that systems operate correctly in response to their inputs, even in the presence of faults. This means it can not be an afterthought, but needs to be part of the software development process – right from the start.

But what exactly is functional safety? Why is it so important? And how do you achieve it?

What is Functional Safety?

Functional safety is a part of the overall safety of a system or piece of equipment that relies on automatic protection mechanisms to respond correctly to inputs or failures in a predictable manner. It aims to minimize the risk of harm to people, property, and the environment by ensuring that safety functions perform correctly under all conditions.

Functional safety is achieved through the implementation of safety functions, which are designed to detect potentially dangerous conditions and take appropriate actions to prevent accidents. These functions are often embedded in software, which is an integral part of modern industrial and consumer products.

Importance of Functional Safety

Functional safety is crucial for several reasons – some are quite obvious:

• Protection of Human Life: The primary and most obvious goal of functional safety is to protect human life by preventing accidents and reducing the risk of harm. This is especially important in industries such as automotive, medical, and industrial automation, where system failures can have catastrophic consequences.
• Compliance with Regulations: Many industries are subject to strict regulatory requirements that mandate the implementation of functional safety. Compliance with these regulations is essential simply to be able to sell the product.
• Reliability and Trust: Implementing functional safety enhances the reliability of systems, which in turn builds trust with users and stakeholders. Reliable systems are less likely to fail, leading to increased customer satisfaction and reduced liability.
• Cost Savings: Ensuring functional safety also has economic advantages. Addressing safety issues early in the design and development process is more cost-effective than dealing with failures in the field. Functional safety helps prevent costly recalls, repairs, and legal actions. There is also the (sometimes more fatal) impact on sales resulting from a brand being damaged.

How to Achieve Functional Safety in Software Development

Achieving functional safety in software systems requires a structured development process. Below are some of the key phases and actions required:

1. Conduct Hazard and Risk Assessment: The first step is to identify potential hazards in software behavior and system interactions, then assess the associated risks. This involves understanding the system's operational environment and the potential consequences of failures. In other words, you need to analyze the operational context to determine the severity, exposure, and controllability of each hazard. Methods commonly used to assess risk levels include HAZOP (Hazard and Operability Study), FMEA (Failure Mode and Effects Analysis) or FTA (Fault Tree Analysis). Which to select should be decided based on the system complexity and industry requirements:
   
   •  HAZOP: Best for process-oriented systems, examining deviations from design intent
   •  FMEA: Effective for component-level analysis, identifying single-point failures
   •  FTA: Useful for complex systems, working backward from potential accidents to root causes
   
   
2. Define and Specify Safety Requirements: Translate the results of the hazard and risk assessment into clear, testable safety requirements and specify both functional safety requirements (what the system must do) and safety integrity levels (how reliably it must do it). However, there is no need to re-invent the wheel for this. There are plenty of standards and guidelines in place (see below) which you can leverage to guide requirement formulation and avoid starting from scratch.
   
   
3. Design and Implement of Functional Safety: The safety functions now need to be designed and implemented in the system. In this phase it is especially important to design the software architecture in such a way that safety-critical components can be isolated and managed correctly. It also helps to implement software modules with safety mechanisms such as redundancy, watchdogs, and fail-safes. Of course, the hardware should also support the required safety integrity levels through features such as memory protection, redundant processing capabilities, and safe failure modes.
   
   
4. Perform Verification and Validation: Once everything is in place, the system needs to be rigorously tested to verify that it meets the safety requirements and to validate that it performs correctly under all conditions. For this use architecture verification and static code analysis right from the start to detect any issues as early as possible. Issues identified early are easier to fix and cause less damage. Also, the testing (unit testing, functional testing, integration testing and fault injection testing to name a few), which play a vital part in this phase, will run more smoothly and successful.
   
   
5. Provide Traceability: It is good practice to ensure traceability from requirements to analysis and test cases with their respective results. Traceability ensures that every safety requirement can be traced through design decisions, implementation choices, verification activities, and validation results. This creates an auditable trail demonstrating that safety requirements have been properly addressed and provides the foundation for safety case development required by many regulatory frameworks.
   
   
6. Establish and Maintain Safety Management: Throughout the system's lifecycle, safety management processes need to be in place to ensure that safety is maintained. This includes documentation, configuration control, and change management as well as regular reviews, audits, and updates to the safety functions as necessary.

International Standards and Guidelines

As mentioned above, there are several international standards and guidelines governing functional safety across different industries. These standards provide a framework for implementing and maintaining functional safety in systems:

• IEC 61508: This is the umbrella standard for functional safety of electrical, electronic, and programmable electronic systems. It provides a comprehensive framework for managing functional safety throughout the lifecycle of a system.
• ISO 26262: This standard is specific to the automotive industry and addresses the functional safety of electrical and electronic systems in road vehicles. It defines the Automotive Safety Integrity Levels (ASILs) and provides guidelines for achieving functional safety in automotive systems.
• IEC 62304: This standard is specifically designed for the development of software used in medical devices. It defines a comprehensive software lifecycle model that includes planning, development, testing, maintenance, and risk management activities. While it does not use the term "functional safety" explicitly, it embodies the same principles by ensuring that medical device software is developed and maintained in a way that minimizes risk and ensures patient safety throughout the product lifecycle.
• IEC 60601: This standard also relates to the medical device industry and ensures the safety and performance of medical electrical equipment. It covers the entire lifecycle of medical devices, from design to decommissioning.
• IEC 62061: This standard is specific to the machinery sector and provides requirements for the functional safety of safety-related control systems.
• EN 50128: This standard applies to the railway industry and specifies the requirements for software used in railway control and protection systems.

Examples of Functional Safety Failures in the Automotive Industry

While functional safety applies to various industries, failures occurring in the automotive industry tend to get more attention than cases from other industries. This is mainly due to public visibility and impact. Cars are consumer vehicles and can affect millions of users. This sometimes even emotional connection to everyday life tends to get more media coverage. Here are some examples of high-profile cases from the automotive industry where failures in functional safety have led to significant consequences:

Unintended Acceleration: In the late 2000s, a car manufacturer faced numerous reports of unintended acceleration in its vehicles. Investigations revealed that software issues in the electronic throttle control system were a contributing factor. The lack of adequate functional safety measures led to several accidents, resulting in injuries and fatalities. The manufacturer had to recall millions of vehicles and faced substantial legal and financial repercussions.

Autopilot Crashes: While still a developing technology, autopilot systems are expected to be as safe as – if not even safer than – than conventional systems. The autopilot system of a leading manufacturer has been involved in several accidents where the system failed to detect obstacles or respond appropriately to road conditions. These incidents highlight the challenges of ensuring functional safety in advanced driver assistance systems (ADAS). Inadequate functional safety measures can lead to severe accidents, as seen in cases where the autopilot system failed to prevent collisions. Additionally, people are more reluctant to trust and adopt the new technology.

Ignition Switch Defect: 2014 saw a major recall of vehicles due to a defect in the ignition switch of several models. The defect could cause the engine to shut off unexpectedly, disabling critical safety systems such as airbags. The failure to implement robust functional safety measures in the design and manufacturing process led to numerous accidents and fatalities. The manufacturer had to recall millions of vehicles and pay significant fines and settlements. 

Conclusion

Functional safety is a critical aspect of modern systems, ensuring that they operate correctly and safely under all conditions. Achieving functional safety involves a systematic approach that includes hazard and risk assessment, safety requirements specification, design and implementation, verification and validation, and ongoing safety management. International standards such as IEC 61508, ISO 26262, and others provide a framework for implementing functional safety across different industries.

The importance of functional safety cannot be overstated. It protects human life, ensures compliance with regulations, enhances system reliability, while also resulting in cost savings. By adhering to functional safety standards and guidelines, organizations can mitigate risks, prevent accidents, and ensure the safety and reliability of their systems.

How we can help

Axivion Static Code Analysis has been certified for use in the development of safety systems up to the highest level of the safety requirement contained in the respective standard:

• ISO 26262 up to ASIL D
• IEC 61508 up to SIL 4 
• IEC 62304 up to Class C
• EN50128 up to SIL 4
• EN 50657 up to SIL 4  

Meet our experts

Our team of experts has profound experience in various industries and with developing high-quality safety-critical software. Contact us to discuss your individual use case or to schedule a demo.