Using STPA in an ISO 26262 Compliant Process
Conferences
Overview
Research
Identity
Additional Document Info
View All
Overview
abstract
Hazard analysis is an essential activity in the development lifecycle of any safety-critical system. Different industries have their own standards to regulate and standardize their development practices. The introduction of automotive standard ISO 26262 has garnered a lot of interest and the industry is moving towards following ISO 26262 compliant processes. Although the standard suggests using traditional hazard analysis techniques to identify hazards and to perform safety analyses, a literature review shows the limitations of these techniques to handle the increased complexity of modern vehicles, caused by the growing number of features added to them. STPA, a relatively novel hazard analysis technique, promises to overcome some of these limitations. However, STPA is not referred to in ISO 26262. In this thesis, we analyze how STPA can help satisfy the requirements of hazard analysis and risk assessment defined in Part 3 of ISO 26262. We also provide an excerpt of our approach of applying STPA as per the concept phase of ISO 26262 on an automotive subsystem, a Battery Management System. One of the main challenges faced by manufacturers is the difference in the terminologies used in the techniques and the standard. To combat this, we provide a detailed comparison of the primary terms used in STPA and ISO 26262, and also compare their foundations. Since most users are familiar with traditional hazard analysis techniques, we also provide a high-level mapping between the outputs of the automotive version of FMEA, Seven Failure Modes FMEA (a variant of FMEA), and STPA. In conclusion, we determined that STPA can be used in an ISO 26262 compliant manner and also provided guidelines to fulfill any gaps identified. It is important to note that we did not have to modify STPA but only augment it to achieve this.
