/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
ISO26262-2-2018
Table of contents
1.DOCUMENT REVISION HISTORY (3)
2.RELEVANT DOCUMENTS (3)
3.DEFINITIONS AND ABBREVIATIONS (4)
4.合规性需求 (7)
4.1.目的(Purpose) (7)
4.2.一般性需求(General requirements) (7)
4.3.表格的解释(Interpretations of tables) (8)
4.4.ASIL相关需求和建议(ASIL-dependent requirements and recommendations) (9)
4.5.摩托车的适配(Adaptation for motorcycles) (9)
4.6.卡车、公共洗车、挂车和半挂车的适配(Adaptation for trucks, buses, trailers and semi-trailers)9
5.综合案例管理 (10)
5.1.目标(Objectives) (10)
5.2.一般信息(General) (10)
5.2.1.安全生命周期概述(Overview of the safety lifecycle) (10)
5.2.2.安全生命周期的解释性说明(Explanatory remarks on the safety lifecycle) (11)
5.2.2.1.一般信息(General) (11)
5.2.2.2.安全生命周期中的阶段和子阶段(Phases and sub-phases of the safety lifecycle). 12
5.2.2.3.其他关键策略(Other key concepts) (15)
5.3.本条款的输入(Inputs to this clause) (17)
5.3.1.前提条件(Prerequisites) (17)
5.3.2.进一步的支持信息(Further supporting information) (17)
5.4.需求和建议(Requirements and recommendations) (18)
5.4.1.一般信息(General) (18)
5.4.2.安全文化(Safety culture) (18)
5.4.3.功能安全方面的安全异常管理(Management of safety anomalies regarding functional safety)
19
5.4.4.能力管理(Competence management) (21)
5.4.5.质量管理体系(Quality management system) (22)
5.4.6.独立于项目的生命周期剪裁(Project-independent tailoring of safety lifecycle) (22)
6.项目相关的安全管理 (23)
6.1.目标(Objectives) (23)
6.2.一般信息(General) (24)
6.3.本条款的输入(Inputs to this clause) (25)
6.3.1.前提条件(Prerequisites) (25)
6.3.2.进一步的支持信息(Further supporting information) (25)
6.4.需求和建议(Requirements and recommendations) (26)
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
6.4.1.一般信息(General) (26)
6.4.2.安全管理中的角色和职责(Roles and responsibilities in safety management) (26)
6.4.3.相关项层面的影响分析(Impact analysis at the item level) (27)
6.4.4.现有要素复用(Reuse of an existing element) (28)
6.4.5.安全活动剪裁(Tailoring of safety activities) (30)
6.4.6.安全活动计划和协调(Planning and coordination of the safety activities) (31)
6.4.7.安全生命周期进展(Progression of safety lifecycle) (35)
6.4.8.安全案例(Safety case) (35)
6.4.9.确认措施(Confirmation measures) (36)
6.4.10.确认评审(Confirmation reviews) (37)
6.4.11.功能安全审核(Functional safety audit) (38)
6.4.12.功能安全评估(Functional safety assessment) (40)
6.4.13.用于生产的发布(Release for production) (44)
6.5.工作成果(Work products) (45)
6.5.1.相关项层面的影响分析(Impact analysis at item level) (45)
6.5.2.要素层面的影响分析(Impact analysis at element level) (45)
6.5.3.安全计划(Safety plan) (45)
6.5.4.安全案例(Safety case) (45)
6.5.5.确认措施报告(Confirmation measure reports) (45)
6.5.6.用于生产的发布报告(Release for production report) (45)
7.生产、运营、服务和报废相关的安全管理 (46)
7.1.目标(Objective) (46)
7.2.一般信息(General) (46)
7.3.本条款的输入(Inputs to this clause) (46)
7.3.1.前提条件(Prerequisites) (46)
7.3.2.进一步的支持信息(Further supporting information) (46)
7.4.需求和建议(Requirements and recommendations) (46)
7.4.1.一般信息(General) (46)
7.4.2.职责,计划和需要的流程(Responsibilities, planning and required processes) (46)
7.5.工作成果(Work products) (47)
7.5.1.生产、运营、服务和报废相关安全管理的证据(Evidence of safety management regarding
production, operation, service and decommissioning) (47)
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
1. DOCUMENT REVISION HISTORY
Rev: 1.0.0 Release Date: 2020-03-12 Issued by: KW
Initial release of document.
2. RELEVANT DOCUMENTS
The appendices and documents listed below are of essential value for the understanding of this document. Document
Ref Document no. Title
[1] 1000 ISO 26262-2-2018.pdf
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
3. DEFINITIONS AND ABBREVIATIONS
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
4.合规性需求
4.1.目的(Purpose)
This clause describes how:
本条款描述如何:
a)to achieve compliance with the ISO 26262 series of standards;
达到ISO 26262系列标准的要求。
b)to interpret the tables used in the ISO 26262 series of standards; and
解释ISO 26262系列标准中使用的表格;并
c)to interpret the applicability of each clause, depending on the relevant ASIL(s).
根据相关ASIL等级解释各条款的适用性。
4.2.一般性需求(General requirements)
When claiming compliance with the ISO 26262 series of standards, each requirement shall be met, unless one of the following applies:
当声明遵从ISO 26262系列标准时,应满足每项需求,除非符合以下条件之一:
a)tailoring of the safety activities in accordance with this document has been performed that shows
that the requirement does not apply; or
已根据本文对安全活动进行剪裁,表明该需求不适用;或
b) a rationale is available that the non-compliance is acceptable and the rationale has been evaluated
in accordance with this document.
有理由证明不合规是可接受的,并已根据本文对理由进行了评估。
Informative content, including notes and examples, is only for guidance in understanding, or for clarification of the associated requirement, and shall not be interpreted as a requirement itself or as complete or exhaustive.
信息性内容,包括注意事项和示例,仅用于指导理解或澄清相关需求,不得解释为完整或详尽的需求本身。
The results of safety activities are given as work products. “Prerequisites” are information which shall be available as work products of a previous phase. Given that certain requirements of a clause are ASIL‑dependent or may be tailored, certain work products may not be needed as prerequisites.
安全活动的结果作为工作成果给出。
“前提条件”是作为前一阶段的工作成果。
考虑到条款的某些需求是ASIL依赖的或可以剪裁,则某些工作成果可能不需要前提条件。
“Further supporting information” is information that can be considered, but which in some cases is not required by the ISO 26262 series of standards as a work product of a previous phase and which may be made available by external sources that are different from the persons or organizations responsible for the functional safety activities.
“进一步支持信息”是可以考虑的信息,但在某些情况下,ISO 26262系列标准并不要求这些信息作为前一阶段的工作成果,并且可以由非负责功能安全活动的人员和组织的外部来源提供。
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
4.3.表格的解释(Interpretations of tables)
Tables are normative or informative depending on their context. The different methods listed in a table contribute to the level of confidence in achieving compliance with the corresponding requirement. Each method in a table is either:
表格是规范性的还是信息性的,取决于它们的上下文。
表中列表的不同方法有助于提高实现遵从相应需求的置信水平。
表中的每个方法都是:
a) a consecutive entry (marked by a sequence number in the leftmost column, e.g. 1, 2, 3), or
连续的条目(在最左边的列是用序号标记,如1、2、3),或
b)an alternative entry (marked by a number followed by a letter in the leftmost column, e.g. 2a, 2b,
2c).
替代的条目(在最左边的一列用数字后跟一个字母标记,如2a、2b、2c)。
For consecutive entries, all listed highly recommended and recommended methods in accordance with the ASIL apply. It is allowed to substitute a highly recommended or recommended method by others not listed in the table, in this case, a rationale shall be given describing why these comply with the corresponding requirement. If a rationale can be given to comply with the corresponding requirement without choosing all entries, a further rationale for omitted methods is not necessary.
对于连续的条目,所有列出的根据ASIL等级高度推荐或推荐的方法都适用。
允许使用没有列在表中的其他方法来替代高度推荐和推荐的方法,不过在这种情况下,应给出理由说明这些方法遵从相应需求的原因。
For alternative entries, an appropriate combination of methods shall be applied in accordance with the ASIL indicated, independent of whether they are listed in the table or not. If methods are listed with different degrees of recommendation for an ASIL, the methods with the higher recommendation should be preferred. A rationale shall be given that the selected combination of methods or even a selected single method complies with the corresponding requirement.
对于替代的条目,应根据所示的ASIL等级采用适当的方法组合,而不管这些方法是否在表中列出。
如果列出的这些方法在对ASIL等级的推荐程序不同,则应首选推荐程序较高的方法。
应给出所选方法组合或甚至所选单一方法遵从相应需求的理由。
NOTE A rationale based on the methods listed in the table is sufficient. However, this does not imply a bias for or against methods not listed in the table.
注基于表中列出的方法,其基本原理已足够。
但是这并不意味着对表中未列出的方法有偏见。
For each method, the degree of recommendation to use the corresponding method depends on the ASIL and is categorized as follows:
对于每种方法,使用相关方法的推荐程序取决于ASIL等级,分类如下:
—“++” indicates that the method is highly recommended for the identified ASIL.
“++”表示对于已识别的ASIL等级,强烈推荐该方法。
—“+” indicates that the method is recommended for the identified ASIL; and
“+”表示对于已识别的ASIL等级,推荐该方法。
和
—“o” indicates that the method has no recommendation for or against its usage for the identified ASIL.
“o”表示该方法对已识别的ASIL没有支持或反对其使用的建议。
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
4.4.ASIL相关需求和建议(ASIL-dependent requirements and recommendations)The requirements or recommendations of each sub-clause shall be met for ASIL A, B, C and D, if not stated otherwise. These requirements and recommendations refer to the ASIL of the safety goal. If ASIL decomposition has been performed at an earlier stage of development, in accordance with ISO 26262-9:2018, Clause 5, the ASIL resulting from the decomposition shall be met.
除非另有规定,否则应该满足ASIL A、B、C和D等级的每一条子条款的需求或建议。
这些需求和建议涉及安全目标的ASIL等级。
根据ISO 26262-9:2018条5条,如果在开发的早期阶段进行了ASIL分解,则应满足分析产生的ASIL等级。
If an ASIL is given in parentheses in the ISO 26262 series of standards, the corresponding sub-clause shall be considered as a recommendation rather than a requirement for this ASIL. This has no link with the parenthesis notation related to ASIL decomposition.
在ISO 26262系列标准中,如果ASIL等级在括号里给出,相应的子条款应视为本ASIL等级的建议而非需求。
这与ASIL分解相关的括号表示法没有联系。
4.5.摩托车的适配(Adaptation for motorcycles)
For items or elements of motorcycles for which requirements of ISO 26262-12 are applicable, the requirements of ISO 26262-12 supersede the corresponding requirements in this document. Requirements of this document that are superseded by ISO 26262-12 are defined in Part 12.
对于ISO 26262-12需求适用的摩托车相关项或要素,ISO 26262-12的需求取代本文中的相应需求。
具体在第12部分定义。
4.6.卡车、公共洗车、挂车和半挂车的适配(Adaptation for trucks, buses, trailers and semi-trailers)
Content that is intended to be unique for trucks, buses, trailers and semi-trailers (T&B) is indicated as such.
对于卡车、公共汽车、挂车和半挂车(T&B)而言,其内容是特有的。
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
5.综合案例管理
5.1.目标(Objectives)
The intent of this clause is to ensure the organizations involved in the execution of the safety lifecycle, i.e. those that are responsible for the safety lifecycle or are performing safety activities in the safety lifecycle, achieve the following objectives:
本条款的目的是确保安全生命周期内组织参与执行,比如负责安全生命周期的组织或执行安全活动的组织,以达成以下目标:
a)to institute and maintain a safety culture that supports and encourages the effective achievement
of functional safety and promotes effective communication with other disciplines related to
functional safety.
建立维护安全文化,以支持和鼓励功能安全的有效达成,并且提高和其他功能安全相关行为准则的有效的沟通。
b)to institute and maintain adequate organization-specific rules and processes for functional safety.
建立维护充分的组织特定的规则和功能安全流程。
c)to institute and maintain processes to ensure an adequate resolution of identified safety anomalies.
建立维护流程来确保充分的解决方案来处理已识别的安全异常。
d)to institute and maintain a competence management system to ensure that the competence of the
involved persons is commensurate with their responsibilities; and
建立维护能力管理体系来确保参与人的能力和他们的职责对等。
e)to institute and maintain a quality management system to support functional safety.
建立维护质量管理体系来支持功能安全。
This clause serves as a prerequisite to the activities in the ISO 26262 safety lifecycle.
本条款充当ISO26262安全生命周期活动的前提条件。
5.2.一般信息(General)
5.2.1. 安全生命周期概述(Overview of the safety lifecycle)
The ISO 26262 reference safety lifecycle encompasses the principal safety activities during the concept phase, product development, production, operation, service and decommissioning. Planning, coordinating and monitoring the progress of the safety activities, as well as the responsibility to ensure that the confirmation measures are performed, are key management tasks and are performed throughout the lifecycle. The safety lifecycle may be tailored (see Clause 6).
ISO26262参考生命周期包括概念阶段,产品研发,生产,运营,服务和报废阶段的主要安全活动。
计划,协调和监控安全活动的进度,确保确认措施被执行的责任都是关键管理工作,在整个生命周期执行。
安全生命周期可以被裁剪(参见条款6)。
NOTE 1 The safety activities during the concept phase, the product development, production, operation, service and decommissioning are described in detail in ISO 26262-3, ISO 26262-4, ISO 26262-5, ISO 26262-6 and ISO 26262-7.
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
注意1 在概念阶段,产品研发,生产,运营,服务和报废阶段的安全活动在ISO26262-3, ISO26262-4,
ISO26262-5, ISO26262-6和ISO26262-7详细的描述。
NOTE 2 Table A.1 provides an overview of the objectives, prerequisites and work products of the management of functional safety.
注意2 表A.1提供了功能安全管理的目标,前提条件和工作成果的概述。
Figure 2 illustrates the management activities in relation to the safety lifecycle.
图2 展示了安全生命周期相关的管理活动。
图2 安全生命周期相关的管理活动
5.2.2.安全生命周期的解释性说明(Explanatory remarks on the safety lifecycle)
5.2.2.1.一般信息(General)
The ISO 26262 series of standards specifies requirements with regard to specific phases and subphases of the safety lifecycle, but also includes requirements that apply to several, or all, phases of the safety lifecycle, such as the requirements for the management of functional safety.
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
ISO26262系列标准详述了关于安全生命周期特定阶段和子阶段的需求,同时也包括应用于安全生命周期的部分
或全部阶段的需求,例如功能安全管理的需求。
The key safety management tasks are to plan, coordinate and track the activities related to functional safety. These management tasks apply to all phases of the safety lifecycle. The requirements for the management of functional safety are given in this part, which distinguishes:
安全管理关键工作是计划,协调和跟踪功能安全相关活动。
这些管理工作应用于安全生命周期的所有阶段。
本部
分描述了功能安全管理的需求,分为:
—overall safety management (see Clause 5).
整体的安全管理(参见条款5)。
—project dependent safety management, regarding the concept phase and the product development phases at the system, hardware and software level (see Clause 6); and 项目相关的安全管理,概念阶段和产品研发阶段(系统,硬件和软件级,参见条目6)。
—safety management regarding production, operation, service and decommissioning (see Clause
7).
关于生产,运营,服务和报废阶段的安全管理(参见条目7)。
The planning of the safety activities regarding development is initiated at the concept phase and is refined as necessary through the product development phases (system, hardware and software) until
the decision to release the item, or element, for production. The planning of the activities regarding production, operation, service, and decommissioning is initiated during the product development at
the system level.
研发相关的安全活动计划在概念阶段发起,可以在整个产品研发阶段(系统,硬件和软件)按需要重新定义,直
到做出为了下一步生产阶段进行正式释放(相关项或元素)决定。
生产,运营,服务和报废的安全活动计划在产
品研发系统层面发起。
Sub-clause 5.2.2.2 explains the definitions of different phases and sub-phases of the safety lifecycle. Other key concepts to take into consideration during the safety lifecycle are explained in sub-clause
5.2.2.3.
子条目5.2.2.2解释了安全生命周期中不同的阶段和子阶段的定义。
安全生命周期中需要考虑的其他的关键策略在子条目5.2.2.3中进行解释。
5.2.2.2.安全生命周期中的阶段和子阶段(Phases and sub-phases of the safety lifecycle)
a)item definition (a sub-phase of the concept phase):
相关项定义(策略阶段的1个子阶段):
The initiating task of the safety lifecycle is to develop a description of the item with regard to its functionality, interfaces, environmental conditions, legal requirements, known hazards, etc. The
boundary of the item and its interfaces, as well as assumptions concerning other items, elements, or external measures are determined (see ISO 26262-3:2018, Clause 5).
安全生命周期的初始任务研发相关项的描述,包括其功能,接口,环境条件,法规需求,已知危险等。
需要决定相关项的边界和其接口,以及其他相关项,元素或外部措施相关的假设。
b)hazard analysis and risk assessment (a sub-phase of the concept phase):
危险分析和风险评估(策略阶段的1个子阶段):
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
The hazard analysis and risk assessment is performed as given in ISO 26262-3:2018, Clause 6. First, the hazard analysis and risk assessment estimates the probability of exposure, the controllability and the severity of the hazardous events with regard to the item. Together, these parameters
determine the ASILs of the hazardous events. Subsequently, the hazard analysis and risk
assessment determines the safety goals for the item, with the safety goals being the top level safety requirements for the item. The ASILs determined for the hazardous events are assigned to the corresponding safety goals. The assumptions regarding human behaviour, including controllability and human response, in the hazard analysis and risk assessment, the functional safety concept and the technical safety concept, as well as the technical assumptions relevant for the ASIL classification are validated (see ISO 26262-3:2018, Clause 6, ISO 26262-3:2018, Clause 7 and ISO 26262-4:2018, Clause 8).
依据ISO 26262-3:2018 条目6执行危险分析和风险评估。
首先,危险分析和风险评估估算暴露的可能性,相关项(Item)相关的危险事件的可控性和严重度。
以上这些因素决定了危险事件的ASILs等级。
既而,危险分析和风险评估决定了相关项的安全目标(safety goals),安全目标(safety goals)是相关项(Item)最高级别的安全需求。
ASILs等级决定危险事件将会分配到相应的安全目标(safety goals)。
关于人类行为假设的验证,包括在危险分析和风险评估,功能安全策略和技术安全策略过程中的可控性和人类的反应;以及ASIL分类相关的技术假设的验证(参见ISO 26262-3:2018条目6,ISO 26262-3:2018条目7和ISO 26262-4:2018条目8)。
During the subsequent phases and sub-phases, detailed safety requirements are derived from the safety goals. A safety requirement inherits the ASIL of the corresponding safety goal, or receives the ASIL after decomposition in the case requirements decomposition with respect to ASIL tailoring has been applied (see ISO 26262-9:2018, Clause 5).
在接下来的阶段和子阶段中,根据安全目标(safety goals)获得详细的安全需求。
安全需求继承了相应安全目标(safety goal)的ASIL等级,或者接收关于ASIL剪裁应用后的需求分析获得的ASIL等级。
c)functional safety concept (a sub-phase of the concept phase):
功能安全策略(安全策略的1个子阶段):
Based on the safety goals, a functional safety concept (see ISO 26262-3:2018, Clause 7) is
developed considering the preliminary architectural assumptions. The functional safety concept is developed by deriving functional safety requirements from the safety goals and by allocating these functional safety requirements to the elements of the item. The functional safety concept may also include other technologies or rely on external measures (see ISO 26262-3:2018, Clause 7). In those cases, the corresponding assumptions or expected behaviours are validated (see ISO 26262-4:2018, Clause 8). The implementation of other technologies is outside the scope of the ISO 26262 series of standards and the implementation of the external measures is outside the scope of the item
基于安全目标(safety goals),功能安全策略(参见ISO 26262-3:2018条目7)参考初步的架构假设来研发。
功能安全策略通过从安全目标(safety goals)获取功能安全需求,以及对这些功能安全需求到相关项(Item)元素(Element)的分配来研发。
d)product development at the system level
产品研发:系统层面
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
After the functional safety concept is specified, the item is developed at the system level, as given in ISO 26262-4. The system development process is based on the concept of a V‑model with the specification of the technical safety requirements, the system architecture, the system design and implementation on the left side and the integration, verification and the safety validation on the right side.
在规定了功能安全策略后,按照ISO 26262-4的规定,进行该相关项系统层面的研发。
系统开发流程基于V-模型的策略,左侧是技术安全需求规格书、系统架构、系统设计和实现,右侧是集成、验证和安全检验。
The hardware-software interface is specified in this phase. The interfaces between hardware and software are updated during the hardware and software development.
硬件-软件接口在这个阶段被明确规定,接口可以在硬件研发和软件研发阶段更新。
ISO 26262-4:2018, Figure 2 provides an overview of the sub-phases of the system development.
The system development incorporates safety validation tasks for activities occurring within other safety lifecycle phases, including:
ISO 26262-4:2018,图2提供了系统研发的子阶段的概述。
系统研发合并发生在其他安全生命周期阶段活动的安全校验任务,包括:
—the technical assumptions relevant for the ASIL classification.
ASIL等级分类相关的技术假设。
—the validation of the assumptions concerning human behaviour, including controllability and human response.
关于包括可控性和人类反应等人类行为假设的验证。
—the validation of the aspects of the functional safety concept that are implemented by other technologies; and
使用其他技术实现功能安全策略方面的验证。
—the validation of the assumptions concerning the effectiveness and the performance of external measures.
关于外部措施的有效性和性能的假设进行的验证。
e)product development at the hardware level
产品研发:硬件级
Based on the system design specification, the hardware is developed (see ISO 26262-5). The
hardware development process is based on the concept of a V-model with the specification of the hardware requirements and the hardware design and implementation on the left side and the hardware integration and verification on the right side.
基于系统设计规格书,进行硬件研发(参见ISO 26262-5)。
硬件研发流程基于V-模型的策略,结合左侧的硬件需求,硬件设计和实现的规格书,以及右侧的硬件集成和验证制定。
ISO 26262-5:2018,图2提供了硬件研发子阶段的概述。
f)product development at the software level
产品研发:软件级
Based on the system design specification, the software is developed (see ISO 26262-6). The
software development process is based on the concept of a V-model with the specification of the
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
software requirements and the software architectural design and implementation on the left side, and the software integration and the verification on the right side.
基于系统设计规格书,进行软件研发(参见ISO 26262-6)。
软件研发流程基于V-模型的策略,结合左侧的软件需求,软件架构设计和实现的规格书,以及右侧的软件集成和验证制定。
ISO 26262-6:2018, Figure 2 provides an overview of the sub-phases of the software development.
ISO 26262-6:2018,图2提供了软件研发子阶段的概述。
g)production, operation, service and decommissioning
生产,运营,服务和报废
The planning of this phase (see ISO 26262-7:2018, Clause 5), and the specification of the associated requirements, starts during the product development at the system level (see ISO 26262-4) and takes place in parallel with the system, hardware and software development. Such planning can be enabled by exchanging information or requirements e.g. safety-related special characteristics or requirements that improve the ability to produce the product.
这个阶段的计划(参见ISO 26262-7:2018条目5),以及相关需求的规格书,在产品研发:系统级(参见ISO 26262-4)启动,并且和系统,硬件,软件研发同步进行。
这个计划可以通过交换信息或需求来实现,包括安全相关的特殊特性或者需求,这些特性和需求可以提高生产产品的能力。
This phase addresses the processes, means and instructions to ensure functional safety regarding production, operation, service and decommissioning of the item or element. The safety-related special characteristics and the development and management of instructions for the production, operation, service (maintenance and repair) and decommissioning of the item or element (see ISO 26262-7:2018, Clauses 6 and 7) are considered.
这个阶段涉及流程,手段和指示来保证相关项(Item)或元素(Element)的生产,运营,服务和报废阶段相关的功能安全。
相关项(Item)或元素(Element)的生产,运营,服务(维护和维修)和报废阶段中,安全相关的特殊特性以及研发和管理的指示也被考虑在内。
5.2.2.3.其他关键策略(Other key concepts)
a)Confirmation measures
确认措施
The confirmation measures (see Clause 6) are performed to judge the functional safety achieved by the item, or the contribution to the achievement of functional safety e.g. concerning the
development of elements.
确认措施(参见条目6)用于判断通过相关项(Item)实现的功能安全,或者对实现功能安全的贡献,比如,关于元素(Element)的研发。
b)Controllability
可控性
In the hazard analysis and risk assessment (see ISO 26262-3:2018, Clause 6), credit can be taken for the ability of the driver, or the other persons at risk (e.g. pedestrians, cyclists, passengers, drivers of other vehicles) to avoid the specified harm, possibly supported by external measures.
在危险分析和风险评估(参见ISO 26262-3:2018条目6)步骤中,驾驶员或其他处于危险中的人(比如步行,骑行,乘客,其他车辆的驾驶员)避免特定伤害的能力可能需要外部措施来支持。
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
The assumptions regarding the controllability in the hazard analysis and risk assessment and the functional and technical safety concept are validated (see ISO 26262-3:2018, Clauses 6 and 7 and ISO 26262-4:2018, Clause 8).
验证了危险分析和风险评估中关于可控性的假设以及功能和技术的安全策略(参见ISO 26262-3:2018条目6和7以及ISO 26262-4:2018条目8)。
NOTE The exposure and the severity depend on the scenario. The eventual controllability through human intervention is influenced by the design of the item and is therefore evaluated during the safety validation (see ISO 26262-4:2018, Clause 8).
注意:暴露程度和严重度取决于具体情况。
通过人为干预,最终的可控性受到相关项(Item)设计的影响,因此也会在安全验证过程中被评估。
c)External measures
外部措施
The external measures refer to the measures outside the boundary of the item (see ISO 26262-3:2018, Clause 5) that reduce or mitigate the potential hazards resulting from malfunctioning
behaviour of the item. External measures can include additional in-vehicle devices such as dynamic stability controllers or run-flat tyres, but also devices external to the vehicle, such as crash barriers or tunnel fire-fighting systems.
外部措施是指相关项(Item)(参见ISO 26262-3:2018条目5)边界外的措施,用来降低或减轻由于相关项(Item)的故障行为导致的潜在危害。
外部措施可以包含额外的车载设备,比如动态稳定控制器或防爆轮胎,同时也包括车辆外部装置,比如防抖护栏或隧道消防系统。
The assumptions regarding the external measures in the item definition, the hazard analysis and risk assessment and the functional and technical safety concept are validated (see ISO 26262-
4:2018, Clause 8).
验证了在相关项定义(Item definition),危害分析和风险评估以及功能和技术安全策略中,外部措施的相关假设(参见ISO 26262-4:2018条目8)。
External measures can be considered in the hazard analysis and risk assessment (see ISO 26262-3:2018, Clause 6). However, if credit is taken from an external measure in the hazard analysis and risk assessment e.g. to reduce the ASIL of a safety goal, that external measure cannot be considered again as a risk reduction in the functional safety concept.
在危害分析和风险评估(参见ISO 26262-3:2018条目6)中,也可以考虑外部措施。
然而,如果在危害分析和风险评估中采用了外部措施,比如降低安全目标的ASIL等级,那么在功能安全策略中,该外部措施不能再次作为降低风险的手段。
An external measure can be outside the scope of the ISO 26262 series of standards (e.g. if the external measure is realized by another technology or is implemented external to the vehicle), or in
system distinct from the item).
外部措施可以在ISO 26262系列标准的范围之外(比如,如果外部措施由另外一种技术实现或由车辆外部的方式实施),也可以在ISO 26262系列标准的范围之中(比如,如果外部措施由与相关项不同的E/E系统实现)。
d)Impact analysis at the item level
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
相关项层级的影响分析
An impact analysis (see 6.4.3) is performed at the item level to determine whether the item is a new development, a modification of an existing item, or an existing item with a modified environment. If there are one or more modifications, the implications of the modifications on functional safety are analysed.
影响分析会在相关项层面进行,以确定该相关项(Item)是否为新的开发项,或对现有相关项的修改,或是现在相关项的环境已修改。
如果有一个或更多的修改,对功能安全修改的影响要进行分析。
e)Impact analysis at the element level
元素层级的影响分析
An impact analysis is performed at the element level when an existing element is reused (see 6.4.4), so as to evaluate whether the reused element is able to comply with the safety requirements
allocated to that element, considering the operational context in which the element is reused.
当已有元素被复用时,需要进行元素层级的影响分析(参见6.4.4),以便评估复用的元素是否能够遵守分配给该元素的安全需求,并考虑元素复用的操作上下文。
f)Other technologies
其他技术
Other technologies (e.g. mechanical and hydraulic technologies) are those different from electrical and electronic technologies. These can be considered in the specification and allocation of safety requirements (see ISO 26262-3:2018, Clause 7 and ISO 26262-4), or as an external measure. In other words, an element realized by another technology may be implemented within the item, or may be specified as an external measure.
其他技术(比如,机械和液压技术)是指区别与电气和电子的技术。
这些技术可以在安全需求的规格书与分配中考虑(参见ISO 26262-3:2018条目7和ISO 26262-4),或作为外部措施,换句话说,由其它技术实现的元素(Element)可以在相关项(Item)内被实施,也可以指定为外部措施。
g)Release for production
用于生产的发布
The release for production (see 6.4.13) formalizes the decision to release the item, or element, for production, considering the results of the safety lifecycle, including the results of the applicable confirmation measures.
用于生产的发布(参见6.4.13)正式确定了发布相关项(Item),要素(Element)用于生产的决定,过程中需要考虑到安全生命周期的结果,包括适用的确认措施的结果。
5.3.本条款的输入(Inputs to this clause)
5.3.1.前提条件(Prerequisites)
None.
无。
5.3.2. 进一步的支持信息(Further supporting information)
The following information can be considered:
/ISO26262/1611_002 00 ISO26262-2-2018.DOCX
可以考虑以下信息:
—existing evidence of compliance with standards that support quality management.
符合支持质量管理标准的现有证据。
EXAMPLE 1 IATF 16949 in conjunction with ISO 9001 regarding quality management across phases of the safety lifecycle.
示例1 IATF16949与ISO 9001有关安全生命周期各阶段的质量管理。
EXAMPLE 2 ISO/IEC 33000 series of standards, Capability Maturity Model Integration (“CMMI®”), or Automotive SPICE®1) series of standards regarding product development.
示例2 ISO/IC 33000系列标准,能力成熟度模型集成(“CMMI®”),或者有关产品研发的汽车行业SPICE®系列标准。
5.4.需求和建议(Requirements and recommendations)
5.4.1.一般信息(General)
Sub-clauses 5.4.2 to 5.4.6 apply to the organizations involved in the execution of the safety lifecycle.
子条款5.4.2到5.4.6适用于参与安全生命周期执行的组织。
5.4.2.安全文化(Safety culture)
5.4.2.1 The organization shall create, foster, and sustain a safety culture that supports and encourages the effective achievement of functional safety.
组织应该创建,培育和维持可以支持与鼓励有效实现功能安全的文化。
NOTE Annex B provides more details of what can constitute a safety culture.
注意:附录B提供了关于什么可以构成安全文件的更多细节。
5.4.2.2 The organization shall institute, execute and maintain organization-specific rules and processes to achieve and maintain functional safety and to comply with the requirements of the ISO 26262 series of standards.
组织应该制定,执行和维护组织特定的规则和流程,以实现和维护功能安全,并符合ISO 26262系列标准的要求。
NOTE Such organization-specific rules and processes can include the creation and maintenance of generic plans (e.g. a generic safety plan) or generic process descriptions.
注意:此类特定于组织的规则和流程可包括通用计划或通用流程描述的创建和维护。
5.4.2.3 The organization shall institute and maintain effective communication channels between functional safety, cybersecurity, and other disciplines that are related to the achievement of functional safety.
组织应该在功能安全、网络安全以及其他与实现功能安全相关的学科之间建立并维持有效的沟通渠道。
EXAMPLE 1 Communication channels between functional safety and cybersecurity in order to exchange relevant information (e.g. in the case it is identified that a cybersecurity issue might violate a safety
goal or a safety requirement, or in the case a cybersecurity requirement might compete with a safety requirement).
示例1 功能安全和网络安全之间的沟通渠道,用于交换相关信息(比如,在确定网络安全问题可能违反安全目标
或安全需求的情况下,或者在网络安全需求可能与安全需求相竞争的情况下)。
