Members can download this article in PDF format.
Safety is a critically important aspect of any automotive or industrial application. As automotive and industrial products become more autonomous, designers of these products face increasing pressure to meet standards for functional safety, which involves anticipating what could go wrong and taking steps to reduce risk to an acceptable level. Specific standards that address functional safety include IEC 61508 for industrial applications and ISO 26262 for the automotive industry.
Functional safety addresses two types of faults that can occur in an element such as an integrated circuit:
- Systematic faults result from design errors or flaws in the manufacturing process.
- Random hardware faults are unpredictable yet detectable and preventable using built-in functional-safety mechanisms.
For your functional-safety designs, you can select components that were developed in full compliance with the relevant functional-safety standard as certified by an independent organization such as TÜV SÜD. On the other hand, if you choose parts not developed in accordance with the standard, additional steps can be taken to demonstrate that your system employing these elements meets relevant safety criteria.
Sponsored Resources:
Understanding functional safety in automotive and industrial sensing applicationHardware-Element Classes
ISO 26262 defines three hardware-element classes for such parts. A class I element has few or no states that can be analyzed from a safety perspective without knowledge of its development-process and implementation details. Moreover, it lacks internal safety mechanisms to control or detect failures. A class I element—such as a capacitor, transistor, LDO, PTC temperature sensor, or simple logic gate—doesn’t need to be evaluated regarding functional safety by itself, but it can be evaluated as part of a larger system.
A class II element has few states that can be analyzed from a safety perspective without knowledge of implementation details, and it may have no internal safety mechanisms. However, documentation may exist to support assumptions regarding systematic faults. If you choose a class II element—such as an op amp, data converter, dc-dc converter, or CAN transceiver—be prepared to complete an evaluation plan supported by analysis and testing to show that the element meets the necessary safety requirements.
Class III elements—including microprocessors, SoCs, multichannel PMICs, motor drives, and single-board computers—have many operating modes that are impossible to analyze without knowledge of development-process and implementation details. They also have internal safety mechanisms to control or detect failures. For these elements, be prepared to complete an evaluation plan and take additional steps to demonstrate that the risk due to systemic faults is sufficiently low.
Texas Instruments offers three categories of functional-safety products: functional-safety-capable, functional-safety-managed, and functional-safety-compliant (Fig. 1). Two of these categories map approximately to the three classes of ISO 26262.