Safety case confusion

There was a fundamental change in what a safety case is, from the 1st to 2nd edition of ISO 26262.  Some experts in functional safety still do not understand the difference.  

This article will define the difference and what is needed to be done today in order to comply with ISO 26262:2018.

In edition 1 a safety case is defined as.

‘argument that the safety requirements for an item are complete and satisfied by evidence compiled from work products of the safety activities during development’ Clause 1.106 of Ref 1

To complete a safety case in edition 1 requires:

‘The safety case should progressively compile the work products that are generated during the safety lifecycle.’ 

Clause 6.4.6.2 of Ref 2.

Then in 2018 the safety case definitions changed.

In edition 2 the objective of project dependent safety management includes:

‘to create a comprehensible safety case in order to provide the argument for the achievement of functional safety’ 6.1.i of Ref 3.  

In edition 2 a safety case is defined as 

‘argument that functional safety is achieved for items, or elements, and satisfied by evidence compiled from work products of activities during development.’ 3.136 of Ref 3.

To complete a safety case in edition 2 requires:

‘A safety case shall be developed, in accordance with the safety plan, in order to provide the argument for the achievement of functional safety’. 6.4.8.1 Ref 4

‘The safety case should progressively compile the work products that are generated during the safety lifecycle to support the safety argument’. 6.4.8.2 Ref 4

Further the informative guidance in 6.4.8.2 Note 1 of Ref 4 states:

In the case of a distributed development, the safety case of the item can be a combination of the safety cases of the customer and of the suppliers, which references evidence from the work products generated by the respective parties. Then the overall argument of the item is supported by arguments from all parties. 

Therefore if the supplier does not provide a compelling argument for the achievement of functional safety, then the OEM cannot combine the suppliers argument into the overall argument for the achievement of functional safety for an item.   

How to complete the safety case argumentation should be clarified in the development interface agreement required in ISO 26262-8:2018 clause 5. 

Finally the informative guidance given in Annex C of Ref 3 for how to complete a confirmation review of a safety case includes

‘The goal is to judge whether the argument provided in the safety case is convincing’ & ‘Evaluation of whether the argument provided in the safety case is plausible and sufficient to argue functional safety is achieved’.

The change from ISO 26262 Edition 1 to Edition 2 included the movement to the achievement of objectives defined by ISO 26262 for each section, the need for a safety case argument.  Rather than the safety case just being a collection of evidence to show each clause is fulfilled.  

It is still seen today from major tier one suppliers that the safety case is only a collection of evidence that the safety plan was followed.  E.g. the safety plan says how a TSC will be done, and the safety case is a link to the TSC. 

Past discussions about this with such suppliers have not resulted in a recognition of the need for an explicit argument.  They argue that the argument is implicit and this is sufficient.  Even when their safety case process is checked by a functional safety assessor from an external organisation, the external organisation does not find issue with how the safety case is written.  

It appears that either ISO 26262:2018 does not sufficiently clarify what is expected or major organisations are not fully adopting the changes.    

The best explanation of what is required for ISO 26262:2018 is given in the guidelines for automotive safety arguments (Ref 5). This guideline also provides a framework and methodology that is recommended to be followed to produce the safety case and safety argumentation.  

Ref 1 - ISO 26262-1:2011 

Ref 2 - ISO 26262-2:2011

Ref 3 - ISO 26262-1:2018

Ref 4 - ISO 26262-2:2018

Ref 5 - Guidelines for automotive safety arguments, MISRA, Sept 2019. 

We hope this article has provided useful insights into the scope of ISO 26262:2018. For more detailed information, read our other articles or visit our online shop. We appreciate your feedback, which will help us improve our offerings and prioritise future topics for discussion. If you have any further questions or require assistance, please do not hesitate to contact us.