Safety RTD Requirement [EA_RTD_00058]

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Safety RTD Requirement [EA_RTD_00058]

Contributor I


Can you provide more detail regarding the following requirement:

"[EA_RTD_00058] The SEooC is called by components with the same or higher ASIL only."?

Which is the impact for the SW architecture? If we have 5 ASIL domains (QM, ASIL A, ASIL B, ASIL C, ASIL D), do we need to replicate the library 5 times in order to have exclusive usage of the library? 

Or is the requirment requiring only that a SW module ASIL y cannot use the library to satisfy safety functions ASIL x (with x > y) (even if the library is qualified up to ASIL D)?



0 Kudos
1 Reply

NXP Employee
NXP Employee


in a system where we have multiple ASIL level components that are not isolated, the full cluster is going to have the ASIL level of the lowest component. This is explained in safety concept and safety manual.

To interact with from an ASIL level lower without affecting the ASIL level of the higher component it is required to be implemented a “proxy” that rises the path of communication with the lower ASIL level component to the higher level, or option that was already presented by you, to have separated instances of the library for each level of ASIL.

Each RTD driver is a software SEooC. It is a system architecture decision on if/how the ASIL decomposition is done on the system side, from SW SEooC this is an assumption that can be validated during integration as per ISO26262 process.

Best Regards,


0 Kudos