AnsweredAssumed Answered

How to manage specific ASIL requirements when they only apply to one function?

Question asked by Christian Michel-sendis Employee on May 14, 2018

My question is a general question on how to  boil down "system level" ASIL requirements down to MCU ASIL requirements.


I have the following situation with a customer:  Initially, ASIL-B was defined as a requirement.  We therefore proposed an ASIL-B capable product. (MPC574xG)   In the meantime, the customer added ASIL-C requirements for some specific functions. ( in particular, some Digital I/Os and CAN communication is  requested to be ASIL-C) .  

Question: Do we require then an ASIL-C capable microcontroller?

It is my understanding that our safety concept does not address  peripherals or I/Os functions, since the use of these is highly  application dependent and therefore requires system-level strategies for fault monitoring.

Therefore, am I correct in thinking that even if we delivered an ASIL-C/D microcontroller, these I/O and CAN functions need to be dealt at system-level.   Could we then keep the current ASIL-B product and tell the customer to strengthen the safety level of the ASIL-C functions by software or something else?