Request access to NXP’s SafeAssure NDA group to get safety documents (Safety Manuals, SEooC Standardized FMEDAs, Analysis Reports, Assessment/Confirmation Measure Reports, and PPAPs) and to receive expert support for your functional safety applications.
We help you design with confidence and efficiently achieve system-level compliance by confidently developing and meeting the most stringent international safety standards: both ISO 26262 and IEC 61508 Our SafeAssure® program connects experts with designers to share deep automotive and appliance safety knowledge, vast product development resources, and strategic alliances with key industry partners. You can go through our SafeAssure product catalog to eliminate malfunction risks while reducing time to market, cost, and complexity in the churn from design to manufacturing. Also, you can watch our NXP online Safety Academy: the Module 5: NXP SafeAssure Portfolio (now available on-demand, log-on required) goes through our entire NXP SafeAssure product portfolio. It provides a guide through for showing you how to find the best product choice for your application and describe the support NXP offers via its SafeAssure program, including the safety deliverables, the system safety solutions, and our NXP SafeAssure community. NOTE: log-on required to view the video
NXP is certified by TÜV SÜD (vehicle inspection and product certification body founded over 140 years ago and headquartered in Munich, Germany) for our ISO 26262:2018 functional safety development process and by LRQA (Lloyd's Register Quality Assurance, an UK management systems certification body for quality certification ) for our ISO 9001:2015 for Design and Manufacture of Semiconductors . As we move toward vision zero, designers need a simple way to achieve system-level functional safety design and to meet standards compliance. Our goal is to simplify this for industrial and automotive standards. You can learn more about our ISO 26262 and IEC 61508 applications with controlling functionality and our IEC 60730 and IEC 61508 applications with moving parts. NXP's system solutions are designed to continue toward vision zero with zero accidents on the roads or in the home!
Our NXP online Safety Academy brings you the tools and tips to start designing more quickly for safety critical systems. Because safety requires expert knowledge, we have developed four learning paths across 13 modules to deliver specialized training for you: Program Manager Hardware Engineer Software Engineer System Engineer Build your training plan today and start learning!
Vehicle Electrification is an automotive global market trend that self-driving cars and trucks are adopting to help centralize control and seamless exchange of data and information across systems, to reduce hazards, decrease emissions, and optimize traffic too. The growing focus on the electrification of vehicles is supporting the evolution of the safety electronics demand for both cars and trucks due is helping to enhance user experience (by integrating smartphones and electronic devices) on high-end infotainment, Advanced Driver Assistance Systems (ADAS), digital clusters, and telematics applications. Several top manufacturers are not only working with electronic embedded technologies —to increase safety and reduce the vehicle weight, but also on alternative propulsion technologies like flexible fuel, natural gas engines, or Hybrid Electric (HEV) and all-Electric Vehicles (EV) for integrating efficient functional systems to achieve higher fuel efficiency. This is boosting the demand for safety solutions, electrification of engine mechanism, propulsion technologies, and infotainment innovations. This accelerated electrification of vehicles, together with the public adoption of connected vehicle concept and the integration of advanced safety features, is kicking the demand for reliable and robust E/E systems. The global automotive safety electronics market is expected to reach around $40 billion by 2023 —with a 12% CAGR growth between 2017-2023, according to the Automotive Safety Electronics Market - Global Outlook and Forecast 2018-2023 report from Research and Markets. The Chevy Bolt, Toyota Prius Prime, and Tesla Model X are leading the Electric Vehicles (EV) sales in the US: from 158,614 vehicles sold in 2016 to 199,826 vehicles in 2017 —a 21% growth YoY. Driven by government regulations, the extended applications for E/E systems embedded across HEV/EV segments are being engineered to comply with the highest ISO 26262 Automotive Safety Integrity Level (ASIL-D) guaranteeing a safe state activation when something out-of-ordinary happens, especially critical on autonomous vehicles. All those E/E systems require a safety microcontroller (MCU) and a reliable, safe source of power connected to the battery of the vehicle —the System Basis Chip (SBC). Both MCUs and SBCs are the backbone of embedded architectures that includes independent hardware monitoring, simplifying Electronic Control Units (ECUs) design. IMAGE: Technologies to enable car electrification and autonomous drive Autonomous Vehicles demand advanced safety and secure architectures (with a dedicated quantitative and qualitative safety analysis) to size the risk, improve system robustness, and predict system after failure —through configurable fail-safe or fail-silent behaviors. The electrification of vehicles trend requires reliable E/E systems capable of taking decisions and acting as a human driver —or close enough; combining functional safety and electric control systems to decide and act on applications like parking brake, steering, powertrain, anti-lock braking, or transmission systems.
Nearly in every case of the accidents involving self-driving vehicles, human error was that cause of the problem and not the autonomous vehicle —the Google shuttle in Las Vegas, some Ubers in Arizona, the Tesla car in Florida, and several others in California. If driverless vehicles are supposed to make safer roads, the bigger question is What should these cars or trucks do to reduce accidents? Engineers are struggling to figure out the underlying safety challenge: even when autonomous vehicles are doing what they are supposed to, all nearby cars and trucks drivers are flawed and capable of making errors. There are two principal crashing causes involving self-driving vehicles: - The sensors are not detecting what is happening around the vehicle due to its quirks: cameras only work correctly with enough light, LiDAR struggles to operate through the fog, Radar is not exceptionally accurate, and GPS performs better with a clear view of the sky. Nowadays, engineers are defining the right mix of sensors to be implemented, as the solution is just not adding more of them on self-driving vehicles because both cost and computing power are limiting factors. - The software is mishandling unexpected situations when the vehicle faces conditions that is not programmed to do. All self-driving vehicles have to make hundreds of decisions every second and adjusting the path using the incoming data from the environment, just like human drivers. Engineers must combine the data from all the sensor inputs and create an accurate computerized model of the vehicle surrounding; then the code can interpret that representation to instruct the car or truck on how to navigate and interact with whatever might be happening nearby. Basically, the vehicle will not take the right decisions if the perception of the system is not accurate. It will not be enough for autonomous vehicles to drive safely to fulfill expectations of reducing crashes; they must become the ultimate defensive driver, ready to react when other vehicles nearby drive unsafely. Some of the incidents with driverless vehicles show machines did not entirely understand the situation to define the correct action; those vehicles executed the rules they had but were not making sure their decisions were the safest ones —because of the way most self-driving vehicles are being programmed and tested. Engineers need to code autonomous vehicles with instructions on how to behave when some vehicle do something out of the ordinary; besides, testers should consider other vehicles as adversaries while developing plans for extreme situations. The basic standard for both is making driverless vehicles follow the laws of the road: obeying traffic lights and signs, knowing local transit rules, and behave as a law-abiding human driver. However, what should an autonomous vehicle do if a car is driving in the wrong direction? Currently, self-driving vehicles totally stop and wait for the situation to change —definitely, no human driver would do this. A person would take evasive action and switch lanes without signaling, driving onto the shoulder, or speeding up to avoid a crash —even if those meant breaking a traffic rule. Software and Test engineers need to teach autonomous vehicles to understand not only the surroundings but the context. A truck approaching from the front means no harm if it is in the other lane, but is entirely different if it is in the same lane. As car makers are becoming better at implementing self-driving technologies, they must rethink safety for autonomous vehicles and test them under complex tasks (like parking in a crowded lot or changing lanes in a work zone) to analyze and improve how they perform, not only on lonely unidirectional or multi-lane highways under good weather. Those driverless tests might be similar to human driving tests, but is exactly what it should be if autonomous vehicles and human drivers will have to coexist safely on the roads.
Some steps for having a plan for safety systems, considering design, integration, testing, and operation: 1. Perform an extensive risk assessment of each device and the whole operating system, using existing records of injuries, to determine the required level of protection for meeting local and national requirements. 2. Determine the safety level required for each device and system based on the risk assessment, considering risk severity and the probability of injury on local and national requirements by doing safety schematics to show how all of the safety elements interact, including the cores as well as all of the interlocking devices. 3. Meet the needs of the safety level working closely with qualified safety managers and risk engineers; integrating the necessary safety devices and measures to upgrade the equipment, by developing a Safety Functional Design Specification (SFDS) detailing the scope of the electrical and mechanical modifications. 4. Craft training modules, including gathered and developed information during the safety assessment process. What else would you recommend?
Functional Safety is becoming normality as the number of complex applications (from industrial to automotive and even medical and aerospace) are heavily relying on embedded electrical and electronic (E/E) systems meeting power, performance, and area (PPA) specifications. As vehicle safety relies not only on individual integrated circuits (ICs) but the interaction of those ICs within the electronic control unit (ECU), engineers need to analyze the traces between the ICs and develop fault models considering board-level signal and power integrity —ensuring chips will perform as intended once inside the end products, even when facing errors or unplanned or unexpected circumstances. The current Functional Safety standards demand stringent fault analysis in earlier design phases (using algorithms and models) and also robust safety monitoring at higher abstraction levels. These safety systems then need to be traced through implementation and final verification methodologies, completing the system view of functional safety. Engineers in a wide range of markets are acknowledging the Functional Safety importance of meeting stringent security, safety, and quality standards; by developing reliable systems, their users can benefit from high-performance and secure solutions like driver safety, comfort, in-car infotainment, and fuel efficiency. For businesses, achieving safety requirements mean the difference between capitalizing on new opportunities and missing the mark, due to the advancements in technology driving product design and development. Because the high demand for sophisticated embedded electronics, addressing Functional Safety is now propagating through the whole supply chain: from semiconductor technologies to design tools, together with methodologies and processes in all stages.
The Automotive industry is evolving on how vehicles are being conceptualized, designed, built, used, and sold. Because of this, most automotive OEMs are challenging their engineers to use advanced technologies (such as robust embedded computation, innovative Artificial Intelligence and Machine Learning, or full connectivity to the Internet of Things) to address how people will use their vehicles; also driver safety, energy and environmental, and traffic congestion concerns. Those technologies demand reliable Functional Safety systems to enhance safety & security, improve powertrain emissions, and provide connectivity to other vehicles and infrastructure —part of what 5G network is aiming. Even when daring, no doubt the need for Functional Safety is a must-have in the automotive industry. Automotive OEMs are now upgrading safety & security together with the driving experience by incorporating more features and capabilities into vehicles, including Advanced Driver-Assistance Systems (ADAS): Emergency Braking Assistance (EBA), Blind Spot Detection, Lane Departure Warning (LDW), or high-end Radar and Vision systems. Also, Self-Driving Vehicle technologies are pushing the safety systems development even further. IMAGE: OEM automotive system demand - Strategy Analytics One of the most significant challenges for automotive engineers is to meet the IEC 61508 and ISO 26262 expectations (in performance, power, and area) for developing safety-related systems while not to adversely affect the whole development or its cost to design or manufacture. The majority of the OEMs are answering this challenge by rising the number of in-vehicle processors to improve real-time capabilities and computation for greater control and safety. Increases in demand for more complex and sophisticated electrical, electronics, and programmable safety-related systems comes the need for more complex and sophisticated microcontrollers and processors to assure the safety & security of drivers, passengers, and pedestrians. MCUs and MPUs are becoming an inherent element of most Functional Safety embedded systems.
Functional Safety Management (FSM) programs aim to ensure all stages of the Safety Lifecycle (SLC) are correctly implemented and supported through its phases: 1. Starting from analysis, initiation, and specifications of the safety requirements. 2. Covering design and development of the features to their implementation on a safety-critical system. 3. Finalizing with operation and maintenance, ending in decommissioning of the system. FSM is important to end users as it helps to reduce the risk to an acceptable level but becomes relevant to the organization because if implemented correctly, can help improve efficiency and reduce cost. A robust FSM will consider People (related to the roles, responsibilities, and competency of personnel involved), Paperwork (linked to documentation and record keeping), and Procedures (associated to well-defined work processes in place for each phase). If people are adequately trained, working with well-documented processes and procedures, then this will decrease the inherent risk in activities on a daily basis. As Functional Safety becoming normality, the FSM programs are relevant as they are a requirement for every manufacturer, balancing stringent and cohesive software and hardware integrated systems.
Functional Safety offers the required risk-reduction to assure safety in the presence of systematic or random faults. Systematic failures happen due to a design flaw and are present in all implementations. Engineers take care of these using Quality Management Systems (QMS) to trace the design and development methodologies, the manufacturing process, the operational procedures, the documentation, and other relevant factors used on the overall system. Random failures are transient faults or soft errors such as radiation, EMI, or power glitches; permanent errors caused by power shortages or others; dependant faults due to failures or related to components within the system; or potential faults where the impact is not seen for some time. Engineers addressed those using a combination of self-test capability, hardware safety mechanisms, and functional redundancy. Failure Modes and Effects Analysis (FMEA) allows to identify and evaluate the effects of both systematic and random failure modes on applications, eliminate or reduce the chance of failure, and to document the system development process. A Failure Modes, Effects and Diagnostic Analysis (FMEDA) is an FMEA extension that includes quantitive failure data (fault rates and the distribution of failure modes) for all components analyzed in the application and the probability of the safety system design to detect internal failures using online diagnostics techniques. FMEDAs are based on the MIL-STD-1629A standard and were developed in the late 1980s by Dr. William M. Goble and engineers from exida. FMEDAs are a structured quantitative analysis of a system, subsystem, product, or component; and are used to predict failure rates, failure modes, and their effects on (system) operation, while considering potential diagnostic functions. Also, design, development, and verification engineering teams generate FMEDAs to ensure all the ISO 26262 documentation and traceability requirements are met in the SoC development flow, at both the IP and the full-chip level. Failure Modes, Effects and Diagnostic Analysis take into consideration: - All the components included in the design - The functionality of each component - The failure modes of each component - The effect of each component failure mode on the product functionality - The ability to detect the failure of any automatic diagnostics - The design strength (de-rating, safety factors) - The operational profile (environmental stress factors). FMEDAs make safer applications by helping to predict the failure mode data and the product level failure rate for a product. FMEDAs use component database calibrated with reasonably accurate field failure rate and failure modes, that are more accurate than field warranty return analysis or field failure analysis —because these methods depend on reports that typically do not have enough detail information in failure records.
Functional Safety is moving away from being an industry requirement to become normality within products; more of those solutions are incorporating complex embedded hardware and software that relies on a specific execution of commands and safety-related functions. Functional Safety systems are helping to mitigate the risk of damage or physical injury to the health of people caused by first- and second-hand hazards; Functional Safety systems detect those hazardous conditions and provide danger reduction against accidental threats to protect people and products from any operational damage. Engineers are nowadays capturing and experimenting with ongoing process improvements and also with new and advanced products to ensure the volume-driven growth in the sector. The Functional Safety market overgrows almost 9% of CAGR and ultimately will reach USD 8.7 billion by the end of 2023, according to the Future Global Functional Safety Market Research Report- Forecast 2023 by Market Research. This Functional Safety global market is growing because: - the demand for high-performance Internet of Things (IoT), modern robotics, Advanced Driver-Assistance Systems (ADAS), and autonomous machines applications. - the definition of product performance levels & security concerns, risks requirements, and safety specifications; using defined process and certified systems like Safety Integrity Levels (SIL), failure modes & effects analysis. - the investment in the sector pushed by some safety & security interested buyers. However, it worths the effort to pay attention to the sector restrains: - The number of players in the market, even when new companies are starting to participate. - The lack of awareness around the industry about the benefits of implementing safety systems in products. - The reduced levels of effective Functional Safety R&D, to enable a continued upward growth trend.
Electric and Electronic (E/E) Systems and Functional Safety have been present in different markets like defense, aerospace, and medical for some time now. However, the growing relevance of Functional Safety within the automotive market is pushing the semiconductor industry nowadays to drive innovations faster —at almost the same pace of consumer electronics. Engineers are being required to trade off between cost and safety while developing E/E systems: making design-constrained complex solutions and keeping them affordable to build. System developers must ensure that chips are working (functional verification) but also have to guarantee that they will work if something unplanned happens and let those chips inoperable (functional safety verification). Their verification tools have to evolve and meet the new requirements that the market is demanding: testing software and testing the whole system before the silicon is available. Those tests need to consider the system perspective beyond the SoC and the IP; also doing early developments before the physical hardware is ready. In general, two type of companies are going after the next-generation of SoCs (more challenging than previous automotive chips and more complex than any other ICs developed for safety-critical markets): - Those that know how to build complex SoCs but have no functional safety consideration and are now struggling to apply its principles from concept and architecture to the complete development. - Those with functional safety knowledge that were doing MCUs but small experience with complex power-, secure-, or networking-demanding chips. As automotive chips are now leading innovation, those challenges are also creating opportunities for further automation to make the process more efficient. The key to deploying an existing chip within the automotive industry is to understand functional safety is not an end-of-the-line activity, the architecture level and its mechanisms should go first. This approach avoids not only performance issues and area degradation but also mitigates the negative impact on the Safety Integrity Levels (SIL) to achieve. Tier 1 companies are not focusing on functionality anymore. Instead, they are asking for the procedures used to define the requirements and how the chips are built, in response, semiconductor companies are bringing traceability of SoC in addition to their quality processes. Safety must be considered a first-class issue, from project planning to the complete development process as Functional Safety is a critical part of chip design.
The transportation industry has evolved, influenced by driver safety concerns, traffic and commuting plans, environmental regulations, paradigm shifts of how vehicles are used, and technology breakthroughs. Nowadays, new upgraded generations of vehicles are designed by engineers, driven on streets, and sold in dealerships. This evolution generates a need for many OEMs to include safety and security considerations into early stages of their engineering process. The use of sensors, analogs, and other devices integrated with microcontrollers or microprocessors brings a new dimension of improved computational control, powertrain management, enhanced connectivity, and more important, driver safety through Functional Safety. Functional Safety systems detect potentially dangerous conditions and execute corrective or preventive actions; the objective of Functional Safety is to avoid harm or health risks, in the worst case to reduce them to a tolerable level by bringing the failure impact down. Functional Safety combines electronic safety and security systems into vehicles by the application of both driving technologies and safety design. Functional Safety has significantly changed over the last decade, as electronics were more common in industrial and automotive systems and nowadays reaching aerospace, aviation, and medical markets. The transportation industry delivers real value for fully certified market-enabled Functional Safety systems due to robust safety and security programs in combination with world-class product solutions. As achieving Functional Safety excellence is essential for the industry success, one of the main challenges is to accomplish the required robust Functional Safety levels while trying not to affect the system performance, design costs, or manufacturing process. Engineering teams achieve Functional Safety by: - Identifying potential hazards. - Determining required safety functions. - Assessing required Functional Safety standards. - Designing systems for meeting Safety Integrity Level (SIL). - Certificating systems with the applicable standards. - Auditing Functional Safety to ensure standards compliance. NXP SafeAssure program supports engineering teams to reduce unintentional hazard failure, to comply with high-demanding industry requirements, and to maintain consumer trust. The SafeAssure p rogram connects experts with design engineers to share deep automotive and appliance safety knowledge, strategic alliances with main industry partners, and a variety of product development resources. Serving Functional Safety automotive applications , SafeAssure p roduct offerings include Microcontrollers, Mixed-Signal Microcontrollers, Analog & Power Management, and Sensors solutions. As Functional Safety is moving away from being an industry requirement to become normality, engineering teams demand reliable solutions to help to develop higher performance in-vehicle systems for improving overall efficiency, comfort or infotainment, and driver safety.
The automotive industry is now demanding engineers to provide new and improved vehicle safety systems, moving from basic airbag deployment systems to both complete Advanced Driver Assistance Systems (ADAS) and Intelligent Transport Systems (ITS) technologies. Industrial markets require ISO 26262 compliance robust solutions to prevent accidents, including avoidance capabilities. The ISO 26262 defines four Automotive Safety Integrity Levels (ASILs) —with ASIL D being the most stringent safety level. The ASIL automotive application overview can be summarized as:
Car makers are addressing safety concerns through the demanding industrial environment, building new capabilities to enhance the overall performance of products and systems to guarantee security. Is because of this that Functional Safety is experiencing broad changes in both technology and business: while encroaching into areas of technology, like semiconductors (which is a huge radical shift from the traditional automotive industry, built on mechanical and hydraulic engineering), the automotive business is becoming more consumer-focused driven (as more electronic driver-assisted features are being incorporated into vehicles). Most of the 2 billion cars forecasted for 2040 will include onboard components (sensors, actuators, microcontrollers, microprocessors, transceivers...) as part of complex Electric and Electronic (E/E) Systems working to comply even more severe safety and security standards. The automotive industry is fast-moving to develop intelligent transportation E/E systems, where Functional Safety will behave more actively rather than passively. Modern vehicles have more E/E systems than before —implies more components on each: cars from a decade ago had around $300 USD worth of semiconductors in them, present-day cars can reach $2,000 USD worth, and the automotive industry is heading toward $4,000 USD per car. When having more components to keep the security and safety, the liability level of each individual component is expected to be significantly improved as a complete system. Functional Safety is relevant for the Automotive industry because it considers a "Safety Lifecycle" to build those complete systems under the standardized performance levels. Safety Lifecycle observes from initial concept and design, through development, construction and installation, to maintenance and modifications. Engineers are following safety and security standards while managing hazards and risks by rethinking the complete system using the Safety Lifecycle: from improving methodologies to rearchitecting tools and the software. Functional Safety is prompting a new automotive industry understanding by driving significant changes in technologies (software and tools), hazard and risk analysis, methodologies and business practices.
The demanding amount of safety-critical applications is growing every day; bringing added and new pressures to design engineers as they had to develop Electric and Electronic (E/E) Systems to prevent risks and to solve safety challenges. Designing complex E/E systems that meet rigorous and sophisticated Functional Safety requirements is a challenging job for engineers —especially when they are also managing time-to-market urgency with safety performance to guarantee human well-being. The challenge is to develop systems to prevent hazardous failures (hardware/software) or at least with enough controls to rule them when they occur. Since 1960, hazard and risk analysis started to enter the equation to assure safety and security in the systems to protect people and equipment, raising a Functional Safety evolution . Both automotive and industrial markets require achieving compliance with IEC 61508 and ISO 26262 Functional Safety standards. Car makers have been required to provide new and improved vehicle safety systems with reliable electronic systems that can prevent dangerous failures and control them if they happen. Safety systems are evolving from basic airbag deployment systems to extremely complex Advanced Driver Assistance Systems (ADAS) with accident prediction and avoidance capabilities. Last year, approximately +40,000 people died in motor vehicle accidents on US highways —more than 1.3 million worldwide. If by using Functional Safety compliance applications (through ASIL Level 3 to Level 5) can be saved about 80% to 90% of those people, reliable safety systems will be saving around 36,000 lives in the US. This brings an economic benefit of $750 billion for avoiding accidents, economic damage... but more important: saving human lives. Nowadays, an increasing number of industrial control systems are following IEC 61508 Functional Safety certification to operate acceptably safe with minimal faults in harsh environments. The evolution of Functional Safety is driving towards zero accidents , g oing from "Detection" to "Prediction" for guarantying safety and security. Functional Safety is becoming relevant not only for automotive but for multiple industries such as energy, aerospace, telecommunications, robotics, or medical, and they all are demanding Functional Safety compliance to develop secure and safe systems for people.