What are benefits from safety analysis?

Safety analysis should be derived from design. I prefer that FMEA or FTA should be derived systematically.

And what if there are nothing identified additional safety requirements from safety analysis?

It would be good news, because your design is safe even though you considered diverse failure conditions.

But what if there is no history to improve your system safety and there is nothing identified and your system is safety critical. Does it make sense?

Of course, customer will not believe what you did.

IF safety requirements are not additionally identified from safety analysis, then please consider that your mechanism to derive FMEA and FTA from design is wrong, or your design may miss what should be contained.

There are many approaches, some are useful, and the others may not. Your practice can be improved, so continually improve your design to stretch to safety.

In this sense, re-work is very common.



The thing Changed in the System Development Lifecycle of ISO 26262-4:2018

In first edition, Safety system requirement stage and safety system design stage are distinguished. I’ve thought that it was natural until 1 year ago. But Applying ISO 26262, it was vague.

My major question applying ISO26262-4:2011 was

Comparing Automotive SPICE and ISO 26262-4, TSR specification is performed in ENG.2(Requirement specification) phase? But the details of TSRs cannot be determined in the ENG.2 stage.

Because requirement and design is distinguished in the ISO 26262 standard, I’d like to define the two.

  • Requirement defines what shall be done.
  • Design define how shall be implemented.

Safety relevant functions are closely related not only to requirement, but also to design decision in the supplier aspect.

Safety mechanisms are belong to TSR, but they are design decision to handle failures that are related to safety.

When I realized the fact, I feel so confused. Then how deep should I recommend functional safety engineers to specify TSRs? How should I define development life-cycle? How to combine from existing development lifecycle?


My conclusion is that I don’t have to distinguish between safety requirement and safety design, because major contents specified in the Technical Safety Requirements stage are derived from design decision.

After Safety analysis results, TSRs are additionally identified and safe design decision is defined. Then, TSR stage does not just cover requirement stage.

So my idea is that TSR does not cover fully ENG.2(requirement specification) and ENG.3(design specification) both but is in the overlap of both ENG.2 and ENG.3. and TSC is in ENG.3

When I review latest ISO 26262-4:2018, I thought that the author of the standard might be in the similar situation. I do not know the real, anyway I welcome that TSR stage and Safety design stage are merged.