Linking of ISO 26262 and System-theoretic Process Analysis

摘要

By applying the HARA and STPA, a comprehensive stateoftheart safety concept can be established. Not all UCAs will find a direct hazard counterpart in the HARA. From the ones that do, some will identify the same potential technical failures. Other UCAs, originating from safety in use or the safety of the intended functionality, but not describing a technical malfunction, will lead to the same hazardous events as already existing hazards in the HARA. In order to fully prevent all hazardous events from occurring, not only the ISO 26262 but also all safety constraints from the STPA need to be considered to create a comprehensive stateoftheart safety concept. Therefore, those unsafe control actions that can be mapped to hazardous events in the HARA must inherit the ASIL from these hazardous events, since the resulting system safety constraints represent technical solutions which must be implemented according to the ASIL of the hazardous event they are aiming to prevent.