Functional Safety


In the WP5 (Functional Safety Development), 4 deliverables were completed in the OPTIMORE project:

D5.1 -  Item Definition
D5.2  - Hazard and Risk Analysis
D5.3 - Generic System FMEA
D5.4 -  Functional Safety Concept

All deliverables are created according to the ISO 26262 guidelines for the creation of functional safety development.

The Item Definition (D5.1), the Hazard and Risk Analysis (D5.2) and the Generic System FMEA (D5.4) form the basis for the final deliverable (D5.4) Functional Safety Concept, in which the final safety requirements are defined to be applied to range extender electric vehicles (RE-EVs) with high voltage energy storage systems.

Item Definition (D5.1)

In the deliverable 5.1 – Item Definition – a generic system architecture for range extender electric vehicles was defined and agreed with the OPTIMORE partners.

The aim was to describe a generic RE-EV system and specify its boundaries for the safety activities. This was done to get an adequate understanding of the system for safety analysis.

•    Description of the system under consideration of information coming from the different OPTIMORE partners
•    Selection of the safety functions for which safety activities will be carried out
•    Detail description of the selected functions and receive a review by OPTIMORE partners
•    Implementation of review results and creation of final version

Contents of generic item definition for RE-EVs:
•    Standards to be applied
•    Environmental requirements
•    Content of the item (overall vehicle architecture including sensors/actors)
•    Functional requirements
•    Mechanical interfaces
•    Context of the item (boundaries to other systems)
•    Human machine interface

Hazard and Risk Analysis (D5.2)

On the basis of the item definition, a Hazard and Risk Analysis (HRA) was created and agreed with the OPTIMORE partners. In the HRA, a rating of possible malfunctions of the defined functions was done under consideration of the driving situation and environment.

According to ISO 26262, a rating for the Severity, the Exposure and the Controllability for each failure mode was given. Composed out of these three ratings, an overall safety level was calculated (Automotive Safety Integrity Level – ASIL). Altogether, 73 hazards were described and evaluated. The figure gives an overview about the results of the HRA.

For each of the identified hazards, a safety goal and possible countermeasures were defined.
The development of specific safety requirements based on the findings of the HRA was done in the Functional Safety Concept (FSC).

Generic System FMEA (D5.3)

In addition to the functional safety development, a generic system FMEA for RE-EVs was created.
The system FMEA was structured in such a way, that at the top level the functions and malfunctions of the overall powertrain of the RE-EV are described. They are directly linked to the functions and malfunctions on system and subsystem level; in a third step the latter are linked to the functions and malfunctions on component level.
For the malfunctions on powertrain level, the Severity of each malfunction is rated. With the linkage to system and component level, the causes of the malfunctions can be identified.

For each critical failure on powertrain level (Severity > 7), detection and preventive actions were defined on system and on component level. Please note that the identification of root causes on component level are only done on a generic level, as no detailed information about specific components are available.

The outcome of the generic system FMEA was described in FMEA form sheet tables. These tables, sorted by the respective system, show

•    all system malfunctions,
•    all effects of the system malfunctions on powertrain level,
•    all root causes of the system malfunctions on component level,
•    and all prevention and detection actions on component level for critical failures

Functional Safety Concept (D5.4)

The aim of the FSC was to derive safety goals in functional safety requirements and to allocate them to the elements of the safety architecture concept.

For the nine identified safety goals derived from the 83 hazards from the HRA, in total 71 safety requirements were defined (no requirements with hazards rated only with QM). The requirements include the specification of Failure Tolerance Times, Safe States and are assigned to the respective control units for which the requirement is applicable.





This project has received funding from the European Union’s Seventh Framework Programme for research, technological development and demonstration under grant agreement no 314252

© website hosted by Uniresearch