

1. The necessary activities and processes for the product development at the hardware level include:

(1) the hardware implementation of the technical safety concept;

(2) the analysis of potential hardware faults and their effects;

(3) the coordination with software development.


(1) 功能安全概念的硬件实现;

(2) 潜在硬件失效及后果分析;

(3) 与软件开发协同合作。

2. 硬件功能安全相关工作:


(1) 5.5 initiation of product development at the hardware level: 启动硬件设计





(2) 5.6 specification of hardware safety requirements: 定义硬件功能安全需求




They are derived from the technical safety concept and system design specification.


The hardware safety requirements specification shall include each hardware requirement that relates to safety, including the following:


i. the hardware safety requirements and relevant attributes of safety mechanisms to control internal failures of the hardware of the element, this includes internal safety mechanisms to cover transient faults when shown to be relevant due, for instance, to the technology used; 

EXAMPLE 1 Attributes can include the timing and detection abilities of a watchdog.


ii. the hardware safety requirements and relevant attributes of safety mechnisms to ensure the element is tolerant to failures external to the element.

EXAMPLE 2 The functional behaviour required for an ECU in the event of an external failure, such as an open-circuit on an input of the ECU.


iii. the hardware safety requirements and relevant attributes of safety mechanisms to comply with the safety requirements of other elements.

EXAMPLE 3 Diagnosis of sensors or actuators.


iv. the hardware safety requirements and relevant attributes of safety mechanisms to detect and signal internal or external failures; 

EXAMPLE 4 The specified fault reaction time for the hardware part of a safety mechanism, so as to be consistent with the fault tolerant time interval.


v. the hardware safety requirements not specifying safety mechanisms.


---requirements on the hardware elements to meet the target values for random hardware failures as described in 6.4.3 and 6.4.4

---requirements for the avoidance of a specific behaviour(for instance, "a particular sensor shall not produce an unstable output");

---requirements allocated to hardware elements implementing the intended functionality;

---requirements specifying design measures on harnesses or connectors.


--- 在FMEDA、FMEA、FTA分析过程中,为了达到安全目标等级的要求,而对硬件元器件的需求;


--- 为了实现设定功能的硬件元器件需求;

--- 指定的线束和连接器的设计方法。

(3) 5.7 hardware design: 硬件设计

The first objective of this clause is to desgin the hardware in accordance with the system design specification and the hardware safety requirements.

The second objective of this clause is to verify the hardware design against the system desgin specification and the hardware safety requirements.


Hardware design includes hardware architectural design and hardware detailed design.



i. Hardware architectural design

i. 硬件架构设计:

Each hardware component shall inherit the highest ASIL from the hardware safety requirements it implements. If ASIL decomposition is applied to the hardware safety requirements during hardware architectural design, it shall be applied in accordance with ISO 26262-9:2011, Clause 5.

每一个硬件元器件应该从硬件安全需求继承最高的ASIL等级。如果需要ASIL等级分解,详细分解方法参考ISO 26262-9:2011中第五章。

Non-functional causes for failure of a safety-related hardware component shall be considered during hardware architectural design , including the following influences, if applicable: temperature, vibrations, water, dust, EMI, cross-talk originating either from other hardware components of the hardware architecture or from its environment.



ii. Hardware detailed design

ii. 硬件详细设计:

In order to avoid common design faults, relevant lessons learned shall be applied in accordance with ISO 26262-2:2011,

为了避免通常的设计错误,相关的经验教训应确保被实施。有关经验教训的说明与规定见ISO 26262-2:2011,

Non-functional causes for failure of a safety-related hardware part shall be considered during hardware detailed design, including the following influences, if applicable: temperature, vibrations, water, dust, EMI, noise factor, cross-talk originating either from other hardware parts of the hardware component or from its environment.


The operating conditions of the hardware parts used in the hardware detailed design shall comply with the specification of their environmental and operational limits.


Robust design principles should be considered. Robust design principles can be shown by use of checklists based on QM methods. 


EXAMPLE Conservative specification of components.



iii. safety analyses

iii. 安全分析

safety analyses on hardware design to identify the causes of failures and the effects of faults shall be applied in accordance with Table 2 and ISO 26262-9:2011, Clause 8.


The initial purpose of the safety analyses is to support the specfication of the hardware design. Subsequently, the safety analyses can be used for verification of the hardware design. In its aims of supporting the specification of the hardware design, qualitative analysis can be appropriate and sufficient.



iv. Verification of hardware design

iv. 硬件设计验证

If it is discoverd, during hardware design, that the implementation of any hardware safety requirement is not feasible, a request for change shall be issued in accordance with the change management process in ISO 26262-8.

如果在硬件设计验证的过程中,发现任何硬件安全需求没有满足,那么需要提出变更申请。变更申请的管理流程参见ISO 26262-8。


=> 安全分析的手段有三种:FTA, FMEA, FMEDA。其中FTA和FMEA用来支持硬件设计,FMEDA用来进行硬件设计的验证。

(4) 5.8 evaluation of the hardware architectural metrics: FMEDA


(5) 5.9 evaluation of safety goal violations due to random hardware failures: FTA 


(6) 5.10 hardware integration and testing: 硬件集成测试


