Fundamentals of SOTIF (ISO21448), related standards, and application to ensuring safety of automated driving functions

Understanding SOTIF and Its Importance

The Safety of the Intended Functionality, or SOTIF, is a vital concept in the realm of automated driving systems.
As vehicles become more advanced, ensuring the safety of their automated functions is paramount.
SOTIF aims to address potential hazards that aren’t caused by hardware failures, but by the vehicle’s intended functionality.
Understanding SOTIF is crucial to developing and implementing safe automated driving technologies.

Background of SOTIF

In the past, safety standards for automotive functions primarily focused on hardware issues, mechanical failures, or malfunctions in electronic components.
However, as the complexity of vehicle automation increases, new safety challenges arise.
Here, SOTIF enters the picture, focusing on scenarios where the intended function of a system may not achieve the desired safe state.

These scenarios may be due to the limitations of sensors, algorithms, or environmental conditions that the vehicle encounters.
The principal aim of SOTIF is to identify and mitigate safety risks that emerge from these functional insufficiencies without relating to any specific failures or system anomalies.

The ISO 21448 Standard

ISO 21448 is the international standard that specifically addresses SOTIF.
Published in 2019, it outlines a structured approach to identifying safety risks associated with the intended functionality of automated driving systems.

Key Aspects of ISO 21448

ISO 21448 extends the scope of traditional automotive safety standards.
It includes several critical processes:

1. **Scenario Identification and Analysis**:
– This involves identifying scenarios where the vehicle’s intended function might not perform safely.
– Scenarios may range from environmental changes to unexpected driver behavior.

2. **Risk Assessment**:
– Engineers must assess and categorize the risks associated with each scenario.
– Determining the probability and potential impact of risks is a crucial step.

3. **Validation and Verification**:
– The standard emphasizes the need for comprehensive testing.
– This includes both simulation-based exercises and real-world testing to ensure that all functions operate safely under various conditions.

4. **Monitoring and Feedback**:
– Continuous monitoring of system performance is essential for assessing ongoing compliance.
– Feedback mechanisms help in refining and improving the algorithms over time.

Related Standards and Their Relevance

While ISO 21448 specifically addresses SOTIF, other standards play a significant role in the broader context of automated driving safety.

ISO 26262

ISO 26262 deals primarily with functional safety of electrical and electronic systems within vehicles.
It focuses on preventing hazards due to system failures and establishes guidelines for designing, testing, and validating automotive systems.

Intersection and Integration

Both ISO 21448 and 26262 are crucial for ensuring comprehensive safety.
While ISO 26262 concerns failure prevention, ISO 21448 handles the challenges posed by system functionalities that might not behave as expected due to their limitations.
Effective integration of both standards helps create a robust safety framework.

Application in Ensuring Safety of Automated Driving Functions

Implementing SOTIF is not just a theoretical exercise; it’s a practical necessity for the deployment of automated driving systems.

Proactive Hazard Identification

By applying the methodologies outlined in ISO 21448, manufacturers can proactively identify hazards that may arise under different driving scenarios.
This proactive approach is fundamental to preventing accidents that stem from functional limitations rather than system failures.

Continuous Improvement of Systems

Automated driving technologies are under constant development.
Implementing SOTIF means setting up systems that allow for continuous improvement.
Through feedback loops and iterative testing, technologies are refined and optimized for greater safety.

Simulation and Real-World Testing

Both simulation and real-world testing are integral to SOTIF.
Simulations allow for safe testing of scenarios that would be impractical or risky in real life.
Meanwhile, real-world testing confirms that the vehicle’s systems perform safely in real traffic conditions.

Adapting to Diverse Environments

Automated vehicles must operate safely across varied environments, from busy urban streets to quiet rural roads.
SOTIF encourages consideration of diverse driving conditions during the development process, ensuring that automated functions are adaptable and resilient.

Conclusion

The SOTIF standard and ISO 21448 provide a comprehensive framework for ensuring the safety of automated driving functions.
As vehicles continue to evolve, the importance of addressing both functional safety and system reliability cannot be overstated.
By understanding and applying these standards, manufacturers can create safer, more reliable automated driving systems that can efficiently handle the complexities of modern transportation.