Partial Certs Complicate Auto Safety

Automotive safety assessment isn’t as simple as declaring an ASIL level. Some ASIL D certifications cover more than others. The details matter.

Bryon Moyer

Processors destined for automotive use undergo safety assessments to establish the kinds of systems for which they’re appropriate. Certificates attest to the assessment results, but the resulting certificates may not include information necessary to judge the scope of the safety evaluation. Certificates from different organizations may not be consistent. Even when coming from the same organization, certificates may read differently. No standard governs what the certificate should say or how it should be interpreted.

The ISO 26262 standard establishes a process for designing and verifying an automotive component and for assessing its safety. Certificates are helpful, but the standard doesn’t require them for constituent components. In theory, only the end-equipment designer must undergo a full safety evaluation, but that assessment requires data from suppliers up and down the supply chain.

That data can include development-process details, verification results, and failure metrics. Although the information is necessary when designing a safety-critical system, it’s too much when simply evaluating competing components before deciding which one to include in the system. A certificate can serve as a useful high-level summary of the safety assessment and its outcomes. Careful examination of a certificate, as well as a possible conversation with a processor supplier, is thus necessary to ensure a full understanding of what the certificate covers.