Interpreting ISO 26262 without ambiguity is not always easy. Suppliers and integrators can read some aspects differently, creating confusion. Which is a problem since ISO 26262 has become so much a part of any discussion on automotive electronics that it has gained almost biblical significance. Yet most of us, even suppliers to the market, understand at best only what they have read in the document. I had a fascinating discussion with Kurt Shuler (VP Marketing at Arteris-IP) on the background to and challenges in interpretation in the standard. Kurt is a member on the technical advisory group to ISO 26262 and is extensively involved in safety management. He also has to advise Arteris-IP customers in their implementation to the standard. Hence his much better than average insight on this topic.
The Origins of ISO 26262
Kurt started by talking about the origins of the standard, driven primarily by car and locomotive people, not electronics people. OEMs and Tier-1 people. Which is why semiconductor understanding in the first revision is not as deep as you might expect. It’s also a pretty hefty piece of work, almost 700 pages across 12 books. Those books were developed by multiple committees. Which means that, like the Bible, the standard sometimes contradicts itself. That makes for challenging conversations between suppliers and consumers in the value chain. Who is supposed to do what when you can’t agree on interpretation? To save his own sanity, Kurt developed a huge spreadsheet of notes to help him resolve confusion in customer debates.
The second edition of ISO 26262
The second edition of the standard cleaned up some issues. There were improvements in the main body of the document. They added a chapter 11 with guidelines and examples for semiconductors. But, as always, while some problems were fixed, some remained, and more were added. Kurt had to evolve his spreadsheet to incorporate the second edition changes. None of this should be a big surprise. Standards committees put a lot of work into putting out the best possible product. Experts build them, but they’re still fallible. They don’t have unbounded experience in all possible use-cases. Or in how others might interpret what they’ve written. There will always be problems and interpretation issues. For Kurt, these continue the work he has to put in to reaching agreement with clients on detailed interpretation.
Minding the gaps
The spreadsheet became kinda like his exegesis for the standard. A customer might say, “I read the standard. It says we have to do exactly this.” Kurt could check his spreadsheet and say, “Let me point you this statement part 11 where there’s an example. You should also look here in part 5, and this other section in part 10. When you look at those statements and examples together, this is why Arteris-IP has chosen this interpretation.” The customer would review these sections and most often agree.
Kurt’s been doing this for a long time with a lot of customers. He has developed significant insight into the mostly commonly shared interpretations across many of the details. Which is important not only to resolve ambiguities. It’s also important to manage tradeoffs, say between specific numeric targets on coverage and expert judgement. Do you need to hit or exceed the numeric target every time or can you get close, and rely on expert judgment to bridge the gap? That sort of question has to be answered by a collective of experts: Kurt, experienced semi companies, Tier-1s and OEMs. Kurt’s spreadsheet has grown and grown.
Experience over enthusiasm
We all want to step up to ISO 26262, to demonstrate that our products are fully compliant. Absolutely with the best of intentions. But in some domains, enthusiasm and hard work alone are not enough. Integrators expect you to follow the standard, but they also want you to know what problems they may encounter in their handoffs. At those gaps in the standard. They want to lean on the experience of a partners who has worked through many years on multiple programs with multiple clients. Knowing proven bridges across areas of ambiguity, knowing rationales for why you might choose one way or another. This is irreplaceable.
You can lean more about Arteris IP work in safety HERE.