A few weeks ago, I happened to find myself at a local car dealership. After much negotiating, my oldest son had somehow convinced me that he was ready to own his own car. So here we were looking at several used cars – was the decision going to be something sporty, or staid but sturdy? At the top of my list was reliability and safety. While I’m not overly protective, I wanted to make sure that the car would keep him safe and wouldn’t leave him stranded because of a breakdown; after all, he had only been driving for a few months. Long story short, we picked the Subaru because it came as part of the dealer’s pre-certified program (and was a manual, which I could have fun with). Having experience with several used cars in my past, I know that it is sometimes hard to tell from the surface and the specs how reliable the car is really going to be. Knowing that an experienced expert mechanic had spent the time to inspect the car thoroughly and ensure it was good enough to warranty gave me a lot of comfort. After I bought the car, I did take it to my local mechanic to give it a once over, but he was not very familiar with this Subaru and told me not to worry as the pre-certified program at this dealer was well known and reliable.
I know you are wondering how any of this has anything to do with functional safety. A few years ago when the ISO 26262 standard was newly introduced, we at TI decided to have the Hercules™ microcontrollers (MCUs) certified by an external assessment house for the simple reason that we believed having a “pre-certified” product would give our customers more confidence and lessen the burden of their certification work. If you are not familiar with ISO 26262, it is a standard for automotive passenger vehicle functional safety and specifies what is an acceptable failure rate (ASIL level) for a system based on the criteria of severity, exposure and controllability. Based on these criteria, it also prescribes a standard for how automotive systems must be developed to make sure all the appropriate checks and balances are put in place to avoid any “systematic” failures. Nearly all systems in the car today have some ASIL level associated with them.
Now going back to my car buying analogy the question one has to ask is — can someone without great familiarity with the innards of the complex MCUs in today’s vehicle really know with confidence that it meets their functional safety needs (the required ASIL level)? I’m not saying this is an impossible task, but it certainly is a difficult one. Building a robust, reliable and functionally safe system is difficult as it is; knowing that the components within that system have been built to a “pre-certified” standard will help considerably. As you build up your system level failure mode and effects analysis (FMEA) and start to break it down component by component, it helps if the failures in time (FIT) rate data are available for the component. It builds a lot of confidence if you know that this FIT rate data was checked by a certification expert and that the recommendations in the component safety manual have been reviewed and blessed by experts. Now you know if you follow the safety manual, your certification assessor will have an easier job.
For those customers to whom ISO 26262 is new, that’s another curve ball — what new collateral and evidence do they need to generate for certification? Well, you won’t need to generate this for any “pre-certified” component because that’s already been done! If your end system is going to be certified by a different assessor than the one we used for the certified Hercules TMS570LS12x/11x MCUs, they don’t need to become experts on the innards of the MCU as they know that someone credible has already looked at it and blessed it off. Just as if you took your pre-certified used car to your favorite mechanic, even when they are not familiar with the specific car, if they know that it was assessed by someone credible, they will feel a lot more confident that it meets the expected criteria!
Leave us a note and let us know—are you familiar with ISO 26262? How do you think a pre-certified component can help your product development and certification efforts?