Please choose your delivery country and your customer group
Autonomous vehicles and advanced driver assistance systems have functionality realized across numerous distributed systems that interact with a dynamic cyber-physical environment. This complexity raises the potential for emergent behaviours which are not intended for the system’s operational use. The need to analyze the intended functionality of these emergent behaviours for potential hazards, which may occur in absence of faults, are aspects of the ISO PAS 21448, Safety of the Intended Functionality (SOTIF) [1]. The Safety of the Intended Functionality or SOTIF is a framework for developing systems which are free from unreasonable risk due to the intended functionality or performance limitations of a system which is free from faults. This is meant to complement Functional Safety which is covered in ISO 26262 [2]. The major focus of SOTIF is to aid in the functional development of a system. The major areas are focused on analyzing the system as specified, verify that any known hazardous scenarios meet the expected behaviour, identify any hazardous scenarios which were previously not known, and iterate the functional design accordingly.This paper describes a methodology for applying SOTIF, within the context of the systems engineering pipeline, to facilitate higher levels of automated systems. By using an agile systems engineering framework, along with the System-Theoretic Process Analysis (STPA) method [3], system developers can identify potential hazards and identify previously unknown hazardous scenarios before system testing. This facilitates functional and technical improvements during the development process which can be traced back to the system design when using model based system engineering techniques. In addition, verification and validation results of the system can be fed into the analysis to aid in addressing technical limitations.