In this article, we show how to perform HAZOP and fault tree analyses at the software architectural level and describe our experiences with these analysis methods.
Table of contents
- Experiences with the HAZOP method at the software architectural level
- Experiences with the FTA method at the software architectural level
- Lessons learned
The new automotive safety standard ISO 26262 2nd Edition was approved at the end of 2018. Part 6 (Product development at the software level) contains a new informative appendix titled 'Appendix E – Application of safety analyses and analyses of dependent failures at the software architectural level'. The aim of safety analyses at the software architectural level is to examine and confirm the consistency of the assigned ASIL.
For an overview of possible safety analyses, refer, for example, to ISO/IEC 31010 'Risk management – Risk assessment techniques'. Among other things, this standard describes the bottom-up (inductive) HAZOP method and the top-down (deductive) fault tree analysis (FTA) method.