In the last blog (June 2017), I explained the principle of Freedom of Interference. The example used was based on the automotive industry and the ISO26262.
Now I would like to consider Freedom of Interference with respect to the industry sectors railway, aviation and automotive and share my industry experiences with you.
The following diagram shows Freedom of Interference without a relation to any functional safety standard. In the railway or automobile industry, the SIL or ASIL level of the less safety critical system is lower than the SIL level of the more safety critical system (e.g.: less safety critical: SIL1 / ASIL A, more safety critical: SIL 3 / ASIL D). In the aerospace industry, the DAL level of the less safety critical system is higher than that of the more safety critical system (e.g.: less safety critical system: DAL C, more safety critical system: DAL A).
Freedom of interference in the aerospace industry
The aerospace industry is the industry sector where Freedom of Interference is most consistently applied. If a design is present in which e.g. A DAL C system can impact a DAL A system, then it must be demonstrated that effective measures have been taken to ensure that the DAL A system can work properly at all times. Measures can be:
- Changes the system design so that no data and control flow is necessary between the DAL C and the DAL A system
- Execution of the two systems on different hardware, thus creating a hardware interface between the DAL C and DAL A system and checking the input data from the DAL C system within the DAL A system
- Verification of relevant parts of the DAL C system according to DAL A requirements
- Architectural software measures to ensure that the DAL A system always is aware of the quality of the delivered data by the DAL C system. This is particularly useful when the DAL C and DAL A systems are running on the same microprocessor.
One of these measures or a combination thereof is to be used. The effectiveness the measure needs to be demonstrated to the authorities.
Freedom of interference in the railway industry
In the railway industry, the assessor from the railway authority validates the effectiveness of the measures taken. This independent assessment by government authorities is common between railway and aerospace. In the automotive sector there is a different approach.
Also in the railway industry it is the goal to implemented systems with different SIL levels on different microprocessors, since this measure is considered as the most effective one. The effectiveness of the other measures is also similar compared to the aerospace industry.
Freedom of interference in the automotive industry
Compared to railway and aerospace industry, the implemented measurements with respect to Freedom of Interference, differ in the automotive industry significantly. Also there is no need for a proof of the measurements against a government authority. If a Tier 1 or 2 has to implement Freedom of Interference, a OEM audit is carried out. However, this can lead to conflicts of interest much faster compared to an audit by a governmental authority.
From my point of view, the automotive industry is more at the beginning of implementing measures with respect to Freedom of Interference in comparison to the other two industries. Many accept somehow plausible explanations as proof of sufficient independence of the systems. Explicit proof of Freedom of Interference, such as appropriate tests are made in some projects, but in general such a measure is seldom applied.
With regard to highly automated or autonomous driving, however, the topic is becoming increasingly important. The future will show what measures will fit best to demonstrate Freedom of Interference in the automotive sector.
ISO26262 makes “only” the statement that sufficient independence must be achieved.
I’ll be glad to help you also with any specific questions about your project. The HEICON Starter as well as the HEICON Consulting products are designed to solve such open points. Send an email to: info[at] heicon-ulm.de