Presentation is loading. Please wait.

Presentation is loading. Please wait.

Transmitted by the expert from ISO

Published by Modified over 5 years ago

Similar presentations

Presentation on theme: "Transmitted by the expert from ISO"— Presentation transcript:

1 Transmitted by the expert from ISO
Informal document GRVA-02-32 2nd GRVA, 28 January – 1 Februar 2019 Agenda item 5(a) The Safety of the Intended Functionality Report on ISO/TC22/SC32/WG8 activities Geneva, 31/01/ Nicolas Becker, ISO21448 project leader

2 Content Safety aspects of automated driving Motivation – What is the Safety of the Intended Functionality (SOTIF)? ISO/PAS status and activities Connection with Automated Driving (AD) regulatory activities Summary

3 Safety aspects for an automated driving system
The automated driving system is safe Other safety requirements (incl Cybersecurity, passive safety, etc) scScope of ISO/TC22/SC32/WG8 Its failures are adequately avoided or mitigated Its behaviour is adequate for the intended operation domain The ISO/TC22/SC32/WG8 deals with functional safety, ISO/PAS21448 complements the ISO26262 by addressing non-fault conditions. Other safety requirements are important but addressed in other working groups. ISO26262 : Functional Safety Hazard Analysis and Risk Assessment Design, Verification and Validation (V&V) requirements Safety management ISO/PAS : Safety of the Intended Functionality Scenario identification incl. Reasonably foreseeable misuses Functional improvements V&V strategy

4 SOTIF Example Automatic emergency braking feature : camera
unintended braking could be caused by limitations in perception system weather (rain/sun/fog) misinterpretation of image This is an example of a SOTIF-relevant functionality : a camera-based automatic emergency braking system, whose intention is to brake the vehicle in the case of an imminent crash. An unwanted braking can be a safety-relevant condition, as it can lead to a crash from a close tailing vehicle. This unwanted braking can be caused by an incorrect detection of the scene by the camera, called ‘triggering event’ in ISO PAS triggering events

5 The work on ISO 21448 started in 11/2018
Key Aspects of SOTIF ISO/PAS publication 01/2019 Focuses on driver assistance features with SAE automation levels 1 and 2 Covers potentially hazardous behavior under non-fault conditions Caused by technological or system limitations Includes evaluation of reasonably foreseeable misuse Provides guidance for design, verification and validation measures Issued as publicly available specification (PAS) (and not as an ISO standard) to enable fast publication Includes high-level requirements on the objectives to achieve in the SOTIF analyses, and informative guidance on how to achieve them The work on ISO started in 11/2018 Extension to higher levels of automation (up to Level 5) Significant interest in this work 18 countries 80 experts in Plenary featuring worldwide OEMs, Tier 1 and Tier 2 suppliers, and governmental institutes Publication targeted for 2022

6 Potentially hazardous Area 2 Identified system limitations Area 3
Categorization of real-life driving scenarios Known Unknown Safe Area 1 Nominal behavior Area 4 System robustness Potentially hazardous Area 2 Identified system limitations Area 3 “Black swans” ISO/PAS is based on a possible classification of every real-life driving scenario under two aspects : has it been identified by the development organization (known/unknown), and has it the ability to lead to harm (safe/potentially hazardous). This lead to four potential categories, with dedicated SOTIF activities. The following slides provide examples for these categories.

7 Potentially hazardous Area 2 Identified system limitations Area 3
Categorization of real-life driving scenarios Known Unknown Safe Area 1 Nominal behavior Area 4 System robustness Potentially hazardous Area 2 Identified system limitations Area 3 “Black swans”

8 Potentially hazardous Area 2 Area 3
Categorization of real-life driving scenarios Known Unknown Safe Area 1 Nominal behavior Area 4 System robustness Potentially hazardous Area 2 Area 3

9 Potentially hazardous Area 2 Identified system limitations Area 3
Categorization of real-life driving scenarios Known Unknown Safe Area 1 Nominal behavior Area 4 System robustness Potentially hazardous Area 2 Identified system limitations Area 3 “Black swans”

10 Potentially hazardous Area 2 Area 3
Categorization of real-life driving scenarios Known Unknown Safe Area 1 Nominal behavior Area 4 System robustness Potentially hazardous Area 2 Area 3 This illustrates a scenario that might not have been identified during development. Depending on the vehicle reaction, this could lead to an unsafe outcome and therefore be an Area 3 scenario.

11 Flowchart of SOTIF Activities (ISO/PAS 21448, Fig. 9)
The numbers in circle denote the ISO/PAS section related to this activity.

12 Potentially hazardous Area 2 Area 3
Verification and Validation activities Known Unknown Safe Area 1 Normal validation Area 4 Not applicable Potentially hazardous Area 2 V&V of the adequate behaviour of the system, incl. of the functional improvements Area 3 Qualitative and Quantitative evaluation of the residual scenarios

13 Residual scenarios evaluation – Quantitative approach for AREA 3
The ISO/PAS indicates that : A quantitative target is defined for the demonstration that the unknown/unsafe scenarios are sufficiently implausible, e.g. a maximum probability of incorrect behavior per hour. The PAS however does not specify normative quantitative target values This quantitative target considers applicable regulations, standards and relevant traffic statistics. The validation strategy shall provide demonstration that this target is met This quantitative approach is NOT a criteria that would allow to ignore a plausible potentially hazardous scenario : those must be addressed anyhow It is ONLY a criteria to claim sufficient validation coverage at the time of the beginning of customer activation of the functionality For a SAE level 1 or 2 functionality in the scope of the PAS, this leads to a validation strategy that is in the order of what a captured fleet can achieve For a SAE level 3+ functionality in the scope of the future ISO21448, the target derived through this approach are much more stringent., The validation will therefore require techniques in addition to the road tests, for instance a higher contribution of simulations. This is a primary topic for the future ISO21448. The procedure for the demonstration on how these targets are met is still a topic of discussion.

14 How can ISO21448 support AV regulation?
ISO will provide a consensus from the ISO experts on the framework to design and demonstrate the Safety of the Intended Functionality A first draft will be available for voting and commenting in 2020 It will describe an integrated, scenario-based approach, for the demonstration of the safety of the intended functionality, contributing to the safety evaluation of automated driving systems The approach to ensure the safety of the intended functionality combines several activities : Design–level analyses of the system, its performances and its operating environment Qualitative and quantitative evaluations V&V techniques based on simulation, tests in specified scenarios, and captured fleet in real driving to maximize coverage Quantitative justification of sufficient validation, derived from comparable human-driven behaviour It augments the ISO26262 guidance with non-fault conditions considerations.

15 Open discussion points
Requirements that should be confirmed in an AD regulation Overall framework for SOTIF demonstration Acceptance condition for the identified residual risks :Under which conditions of implausibility is a potentially potentially hazardous behavior acceptable? => Societal issue Acceptance condition for the end-of-validation milestone : is the proposed argument for sufficient validation acceptable? Demonstration of compliance to future AD regulation The intention of is to provide a demonstration framework to support the safety evaluation of an automated driving functionality What future connections between ISO and UN/ECE on the SOTIF? How to ensure a continued exchange of knowledge and information between the GRVA and the ISO committee?

Download ppt "Transmitted by the expert from ISO"

Similar presentations

1 Introduction to Safety Management April 2006. 2 Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.

1 Introduction to Safety Management April Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.
Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.

Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.
1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.

1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.
ToR of GEOSAF2 WG on Operational Safety Review of WG2.

ToR of GEOSAF2 WG on Operational Safety Review of WG2.
National Highway Traffic Safety Administration Electrical Safety William Joel Sánchez.

National Highway Traffic Safety Administration Electrical Safety William Joel Sánchez.
1 Development of California Regulations for the Testing and Operation of Automated Vehicles on Public Roads Steven E. Shladover, Sc.D.Ching-Yao Chan, Ph.D.

1 Development of California Regulations for the Testing and Operation of Automated Vehicles on Public Roads Steven E. Shladover, Sc.D.Ching-Yao Chan, Ph.D.
Legal issues addressed in the EU funded AdaptIVe project

Legal issues addressed in the EU funded AdaptIVe project
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR.

Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR.
Definition for Levels of Automation

Definition for Levels of Automation
S/W Project Management

S/W Project Management
Introduction to ISO 14000. International Organization for Standardization (ISO) n Worldwide federation of national standards bodies from over 100 countries,

Introduction to ISO International Organization for Standardization (ISO) n Worldwide federation of national standards bodies from over 100 countries,
GRPE 70th session PMP INFORMAL GROUP progress report TO GRPE

GRPE 70th session PMP INFORMAL GROUP progress report TO GRPE
General Safety Regulation ACEA discussion paper Renzo Cicilloni Director Safety Paris, 24-26 June 2009 AEBS/LDWS-01-11.

General Safety Regulation ACEA discussion paper Renzo Cicilloni Director Safety Paris, June 2009 AEBS/LDWS
The role of governance in self-assessment NATSPEC conference Sue Preece HMI March 24 2010.

The role of governance in self-assessment NATSPEC conference Sue Preece HMI March
BASIC PRINCIPLES IN OCCUPATIONAL HYGIENE Day 2. 5 - ASSESSMENT OF HEALTH RISKS.

BASIC PRINCIPLES IN OCCUPATIONAL HYGIENE Day ASSESSMENT OF HEALTH RISKS.
© 2011 Underwriters Laboratories Inc. All rights reserved. This document may not be reproduced or distributed without authorization. ASSET Safety Management.

© 2011 Underwriters Laboratories Inc. All rights reserved. This document may not be reproduced or distributed without authorization. ASSET Safety Management.
Human Factors (HF) - Assessment Method 2003. Agenda What is Human Factors? Why do we need HF-Assessment Method ? What is the HF-Assessment Method ? Why.

Human Factors (HF) - Assessment Method Agenda What is Human Factors? Why do we need HF-Assessment Method ? What is the HF-Assessment Method ? Why.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the Preface to the Standards on Internal.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
1 FRENCH PROPOSAL FOR ESARR6 1 - BACKGROUND - 15/02/00 : Kick-off meeting, Presentation of the CAA/SRG input (SW01), Request from the chairman to comment.

1 FRENCH PROPOSAL FOR ESARR6 1 - BACKGROUND - 15/02/00 : Kick-off meeting, Presentation of the CAA/SRG input (SW01), Request from the chairman to comment.
NCHRP Project 22-24 Development of Verification and Validation Procedures for Computer Simulation use in Roadside Safety Applications SURVEY OF PRACTITIONERS.

NCHRP Project Development of Verification and Validation Procedures for Computer Simulation use in Roadside Safety Applications SURVEY OF PRACTITIONERS.

Similar presentations

Ads by Google