【免费】ISO21448预期功能安全_预期功能安全资源-CSDN文库

需积分: 0 6 浏览量更新于2023-03-06 1 收藏 11.92MB PDF 举报

ISO 21448，全称为“Road vehicles — Safety of the intended functionality”，是一个由国际标准化组织（ISO）制定的国际标准，旨在确保自动驾驶车辆和其他智能交通系统的预期功能安全性。这个标准是由ISO的TC 22（道路车辆技术委员会）下属的SC 32（车载信息、通信和通用系统）的WG 8（安全与网络安全）工作小组负责编制的。日本汽车工程师学会（JSAE）担任秘书处。该标准于2021年11月1日发布，并处于最终草案国际标准（FDIS）阶段，这意味着它还不是正式的ISO国际标准，可能会根据收到的反馈进行修改，因此不应作为国际标准引用。参与审查和评论的人员被邀请报告他们所知的任何相关专利权，并提供支持性文档。 ISO 21448的核心目标是定义和管理智能交通系统和自动驾驶汽车的安全预期功能，即确保这些系统在设计时就考虑到可能出现的各种情况，并能以安全的方式响应。这涉及到对系统行为的深入理解和预期，以防止因系统功能不当而导致的事故或危险情况。标准的制定考虑了各种潜在的风险，包括软件错误、硬件故障、系统交互、环境感知误差等。标准的内容可能包括以下几个方面： 1. **范围**：明确标准适用的范围，例如自动驾驶汽车、智能交通系统以及相关的硬件和软件组件。 2. **规范性参考**：列出本标准依赖的其他国际标准和技术文档，这些参考为确保功能安全提供了基础。 3. **术语和定义**：定义关键概念和术语，以便在整个标准中保持一致的理解。 4. **安全生命周期**：描述从设计、开发、测试到运行和维护整个过程中，如何管理和验证预期功能的安全性。 5. **风险评估**：规定如何识别、分析和评估潜在的风险，以确定安全需求。 6. **安全目标**：定义系统必须达到的安全目标，这些目标基于风险评估的结果。 7. **功能安全要求**：详细阐述系统应满足的特定功能安全要求，以防止意外行为。 8. **验证和确认**：规定如何验证系统是否符合标准要求，包括模拟测试、实地试验和系统审核。 9. **错误处理和故障模式**：规定系统如何识别和应对错误，以及如何设计以减少故障对安全的影响。 10. **用户交互和警告**：讨论如何设计有效的用户界面和警告系统，确保驾驶员或乘客理解系统状态并能做出适当的响应。通过实施ISO 21448，自动驾驶汽车行业能够建立一套统一的全球标准，以确保智能交通系统在复杂环境中能够实现预期的功能安全，保护乘客和公众的生命安全。这一标准对于推动自动驾驶技术的发展和广泛应用至关重要，同时也为监管机构提供了一套评估和监管自动驾驶安全性的框架。

ISO 21448:2021(E)

2021-11-01

ISO TC 22/SC 32/WG 8

Secretariat: JSAE

Road vehicles— Safety of the intended functionality

FDIS stage

Warning for WDs and CDs

This document is not an ISO International Standard. It is distributed for review and comment. It is subject to

change without notice and may not be referred to as an International Standard.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of

which they are aware and to provide supporting documentation.

ISO 21448:2021(E) 
ii  © ISO 2021 – All rights reserved 
© ISO 2021 
All  rights  reserved.  Unless  otherwise  specified,  no  part  of  this  publication  may  be  reproduced  or 
utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or 
posting on the internet or an intranet, without prior written permission. Permission can be requested 
from either ISO at the address below or ISO's member body in the country of the requester. 
ISO copyright office 
Case postale 56 • CH-1211 Geneva 20 
Tel.  + 41 22 749 01 11 
Fax  + 41 22 749 09 47 
E-mail  copyright@iso.org 
Web  www.iso.org 
Published in Switzerland. 
Contents 
Foreword .......................................................................................................................................................................... 6 
Introduction..................................................................................................................................................................... 7 
1  Scope ................................................................................................................................................................. 10 
2  Normative references ................................................................................................................................. 10 
3  Terms and definitions................................................................................................................................. 11 
4  Overview and organization of SOTIF activities ................................................................................. 20 
4.1  General ...................................................................................................................................................................... 20 
4.2  SOTIF principles .................................................................................................................................................... 21 
4.3  Use of this document ........................................................................................................................................... 26 
4.4  Management of SOTIF activities and supporting processes ............................................................... 28 
5  Specification and design ............................................................................................................................ 30 
5.1  Objectives................................................................................................................................................................. 30 
5.2  Specification of the functionality and considerations for the design .............................................. 30 
5.3  System design and architecture considerations ...................................................................................... 31 
5.4  Performance Insufficiencies and countermeasures considerations ............................................... 32 
5.5  Work products ....................................................................................................................................................... 34 
6  Identification and evaluation of hazards ............................................................................................. 34 
6.1  Objectives................................................................................................................................................................. 34 
6.2  General ...................................................................................................................................................................... 35 

ISO 21448:2021(E) 
© ISO 2021 – All rights reserved  iii 
3  Hazard identification .......................................................................................................................................... 35 
4  Risk evaluation ...................................................................................................................................................... 38 
5  Specification of acceptance criteria for the residual risk ..................................................................... 39 
6  Work products ....................................................................................................................................................... 41 
Identification  and  evaluation  of  potential  functional  insufficiencies  and  potential 
triggering conditions ................................................................................................................................................. 41 
1  Objectives................................................................................................................................................................. 41 
2  General ...................................................................................................................................................................... 41 
3  Analysis of potential functional insufficiencies and triggering conditions .................................. 41 
4  Estimation of the acceptability of the system's response to the triggering conditions........... 48 
5  Work products ....................................................................................................................................................... 49 
Functional modifications addressing SOTIF-related risks ............................................................ 49 
1  Objectives................................................................................................................................................................. 49 
2  General ...................................................................................................................................................................... 49 
3  Measures to improve the SOTIF ..................................................................................................................... 50 
4  Updating the input information for “Specification and design” ........................................................ 53 
5  Work Products ....................................................................................................................................................... 53 
Definition of the verification and validation strategy ..................................................................... 53 
1  Objectives................................................................................................................................................................. 53 
2  General ...................................................................................................................................................................... 53 
3  Specification of integration and testing ...................................................................................................... 55 
4  Work products ....................................................................................................................................................... 58 
Evaluation of known scenarios ............................................................................................................... 58 
1  Objectives................................................................................................................................................................. 58 
2  General ...................................................................................................................................................................... 58 
3  Sensing verification ............................................................................................................................................. 58 
4  Planning algorithm verification ...................................................................................................................... 59 
5  Actuation verification ......................................................................................................................................... 60 
6  Integrated system verification ........................................................................................................................ 61 
7  Evaluation of the residual risk due to known hazardous scenarios ................................................ 62 
8  Work products ....................................................................................................................................................... 63 
Evaluation of unknown scenarios .......................................................................................................... 63 
1  Objectives................................................................................................................................................................. 63 
2  General ...................................................................................................................................................................... 63 

ISO 21448:2021(E) 
iv  © ISO 2021 – All rights reserved 
11.3  Evaluation of residual risk due to unknown hazardous scenarios .................................................. 63 
11.4  Work products ....................................................................................................................................................... 65 
12  Evaluation of the achievement of the SOTIF ....................................................................................... 65 
12.1  Objectives................................................................................................................................................................. 65 
12.2  General ...................................................................................................................................................................... 66 
12.3  Methods and criteria for evaluating the SOTIF ........................................................................................ 66 
12.4  Recommendation for SOTIF release ............................................................................................................. 67 
12.5  Work products ....................................................................................................................................................... 68 
13  Operation phase activities ........................................................................................................................ 68 
13.1  Objectives................................................................................................................................................................. 68 
13.2  General ...................................................................................................................................................................... 68 
13.3  Topics for observation ....................................................................................................................................... 69 
13.4  SOTIF issue evaluation and resolution process ....................................................................................... 70 
13.5  Work products ....................................................................................................................................................... 71 
Annex A (informative) General guidance on SOTIF ....................................................................................... 72 
A.1  Examples of structuring the SOTIF argumentation with GSN ........................................................... 72 
A.2  Explanations regarding the interaction between functional safety according to the ISO 26262 
series and this document..................................................................................................................................................... 100 
A.3  Simplified SOTIF application examples ..................................................................................................... 110 
Annex B (informative)  Guidance on scenario and system analyses ..................................................... 113 
B.1  Method for deriving SOTIF misuse scenarios ......................................................................................... 113 
B.2  Example construction of scenario factors for SOTIF safety analysis method ........................... 117 
B.3  Examples of adaptation of safety analyses to identify and evaluate the potential triggering 
conditions and functional insufficiencies ..................................................................................................................... 122 
B.4  Applying STPA in the context of SOTIF for ADAS and automated vehicles ................................ 134 
Annex C (informative)  Guidance on SOTIF verification and validation .............................................. 139 
C.1  Purpose of the verification and validation strategy ............................................................................. 139 
C.2  Derivation of validation targets .................................................................................................................... 140 
C.3  Validation of SOTIF Applicable Systems ................................................................................................... 147 
C.4  Perception system verification and validation ....................................................................................... 150 
C.5  Guidance on scenario parameterization and sampling ...................................................................... 159 
C.6  Considerations for reducing validation testing...................................................................................... 167 
Annex D (informative)  Guidance on specific aspects of SOTIF............................................................... 173 
D.1  Guidance for driving policy specification ................................................................................................. 173 