Other Industries Requiring Safety Solutions

In addition to the Automotive Industry, there are a number of other sectors for which Optima’s solutions may be applied. Each one of these industries has their own characteristics and requirements. Today Optima is focused on the fast moving automotive space, but will add solutions in other areas as they become relevant.

There is a range of safety standards for the various industries, as shown below. It can be seen that overarching standards such as IEC 61508 provide a base on which the other standards can build their own special requirements. The DO-254 aeronautical and aerospace standard has very specific and rigorous requirements, which has forced a different approach.

Aerospace and Defense

The DO-254 standard encompasses all aeronautical systems. This includes aircraft avionics of all sorts: commercial aircraft, defense aircraft, and space vehicles. The need for a safety standard in this area is obvious, and the way it is constructed demonstrates the adherence to safety issues of these sectors. The standard has similarities to ISO 26262, but with two important differences.

First, the aeronautical sector is slow moving in terms of competitive business differentiation. For example, adding new electronic systems for the pilots is unlikely to have a significant effect on aeronautical customers. In this case the airlines who are more interested in how they can transport more passengers at a lower cost. This slow progress limits the ability of companies to introduce any new technology before it is thoroughly vetted. And this includes fail-safe semiconductors. In fact, the most complex semiconductor used today is a relatively small FPGA.

Second, this sector in general has fewer concerns for constraints (e.g., space and power) in the aircraft. Thus, allowing for solutions for safety that are more costly but simpler to implement. For example, including two identical critical systems in an aircraft for Dual Modular Redundancy is often enough to meet the safety concerns if one system fails, but it requires duplication of a significant amount of electronic hardware. Note this is not true in some situations, such as satellites, but even here the importance of fail-safe operation often outweighs concerns of wasted hardware.

The DO-254 standard is process-oriented and is focused on the correct implementation of avionic systems. Much like the automotive ISO 26262 Systematic Verification flow, emphasis is placed on the correct specification and implementation of requirements. There is limited scope today for random failures, as these are considered covered by the DMR systems used. However, as aircraft take advantage of more complex devices and the defense sector adds greater complexity, fail-safe devices will become included and the same requirements driven by ISO 26262 will become apparent in this industry as well. Optima is ready to help.

It should also be noted that security is a significant concern for this sector. While this is not the same as designing for safety, there is an overlap in some of the techniques. Indeed it might be security concerns that drive this sector to pay more attention to new design techniques.

Industrial Process Control and Machine Tooling

The IEC 61511 standard is most concerned with industrial controls. This standard is focused primarily on the instrumentation used for a range of industrial controls in manufacturing. For instance, the chemical industry, etc., but not the nuclear power generation sector. It covers instrumentation and also programmable devices, and it is most concerned with setting metrics for Safety Instrumented Systems (SIS).

The standard covers the safety of these devices through the entire life cycle, from design through to decommissioning, with all of the maintenance processes in between. Similarly to the other standards, a hazard risk level is established which sets the goals for specific SISs. The SISs are monitored to ensure they continue to meet the required metrics through the entire life cycle.

Nuclear Power Generation

The Nuclear Power Generation industry has a range of standards that govern all facets of these power plants, for obvious reasons. The IEC 61513 and IEC 62138 govern the electronic systems used in these plants, referred to in the standards as the Instrumentation and Control (I&C) systems. While these standards still have a basis of IEC 61508, which directs the design requirements and implementation process, they add a significant amount of fail-safe amendments necessary given the importance of safety in this industry.

A significant level of redundancy is built into all of the electronic and mechanical systems in a plant, such that the failure of one will not affect the others. The potential of environmental effects creating operational errors are significant and dictate the use of specialized rad hard components as well as a high degree of component redundancy.

From an electronic design point of view, both Systematic and Random failure modes are important to consider. But they are often handled using Triple Modular Redundant (TMR) systems.  The industry does use advanced tools, such as formal verification, in the design of the FPGAs used in the instrumentation systems along with specialized devices specifically designed to not fail in the event of a catastrophic failure. Fault simulation could be seen as a further fail safe enhancement in this industry.

Medical Devices

Medical devices must also be certified for safety and although governmental organizations (such as the FDA in the USA) regulate these devices. They make use primarily of two standards for their metrics. ISO 13485 specifies the safety and design of medical devices of all sorts from pacemakers to MRI machines. IEC 60601 specifies the safety and effectiveness of medical equipment such as MRI and XRAY machines, medical lasers, etc. Other standards also exist for various safety aspects of these electronic devices.

In general, the focus of the medical devices standards is ensuring they will not harm the patient. For implanted devices, such as pacemakers, although the electronics is relatively simple, their reliability is paramount. Medical diagnosis equipment safety focuses on the dosage delivered by the related device (e.g., XRAY radiation).

Railway and Mass Transit Transportation

Standards are required for either onboard or track/road-side usage, and both are governed primarily by EN 50128. Onboard devices for controlling everything from speed controls, driver assist, door controls, etc., must all pass rigorous certification. Trackside or roadside controls include primarily signaling equipment and points or junction control. And as road and rail systems increase in complexity with more trains per track, safety solutions follow these trends.

Similarly to the aeronautical sector, the mass transportation area is less aggressive than the automotive space. However, safety standards must keep pace with increasing populations, particularly in urban areas, which have a direct influence on the capacity of mass transport. Although TMR is the primary safety mechanism used in this sector, engineers are watching other areas such as automotive. And they are feeding experiences into their plans. As such, more advanced testing will be required in this sector, and Optima is ready to assist.

3 out of 4 products from Optima Safety and Security Platform have received TUV Nord Certification for ISO 26262 ASIL-D Functional Safety Verification.