iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/PAS 21448:2019

(Main)

Road vehicles — Safety of the intended functionality

Road vehicles — Safety of the intended functionality

The absence of unreasonable risk due to hazards resulting from functional insufficiencies of the intended functionality or by reasonably foreseeable misuse by persons is referred to as the Safety Of The Intended Functionality (SOTIF). This document provides guidance on the applicable design, verification and validation measures needed to achieve the SOTIF. This document does not apply to faults covered by the ISO 26262 series or to hazards directly caused by the system technology (e.g. eye damage from a laser sensor). This document is intended to be applied to intended functionality where proper situational awareness is critical to safety, and where that situational awareness is derived from complex sensors and processing algorithms; especially emergency intervention systems (e.g. emergency braking systems) and Advanced Driver Assistance Systems (ADAS) with levels 1 and 2 on the OICA/SAE standard J3016 automation scales. This edition of the document can be considered for higher levels of automation, however additional measures might be necessary. This document is not intended for functions of existing systems for which well-established and well-trusted design, verification and validation (V&V) measures exist at the time of publication (e.g. Dynamic Stability Control (DSC) systems, airbag, etc.). Some measures described in this document are applicable to innovative functions of such systems, if situational awareness derived from complex sensors and processing algorithms is part of the innovation. Intended use and reasonably foreseeable misuse are considered in combination with potentially hazardous system behaviour when identifying hazardous events. Reasonably foreseeable misuse, which could lead directly to potentially hazardous system behaviour, is also considered as a possible event that could directly trigger a SOTIF-related hazardous event. Intentional alteration to the system operation is considered feature abuse. Feature abuse is not in scope of this document.

Véhicules routiers - Sécurité de la fonction attendue

General Information

Status
Withdrawn
Publication Date
09-Jan-2019
ICS
43.040.10 - Electrical and electronic equipment
Technical Committee
ISO/TC 22/SC 32 - Electrical and electronic components and general system aspects
Drafting Committee
ISO/TC 22/SC 32/WG 8 - Functional safety
Current Stage
9599 - Withdrawal of International Standard
Start Date
30-Jun-2022
Completion Date
19-Apr-2025
Ref Project

Relations

Consolidated By
ISO 12870:2024 - Ophthalmic optics — Spectacle frames — Requirements and test methods
Effective Date
06-Jun-2022
Revised
ISO 21448:2022 - Road vehicles — Safety of the intended functionality
Effective Date
23-Apr-2020
ISO/PAS 21448:2019 - Road vehicles -- Safety of the intended functionalityISO/PAS 21448:2019 - Road vehicles -- Safety of the intended functionality
PreviousNext
Technical specification
ISO/PAS 21448:2019 - Road vehicles -- Safety of the intended functionality
English language
54 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


PUBLICLY ISO/PAS
AVAILABLE 21448
SPECIFICATION
First edition
2019-01
Road vehicles — Safety of the intended
functionality
Véhicules routiers - Sécurité de la fonction attendue
Reference number
©
ISO 2019
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Overview of this document’s activities in the development process .6
5 Functional and system specification (intended functionality content) .11
5.1 Objectives.11
5.2 Functional description .11
5.3 Consideration on system design and architecture .12
6 Identification and Evaluation of hazards caused by the intended functionality .13
6.1 Objectives.13
6.2 Hazard identification .14
6.3 Hazard analysis .15
6.4 Risk evaluation of the intended function .16
6.5 Specification of a validation target .16
7 Identification and Evaluation of triggering events .17
7.1 Objectives.17
7.2 Analysis of triggering events .17
7.2.1 Triggering events related to algorithms .17
7.2.2 Triggering events related to sensors and actuators .18
7.3 Acceptability of the triggering events .19
8 Functional modifications to reduce SOTIF related risks .19
8.1 Objectives.19
8.2 General .19
8.3 Measures to improve the SOTIF .20
8.4 Updating the system specification .22
9 Definition of the verification and validation strategy .22
9.1 Objectives.22
9.2 Planning and specification of integration and testing .23
10 Verification of the SOTIF (Area 2) .23
10.1 Objectives.23
10.2 Sensor verification .24
10.3 Decision algorithm verification .24
10.4 Actuation verification .25
10.5 Integrated system verification .25
11 Validation of the SOTIF (Area 3) .26
11.1 Objectives.26
11.2 Evaluation of residual risk .26
11.3 Validation test parameters.26
12 Methodology and criteria for SOTIF release .27
12.1 Objectives.27
12.2 Methodology for evaluating SOTIF for release .27
12.3 Criteria for SOTIF release .28
Annex A (informative) Examples of the application of SOTIF activities .30
Annex B (informative) Example for definition and validation of an acceptable false alarm
rate in AEB systems .33
Annex C (informative) Validation of SOTIF applicable systems .41
Annex D (informative) Automotive perception systems verification and validation.43
Annex E (informative) Method for deriving SOTIF misuse scenarios.46
Annex F (informative) Example construction of scenario for SOTIF safety analysis method .49
Annex G (informative) Implications for off-line training .52
Bibliography .54
iv © ISO 2019 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 22, Road vehicles, Subcommittee SC 32,
Electrical and electronic components and general system aspects.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
Introduction
The safety of road vehicles during their operation phase is of paramount concern for the road vehicles
industry. Recent years have seen a large increase in the number of advanced functionalities included
in vehicles. These rely on sensing, processing of complex algorithms and actuation implemented by
electrical and/or electronic (E/E) systems.
An acceptable level of safety for road vehicles requires the avoidance of unreasonable risk caused by
every hazard associated with the intended functionality and its implementation, especially those not
due to failures, e.g. due to performance limitations. ISO 26262-1 defines the vehicle safety as the absence
of unreasonable risks that arise from malfunctions of the E/E system. ISO 26262-3 specifies a Hazard
Analysis and Risk Assessment to determine vehicle level hazards. This evaluates the potential risks due
to malfunctioning behaviour of the item and enables the definition of top-level safety requirements,
i.e. the safety goals, necessary to mitigate the risks. The other parts of the ISO 26262 series provide
requirements and recommendations to avoid and control random hardware failures and systematic
failures that could violate safety goals.
For some systems, which rely on sensing the external or internal environment, there can be potentially
hazardous behaviour caused by the intended functionality or performance limitation of a system that is
free from the faults addressed in the ISO 26262 series. Examples of such limitations include:
— The inability of the function to correctly comprehend the situation and operate safely; this also
includes functions that use machine learning algorithms;
— Insufficient robustness of the function with respect to sensor input variations or diverse
environmenta
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO 11451-1:2025(Main)
Road vehicles — Vehicle test methods for electrical disturbances from narrowband radiated electromagnetic energy — Part 1: General principles and terminology

This document specifies general conditions, defines terms, gives practical guidelines and establishes the basic principles of the vehicle tests used in the ISO 11451 series, for determining the immunity of passenger cars and commercial vehicles to electrical disturbances from narrowband radiated electromagnetic energy, regardless of the vehicle propulsion system (e.g. spark-ignition engine, diesel engine, electric motor). The electromagnetic disturbances considered are limited to continuous narrowband electromagnetic fields. A wide frequency range (0,01 MHz to 18 000 MHz) is allowed for the immunity testing in the ISO 11451 series.

  • Standard
    39 pages
    English language
    sale 15% off
ISO
ISO/TR 17716:2025(Main)
Road vehicles — Electrical disturbances from narrowband radiated electromagnetic energy — Radiated immunity for V2X

This document describes the introduction of radiated immunity testing for the components and vehicles equipped with V2X communications. The link communication connection and V2X scenario simulation are considered to make the V2X functions and their communications operate normally during the immunity testing. Examples of monitoring are also discussed to show the electromagnetic interference reactions of the device with V2X under test. In addition, test hints are described to provide information on radiated immunity for V2X. Technical specifications are not within the scope of this document.

  • Technical report
    47 pages
    English language
    sale 15% off
ISO
ISO 11451-2:2025(Main)
Road vehicles — Vehicle test methods for electrical disturbances from narrowband radiated electromagnetic energy — Part 2: Off-vehicle radiation sources

This document specifies a method for testing the immunity of passenger cars and commercial vehicles to electrical disturbances from off-vehicle radiation sources, regardless of the vehicle propulsion system (e.g. spark ignition engine, diesel engine, electric motor). The electromagnetic disturbances considered are limited to continuous narrowband electromagnetic fields. While this document refers specifically to passenger cars and commercial vehicles, generalized as “vehicle(s)”, it can readily be applied to other types of vehicles. ISO 11451-1 specifies general test conditions, definitions, practical use, and basic principles of the test procedure. Function performance status classification guidelines for immunity to electromagnetic radiation from an off-vehicle radiation source are given in Annex A.

  • Standard
    42 pages
    English language
    sale 15% off
  • Standard
    42 pages
    English language
    sale 15% off
ISO
ISO 11452-1:2025(Main)
Road vehicles — Component test methods for electrical disturbances from narrowband radiated electromagnetic energy — Part 1: General principles and terminology

This document specifies general conditions, defines terms, gives practical guidelines, and establishes the basic principles of the component tests used in the other parts of the ISO 11452 series for determining the immunity of electronic components of passenger cars and commercial vehicles to electrical disturbances from narrowband radiated electromagnetic energy, regardless of the vehicle propulsion system (e.g. spark-ignition engine, diesel engine, electric motor). The electromagnetic disturbances considered are limited to continuous narrowband electromagnetic fields. A wide frequency range (d.c. and 15 Hz to 18 GHz) is allowed for the immunity testing of the components in the ISO 11452 series.

  • Standard
    47 pages
    English language
    sale 15% off
ISO
ISO 10924-1:2025(Main)
Road vehicles — Circuit breakers — Part 1: Definitions and general test requirements

This document defines terms and specifies general test requirements for circuit breakers for use in road vehicles with a nominal voltage of 12 V (DC), 24 V (DC), 48 V (DC) and 450 V (DC). This document is intended to be used in conjunction with ISO 10924-2, ISO 10924-3, ISO 10924-4 and ISO 10924-5. The numbering of its clauses corresponds to that of the document whose requirements are applicable, except where modified by requirements particular to this document. This document is not applicable to circuit breaker holders (electrical centres or fuse-holders) used in vehicles.

  • Standard
    19 pages
    English language
    sale 15% off
ISO
ISO 10924-2:2025(Main)
Road vehicles — Circuit breakers — Part 2: Guidance for users

This document provides guidance for the choice and application of automotive circuit breakers. It describes the various parameters that are taken into account when selecting circuit breakers.

  • Standard
    26 pages
    English language
    sale 15% off
ISO
ISO 10924-3:2025(Main)
Road vehicles — Circuit breakers — Part 3: Miniature circuit breakers with tabs (Blade type), Form CB11

This document specifies miniature circuit breakers with tabs (blade-type), Form CB11 for use in road vehicles. It establishes, for this circuit breaker form, the rated current, test procedures, performance requirements and dimensions. This document is intended to be used in conjunction with ISO 10924-1 and ISO 10924-2. The numbering of its clauses corresponds to that of ISO 10924-1, whose requirements are applicable, except where modified by requirements particular to this document. This document is applicable to circuit breakers with a rated voltage of 14 V and/or 28 V, a current rating of ≤30 A and a breaking capacity of 2 000 A intended for use in road vehicles with a nominal voltage of 12 V and/or 24 V. The circuit breakers are different in dimensions and functions, such as electric reset, automatic reset, manual reset and switchable. NOTE This type of circuit breaker is intended to be used in similar applications as miniature fuse-links according to ISO 8820-3. While the tab dimensions and current ratings can be the same, there can be differences in performance which the user of these products is advised to consider.

  • Standard
    11 pages
    English language
    sale 15% off
ISO
ISO 10924-4:2025(Main)
Road vehicles — Circuit breakers — Part 4: Medium circuit breakers with tabs (Blade type), Form CB15

This document specifies medium circuit breakers with tabs (blade type), Form CB15, for use in road vehicles. It establishes, for this circuit breaker form, the rated current, test procedures, performance requirements and dimensions. This document is intended to be used in conjunction with ISO 10924-1 and ISO 10924-2. The numbering of its clauses corresponds to that of ISO 10924-1, whose requirements are applicable, except where modified by requirements particular to this document. This document is applicable to circuit breakers with a rated voltage of 14 V (DC) or 28 V (DC) or 58 V (DC), a current rating of no greater than 40 A and a breaking capacity of 2 000 A, intended for use in road vehicles with a nominal voltage of 12 V (DC) or 24 V (DC) or 48 V (DC). The circuit breakers are different in dimensions and functions, such as electric reset, automatic reset, manual reset and switchable. NOTE This type of circuit breaker is intended to be used in applications such as medium fuse-links in accordance with ISO 8820-3. While the tab dimensions and current ratings can be the same, there can be differences in performance which the user of these products is advised to consider.

  • Standard
    13 pages
    English language
    sale 15% off
ISO
ISO 10924-5:2025(Main)
Road vehicles — Circuit breakers — Part 5: Circuit breakers with bolt with rated voltage of 450 V

This document specifies circuit breakers with a rated voltage of 450 V for use in road vehicles. It establishes, for this circuit breaker type, the rated current, test procedures, performance requirements and dimensions. This document is intended to be used in conjunction with ISO 10924-1 and with ISO 10924-2. The numbering of its clauses corresponds to that of ISO 10924-1 whose requirements are applicable, except where modified by requirements particular to this document. This document is applicable to circuit breakers with a rated voltage of 450 V (DC), a current rating of no greater than 300 A and a breaking capacity of 6 000 A.

  • Standard
    9 pages
    English language
    sale 15% off
ISO
ISO/PAS 8800:2024(Main)
Road vehicles — Safety and artificial intelligence

This document applies to safety-related systems that include one or more electrical and/or electronic (E/E) systems that use AI technology and that is installed in series production road vehicles, excluding mopeds. It does not address unique E/E systems in special vehicles, such as E/E systems designed for drivers with disabilities. This document addresses the risk of undesired safety-related behaviour at the vehicle level due to output insufficiencies, systematic errors and random hardware errors of AI elements within the vehicle. This includes interactions with AI elements that are not part of the vehicle itself but that can have a direct or indirect impact on vehicle safety. EXAMPLE 1 Examples of AI elements within the vehicle include the trained AI model and AI system. EXAMPLE 2 Direct impact on safety can be due to object detection by elements external to the vehicle. EXAMPLE 3 Indirect impact on safety can be due to field monitoring by elements external to the vehicle. The development of AI elements that are not part of the vehicle is not within the scope of this document. These elements can conform to domain-specific safety guidance. This document can be used as a reference where such domain-specific guidance does not exist. This document describes safety-related properties of AI systems that can be used to construct a convincing safety assurance claim for the absence of unreasonable risk. This document does not provide specific guidelines for software tools that use AI methods. This document focuses primarily on a subclass of AI methods defined as machine learning (ML). Although it covers the principles of established and well-understood classes of ML, it does not focus on the details of any specific AI methods e.g. deep neural networks.

  • Technical specification
    172 pages
    English language
    sale 15% off