1、PD ISO/PAS 19451-2:2016 Application of ISO 26262:2011-2012 to semiconductors Part 2: Application of hardware qualification BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06PD ISO/PAS 19451-2:2016 PUBLISHED DOCUMENT National foreword This Published Document is the UK
2、implementation of ISO/PAS 19451-2:2016. The UK participation in its preparation was entrusted to Technical Committee AUE/32, Electrical and electronic components and general system aspects (Road vehicles). A list of organizations represented on this committee can be obtained on request to its secret
3、ary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 89825 9 ICS 43.040.10 Compliance with a British Standard can
4、not confer immunity from legal obligations. This Published Document was published under the authority of the Standards Policy and Strategy Committee on 31 July 2016. Amendments issued since publication Date Text affectedPD ISO/PAS 19451-2:2016 ISO 2016 Application of ISO 26262:2011-2012 to semicondu
5、ctors Part 2: Application of hardware qualification Application de lISO 26262:2011-2012 aux semi-conducteurs Partie 2: Application de la qualification du matriel PUBLICLY AVAILABLE SPECIFICATION ISO/PAS 19451-2 First edition 2016-07-15 Reference number ISO/PAS 19451-2:2016(E)PD ISO/PAS 19451-2:2016I
6、SO/PAS 19451-2:2016(E)ii ISO 2016 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO 2016, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including
7、photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +
8、41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.orgPD ISO/PAS 19451-2:2016ISO/PAS 19451-2:2016(E)Foreword iv Introduction v 1 Scope . 1 2 Normative references 1 3 Terms and definitions . 1 4 Hardware qualification 1 5 How is “standard qualification” differentiated from ISO 26262 hardwa
9、re qualification? 1 5.1 Standard qualification 1 5.2 ISO 26262 hardware qualification . 2 6 Why is ISO 26262 hardware qualification applied? . 2 6.1 Hardware qualification as a method of design verification of allocated safety requirements 2 6.2 Hardware qualification as a method to justify the use
10、of components or parts which have not been developed according to ISO 26262 4 6.3 Hardware qualification as a method to enable robustness validation . 5 7 When is ISO 26262 hardware qualification applied? . 5 7.1 Considering ISO 26262-8, Table 6 5 7.2 Standard qualification 6 7.3 Hardware qualificat
11、ion according to ISO 26262 6 8 Challenges in application of ISO 26262 hardware qualification 7 8.1 Impact of complexity on hardware qualification 7 8.2 Impact of hardware part vs. hardware component taxonomy on hardware qualification 8 8.3 Conclusion . 9 Annex A (informative) Excerpts from an exampl
12、e standard qualification plan .10 Bibliography .11 ISO 2016 All rights reserved iii Contents PagePD ISO/PAS 19451-2:2016ISO/PAS 19451-2:2016(E) Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of pr
13、eparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, i
14、n liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/I
15、EC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2. www.iso.org/directives Attention is drawn to the possibility that
16、some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent decl
17、arations received. www.iso.org/patents Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about
18、 ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT), see the following URL: Foreword - Supplementary information The committee responsible for this document is ISO/TC 22, Road vehicles, Subcommittee SC 32, Electrical and electronic components and general system aspects. IS
19、O/PAS 19451 consists of the following parts, under the general title Road vehicles Application of ISO 26262:2011-2012 to semiconductors: Part 1: Application of concepts Part 2: Application of hardware qualificationiv ISO 2016 All rights reservedPD ISO/PAS 19451-2:2016ISO/PAS 19451-2:2016(E) Introduc
20、tion This document is an informative guideline which provides users of the ISO 26262 series of standards recommendations and best practices which can be utilized when applying ISO 26262 to semiconductor components and parts. This document was created by a group of industry experts including semicond
21、uctor developers, system developers, and vehicle manufacturers in order to clarify concerns seen after the initial release of the ISO 26262 series of standards and when possible to align on common interpretations of the standard. This document serves to augment the existing normative and informative
22、 guidance in the ISO 26262 series of standards. The approach is similar to that taken in writing ISO 26262-10:2012, Annex A, “ISO 26262 and microcontrollers,” with extension to additional types of semiconductor technologies and relevant topics. ISO 2016 All rights reserved vPD ISO/PAS 19451-2:2016PD
23、 ISO/PAS 19451-2:2016Application of ISO 26262:2011-2012 to semiconductors Part 2: Application of hardware qualification 1 Scope This document is applicable to developers who are evaluating the use of hardware qualification for semiconductor elements according to ISO 26262-8:2011, Clause 13. 2 Normat
24、ive references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) a
25、pplies. ISO 16750-1, Road vehicles Environmental conditions and testing for electrical and electronic equipment Part 1: General ISO 26262-1, Road vehicles Functional safety Part 1: Vocabulary ISO 26262-4, Road vehicles Functional safety Part 4: Product development at the system level ISO 26262-5:201
26、1, Road vehicles Functional safety Part 5: Product development at the hardware level ISO 26262-8:2011, Road vehicles Functional safety Part 8: Supporting processes 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO 26262-1 apply. 4 Hardware qualificatio
27、n Hardware qualification is a process in which it is determined if the hardware can fulfil the allocated requirements of a given design. There are multiple ways in which hardware qualification can be defined and applied. Unfortunately ISO 26262-1 does not include a formal definition of hardware qual
28、ification. Due to the variety of usages of the phrase “hardware qualification” there can be perceived ambiguity in ISO 26262-8:2011, Clause 13 dependent on the background of the reader. Throughout the remainder of this document the phrase “hardware qualification” is used to reference “Qualification
29、of Hardware Components” according to ISO 26262-8:2011, Clause 13. Activities used to qualify hardware for compliance to relevant automotive quality standards for safety related or non- safety related hardware components and parts are described as “standard qualification.” 5 How is “standard qualific
30、ation” differentiated from ISO 26262 hardware qualification? 5.1 Standard qualification ISO 26262-8:2011, Clause 13 does not specify a particular standard or set of standards which should be applied for standard qualification. Several examples are listed as understood to be relevant to current PUBLI
31、CLY AVAILABLE SPECIFICATION ISO/PAS 19451-2:2016(E) ISO 2016 All rights reserved 1PD ISO/PAS 19451-2:2016ISO/PAS 19451-2:2016(E) state of the art. The user of the standard should take care to ensure that any standard or set of standards to be applied for hardware qualification are considered state o
32、f the art at the time of development. ISO 16750-1 is one of the references suggested to carry out a standard qualification. It gives requirements to qualify suitability of a product for automotive applications. Tests proposed by ISO 16750-1 are meant to stress the product at the boundaries of an aut
33、omotive scenario to ensure its robustness in terms of e.g. temperature and voltage ranges. Qualification according to ISO 16750-1 is meant for generic automotive usage. AEC-Q100 7provides details of a number of accelerated test methods which could be applied to perform standard qualification. The ma
34、in AEC-Q100 document is supplemented by multiple annexes which each focus on a specific test method for accelerated testing of particular failure modes. The Automotive Electronics Council provides other standards focusing on discrete semiconductors (AEC-Q101 series) and passive components (AEC-Q200
35、series) which may be relevant dependent on the type of element under consideration. Annex A provides excerpts from an example standard qualification plan used by a supplier of semiconductors to the automotive market. Tests have been selected from a number of quality standards in order to demonstrate
36、 suitability for use in automotive applications. In this example qualification tests from AEC, JEDEC, and US military standards are referenced. Exact contents of a standard qualification plan will vary from supplier to supplier and should be based on testing of specific failure modes relevant to the
37、 type of circuitry implemented and the specific technology used. NOTE If experimental data from standard qualification is to be used as a source for failure rates in calculation of functional safety metrics according to ISO 26262-5:2011, 8.4.3 then appropriate failure mechanisms and sample sizes are
38、 considered. 5.2 ISO 26262 hardware qualification Qualification according to ISO 26262-8:2011, Clause 13 requires that a dedicated qualification argument (report) should be provided for the hardware component or part with respect to the allocated safety requirements. The qualification argument demon
39、strates that the applied analyses and tests provide sufficient evidence of compliance with the allocated safety requirement(s). The relevant failure modes and failure mode distributions are also included in order to evaluate the validity of the argument. Some results of standard qualification may sa
40、tisfy the requirements of the hardware qualification activity. A gap analysis could be performed to identify requirements of hardware qualification which are not satisfied by standard qualification. If no gap is identified, this analysis should be a sufficient argument to claim compliance with ISO 2
41、6262-8:2011, Clause 13. This is supported by ISO 26262-8:2011, 13.4.5. In some cases data generated from standard qualification activities can be used to provide failure rates and failure distributions for a part or component. If this approach is taken, it is done in accordance with ISO 26262-5:2011
42、, 8.4.3. If additional testing is used to develop failure rates for safety analysis the developer can consult a relevant industry publication such as the ZVEI or SAE Handbook of Robustness Validation of Semiconductor Devices in Automotive Applications 910for suggestions in the selection and applicat
43、ion of relevant tests. The qualification according to ISO 26262-8:2011, Clause 13 may also include verification and testing plans for the functional aspects of the hardware component and part. These verification activities are not always performed by the supplier, particularly in the case of COTS or
44、 SEooC parts or components. If performed, these activities are part of the qualification and safety case argumentation. 6 Why is ISO 26262 hardware qualification applied? 6.1 Hardware qualification as a method of design verification of allocated safety requirements As stated in the NOTE of ISO 26262
45、-4:2011, 7.4.5.2, hardware qualification according to ISO 26262-8:2011, Clause 13 may provide evidence of compliance to allocated safety requirements. 2 ISO 2016 All rights reservedPD ISO/PAS 19451-2:2016ISO/PAS 19451-2:2016(E) In this context the output of the hardware qualification activity can be
46、 used as an input to the item integration and test activity. ISO 26262-5:2011, 6.4.6 states that hardware qualification is an accepted method for design verification of the hardware of the item or element, including environmental conditions, specific operational environment, and component specific r
47、equirements. As stated in ISO 26262-5:2011, 10.2, hardware qualification and associated testing is not the same as hardware integration and testing. As both ISO 26262-5:2011, Clause 10 and ISO 26262-4:2011, Clause 8 have as an objective to ensure by testing the compliance of the developed hardware a
48、nd integrated elements with the (allocated) safety requirements, qualification is an alternative or specific means to testing. It can be used for hardware components and parts lower in the design hierarchy and in cases where it can be a sufficient means to provide evidence of the compliance to the a
49、llocated safety requirements, while further integration tests may be needed at higher levels in the design hierarchy. Figure 1 illustrates how hardware qualification interacts with other verification activities in the context of ISO 26262. According to ISO 26262-5:2011, 6.4.6 there are multiple options to provide design verification, including by hardware qualification (see ISO 26262-8:2011, Clause 13) and by hardware integration and testing (see ISO 26262-5:2011, Clause 10). The planning of the verification activity is
