ISO/PAS 21448:2019 道路车辆 预期功能的安全性
标准编号:ISO/PAS 21448:2019
中文名称:道路车辆 预期功能的安全性
英文名称:Road vehicles — Safety of the intended functionality
发布日期:2019-01
标准范围
由于预期功能的功能不足或可合理预见的人员误用而导致的危险,不存在不合理的风险,称为预期功能的安全(SOTIF)。本文件提供了实现SOTIF所需的适用设计、验证和确认措施的指南。本文件不适用于ISO 26262系列涵盖的故障,也不适用于系统技术直接造成的危害(例如激光传感器造成的眼睛损伤)。本文件旨在适用于预期功能,其中适当的态势感知对安全至关重要,且该态势感知源自复杂的传感器和处理算法;尤其是紧急干预系统(如紧急制动系统)和高级驾驶员辅助系统(ADAS),其等级为OICA/SAE标准J3016自动化等级的1级和2级。本版本的文件可用于更高级别的自动化,但可能需要采取其他措施。本文件不适用于现有系统的功能,这些系统在发布时已有完善且可靠的设计、验证和确认(V&V)措施(如动态稳定性控制(DSC)系统、安全气囊等)。如果来自复杂传感器和处理算法的态势感知是创新的一部分,则本文件中描述的一些措施适用于此类系统的创新功能。在识别危险事件时,将预期用途和合理可预见的误用与潜在的危险系统行为结合起来考虑。合理可预见的误用可能直接导致潜在的危险系统行为,也被视为可能直接触发SOTIF相关危险事件的事件。故意更改系统操作被视为功能滥用。功能滥用不在本文档的范围内。
The absence of unreasonable risk due to hazards resulting from functional insufficiencies of the intended functionality or by reasonably foreseeable misuse by persons is referred to as the Safety Of The Intended Functionality (SOTIF). This document provides guidance on the applicable design, verification and validation measures needed to achieve the SOTIF. This document does not apply to faults covered by the ISO 26262 series or to hazards directly caused by the system technology (e.g. eye damage from a laser sensor).This document is intended to be applied to intended functionality where proper situational awareness is critical to safety, and where that situational awareness is derived from complex sensors and processing algorithms; especially emergency intervention systems (e.g. emergency braking systems) and Advanced Driver Assistance Systems (ADAS) with levels 1 and 2 on the OICA/SAE standard J3016 automation scales. This edition of the document can be considered for higher levels of automation, however additional measures might be necessary. This document is not intended for functions of existing systems for which well-established and well-trusted design, verification and validation (V&V) measures exist at the time of publication (e.g. Dynamic Stability Control (DSC) systems, airbag, etc.). Some measures described in this document are applicable to innovative functions of such systems, if situational awareness derived from complex sensors and processing algorithms is part of the innovation.Intended use and reasonably foreseeable misuse are considered in combination with potentially hazardous system behaviour when identifying hazardous events.Reasonably foreseeable misuse, which could lead directly to potentially hazardous system behaviour, is also considered as a possible event that could directly trigger a SOTIF-related hazardous event.Intentional alteration to the system operation is considered feature abuse. Feature abuse is not in scope of this document.
标准预览图
