Applied FuSa cover

Applied FuSa

The Podcast for Functional Safety Pragmatists
Since 07/2025 10 episodes

Impact Analysis

2025-10-21 7 min Season 1 Episode 8

Description & Show Notes

According to ISO 26262, an impact analysis must be performed at the beginning of a project to identify work products that can be tailored, provided the project is based on a predecessor project. Differences between the two projects are assessed with respect to the following three categories:

  • Changed requirements;
  • Revised design; and
  • New integration environment.

In this episode, we will not only introduce the method itself, but also explain why an impact analysis makes sense not just at the beginning of a project.

Transcript

Hello and welcome to another episode of “Applied FuSa,” a podcast for FuSa pragmatists. According to ISO 26262, an impact analysis must be performed at the beginning of a project to identify work products that can be tailored, provided the project is based on a predecessor project. Differences between the two projects are assessed with respect to the following three categories: Changed requirements; revised design; new integration environment. In this episode, we will not only introduce the method itself, but also explain why an impact analysis makes sense not just at the beginning of a project.
Expert
00:00:40
Requirements for Impact Analysis are defined in ISO 26262, Part 2, Section 6.4.3. The aim is to evaluate at the beginning of a product development whether the product is a new development or whether the product or its integration environment has been modified compared to an existing product. If it is a new development, then all requirements of ISO 26262 must be applied. Otherwise, tailoring of requirements is possible depending on the type of modifications, which reduces development effort if requirements do not need to be implemented or work products can be reused. Modifications of the product are distinguished in two categories: 1) Modification of the requirements; and 2) modification of the implementation. The first case applies when functional requirements have been changed in such a way that a complete redevelopment is not necessary. For instance, when parts of a safety concept have been revised, such as safe states or fault tolerant time intervals. Examples of the second case include changes to the software, design changes to optimize costs, or when a supplier can no longer provide a component. The latter occurs relatively often with microcontrollers when a manufacturer launches a new generation on the market. A modified integration environment exists, for example, when the position of a sensor in the vehicle has been changed, when environmental conditions such as temperature or humidity have been expanded, or when a function is intended to be used at higher speeds or on different types of roads (for instance, not only on highways but also on rural roads or in urban areas). In all these cases, the impact analysis must determine: 1) What influence the modifications have on the functional safety of the product; and 2) which safety-related activities are required. Ultimately, it is about ensuring that a product, or parts of the product, can be reused under changed conditions. In this case, it must be checked whether and to what extent the product needs to be revised in order to continue to comply with ISO 26262. In other words: it must be ensured that functional safety is still fully achieved. Further requirements for an impact analysis are defined in Clause 6.4.4. This clause is titled Reuse of an existing element and is essentially a logical extension of the previous clause, except that the scope is reduced to a single element. Clause 6.4.3 applies to the entire item. Since an item usually consists of multiple elements, the requirements from Clause 6.4.4 must be applied to each element of the item that is intended to be reused. The only difference is that an impact analysis according to Clause 6.4.3 must always be performed when modifications exist, while Clause 6.4.4 applies when an element is to be reused. In a first step, however, it must also be checked whether there are any modifications that need to be considered. Therefore, the procedure is very similar — only the trigger for the activity is different. Example: In a follow-up project, the same application (for instance, the ADAS function Lane Keep Assist) is to be integrated. In this case, the following must be checked: 1) Has the operational context been modified, and does this result in modifications for the element? 2) Does the element (modified or not) still meet all safety requirements for the element? 3) Which safety-related activities are necessary to achieve functional safety for the element? This also includes re-evaluating previously made assumptions. 4) Is the existing documentation sufficient for integrating the element, or does it also need to be revised? It is obvious that all these activities required for an element are also necessary for the overall product. The only difference lies in the level of integration. In summary, whenever a product is not a new development, it must be carefully examined which elements of the product can be reused unchanged and which elements require revision. For this purpose, the mentioned modifications regarding the functional requirements of the product or the elements, as well as planned changes in the design or the integration environment, must be analyzed in detail. This may result in necessary safety-related activities. In the case that a product or element can be adopted completely unchanged, the impact analysis is still of great importance, as it provides the evidence that no modifications are necessary. This evidence is therefore an important element of the safety case and must be thoroughly checked for completeness and correctness in the final assessment. If individual elements can be adopted unchanged, this usually results in tailoring of safety-related activities, since for these elements and possibly also their integration into the overall system, some of the requirements from ISO 26262 do not have to be implemented. This often concerns, for instance, the safety analyses as well as verification measures. ISO 26262 defines corresponding requirements for this case in Part 2, Clause 6.4.5, titled Tailoring of the Safety Activities. These must be observed in any case. In summary, it can be said: An impact analysis of the product is necessary when the requirements for the product change, when the design of the product is to be modified, or when the integration environment has changed. An impact analysis for an element is necessary when the element is to be reused. In both cases, the necessary safety-related activities should be identified. For activities that do not need to be performed as a result of the analysis compared to a new development, the requirements for the tailoring of the safety activities apply.
Moderator
00:06:55
Applied FuSa – a podcast for Functional Safety pragmatists. Get your new piece of FuSa every other week.

Give us Feedback

Whether you'd like to give us general feedback on our Podcast or discuss a certain episode, this is the place to go. Just enter your message and select the specific episode. Thanks so much for reaching out to us!

By clicking on "Send message", you agree that we are allowed to process your contact information for the sole purpose of responding to your inquiry. The form processing is handled by our Podcast Hoster LetsCast.fm. You can find more information on their Privacy page.

★★★★★

Do you like this Show?
Give us five stars on Apple Podcasts

2025 - Wolfgang Freese

Hosted by LetsCast.fm
Create your own podcast