7FM techniques produce a concept design that promotes a solid and effective system design.  Clearly identify the vehicle level functions, their risks, and how they will be controlled.  Completely identify all objects which relate to the Hazard Analysis and Risk Assessment as well as their scenarios.  The hazards require sensors that can see obstacles/objects under all driving conditions.  Computational power is determined by the number of sensors, the maximum number of objects, and time/distance constraints.  The HARA assigns Automotive Safety Integrity Levels to each vehicle level function.  The top level software that directly produces these functions are all assigned their highest ASIL Risk (e.g. ASIL D if that is highest).  The Vehicle level functions and their risks are assigned Functional Safety Requirements.  The initial concept system design is created and ASIL decomposition is created.  This is the Safety Concept.  All concept functions are identified, their fault states are determined, and detection and safe states are planned.  A system design needs to have this clear information in order to efficiently create its top level system function design and its top level hardware system design.  This course focuses on ISO 26262 Part 3.  The goal is to produce mature concept level design that provides extremely clear guidance to the system level design.  The analysis covers SAE L1 through SAE L5 concepts.  An L4 concept design will be offered for conversation and learning purposes.

• Overview
• Important ISO 26262 Part 1 terms and definitions
• SAE L1 through L5 applications:
• The stability prediction model for L4-L5 applications
• Four levels of function growth and mastery
• The five functional safety response levels in relationship to minimum risk conditions.
• QM, ASIL A-ASIL D as standards requirements
• Safety of the intended function is the natural result of this process.
• Understanding the design domain and requirements SAE
• Designing for Functional Safety.  The Concept Design – ISO 26262 Part 3
• The domain and its vital role in creating a tractable design.
• The Item Definition
• Concept architecture from sensors to actuations and driver warning signals
• Defining the driving segments through the domain, which are allowed by the system.
• Collapsing segments into common segments that have the same technical solutions and risks/
• Vehicle level functions commanded by the ADAS/ADS solution.
• Domain driving segments, E/E vehicle commands, and the HARA
• Identifying the hazards (humans and the scenario)
• The Concept level 7FM FMEA
• Object/obstacle detection versus object recognition
• Hazards and sensors
• Object recognition functions and failure modes,
• Static, Dynamic, and Map relationships,
• Sensor Degradation
• Object attribute functions and failure modes
• Object tracking/vector functions and their failure modes,
• Object behavior and risks, and
• Object prediction
• Localization functions and their failure modes
• Motion Control and their failure modes
• Motion Planning and their failure modes
• Dynamic Control and Vehicle Control and their failure modes.
• Functional Safety Requirements and Functional Safety Concept
• The Safety Requirement table and the safety summary for every concept level function
• Planning the configuration and how the fault state map relates to the configuration and functions.