[SystemSafety] Fwd: Rethinking Safety and Security/11 PCB Layout Myths
David MENTRÉ
dmentre at linux-france.org
Thu Dec 8 09:19:36 CET 2016
Hello,
On 12/08/2016 06:35 AM, Peter Bernard Ladkin wrote:
> Wong makes the common mistake of formulating equivalence between "levels", here the Design Assurance
> Levels (DAL) of avionics with the Automotive Safety Integrity Levels (ASILs) of ISO 26262.
I would make the same mistake.
> DALs are criticality levels. How critical something is to the operation of the system, and therefore
> what level of assurance to which it should be subject.
>
> A SIL is a reliability requirement on a safety function. A safety function is something whose action
> reduces an unacceptable risk of a specific hazard to an acceptable risk. It operates as designed
> only if the reliability requirement set by the SIL is fulfilled.
>
> In principle, all safety functions have the same criticality: they are all critical, period. So, one
> criticality level, rather than the five of ED-12C.
[disclaimer: I never looked at ED-12C / DO-178C text.]
So all SIL A to D of ISO 26262 would correspond to one DAL of EC-12C?
Which one? DAL A?
If this the case, why make the difference between several "sub-DAL-As"
in ISO 26262?
From my software engineering point of view, ISO 26262 SILs and
EC-12C/DO-128C DALs are the amount of work to reach a certain level of
quality of the software, and in that sense are similar.
Best regards,
D. Mentré
More information about the systemsafety
mailing list