[SystemSafety] Fwd: Rethinking Safety and Security/11 PCB Layout Myths

David MENTRÉ dmentre at linux-france.org
Thu Dec 8 09:19:36 CET 2016


Hello,

On 12/08/2016 06:35 AM, Peter Bernard Ladkin wrote:
> Wong makes the common mistake of formulating equivalence between "levels", here the Design Assurance
> Levels (DAL) of avionics with the Automotive Safety Integrity Levels (ASILs) of ISO 26262.

I would make the same mistake.

> DALs are criticality levels. How critical something is to the operation of the system, and therefore
> what level of assurance to which it should be subject.
>
> A SIL is a reliability requirement on a safety function. A safety function is something whose action
> reduces an unacceptable risk of a specific hazard to an acceptable risk. It operates as designed
> only if the reliability requirement set by the SIL is fulfilled.
>
> In principle, all safety functions have the same criticality: they are all critical, period. So, one
> criticality level, rather than the five of ED-12C.

[disclaimer: I never looked at ED-12C / DO-178C text.]

So all SIL A to D of ISO 26262 would correspond to one DAL of EC-12C? 
Which one? DAL A?

If this the case, why make the difference between several "sub-DAL-As" 
in ISO 26262?

 From my software engineering point of view, ISO 26262 SILs and 
EC-12C/DO-128C DALs are the amount of work to reach a certain level of 
quality of the software, and in that sense are similar.

Best regards,
D. Mentré


More information about the systemsafety mailing list