Context is Key to Safety
Functional safety is paramount to product safety, and ISO standards 61508 and 26262 provide the framework for ensuring that safety-critical systems meet rigorous standards. Central to this framework is the concept of Safety Integrity Level (SIL)/Automotive Safety Integrity Level (ASIL), which quantifies the risk associated with potential hazards through a structured Hazard Analysis and Risk Assessment (HARA)/ (As Low as Reasonably Practical (ALARP). However, a widespread misconception persists that SIL/ASIL ratings are intrinsic to components and can be transferred across different applications without reevaluation. This misunderstanding, referred to within the industry as the ASIL inheritance fallacy, can lead to misaligned safety goals/top safety requirements, inefficient development cycles, and ultimately, a compromised safety case.
Figure 1: Showing low-risk and high-risk contexts
This blog aims to clarify the contextual nature of ASIL/SIL assignments and emphasize the critical role of early-stage customer engagement in shaping accurate and inclusive Functional Safety Context/ Safety Requirement Specification (SRS). By empowering customer-facing teams to gather comprehensive requirements upfront, organizations can better align safety goals and top-level safety requirements with real-world use cases, reduce rework, and build more robust safety cases. This aligns with the safety in loop approach, with the emphasis on iterative refinement during the concept phase.
ASIL/SIL Certification
ASIL/SIL is not a static label assigned to a component, but a dynamic classification derived from a specific use case of a functional context through Hazard Analysis and Risk Assessment (ISO 26262-HARA)/Hazard and Operability study (IEC61508-HAZOP). Misapplication of ASIL/SIL—such as assigning it to components without context—can lead to false confidence in safety coverage.
For example, assuming a sensor’s ASIL D rating in a braking system remains the same in an autonomous driving context ignores differences in exposure and controllability. Similarly, the same braking system used in agricultural vehicles may have a lower ASIL rating due to the associated risk. SIL/ASIL is based on the requirement, and ASIL A-D or SIL 1-4 is a level of rigor, not a check box.
Here’s another example of ADI - GMSL part under development. I am working as an FSM and will be certified specifically for the Camera application. If the OEM or customer wants to use the part for other sensor applications, such as Radar or Lidar, it must be reevaluated for this new use case.
Importance of Item Definition/System Definition
Industry studies have shown that up to 40% of safety case rework stems from incomplete or ambiguous item definitions during the concept phase. A well-defined item scope ensures that all relevant hazards are considered and that safety goals and top-level safety requirements, as outlined in the Safety Requirement Specification (SRS), are traceable and verifiable throughout the lifecycle. 51% of automotive recalls (NHTSA data study) originate from poorly defined system boundaries and Software/HW Design specification failures, reinforcing the need for clarity upfront.
Role of Customer-Facing Teams
Customer-facing teams such as the Field Engineering team or Business Development team are often the first to understand the operational context of a product. Yet, their insights are rarely integrated into early safety planning stages. Structured requirement gathering, as advocated by the V-Model+ framework, can reduce downstream safety issues by up to 30%. For software-defined vehicles, early collaboration with stakeholders on edge cases (e.g., sensor fusion for L3 autonomy/ human-machine interaction in warehouse automation, etc.) is critical to defining realistic exposure scenarios.
Building Better Safety Cases
Projects that incorporate customer requirements into the safety lifecycle from the outset report a 25% higher success rate in safety audits. This emphasizes the importance of moving from component-focused to use-case-based safety engineering. For example, ADI’s GMSL Deserializer’s vision-based safety case demonstrates how continuous customer feedback loops will refine hazard identification. It also shows the value of contextual ASIL calibration to include other sensor hazards based on new OEM requirements or use cases.
Read more from the Automotive FuSa blog series.