Dysfunctional Safety: Hidden Costs of Overengineering Safety

In the automotive industry, functional safety is more than a regulatory checkbox; it is the cornerstone of protecting lives and maintaining trust in technology. However, as systems grow more complex, so does the tendency to overengineer safety mechanisms.

This seemingly prudent approach can have unintended consequences: inflated costs, extended development timelines, and reduced agility in responding to market demands. This post offers strategies for achieving a balanced approach—one that ensures compliance and protects users without undermining innovation or efficiency.
 

What Does Overengineering Safety Look Like?

Overengineering safety occurs when teams go beyond what is necessary to achieve compliance and assurance. These practices often stem from fear of non-compliance, lack of clarity in standards, the belief that more safety is always better, or the practice of bottom-up engineering.

However, the result is frequently diminishing returns in safety performance relative to the resources invested. Here are some common examples.

1. Excessive Redundancy: Building multiple layers of fault tolerance that exceed the actual risk level or system needs. For example, teams may misinterpret vague language in standards and overdesign a system to meet a non-existent requirement, or they may respond to unlikely failure scenarios by adding layers of redundancy that complicate the design without significantly improving safety.
2. Over-Specifying Components: Insisting on higher performance metrics (e.g., ASIL-D certification) for components that could function effectively with lower requirements. Read the case study below to learn more about this hidden cost.
3. Endless Verification Loops: Iterating through unnecessary cycles of testing and documentation to achieve diminishing returns in safety assurance.
4. Bottom-Up Engineering: Using Annex D of ISO 26262 as a strict checklist, leading to an overemphasis on individual blocks rather than addressing system-level priorities.
    

The Hidden Costs of Overengineering

When resources are disproportionately allocated to low-risk areas, it diverts focus from critical functions. Additionally, excessive complexity in designs can create unforeseen bottlenecks, slowing development cycles and increasing maintenance challenges.

Overengineering safety can have ripple effects across the entire development lifecycle, and its costs go beyond mere budgetary strain. Some of the key effects include:

1. Longer Development Timelines: Adding unnecessary safety features or tests can delay time-to-market, which is especially detrimental in competitive markets like electric vehicles or autonomous driving.
2. Inflated Budget: Overengineering drives up costs through excessive resource allocation, more expensive components, and larger teams dedicated to redundant efforts.
3. Complexity and Maintainability: Overly complex safety solutions can make systems harder to debug, maintain, and upgrade, potentially introducing new risks.
4. Stifled Innovation: Redirecting resources to unnecessary safety measures can limit a company's ability to invest in groundbreaking technologies or customer-focused features.
    

Balancing Safety and Practicality

Achieving the right balance in functional safety requires a thoughtful approach. For example, if an EV battery management system were to focus excessively on an unlikely failure mode—such as the complete simultaneous failure of all temperature sensors—it might allocate excessive resources to address this rare scenario. This could divert attention from more likely and critical issues, such as gradual degradation of sensor accuracy

Below are some steps you can take to streamline safety efforts without compromising quality.

1. Understand the Standards
   • Familiarize yourself with ISO 26262 and other relevant standards to avoid misinterpreting requirements.
   • Leverage expert guidance to identify the minimum viable compliance efforts.
2. Risk-Based Prioritization
   • Focus safety efforts where they are most needed by systematically identifying potential hazards, analyzing their likelihood and impact, and prioritizing mitigation efforts based on the level of risk.

• Tailor safety measures to each system's unique context.

1. Proven-in-Use Arguments
   • Utilize field data and historical performance to reduce testing for components with demonstrated reliability.
   • Rely on Failure Mode Distribution analysis to streamline the verification process.
2. Invest in Tool Automation
   • Employ automated tools for safety analysis, testing, and documentation to save time and reduce manual errors.
   • Ensure tools are validated for compliance to reduce audit risks.
3. Collaborate Early and Often
   • Integrate safety teams into the design phase to prevent costly changes later in the process.
   • Foster communication between hardware, software, and system teams to align safety goals.
4. System Architecture Definition
   • System architecture is crucial for balancing safety and practicality. Its objective is to focus on the functional needs and how a combination of IP, components, and units fulfill the target requirements first.  Then by identifying failure modes and effects along with defining data flow the fewest safety mechanisms can be identified.

Case Study: Simplifying for Success

Consider a Tier 1 automotive supplier developing an electric vehicle control system. Initially, the team’s approach was to ensure ASIL-D compliance across every component, driven by the belief that this would guarantee the highest level of safety.

This method resulted in significant complexity and inflated costs, as even low-risk subsystems were overengineered. A detailed risk analysis revealed that certain subsystems could achieve equivalent safety at ASIL-B, without compromising overall system integrity.

By recalibrating their safety approach, the team:

• Reduced development costs by 20%
• Cut project timelines by six months, and
• Enhanced system maintainability, simplifying future upgrades

…all while maintaining compliance with safety standards to ensure quality and integrity. By shifting its perspective, the team not only achieved the appropriate safety benchmarks; they also positioned the supplier as a competitive player in the market.
 

Conclusion

Functional safety is non-negotiable in the automotive world, but overengineering safety can dilute its value. By focusing on clarity, risk-based decisions, and streamlined processes, companies can ensure that safety remains a value-add rather than a burden.

The next time you’re faced with a safety decision, ask yourself: Are we solving the right problem, or are we creating new ones by overcomplicating? Striking the right balance is the key to fostering innovation and efficiently delivering safe, reliable systems.