The Quantitative Risk Norm - A Proposed Tailoring of HARA for ADS

One of the major challenges of automated drivingsystems (ADS) is showing that they drive safely. Key to ensuringsafety is eliciting a complete set of top-level safety requirements(safety goals). This is typically done with an activity called hazardanalysis and risk assessment (HARA). In this paper we argue thatthe HARA of ISO 26262:2018 is not directly suitable for an ADS,both because the number of relevant operational situations maybe vast, and because the ability of the ADS to make decisionsin order to reduce risks will affect the analysis of exposure andhazards. Instead we propose a tailoring using a quantitative risknorm (QRN) with consequence classes, where each class has alimit for the frequency within which the consequences may occur.Incident types are then defined and assigned to the consequenceclasses; the requirements prescribing the limits of these incidenttypes are used as safety goals to fulfil in the implementation.The main benefits of the QRN approach are the ability to showcompleteness of safety goals, and make sure that the safetystrategy is not limited by safety goals which are not formulatedin a way suitable for an ADS.
ESPLANADE