Requirements for Safety-Critical Systems

The identification of existing safety functions of legacy systems, the determination of requirements for standard safety functions, and especially the development of innovative and resource-efficient new safety functions are key for the development of efficient and sustainable safety-relevant or safety-critical systems. For instance, it is not yet clear which functions of autonomous driving can be considered as reliability functions (intended functions) and which need to be considered as safety-critical functions, or both. In this case, it is obvious that tremendous economic, societal, and individual interests drive such safety-critical system developments and introductions. An example of an attempt to standardize parts of the verification and validation of automotive intended system functions is given by the Safety of the Intended Functionality standard ISO/PAS 21448, which is complementary to ISO 26262, itself an application standard of IEC 61508. Safety-related function development implementation even in standard situations needs approximately doubled resources when compared to standard developments. Therefore, it is important to identify sufficient, resource-efficient, economically, societally, and legally accepted safety functions. This includes to take advantage of any possible innovations to develop them. To this end, this chapter introduces properties (dimensions, aspects) of safety requirements. Several, mostly pairwise adjectives are listed with which safety requirements can be classified. Examples for safety function dimensions include active and passive; abstract and concrete; technical and non-technical; qualitative and quantitative; time-critical and not time-critical; static and dynamic; active and passive; pre-, during, and post-hazard event; cause and effect oriented; generating risk control or improving resilience; standardized and non-standardized; module and system specific; and intelligent and non-intelligent. Such safety functions might be very successful but not yet used, e.g., due to past technological gaps. Examples for safety requirements and classifications are provided. It is concluded which combinations of properties are likely to appear and which are not yet often used offering potentials for innovations.