ASIL is the automotive industry’s analog of SIL, defined by ISO 26262, the functional safety standard for road vehicles. It is not an IEC 61511 term. IEC 61511 governs safety instrumented systems in the process industries, while ASIL applies to the electrical and electronic systems in cars. If you work in process safety you will still get asked about the cross-walk, so it is worth knowing where the two line up and where they do not.
ISO 26262 ranks each safety goal on a scale of rigor, from ASIL A (lowest) to ASIL D (highest), plus a QM (quality management) level for hazards that carry no safety requirement. The examples below are illustrative; a given function’s real level always comes from its own hazard analysis:
- ASIL A — lowest integrity, for faults with limited harm potential, such as the rear tail lights going out.
- ASIL B — for faults that are more serious or harder for the driver to handle, such as brake lights or headlights failing.
- ASIL C — for higher-risk functions where a failure is serious but still partly controllable, such as adaptive cruise control.
- ASIL D — highest integrity, for faults that can directly cause severe harm, such as airbag deployment, anti-lock braking, or electric power steering.
Which level applies is decided by scoring three independent parameters during the hazard analysis and are combined in a table:
- Severity (S0 to S3): how serious the harm is if the hazard occurs, from no injuries (S0) to life-threatening or fatal injuries (S3).
- Exposure (E0 to E4): how often the vehicle is in the operating situation where the hazard applies, from incredibly unlikely (E0) to high probability (E4).
- Controllability (C0 to C3): how readily the driver can act to avoid the harm, from generally controllable (C0) to difficult or impossible to control (C3).
Key Points
- ASIL is the ISO 26262 (automotive) counterpart to SIL, running from A (least rigor) to D (most), with QM meaning no safety requirement applies.
- The level is set by three scored parameters: severity, exposure, and controllability.
- Those three scores combine through an ISO 26262 lookup table to assign the ASIL — it is not derived from a risk reduction factor the way a target SIL is.
Example
An electric power steering hazard analysis rates an unintended steering input as S3 (life-threatening injuries), E4 (high probability of exposure), and C3 (difficult to control). Under the ISO 26262 lookup table that combination classifies the safety goal as ASIL D, the most demanding level in the automotive scheme.
See Also: SIL, target SIL, risk graph
Cited Sources
- ISO 26262-1:2018, Road vehicles — Functional safety — Part 1: Vocabulary
- ISO 26262-3:2018, Road vehicles — Functional safety — Part 3: Concept phase (ASIL determination)