Hazard analysis is an essential activity in the development lifecycle of any safety-critical system. Different industries have their own standards to regulate and standardize their development practices. The introduction of automotive standard ISO 26262 has garnered a lot of interest and the industry is moving towards following ISO 26262 compliant processes. Although the standard suggests using traditional hazard analysis techniques to identify hazards and to perform safety analyses, a

more »

... e review shows the limitations of these techniques to handle the increased complexity of modern vehicles, caused by the growing number of features added to them. Systems-Theoretic Process Analysis (STPA), a relatively novel hazard analysis technique, promises to overcome some of these limitations. However, STPA is not referred to in ISO 26262. In this thesis, we analyze how STPA can help satisfy the requirements of hazard analysis and risk assessment defined in Part 3 of ISO 26262. We also provide an excerpt of our approach of applying STPA as per the concept phase of ISO 26262 on an automotive subsystem, a Battery Management System. One of the main challenges faced by manufacturers is the difference in the terminologies used in the techniques and the standard. To combat this, we provide a detailed comparison of the primary terms used in STPA and ISO 26262, and also compare their foundaiii tions. Since most users are familiar with traditional hazard analysis techniques, we also provide a high-level mapping between the outputs of the automotive version of Failure Modes and Effects Analysis (FMEA), Seven Failure Modes FMEA (a variant of FMEA), and STPA. In conclusion, we determined that STPA can be used in an ISO 26262 compliant manner and also provided guidelines to fulfill any gaps identified. It is important to note that we did not have to modify STPA but only augment it to achieve this. iv