SOTIF is defined as the absence of unreasonable risk due to hazards resulting from functional insufficiencies of the intended functionality or by reasonably foreseeable misuse by persons. Ansys medini analyze supports SOTIF as extension to functional safety with a number of features outlined in this section. Even though the standard ISO/PAS 21448 is defined for Automotive, these concepts and analysis are also available for other safety domains.
In addition to the concept of failures, the data models supports the following two concepts:
Limitations: all design weaknesses such as performance limitations, sensor and control algorithm limitations, and other insufficiencies of the design can be explicitely modelled using Limitations. Limitations can be attached to SysML model elements such as functions, components, or characteristics or simply organized in collections.
Triggering Conditions: all external conditions (mostly operational and environmental) leading to a limitation or a failure can be expressed using Triggering Conditions. For now, triggering conditions can be thought of as enablers of limitations, so that a limitation really becomes critical if a triggering condition is present.
Both new concepts can be used in the tool in conjunction with the safety and security analyses. For example, a guideword analysis can be used to identify potential limitations similar to a HAZOP for failures. A dedicated System Weakness Analysis (SWA) editor is available to focus the analysis on identification of limitations. Subsequent FMEA and FTA can reference limitations and triggering conditions as causes/events for a potential failure.
Note: since the SOTIF PAS is under revision to become eventually an ISO standard, you can expect feature extensions and more concepts for SOTIF in future.