近年來，汽車電子產業開始發現系統失效的問題，一旦發生失效，就有可能導致乘客生命安 全受到威脅，而車輛廠商也將面臨官司賠償與商譽受損之巨大風險。為防止系統失效的發生，必 須有一套嚴謹且可靠的開發流程來讓系統開發工程師依循，因此車輛領域專家們開始著手發展車 輛領域之功能安全標準，ISO-26262便在此環境與需求下應運而生。在ISO-26262標準中，以功能 安全管理（Mrcrgfmfce of a〇creCocrt saffty)、汽車產品設計開發的安全生命週期（Saffty tiffoyrtf) 及分析定義汽車安全完整性等級(AoeomoeCvf Saffty IctegrCty Lfvft, ASIL)為主要規範。此標準以 項目定義及風險分析來評估系統所需達到之ASIL安全等級目標。本文將介紹ISO-26262標準所規 範的系統功能安全發展概念，並以一個微控制器分析案例來展示ISO-26262在實際設計上的應用。

Nowadays, failures due to design flaws are more and more significant for the vehicular electronic system. Effect of such failures could cause pedestrians injured or even life -threatened. Hence vehicular electronic system vendors would face the risks such as huge amount of recall and compensation. The business reputation could also be negatively affected. Therefore, a rigorously formalized system development flow becomes necessary so that developers can follow for failure avoidance and that’s why experts in automotive filed establish the functional safety standards specialized for vehicular electronics, termed ISO-26262. In ISO-26262 standard, three primary topics, Management of Functional Safety, Safety Lifecycle, Automotive Safety Integrity Level, ASIL, are involved. The ASIL is determined by system developers according to the Hazard Analysis and Risk Assessment (HARA) results. In this article, we will try to give the sketch of ISO-26262 standard, and explain how to develop a system with functional safety consideration. Lastly, we will take a MCU as the case study to demonstrate the application of ISO-26262 standard.