Safety of the Intended Functionality (SOTIF) is a safety process in the automotive industry that addresses unintended system behaviors in the absence of electronic faults. Electronic system malfunctions are addressed through industry’s functional safety process, ISO 26262. SOTIF on the other hand helps mitigate hazards that may arise when the driving conditions exceed the technology limitations of one or more system components or from certain human factor considerations, such as foreseeable system misuse or mode confusion.

The current approach applies a combination of analysis, simulation, test track, and on-road testing to identify unknown and potentially unsafe scenarios. This study supports the analytical part of this approach by developing a structured framework for deriving scenarios necessary for a SOTIF analysis. The scenarios derived through this framework could then be used to inform simulation and testing.

This paper provides a brief overview of the SOTIF process, describes the development of a framework for deriving scenarios, and presents preliminary results from applying this framework to a highly automated chauffeur system. The framework described in this paper could evolve over time as additional SOTIF-relevant parameters are identified.