This document is a Safety Analysis Report for the Texas Instruments TPS3704x-Q1. Device numbers covered by this Safety Analysis Report include the products as shown in the device naming convention. For non automotive grade parts remove the -Q1 from the part number:

The following information is documented in the Device Safety Manual, and will not be repeated in this document. This document will be referred to as the Safety Manual through the remainder of this document.

• An overview of the superset product architecture
• An overview of the development process utilized to reduce systematic failures
• An overview of the safety architecture for management of random failures
• The details of architecture partitions and implemented safety mechanisms

The following information is documented in the Safety Report (or certificate), and will not be repeated in this document:

• Results of assessments of compliance to targeted standards

The user of this document should have a general familiarity with the TPS3704x-Q1. This document is intended to be used in conjunction with the pertinent data sheets, technical reference manuals, and other documentation for the products under development.

The following functional safety analyses are described in this document:

• Hardware component FMEDA (Failure Modes Effects and Diagnostics Analysis) - The complete FMEDA is provided as a separate Excel document. Quantitative Functional Safety Analysis Report Windsor_rev1. The assumptions made in the FMEDA and the settings for tailoring the FMEDA to a specific application are described in this document.

This section describes the device FMEDA, the assumptions made within, the options for tailoring, and provides an example calculation of device functional safety metrics.

In order to conduct quantitative failure analysis, estimates of the random failure rates for the components that will be considered in the analysis must be generated. There are many different models and techniques that can be used for failure rate estimation. Neither IEC 61508 nor ISO 26262 mandate the use of a particular failure estimation methodology. Estimation methods commonly used include:

• IEC/TR 62380:2004, "Reliability Data Handbook - Universal Model for Reliability Prediction of Electronics, PCBs, and Equipment"
• Siemens Norm SN29500:2010, "Failure Rates of Components"
• IEC 61709:2017, "Electric components - Reliability - Reference conditions for failure rates and stress models for conversion"
• Supplier reliability data from similar products already in production and deployed under similar operating conditions
• Targeted studies and experiments that seek to induce failures on silicon under conditions that simulate accelerate lifespan (such as temperature, voltage, frequency, vibration, humidity, or radiation exposure).

Estimations of failure rate are often defined in terms of Failures In Time (FIT). TI's data respects FIT in terms of failures per 10^9 hours of operation, as is consistent with most handbooks. However, certain handbooks, such as those for military applications, may refer to FIT based on failures per 10^6 hours of operation. Take care when using such data to respect a common definition of FIT in all calculations.

In TI's experience, all of the models generate estimations of failure rate that are not consistent with failure rates which are observed and reported in the field or predicted based on data generated from targeted experiments. The models consistently predict higher failure rates than those observed in the field or predicted via targeted experiments. One possible reason for this discrepancy is that these standards consider reliability data that does not make a distinction between random and systematic failure. In both IEC 61508 and ISO 26262, the focus for quantitative analysis is on random failure rate. TI's data indicates that the vast majority of field failure issues seen in semiconductors are due to systematic failures, whether traced to semiconductor supplier, system integrator, or end user. TI has quality and reliability programs in place that constantly improve our products and processes to reduce these systematic failures.

The failure rates derived from SN29500 tend to be conservative as compared to TI product field failure rate data or TI accelerated lifetime testing. TI considers the IEC 61709 to be similar to the SN29500 and we refer to this model as the IEC 61709/SN29500 model in the FMEDA. The IEC/TR 62380, while still conservative, provides the closest match available to TI product data. Although this standard has been formally withdrawn, the equations have been incorporated inside ISO 26262-11:2018 section 4.6.2. As such, TI has used IEC/TR 62380 as the basis for our random failure rate estimation, augmented with data from targeted studies for failure modes not considered in the base model.

When considering failure rates for semiconductors, TI applies the following partition and methodology:

TI uses the IEC/TR 62380 model to estimate package FIT rate for the SOT-23 package used for this device. The IEC/TR 62380 package model is primarily concerned with wear-out due to thermal expansion between the package and the PCB. The model includes several variables that have been replaced with device-specific data when available, such as power consumption and package thermal characteristics. It is highly recommended that the user applies their own application mission profile in the 'Mission Profile Tailoring' tab as this has a large impact on the base package FIT rate. The automotive motor control profile is used as the default in TI's estimates.