In safety-related systems in the area of a motor vehicle, a main computer is checked continuously with respect to maintaining safety requirement levels, e.g. of Class ASIL C, by a second computer. In this context, ASIL means Automotive Safety Integrity Level and Class C implies the maintenance of safety measures according to the ISO WD 26262 Standard for maintaining the controllability of safety-related systems of the motor vehicle.
In the embodiments, known in the prior art, for monitoring the safety of the main computer, all the communication can be blocked by the second computer so that a further external monitoring entity derives from this situation a faulty behavior of the main computer. In previous embodiments for monitoring the safety of the main computer, even the main computer itself can take the second computer, performing the safety monitoring, out of operation, for example via a reset line, by fault programming or by other errors. The prior art is reproduced in printed documents DE 10 2009 046 006 A1, WO 2007/090764 A1 and WO 2008/003547 A1, which are incorporated by reference.