This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
ISO 26262: Absence of unreasonable risk due to hazards caused by malfunctioning behavior of E/E systems
IEC 61508: Part of the overall safety related to the equipment under control (EUC) that depends on the correct functioning of the safety-related system
Copyright exida LLC ® 2000-2012
Why Functional Safety Standards?
BECAUSE…
Copyright exida LLC ® 2000-2012
Why Functional Safety?
BECAUSE…
ELECTRONICS CAN FAIL !!!
Are you Able to Provide the EVIDENCE
that Risks have been Minimized?
Copyright exida LLC ® 2000-2012
Which Standard to Follow?
IEC 61508Functional Safety for E/E/PES Safety Related Systems
Copyright exida LLC ® 2000-2012
ISO 26262 Adaptation of IEC 61508
IEC 61508Functional Safety for E/E/PES Safety Related Systems
Why not ideal for Automotive Industry ?
Copyright exida LLC ® 2000-2012
Basic Standard for Functional Safety
IEC 61508Functional Safety for E/E/PES Safety Related Systems
Generic “High Level” StandardRoots in Process IndustryAssumes One Company does EverythingNot Designed for the Distributed Development
Why not Ideal for Automotive Industry ?
Copyright exida LLC ® 2000-2012
ISO 26262 Adaptation of IEC 61508
IEC 61508Functional Safety for E/E/PES Safety Related Systems
IEC 61513Nuclear
IEC 61511Process Industry
ISO 26262Road Vehicles
IEC 62061Machinery
ISO 13849-1 Machine Safety
ISO 25119Tractors…
ISO 26262 is “State of the Art” For Automotive Developed with OEM
Copyright exida LLC ® 2000-2012
How E/E Systems Fail?
Random Failures: “Usually a permanent or transient failure due to a system component loss of functionality –hardware related
Systematic Failures: “Usually due to a design fault, wrong specification, not fit for purpose , error in software program, ...
Avoid Systematic Faults Control of Systematic Failures
Control of Random Failures
In OperationBefore Delivery
Implement Correctly
Detect and React
Copyright exida LLC ® 2000-2012
Driver Controllability(and Usability)
OtherTechnologies
ExternalMeasures
Back to appropriate lifecycle phase
Planning of Production7.4
Planning of Operation, Service and Decom.7.5
Product DevelopmentSystem
4
Hard- ware5 Soft-
ware6
Release for SOP4.11
Concept of Functional Safety3.7
Production7.4
Operation, Service and Decommissioning7.5
conc
ept p
hase
prod
uct
deve
lopm
ent
afte
r SO
PManagement of Functional Safety2.4 – 2.6
Supporting Processes8.4 – 8.15
Functional Safety Concept3.8
Hazard Analysis and Risk Assessment3.7
Initiation of Safety Life Cycle3.6
Item definition3.5
ISO 26262 follows a Safety LifeCycle
Risk Based Approach
Copyright exida LLC ® 2000-2012
> 100 Work Products
Work Products
Exida Templates
Copyright exida LLC ® 2000-2012
ISO 26262 Structure
Copyright exida LLC ® 2000-2012
ISO 26262 Structure
Vocabulary
Copyright exida LLC ® 2000-2012
Vocabulary is important
English is not English– English – American - KorEnglish – GerEnglish – Singlish…
English is not ISO/IEC – Validation – Verification – Confirmation– Fault – Failure – Error
Different Standard – Different Terminology– Safety Requirement in ISO 26262 vs IEC 61511
Copyright exida LLC ® 2000-2012
ISO 26262 StructureFunctional Safety Management
Copyright exida LLC ® 2000-2012
Overall Requirements for the Organization– Specific Organizational Rules– Competence – Quality
Requirements for Phases– Roles and Responsibilities– Functional Safety Plan– Progression– Safety Case– Confirmation Measures
Management of Functional Safety
Plan – Coordinate - Track
Copyright exida LLC ® 2000-2012
4 Functional Safety Management ................................................................................. 8 4.2 Project Organization ................................................................................................... 8 4.3 Roles and Role Descriptions ...................................................................................... 9 4.5 Team Competence ....................................................................................................14
5 Safety Life Cycle ...................................................................................................... 16 5.2 Scheduling of the safety lifecycle activities ................................................................21 5.3 Concept Phase..........................................................................................................21 5.4 Product development on system level .......................................................................26
5.4.1 Initiation of System Product Development ......................................................26 5.4.2 Specification of Technical Safety Requirements .............................................28 5.4.3 System Design ...............................................................................................30 5.4.4 Item Integration and Testing ...........................................................................33 5.4.5 Safety Validation .............................................................................................34 5.4.6 Functional Safety Assessment ........................................................................36 5.4.7 Release for Production ...................................................................................36
5.5 Product development HW level .................................................................................38 5.5.1 Initiation of HW product development .............................................................38 5.5.2 Specification of HW safety requirements ........................................................39 5.5.3 HW design ......................................................................................................41 5.5.4 HW architectural metrics .................................................................................43 5.5.5 Evaluation of safety goal violation due to random HW faults ...........................44 5.5.6 HW integration and testing..............................................................................45
5.6 Product development SW level .................................................................................46 5.6.1 Initiation of SW product development .............................................................46 5.6.2 Specification of SW safety requirements .........................................................49 5.6.3 SW Architecture design ..................................................................................51 5.6.4 SW Unit design and implementation ...............................................................55 5.6.5 SW Unit testing ...............................................................................................57 5.6.6 SW integration and testing ..............................................................................58 5.6.7 Verification of SW safety requirements ...........................................................59
6 Production and Operation ........................................................................................ 61
7 Supporting Processes .............................................................................................. 66 7.1 Interfaces within distributed development ..................................................................66 7.2 Specification and management of safety requirements .............................................69 7.3 Configuration management .......................................................................................70 7.4 Change management ................................................................................................70 7.5 Verification ................................................................................................................72 7.7 Qualification of SW tools ...........................................................................................75 7.11 Safety Case ..............................................................................................................79
8 Cross Reference between Project Documentation and ISO 26262 Work Products . 81
11 Annex A: Status of the Team Competence .............................................................. 84
4 Functional Safety Management ................................................................................. 8 4.2 Project Organization ................................................................................................... 8 4.3 Roles and Role Descriptions ...................................................................................... 9 4.5 Team Competence ....................................................................................................14
5 Safety Life Cycle ...................................................................................................... 16 5.2 Scheduling of the safety lifecycle activities ................................................................21 5.3 Concept Phase..........................................................................................................21 5.4 Product development on system level .......................................................................26
5.4.1 Initiation of System Product Development ......................................................26 5.4.2 Specification of Technical Safety Requirements .............................................28 5.4.3 System Design ...............................................................................................30 5.4.4 Item Integration and Testing ...........................................................................33 5.4.5 Safety Validation .............................................................................................34 5.4.6 Functional Safety Assessment ........................................................................36 5.4.7 Release for Production ...................................................................................36
5.5 Product development HW level .................................................................................38 5.5.1 Initiation of HW product development .............................................................38 5.5.2 Specification of HW safety requirements ........................................................39 5.5.3 HW design ......................................................................................................41 5.5.4 HW architectural metrics .................................................................................43 5.5.5 Evaluation of safety goal violation due to random HW faults ...........................44 5.5.6 HW integration and testing..............................................................................45
5.6 Product development SW level .................................................................................46 5.6.1 Initiation of SW product development .............................................................46 5.6.2 Specification of SW safety requirements .........................................................49 5.6.3 SW Architecture design ..................................................................................51 5.6.4 SW Unit design and implementation ...............................................................55 5.6.5 SW Unit testing ...............................................................................................57 5.6.6 SW integration and testing ..............................................................................58 5.6.7 Verification of SW safety requirements ...........................................................59
6 Production and Operation ........................................................................................ 61
7 Supporting Processes .............................................................................................. 66 7.1 Interfaces within distributed development ..................................................................66 7.2 Specification and management of safety requirements .............................................69 7.3 Configuration management .......................................................................................70 7.4 Change management ................................................................................................70 7.5 Verification ................................................................................................................72 7.7 Qualification of SW tools ...........................................................................................75 7.11 Safety Case ..............................................................................................................79
8 Cross Reference between Project Documentation and ISO 26262 Work Products . 81
11 Annex A: Status of the Team Competence .............................................................. 84
Functional Safety Plan
Exida Template
Copyright exida LLC ® 2000-2012
Management of Functional Safety
Safety Case
A clear,comprehensive and defensible argument
that a system is acceptably safe to operatein a particular context.
(Tim Kelly / Rob Weawer University of York)
Copyright exida LLC ® 2000-2012
ISO 26262 Structure
Concept
Copyright exida LLC ® 2000-2012
Concept Phase
OEM Defines Item > ESCL Initiation of Safety LifecycleHazard Analyses and Risk Assessment Functional Safety Concept
Prevent use by unauthorized person by mechanical lock
Copyright exida LLC ® 2000-2012
Concept Phase
OEM Defines Item > ESCL Initiation of Safety Lifecycle > New Hazard Analyses and Risk Assessment Functional Safety Concept
Integration TestConfiguration Control
Regression testing
ModificationsVersion Control
Problem Analysis
Change ControlBoardChange Control
Board
Change Request
Decide on lifecyclere-entry point
Newrelease
Productization
Modified product - hardware & softwareUser documentation incl.changed product safety propertiesAssociated development & test doc.Release history
Interfaces within Distributed Developments (DIA)Specification and Management of RequirementsConfiguration ManagementChange ManagementVerificationDocumentationConfidence of Use in SW ToolsQualification of HW/SW ComponentsProven in Use Arguments
Supporting Processes
Other Partsreference
“Supporting Processes”
Copyright exida LLC ® 2000-2012
ISO 26262 Structure
Safety Analyses
Copyright exida LLC ® 2000-2012
Safety Analyses
Decomposition ASIL TailoringCriteria for CoexistenceDependent Failure AnalysisSafety Analyses
Copyright exida LLC ® 2000-2012
H&R FMEA
SWCA
FMEA
FMEDAHAZAN
FTA
SCA
H&R: Hazard & RiskSCA: System CriticalityFTA: Fault TreeFMEA: Failure Mode Effect FMEDA: FMEA with DiagnosticsSWCA: SW-CriticalityHAZAN: Hazard Analysis
Where are Safety Analyses in ISO?
Copyright exida LLC ® 2000-2012
SafetyCaseDB Requirements and Safety Case Management and ISO 26262 knowledgebaseSILCal FMEDA Component FMEA with integrated Failure Mode DatabaseSILCap Safety Criticality Analysis, System FMEA and S/W-HAZOP
exida Tools for Automotive
Tool-Based Design Support
Copyright exida LLC ® 2000-2012
ISO 26262 Structure
Guideline
Copyright exida LLC ® 2000-2012
ISO 26262: If you did it well…
You are Able to Show:– Completeness:
Everything accounted for Requirements under Control Everything tested – pass Used the toolsets
– Traceability: Structured Process Model Documents linked Evidence for Everything Understandable for external
– Consistency This is visible for external
auditor even when projectmembers have left
– Documentation: All activities planned Execution documented in SC Inspected - Archived For a life-time (15year?)
Copyright exida LLC ® 2000-2012
ISO 26262: If you did it well…
You are Able to Show:– Completeness:
Everything accounted for Requirements under Control Everything tested – pass Used the toolsets
– Traceability: Structured Process Model Documents linked Evidence for Everything Understandable for external
– Consistency This is visible for external
auditor even when projectmembers have left
– Documentation: All activities planned Execution documented in SC Inspected - Archived For a life-time (15year?)
A clear,comprehensive and defensible argument
that a system is acceptably safe to operatein a particular context.
(Tim Kelly / Rob Weawer University of York)
Copyright exida LLC ® 2000-2012
On the Agenda
ISO 26262 and the Challengesexida Expertise
Copyright exida LLC ® 2000-2012
Who we are
Founded in 1999 by experts from Manufacturers, End Users, Engineering Companies and TÜV SÜDToday: LARGEST Functional Safety and Cyber Security consultancy and certification body worldwide
“Provide independent services and tools to help customers comply to any industry standards for Functional Safety, Cyber
Security and Alarm Management”
Rainer FallerFormer Head of TÜV Product ServicesChairman German IEC 61508Intervener ISO 26262 / IEC 61508Co-Authored IEC 61508 partsAuthor of several Safety Publications
Dr. William GobleFormer Director Moore IndustriesDeveloped FMEDA Technique (PhD) Author of several Safety BooksAuthor of several Reliability Books
Copyright exida LLC ® 2000-2012
What we do
EXIDA SCOPE
Functional Safety
Cyber Security
Alarm Management
SERVICES Tools
Training
Consultancy
Certification
Reference Materials
INDUSTRIESProcess Industry
Automotive
Machine Industry
Power Industry
Rail
End Users
Equipment Manufacturer
Car Manufacturer
System Integrators
CUSTOMERS
Reliability
Copyright exida LLC ® 2000-2012
Services
Automotive Customers (extract)
Tools IC‘s
Copyright exida LLC ® 2000-2012
exida Development Support Services
Setting up Functional Safety Management / Act as FSM Coordinator
Safety System Development and Design support– Requirements Management & Engineering (SafetyCaseDB + Doors® incl. Setup)– Safety Concept development and documentation (also pre-existing systems)– Tool based Safety Criticality Analysis (SILCap)– Hardware design support Tool based FMEA and Quantitative FMEDA– Software design support UML design Tool based Software HAZOP/FMEA
(SILCap)
Tool based Safety Case development– IEC/ISO knowledgebase– Document templates per development phase:
FSM plan, SRS, Safety concept, Test plans
Tool-based Safety Verification of Automotive Applications
Copyright exida LLC ® 2000-2012
exida Certification S.A. – Clean separation from the exida Consulting business– English language based assessment and certification system– International alternative to TÜV
Open exida Certification Scheme– IEC 61508 and ISO 26262 compliant using exida Safety Case
methodology (SafetyCaseDB) and audits– Assessment Process and Requirements Publicly available
exida Certifications
Copyright exida LLC ® 2000-2012
Safety and Standards Advisor– Questions, advice– Interpretation of standards
Moderator and Participant– FMEDA, Dependent Failure Analysis– Software analysis– Project Bottlenecks
Participant (joint activities)– Write development documents and procedures– Help with test specification, FIT, safety validation
Be your “Lawyer” vs. the Assessment Body– Argue your safety case– Manage all activities with the assessor
exida Certification S.A. – the Assessment Body
One or more Roles
exida is Part of your Team
Copyright exida LLC ® 2000-2012
Steering (Active Front Steering, Electronic Power Steering)