File preview
Automotive System Safety Engineering Practitioner Knowledge
Joseph D’Ambrosio
ISO 26262 Automotive Functional Safety Technical Expert (ISO/TC22/SC3/WG16 Member) Lab Group Manager GM Research Laboratories
Outline
ISO 26262 Overview ISO 26262 Competence Management ISO 26262 Safe SW Development
What is ISO 26262?
Adaptation of IEC 61508 to comply with the specific needs of E/E systems within road vehicles
Specifies a functional safety life-cycle for automotive products
Applies to all activities during the safety lifecycle of safety-related systems comprised of electrical, electronic, and software components Is a standard, not a regulation
Broad industry participation in its development Indication of broad industry adoption Expected Publication Date: Nov. 15
Key concept: Automotive Safety Integrity Level (ASIL)
Specify risk associated with a potential hazard Specifies development requirements to achieve targeted integrity levels with respect to systematic and random hardware failures
Overview of ISO/DIS 26262
Source ISO/FDIS 26262
Outline
ISO 26262 Overview ISO 26262 Competence Management ISO 26262 Safe SW Development
ISO 26262 Competence Management
Part 2, 5.4.3.1 “The organization shall ensure that the persons involved in the execution of the safety lifecycle have a sufficient level of skills, competences and qualifications corresponding to their responsibilities.”
Source ISO/FDIS 26262
ISO 26262 Competence Management
Part 2, 5.4.3.1 Note 1 – “One of the possible means to achieve a sufficient level of skills and competences in development is a training and qualification programme that considers the following knowledge areas:
● ● ● ● usual safety practices, concepts and designs; ISO 26262 and, if applicable, further safety standards; organization-specific rules for functional safety; functional safety processes instituted in the organization.”
Source ISO/FDIS 26262
ISO 26262 Competence Management
Part 2, 5.4.3.1 Note 2 – “To evaluate the skills, competences and qualifications to carry out activities to comply with ISO 26262, the experience from previous professional activities can be considered, e.g.
● domain knowledge of the item; ● expertise on the environment of the item; ● management experience.”
Source ISO/FDIS 26262
ISO 26262 Lifecycle Steps
Safety Management
● Process Management ● Design Confirmation Including Reviewers
Safety-Critical Systems Development
● Systems Development & Testing ● SW Development & Testing ● HW Development & Testing
Distributed Development Management …
“Usual System Safety Concept” from ISO 26262
Hazard Analysis and Risk Assessment Safety Concept Development
● Functional safety requirements ● Technical safety requirements
Safety Analysis
● HW & SW FMEA, FTA, Modeling & Simulation Tools
Diagnostic & Remediation Strategies
● Diagnostic Methods ● Microcontroller and circuit board concepts
Verification & Validation
● HW / SW testing methods, including unit, integration, bench, vehicle
Functional Safety Assessment / Safety Case
Outline
ISO 26262 Overview ISO 26262 Competence Management ISO 26262 Safe SW Development
Software Development
Reference Phase Model for the Software Development
Source ISO/FDIS 26262
SW Development Work Products
Safety plan (refined) Software verification plan Design and coding guidelines for modelling and programming languages Software tool application guidelines Software safety requirements specification Hardware-software interface specification (refined) Software verification plan (refined) Software verification report Software architectural design specification Safety analysis report Dependent failures analysis report Software unit design specification Software unit implementation Software verification specification (refined) Embedded software
Source ISO/FDIS 26262
SW Architecture Design Reorientation
Source ISO/FDIS 26262
SW Architecture Design
Source ISO/FDIS 26262
SW Architecture Design
Source ISO/FDIS 26262
Software Unit Design Representation
Source ISO/FDIS 26262
SW Unit Design Methods
Source ISO/FDIS 26262
Coding Guidelines
Source ISO/FDIS 26262
Example Software Unit Design Table
Source ISO/FDIS 26262
Joseph D’Ambrosio
ISO 26262 Automotive Functional Safety Technical Expert (ISO/TC22/SC3/WG16 Member) Lab Group Manager GM Research Laboratories
Outline
ISO 26262 Overview ISO 26262 Competence Management ISO 26262 Safe SW Development
What is ISO 26262?
Adaptation of IEC 61508 to comply with the specific needs of E/E systems within road vehicles
Specifies a functional safety life-cycle for automotive products
Applies to all activities during the safety lifecycle of safety-related systems comprised of electrical, electronic, and software components Is a standard, not a regulation
Broad industry participation in its development Indication of broad industry adoption Expected Publication Date: Nov. 15
Key concept: Automotive Safety Integrity Level (ASIL)
Specify risk associated with a potential hazard Specifies development requirements to achieve targeted integrity levels with respect to systematic and random hardware failures
Overview of ISO/DIS 26262
Source ISO/FDIS 26262
Outline
ISO 26262 Overview ISO 26262 Competence Management ISO 26262 Safe SW Development
ISO 26262 Competence Management
Part 2, 5.4.3.1 “The organization shall ensure that the persons involved in the execution of the safety lifecycle have a sufficient level of skills, competences and qualifications corresponding to their responsibilities.”
Source ISO/FDIS 26262
ISO 26262 Competence Management
Part 2, 5.4.3.1 Note 1 – “One of the possible means to achieve a sufficient level of skills and competences in development is a training and qualification programme that considers the following knowledge areas:
● ● ● ● usual safety practices, concepts and designs; ISO 26262 and, if applicable, further safety standards; organization-specific rules for functional safety; functional safety processes instituted in the organization.”
Source ISO/FDIS 26262
ISO 26262 Competence Management
Part 2, 5.4.3.1 Note 2 – “To evaluate the skills, competences and qualifications to carry out activities to comply with ISO 26262, the experience from previous professional activities can be considered, e.g.
● domain knowledge of the item; ● expertise on the environment of the item; ● management experience.”
Source ISO/FDIS 26262
ISO 26262 Lifecycle Steps
Safety Management
● Process Management ● Design Confirmation Including Reviewers
Safety-Critical Systems Development
● Systems Development & Testing ● SW Development & Testing ● HW Development & Testing
Distributed Development Management …
“Usual System Safety Concept” from ISO 26262
Hazard Analysis and Risk Assessment Safety Concept Development
● Functional safety requirements ● Technical safety requirements
Safety Analysis
● HW & SW FMEA, FTA, Modeling & Simulation Tools
Diagnostic & Remediation Strategies
● Diagnostic Methods ● Microcontroller and circuit board concepts
Verification & Validation
● HW / SW testing methods, including unit, integration, bench, vehicle
Functional Safety Assessment / Safety Case
Outline
ISO 26262 Overview ISO 26262 Competence Management ISO 26262 Safe SW Development
Software Development
Reference Phase Model for the Software Development
Source ISO/FDIS 26262
SW Development Work Products
Safety plan (refined) Software verification plan Design and coding guidelines for modelling and programming languages Software tool application guidelines Software safety requirements specification Hardware-software interface specification (refined) Software verification plan (refined) Software verification report Software architectural design specification Safety analysis report Dependent failures analysis report Software unit design specification Software unit implementation Software verification specification (refined) Embedded software
Source ISO/FDIS 26262
SW Architecture Design Reorientation
Source ISO/FDIS 26262
SW Architecture Design
Source ISO/FDIS 26262
SW Architecture Design
Source ISO/FDIS 26262
Software Unit Design Representation
Source ISO/FDIS 26262
SW Unit Design Methods
Source ISO/FDIS 26262
Coding Guidelines
Source ISO/FDIS 26262
Example Software Unit Design Table
Source ISO/FDIS 26262