Functional Safety Assessment e strumenti di supporto ai requisiti della norma ISO 26262
Carlo La Torre 4S Group - Management Systems & Functional Safety Senior Expert
Renato Librino 4S Group - Functional Safety Innovation Project Manager
Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale
Torino, Lingotto Fiere18 aprile 2012
Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale
Torino, Lingotto Fiere18 aprile 2012 2
Integrated Company Management System The framework
Integrated Company Management SystemThe Company Management Processes are integrated to include in them
all the applicable requirements
QualityISO 9001
ISO/TS 16949
EnvironmentISO 14001
H&SOHSAS 18001
Q-E-S MS Functional Safety requirements
ISO 26262
ISO/IEC 15504-10
Process Improvement Models
CMMI A-SPICE ISO/IEC 15504
Sinergy Simplification
Effectiveness Efficiency
Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale
Torino, Lingotto Fiere18 aprile 2012 3
Quality Management and Functional Safety Management
ISO/TS 16949AutomotiveQuality Management Systems
ISO 9001Quality Management Systems
ISO 26262Road vehicles – Functional Safety
“The Organization shall have anoperational management systemcomplying with a quality standard,such as ISO/TS 16949, ISO 9001 orequivalent”
Quality Management Systems:•Preventive approach•Design Review, Verification, Validation•“PPAP” –
Production Part Approval Process (ISO/TS)•Measurement, Analysis and Improvement:
Monitoring & measurement of processes and productsQMS AuditManufacturing process Audit (ISO/TS)Product Audit (ISO/TS)Continual improvement
E/E Safety-related systems: •Preventive approach•V-model as a reference process model•DIA – Development Interface Agreement•Measurement, Analysis and Improvement:
Verification Reviews & Safety ValidationConfirmation Measures
Confirmation reviewFunctional Safety AuditFunctional Safety Assessment
Continual improvement
DCA
P
Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale
Torino, Lingotto Fiere18 aprile 2012 4
Measures to assure Functional Safety
Means to prove the correct execution of the safety processes, and the achievement of safety goals and of the functional safety
Verification reviews& system validationReviews, walkthrough,inspection, model-checking,simulation, engineering analyses,demonstration, and testing
Confirmation measures• Confirmation Reviews• Functional Safety Audits• Functional Safety Assessments
Completeness & correctness of the work products
Compliance of processes and work products with ISO 26262 requirementsEnsure item’s functional safety
Compliance of the item with the safety goals
Activities to be performed for the "Item" (OEM) and for the"SEooCs - Safety Elements out of Context" (Supplier), with different contents
Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale
Torino, Lingotto Fiere18 aprile 2012 5
Confirmation measuresFrom ISO 26262-2 – Tab.2
Confirmation Reviews
Functional Safety Audits Functional Safety Assessments
SubjectWork product Implementation of the
processes required forfunctional safety
ItemSystem(s) to implement a function at vehicle level
Responsibility of the
“Appraiser”
Evaluation of the work product compliance vs. ISO 26262 requirements
Evaluation of theimplementation of theprocesses required for the functional safety
Evaluation of the achievedfunctional safety.Recommendation for acceptance, conditionalacceptance or rejection
Timing during the safety lifecycle
After completion of thecorresponding safetyactivity.Completion before therelease for production
During implementationof the required processes
Progressively duringdevelopment, or in a single block.Completion before the releasefor production
Scope and depth
In accordance with the safety plan
Implementation of theprocesses against thedefinitions of the activities referenced or specified inthe safety plan
Work products required bythe safety plan, implementation of the required processes and a review of the implemented safety measures that can be assessed during the item development
Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale
Torino, Lingotto Fiere18 aprile 2012 6
Functional Safety Assessment
PurposeTo provide a judgment of the achieved functional safetyThe Scope shall includes:• Work products required by the safety plan• Processes required for functional safety• Reviewing the appropriateness and effectiveness of the implemented
safety measures that can be assessed during the item development
A functional safety assessment shall consider: • the planning of the other confirmation measures• the results from the confirmation reviews and functional safety
audits• the recommendations resulting from the previous functional safety
assessments, if applicable
Safety measures: technical solution to avoid/control systematic failures and to avoid/control/detect random hardware failures
Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale
Torino, Lingotto Fiere18 aprile 2012 7
Functional Safety Assessment
Functional Safety Assessment perimeter: OEM & Suppliers
Completeness verification & result evaluation of the Functional Safety Audits
Completeness & correctness analysis of the Safety Measures with also the support of the Verification Reviews
Completeness verification & result evaluation of the Confirmation Reviews, considering also the Safety Case
Safety Management evaluation: culture, competence, roles & responsibilities
Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale
Torino, Lingotto Fiere18 aprile 2012
Functional Safety Assessment
Functional Safety Assessment ReportTo provide a judgment of the achieved functional safety
Recommendation shall be included:acceptanceconditional acceptancerejection
• Conditional acceptance, if the functional safety of the item is considered evident, despite the identified open issues
• Conditional acceptance shall include the deviations from the functional safety assessment criteria and the rationales as to why the specific deviations are considered acceptable.
• Corrective actions shall be initiated• Functional safety assessment shall be repeated
Corrective actions should be carried out
Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale
Torino, Lingotto Fiere18 aprile 2012 9
Product Development and Confirmation measures
Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale
Torino, Lingotto Fiere18 aprile 2012 10
Confirmation measures and Functional Safety Appraisal4S Group services
Functional SafetyConfirmationMeasures
•Safety Reviews•Assessment/s
Requiredby ISO 26262 for specific projects
Opportunity for company capability improvement
•Audits
Functional Safety Management Appraisal
Source: ISO 26262
Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale
Torino, Lingotto Fiere18 aprile 2012 11
Functional Safety support toolsSiSMA Project
Proprietary and commercialsoftware tools integratedwithin SiSMA IDE
Test system specific for functional safety verification and validation. Key functions: traceability, wide test coverage, test automation, fault injection, automatic reporting
SR1
SR2
SR5
SR7
SR6 SR6 Results? SR6 Results?
SR1
SR2
SR5
SR7
SR6 SR6 Results? SR6 Results?
Activity Id. Activity & Work Product Confirmation Measures
FS Dev.Sub-Phase
AuditRef.
ReviewRef.
Ass.Ref.
Activities, Work Products, Methods & Tool to be evaluated
Evaluation Criteria
ASIL for independence level I3* of SR
Reviewer competence
Hazard analysis and risk assessment
AU2 SR1 AS1 QM
A reference process for the development of E/E automotive systems according to ISO 26262
Maturity Levels
Level A Level B Level C Level D Level E
Maturity E
lements
Element A
Element B
Element C
Element X
Schemes for the assessment of product functional safety and company maturity level
SiSMAIntegratedDevelopment Environment to support the development process
SiSMA
Project funded by Piedmont Region
Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale
Torino, Lingotto Fiere18 aprile 2012 12
Functional Safety Assessment e strumenti di supporto ai requisiti della norma ISO 26262
Carlo La [email protected]. +39 334 1164825
Thank Youfor your attention!
Renato [email protected]. +39 335 7234666
4S GROUPwww.4sgroup.it
Corso Peschiera, 146 – Torino
Functional Safety of vehicle electric-electronic systemsElectric-electronic architecturesAlternative propulsion systems
Product Development Process setting up and improvementOptimization of production processes
Supplier Quality managementIntegrated Management Systems
Test systems for the validation of product Functional Safety