Sistemi elettronici per la sicurezza dei veicoli: presente ...autoveicoli.aicqna.it/files/2012/04/4S_FS-Assessment-e-strumenti... · Sistemi elettronici per la sicurezza dei veicoli:

Functional Safety Assessment e strumenti di supporto ai requisiti della norma ISO 26262

Carlo La Torre 4S Group - Management Systems & Functional Safety Senior Expert

Renato Librino 4S Group - Functional Safety Innovation Project Manager

Sistemi elettronici per la sicurezza dei veicoli: presente e futuro.Il ruolo della norma ISO 26262 per la Sicurezza Funzionale

Torino, Lingotto Fiere18 aprile 2012


Torino, Lingotto Fiere18 aprile 2012 2

Integrated Company Management System The framework

Integrated Company Management SystemThe Company Management Processes are integrated to include in them

all the applicable requirements

QualityISO 9001

ISO/TS 16949

EnvironmentISO 14001

H&SOHSAS 18001

Q-E-S MS Functional Safety requirements

ISO 26262

ISO/IEC 15504-10

Process Improvement Models

CMMI A-SPICE ISO/IEC 15504

Sinergy Simplification

Effectiveness Efficiency



Quality Management and Functional Safety Management

ISO/TS 16949AutomotiveQuality Management Systems

ISO 9001Quality Management Systems

ISO 26262Road vehicles – Functional Safety

“The Organization shall have anoperational management systemcomplying with a quality standard,such as ISO/TS 16949, ISO 9001 orequivalent”

Quality Management Systems:•Preventive approach•Design Review, Verification, Validation•“PPAP” –

Production Part Approval Process (ISO/TS)•Measurement, Analysis and Improvement:

Monitoring & measurement of processes and productsQMS AuditManufacturing process Audit (ISO/TS)Product Audit (ISO/TS)Continual improvement

E/E Safety-related systems: •Preventive approach•V-model as a reference process model•DIA – Development Interface Agreement•Measurement, Analysis and Improvement:

Verification Reviews & Safety ValidationConfirmation Measures

Confirmation reviewFunctional Safety AuditFunctional Safety Assessment

Continual improvement

DCA

P



Measures to assure Functional Safety

Means to prove the correct execution of the safety processes, and the achievement of safety goals and of the functional safety

Verification reviews& system validationReviews, walkthrough,inspection, model-checking,simulation, engineering analyses,demonstration, and testing

Confirmation measures• Confirmation Reviews• Functional Safety Audits• Functional Safety Assessments

Completeness & correctness of the work products

Compliance of processes and work products with ISO 26262 requirementsEnsure item’s functional safety

Compliance of the item with the safety goals

Activities to be performed for the "Item" (OEM) and for the"SEooCs - Safety Elements out of Context" (Supplier), with different contents



Confirmation measuresFrom ISO 26262-2 – Tab.2

Confirmation Reviews

Functional Safety Audits Functional Safety Assessments

SubjectWork product Implementation of the

processes required forfunctional safety

ItemSystem(s) to implement a function at vehicle level

Responsibility of the

“Appraiser”

Evaluation of the work product compliance vs. ISO 26262 requirements

Evaluation of theimplementation of theprocesses required for the functional safety

Evaluation of the achievedfunctional safety.Recommendation for acceptance, conditionalacceptance or rejection

Timing during the safety lifecycle

After completion of thecorresponding safetyactivity.Completion before therelease for production

During implementationof the required processes

Progressively duringdevelopment, or in a single block.Completion before the releasefor production

Scope and depth

In accordance with the safety plan

Implementation of theprocesses against thedefinitions of the activities referenced or specified inthe safety plan

Work products required bythe safety plan, implementation of the required processes and a review of the implemented safety measures that can be assessed during the item development



Functional Safety Assessment

PurposeTo provide a judgment of the achieved functional safetyThe Scope shall includes:• Work products required by the safety plan• Processes required for functional safety• Reviewing the appropriateness and effectiveness of the implemented

safety measures that can be assessed during the item development

A functional safety assessment shall consider: • the planning of the other confirmation measures• the results from the confirmation reviews and functional safety

audits• the recommendations resulting from the previous functional safety

assessments, if applicable

Safety measures: technical solution to avoid/control systematic failures and to avoid/control/detect random hardware failures




Functional Safety Assessment perimeter: OEM & Suppliers

Completeness verification & result evaluation of the Functional Safety Audits

Completeness & correctness analysis of the Safety Measures with also the support of the Verification Reviews

Completeness verification & result evaluation of the Confirmation Reviews, considering also the Safety Case

Safety Management evaluation: culture, competence, roles & responsibilities


Torino, Lingotto Fiere18 aprile 2012


Functional Safety Assessment ReportTo provide a judgment of the achieved functional safety

Recommendation shall be included:acceptanceconditional acceptancerejection

• Conditional acceptance, if the functional safety of the item is considered evident, despite the identified open issues

• Conditional acceptance shall include the deviations from the functional safety assessment criteria and the rationales as to why the specific deviations are considered acceptable.

• Corrective actions shall be initiated• Functional safety assessment shall be repeated

Corrective actions should be carried out



Product Development and Confirmation measures



Confirmation measures and Functional Safety Appraisal4S Group services

Functional SafetyConfirmationMeasures

•Safety Reviews•Assessment/s

Requiredby ISO 26262 for specific projects

Opportunity for company capability improvement

•Audits

Functional Safety Management Appraisal

Source: ISO 26262



Functional Safety support toolsSiSMA Project

Proprietary and commercialsoftware tools integratedwithin SiSMA IDE

Test system specific for functional safety verification and validation. Key functions: traceability, wide test coverage, test automation, fault injection, automatic reporting

SR1

SR2

SR5

SR7

SR6 SR6 Results? SR6 Results?

SR1

SR2

SR5

SR7

SR6 SR6 Results? SR6 Results?

Activity Id. Activity & Work Product Confirmation Measures

FS Dev.Sub-Phase

AuditRef.

ReviewRef.

Ass.Ref.

Activities, Work Products, Methods & Tool to be evaluated

Evaluation Criteria

ASIL for independence level I3* of SR

Reviewer competence

Hazard analysis and risk assessment

AU2 SR1 AS1 QM

A reference process for the development of E/E automotive systems according to ISO 26262

Maturity Levels

Level A Level B Level C Level D Level E

Maturity E

lements

Element A

Element B

Element C

Element X

Schemes for the assessment of product functional safety and company maturity level

SiSMAIntegratedDevelopment Environment to support the development process

SiSMA

Project funded by Piedmont Region



Functional Safety Assessment e strumenti di supporto ai requisiti della norma ISO 26262

Carlo La [email protected]. +39 334 1164825

Thank Youfor your attention!

Renato [email protected]. +39 335 7234666

4S GROUPwww.4sgroup.it

Corso Peschiera, 146 – Torino

Functional Safety of vehicle electric-electronic systemsElectric-electronic architecturesAlternative propulsion systems

Product Development Process setting up and improvementOptimization of production processes

Supplier Quality managementIntegrated Management Systems

Test systems for the validation of product Functional Safety

Documents

Sistemi elettronici per la sicurezza dei veicoli: presente ...autoveicoli.aicqna.it/files/2012/04/4S_FS-Assessment-e-strumenti... · Sistemi elettronici per la sicurezza dei veicoli: