ISO 26262 Introduction



Similar documents
ASSESSMENT OF THE ISO STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY

TÜ V Rheinland Industrie Service

How to Upgrade SPICE-Compliant Processes for Functional Safety

ISO Functional Safety Draft International Standard for Road Vehicles: Background, Status, and Overview

Safety Lifecycle illustrated with exemplified EPS

JEREMY SALINGER Innovation Program Manager Electrical & Control Systems Research Lab GM Global Research & Development

Safety and security related features in AUTOSAR

Impact of Safety Standards to Processes and Methodologies. Dr. Herbert Eichfeld

Functional Safety and Automotive SW - Engineering Introduction ISO Daimler

ISO 26262:2011 Functional Safety Assessment Report. Texas Instruments Richardson, TX USA. Project: TDA2X ADAS SoC. Customer:

Introduction of ISO/DIS (ISO 26262) Parts of ISO ASIL Levels Part 6 : Product Development Software Level

Presentation Overview. Istwaan Knijff EMC & Safety themadag - 03 oktober Sensata Technologies Almelo. What about EMC?

Public trainings, In-house seminars, webinars Personal qualification on ISO 26262

Intelligent development tools Design methods and tools Functional safety

Do AUTOSAR and functional safety rule each other out?

Functional Safety with ISO Principles and Practice Dr. Christof Ebert, Dr. Arnulf Braatz Vector Consulting Services

IEC Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.

Functional Safety Hazard & Risk Analysis

Software in safety critical systems

IAEA-TECDOC-1328 Solutions for cost effective assessment of software based instrumentation and control systems in nuclear power plants

System Safety Process Applied to Automotive High Voltage Propulsion Systems

Estimating Software Reliability In the Absence of Data

Reducing Steps to Achieve Safety Certification

asuresign Aero (NATEP Grant MA005)

Dr. Brian Murray March 4, 2011

Safety Issues in Automotive Software

Safe-E. Safe-E Introduction. Coordination: Andreas ECKEL TTTech Computertechnik AG

How To Write Software

Hardware safety integrity Guideline

Failure Mode and Effect Analysis. Software Development is Different

How To Integrate Software And Systems

Page 1 of 7 Effective Date: 12/18/03 Software Supplier Process Requirements

What is CFSE? What is a CFSE Endorsement?

Building a Safety Case in Compliance with ISO for Fuel Level Estimation and Display System

Version: 1.0 Latest Edition: Guideline

I-Q SCHACHT & KOLLEGEN QUALITÄTSKONSTRUKTION GMBH ISO 26262:2011. Liste der Work Products aus der Norm

IEC Overview Report

Mission Assurance Manager (MAM) Life Cycle Risk Management Best Practices David Pinkley Ball Aerospace MA Chief Engineer September 23, 2014

Implementation of ANSI/AAMI/IEC Medical Device Software Lifecycle Processes.

Requirements-driven Verification Methodology for Standards Compliance

Validation & Verification of Safety Critical Systems in the Aerospace Domain.

Safe Automotive software architecture (SAFE) WP 6, WT Deliverable D Methods for Assessment Activity Architecture Model (AAM)

Agile Model-Based Systems Engineering (ambse)

Change Impact analysis

Mission Operation Ground. ESA. Mario Merri GSAW, Los Angeles, USA 2 Mar 2011 ESA UNCLASSIFIED

Embedding Trust into Cars Secure Software Delivery and Installation

Efficient and Faster PLC Software Development Process for Automotive industry. Demetrio Cortese IVECO Embedded Software Design

TL 9000 and TS16949 Comparison

Design of automatic testing tool for railway signalling systems software safety assessment

MINIMUM AUTOMOTIVE QUALITY MANAGEMENT SYSTEM REQUIREMENTS FOR SUB-TIER SUPPLIERS

IBM Rational Rhapsody

Adding a PIB to the MIB Configuration and integration of advanced monitoring

Value Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity

TÜV Rheinland Functional Safety Program Functional Safety Engineer Certification

Introduction into IEC Software life cycle for medical devices

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

A vehicle control platform as safety element out of context

Chapter 19: Network Management. Business Data Communications, 5e

University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities

Release & Deployment Management

Criteria for Flight Project Critical Milestone Reviews

When printed the document is for reference only and is considered uncontrolled - refer to the Document Control System for the most current version

Core Fittings C-Core and CD-Core Fittings

IEC Functional Safety Assessment. ASCO Numatics Scherpenzeel, The Netherlands

ELECTROTECHNIQUE IEC INTERNATIONALE INTERNATIONAL ELECTROTECHNICAL

ISO/TS 16949:2002 Guidance Document

Introduction to IT Infrastructure Components and Their Operation. Balázs Kuti

Automation, Software and Information Technology. Test report of the type approval safety-related automation devices

Automotive SPICE & ISO/CD Their Mutual Relationship

Towards a Model-Based Safety Assessment Process of Safety Critical Embedded Systems. Peter Bunus petbu@ida.liu.se

A Safety Methodology for ADAS Designs in FPGAs

Wireless Sensor Network Performance Monitoring

ISO/IEC Part 10 Safety Extension. Giuseppe Lami Istituto di Scienza e Tecnologie dell Informazione Consiglio Nezionale delle Ricerche Pisa

The Advantages of Adaptive and Disributed Systems

Release and Deployment Management Software

Relay2 Enterprise Cloud Controller Datasheet

Application Functional Safety IEC 61511

Requirement Traceability in Practice

Hardware in the Loop (HIL) Testing VU 2.0, , WS 2008/09

Safety and Security Features in AUTOSAR

Herstellerinitiative Software (OEM Initiative Software)

AS9100 B to C Revision

Space product assurance

Safety Certification of Software-Intensive Systems with Reusable Components

Frequently Asked Questions

Selecting Sensors for Safety Instrumented Systems per IEC (ISA )

A Foundation for System Availability

Dr. Alexander Walsch IN 2244 Part V WS 2013/14 Technische Universität München

WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE

Comparison of ISO 9001 to IEEE Standards

Topics. Relation System and Software Engineering Why (automotive) software engineering? Process models V-model Standards.

Improving innovation processes. Philips Industry Consulting

Software Asset Management (SAM) and ITIL Service Management - together driving efficiency

Software Classification Methodology and Standardisation

ethic Audit Solution

Systems-driven Product Development. Overview

Reduce Medical Device Compliance Costs with Best Practices.

Presented by: Jens Svensson, Volvo 3P. Volvo Group

Introduction to Database as a Service

Transcription:

ISO 26262 Introduction Prof. Christian Madritsch 2012 Table of Contents Structure of ISO 26262 Management of Functional Safety Product Development System Level Product Development Hardware Level Product Development Software Level Production and Operation Supporting Processes 1

Structure of ISO 26262 Management of Functional Safety (Chapter 2) General Safety Management: ISO 26262 assumes that the company has a defined, implemented and active QM system: Safety Culture, Communication, Qualification of Employees Specific Safety Management during development: ISO 26262 requires a Safety Manager (e.g. Project Leader) to clan and control safety activities to develop a safety plan to confirmation measures based on the safety plan: Safety reviews, safety audits or safety assessments Safety lifecycle 2

Management of Functional Safety (Chapter 2) It starts with the Item definition: System or array of systems to implement a function at the vehicle level to which ISO 26262 is applied: Specify the use and functionality Specify non functional requirements like operating conditions, laws and standards to follow Based on the item definition, the Hazard Analysis and Risk Assessment is done: Goal of the risk assessment is : to assess the item risk to compare it to a public acceptable tolerable risk to define measures to reduce this risk. The risk reducing measures are usually called Safety Integrity Level Automotive Safety Integrity Level ASIL 3

Hazard Analysis and Risk Assessment in practice: Identify operation states and driving situations of the item where there is a potential for hazards that are caused by this item Determine the potential error cases and misbehaviors by incorporating system FMEA Usually analyzed on the vehicle level Define Safety Goals and Safe States Classify the results using Severity, Exposure and Controllability as measures. Severity (S): Exposure (E): Controllability (C): 4

ASIL classification: Functional safety concept: Based on the safety goals and the safe states, the functional safety requirements are derived and allocated to items. Any safety concept is related to the system architecture Attributes: Operation States Error tolerance time Functional redundancies 5

/Product Development (Chapter 3/Chapter 4) Functional safety concept defines the behavior of the vehicle in order achieve an intended function E.g. lock the vehicle automatically Technical safety concept defines, what one or more ECUs need to implement in order to achieve the intended behavior of the vehicle. Product Development System Level (Chapter 4) Based on the functional safety concept, the technical safety concept is derived. The technical safety requirements are mapped to system elements which are hardware or software based. If a system component fails: means need to be specified which will detect the failure (self control) and a reaction needs to be present which will transition the system into a safe state. After hardware and software development, there is hardware and software integration, followed by system integration and vehicle integration. Item integration: Experimental testing (time and cost intensive) Reconfiguration of HW and SW Timing behavior (Analytics) Independence and Interference 6

Product Development System Level (Chapter 4) Finally a validation shows, if the technical safety concept is able to reach the safety goals and if the safety goals and cases from the hazard analysis can be confirmed. Development of HW and SW Validation: check if the right HW and SW has been developed Verification: check if the HW and SW has been developed right Check if QM measures have been taken into account Assess whether the mentioned points have been done correctly At the end, items are released for mass production. Assessment Reports Safety case Existence of all documents required by ISO 26262 Product Development Hardware Level (Chapter 5) Self control and redundancy are used to counter Random Hardware Failures. The following metrics are used: Single point faults metric (SPFM) Is used to show, that the system architecture can detect single. Latent faults metric (LFM) Is used to show, that the architecture is suitable to detect multiple faults (dualfaults). Diagnostic coverage The probabilistic metric for random hardware failures and the evaluation of each remaining cause of violation of safety goals are used to show that the undetected and not tolerated faults are within tolerable measures over the lifetime of the product. FTA and component FMEA are used 7

Product Development Software Level (Chapter 6) The main safety related software components are used for diagnostic coverage The self control SW may have as many LOCs as the SW for function. Key issues in the SW development process are: Model Based Development Software Configuration Freedom from Interference Requirements compared by ASIL 244 requirements ASIL A 308 requirements ASIL D Production and Operation (Chapter 7) Covers Production, Operation and Service Planning of the Activities and realization of the planned activities One important aspect is the Product observation duties which means that data from the field is communicated back to the OEM. This data is the basis for the argumentation of proven in use. 8

Supporting Processes (Chapter 8) Interfaces in case of distributed Development Specification Management of Safety Requirements Configuration Management Change Management Verification Documentation Qualification of Software Tools Qualification of Software Components Qualification of Hardware Components Argumentation of the Proven in Use 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information