Automotive Functional Safety

Similar documents
ISO Functional Safety Management in the Autonomous Car industry and the overview of the required safety lifecycle.

ISO compliance

Deriving safety requirements according to ISO for complex systems: How to avoid getting lost?

Failure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010

Verification and Validation of High-Integrity Systems

End-to-end Safety, Security and Reliability Keys for a successful I4.0 Migration

-- Smart Grid Communication --

Report. Certificate Z

Functional Safety Architectural Challenges for Autonomous Drive

Balancing energy and environmental demands

Assessments Audits CERTIFICATION

TÜV SÜD Industrie Service GmbH. Maximising efficiency of power stations and plants.

Automating Best Practices to Improve Design Quality

Report. Certificate Z AC500-S

Click ISO to edit Master title style Update on development of the standard

Balancing energy and environmental demands

FMEDA-Based Fault Injection and Data Analysis in Compliance with ISO SPEAKER. Dept. of Electrical Engineering, National Taipei University

CABLE ASSEMBLIES WIRING LOOMS BOX & PANEL BUILD

WE IMPROVE THE WORLD THROUGH ENGINEERING!

Solving functional safety challenges in Automotive with NOR Flash Memory

PROTERRA CERTIFICATION PROTOCOL V2.2

ida Certification Services IEC Functional Safety Assessment Project: Masoneilan Smart Valve Interface, SVI II ESD Customer: GE Energy

Manufacturer certification in plant, metal and rolling-stock engineering

TÜV Rheinland Global Rail: Assessment and Certification.

Regulatory Aspects of Digital Healthcare Solutions

UK EPR GDA PROJECT. Name/Initials Date 30/06/2011 Name/Initials Date 30/06/2011. Resolution Plan Revision History

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

FUNCTIONAL SAFETY AND THE GPU. Richard Bramley, 5/11/2017

Description of the certification procedure MS - ISO 9001, MS - ISO 14001, MS - ISO/TS and MS BS OHSAS 18001, MS - ISO 45001, MS - ISO 50001

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Inhalt. Description of Certification Procedure ISO 22000, HACCP and DIN 15593

Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist

TÜV SÜD Explosion Testing and Certification in Greater China

Automotive and Aerospace Synergies

EN CEPA CERTIFIED: HERE IS HOW IT WORKS DQS - COMPETENCE FOR SUSTAINABILITY

Product Service. Choose certainty. Add value. Aerospace Services. First class solutions. TÜV Product Service Ltd TÜV SÜD Group

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

Is This What the Future Will Look Like?

Standardkonforme Absicherung mit Model-Based Design

Security analysis and assessment of threats in European signalling systems?

ISO 55001: 2014 Asset Management System 5-Day Training Course (IAM Certified)

Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309

Software architecture in ASPICE and Even-André Karlsson

TR TECHNICAL REQUIREMENTS FOR CERTIFICATION BODIES IN THE FIELD OF ROAD TRANSPORT MANAGEMENT SYSTEMS. Approved By:

Production Code Generation and Verification for Industry Standards Sang-Ho Yoon Senior Application Engineer

Industrial Embedded Systems - Design for Harsh Environment - Dr. Alexander Walsch

Certified Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

A Model-Based Reference Workflow for the Development of Safety-Related Software

Assessment of Safety Functions of Lignite Mining Equipment according to the requirements of Functional Safety.

Engineering Services

New ARMv8-R technology for real-time control in safetyrelated

The Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems

Powered by nature. Certification and testing services for the photovoltaic sector. TÜV SÜD Product Service GmbH

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017

What is ISO/IEC 20000?

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Your Partner for Automotive Infotainment & Mobile Connectivity

Functional Safety and Cyber-Security Experiences and Trends

Integrating Cyber Security and Safety Systems Engineering Disciplines with a common Code of Practice

Global Impact for a Safe and Sustainable Future

Joint ITU-UNIDO Forum on Sustainable Conformity Assessment for Asia-Pacific Region (Yangon City, Republic of Union of Myanmar November 2013)

Agenda. TÜV Secure it GmbH short introduction. Risk Analysis Case Study. Certification Procedure. w w w. t u v. c o m 2/ 18. TÜV Secure it GmbH 2003

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF FOOD SAFETY MANAGEMENT SYSTEMS

RSPO Certification Step by step

New developments about PL and SIL. Present harmonised versions, background and changes.

Functional Safety and Cyber Security Experiences and Trends

IBD CERTIFICAÇÕES. Fair Trade Certification Step by step. Welcome to IBD!

Accreditation programme for management systems certification bodies NAR IRT Edition 2

This qualification has been reviewed. The last date to meet requirements is 31 December 2020.

ISO 27001:2013 certification

ILNAS/PSCQ/Pr004 Qualification of technical assessors

Securing Digital Applications

ISA99 - Industrial Automation and Controls Systems Security

BRE Global Limited Scheme Document SD 186: Issue No December 2017

Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard

ECQA Certified Integrated Designer

Scheme Document. For more information or help with your application contact BRE Global on +44 (0) or

Automotive and industrial use cases for CAN FD

Testing, qualification and certification of your products

KENYA ACCREDITATION SERVICE

The exida. IEC Functional Safety and. IEC Cybersecurity. Certification Programs

MASP Chapter on Safety and Security

ARM processors driving automotive innovation

IBM Rational Rhapsody

What functional safety module designers need from IC developers

Powered by nature. Certification and testing services for the photovoltaic sector. TÜV SÜD Product Service GmbH

Supply Chain Services for Nuclear Power Plants: How to build and control the supply chain

IEC Quality Assessment System for Electronic Components (IECQ System)

UKAS accredited Certification Bodies

ISO INTERNATIONAL STANDARD. Safety of machinery Safety-related parts of control systems Part 1: General principles for design

Accreditation of Product Certification Scheme for Construction Materials By Ir C K Cheung Hong Kong Accreditation Service

Navigating ISO 9001:2015

Balancing energy and environmental demands

New Services in Mobility: C-ITS

TURKISH ACCREDITATION AGENCY. Training, Promotion and Information Directorate

Safety and Security for Automotive using Microkernel Technology

BHConsulting. Your trusted cybersecurity partner

If you have any questions regarding this survey, please contact Marcell Reid at or Thank you for your support!

Access international opportunities

Failure Modes, Effects and Diagnostic Analysis

Transcription:

Automotive Functional Safety Complexity, Confidence, Compliance, Certification Farmington, 2018-03-22 23.03.2018

150 years TÜV SÜD 150 years of inspiring trust Inspiring trust since 1866 The year 2016 marks the 150th anniversary of TÜV SÜD. Since 1866, the company has been partnering businesses and inspiring people to trust in new technologies. Today, TÜV SÜD has grown into an international service company with global representation in over 800 locations, and with over 50 per cent of its employees working outside Germany. In the decades to come, it will continue to make the world a safer place as a future-oriented company shaping the next practice in safety, quality and sustainability.

ISO 26262 Services: CTCT Product Certification Generic SW Tool Certification Process Certification Certification Training ISO 26262 Training: Basic Advanced Expert IEC 62443 Training Functional Safety Certification Program (FSCP) Testing Consulting Assessments Supplier Audits Penetration Tests Workshops Development accompanying support TÜV SÜD Rail GmbH Folie 3

BioThomas Maier Business Development Manager at TÜV SÜD Rail since July 2016 Background: 6 years at UL, principal engineer for functional safety 8 years at Danfoss Drives, functional safety in motion control. 3 years at LM Ericsson A/S: software processes and tools, CMMi, UML and SDL 3 years at Daimler-Benz: system safety and functional safety of drive-by-wire systems and in avionics. 4 years at the Joint Research Centre of the European Commission: system & software safety in fusion technology. International standardization (ISO 26262, ISO 13849 & IEC 62061, IEC 61800-5-2, IEC 61508 maintenance, UL 1998). Dr.-Ing. from University of Stuttgart

Agenda What is Functional safety? Challenges Principles and Concepts per ISO 26262 Demonstration of functional safety Certification TÜV SÜD Rail GmbH Folie 5 5

Today: Automotive safety depends on numerous software-intensive control systems Airbag Control Adaptive Front Lighting Wiper Control Night Vision Engine Control Driver Alertness Monitoring Instrument Cluster Accident Recorder Event Data Recorder Interior Lighting Seat Position Control Active Cabin Noise Suppression Voice/Data Communications Cabin Environment Controls DSRC Entertainment System Battery Management Lane Correction Electronic Toll Collection Digital Turn Signals Adaptive Cruise Control Navigation System Security System Automatic Breaking Electric Power Steering Active Exhaust Noise Suppression Active Suspension Electronic Throttle Control Electronic Valve Timing Idle Stop/Start Cylinder De-activation Active Vibration Control OBDII Blindspot Detection Remote Keyless Entry Transmission Control Lane Departure Warning Electronic Stability Control Active Yaw Control Parking System Antilock Braking Tire Pressure Monitoring Hill-Hold Control Regenerative Braking TÜV SÜD Rail GmbH Folie 6 6

Immediate future: Connected car, autonomous driving Functional safety challenges: Advanced sensing and intelligence Driver responsibility System of systems, socio-technical system Cybersecurity as a safety risk

Functional Safety Challenges System safety Complexity Hidden interconnections and interactions Unpredictable behavior (non linear, chaotic, backward coupling,?) "Human factor", unpredictable use scenario System and product life-cycle Hazards not only in operation, but also in production, transport, disposal? Faults introduced through supply chain Software easy to modify Hardware random failures Of course Systematic failures Increased complexity of microelectronics and software 8

Functional Safety Challenges System safety Complexity Hidden interconnections and interactions Unpredictable behavior (non linear, chaotic, backward coupling,?) "Human factor", unpredictable use scenario System and product life-cycle Software easy to modify Faults introduced through supply chain Hazards not only in operation, but also in production, transport, disposal? Hardware random failures Of course 1. IDENTIFY! Systematic failures Increased complexity of microelectronics and software 9

Functional Safety Challenges System safety Complexity Hidden interconnections and interactions Unpredictable behavior (non linear, chaotic, backward coupling,?) "Human factor", unpredictable use scenario System and product life-cycle Software easy to modify Faults introduced through supply chain Hazards not only in operation, but also in production, transport, disposal? Hardware random failures Of course 1. IDENTIFY! 2. ACHIEVE! Systematic failures Increased complexity of microelectronics and software 10

Functional Safety Challenges System safety Complexity Hidden interconnections and interactions Unpredictable behavior (non linear, chaotic, backward coupling,?) "Human factor", unpredictable use scenario System and product life-cycle Software easy to modify Faults introduced through supply chain Hazards not only in operation, but also in production, transport, disposal? Hardware random failures Of course 1. IDENTIFY! 3. MAINTAIN! 2. ACHIEVE! Systematic failures Increased complexity of microelectronics and software 11

4. DEMONSTRATE! Functional Safety Challenges System safety Complexity 1. IDENTIFY! Hidden interconnections and interactions Unpredictable behavior (non linear, chaotic, backward coupling,?) "Human factor", unpredictable use scenario System and product life-cycle Software easy to modify Faults introduced through supply chain Hazards not only in operation, but also in production, transport, disposal? Hardware random failures Of course 3. MAINTAIN! 2. ACHIEVE! Systematic failures Increased complexity of microelectronics and software 12

Concepts and principles of Functional Safety.in general ISO 26262 in particular Risk-based Requires system approach Hazard identification and risk assessment Management of functional safety Lifecycle Roles and organisation independence of assessors Supplier management Determine risk associated with control systems, using Automotive Safety Integrity Level : ASIL A (lowest), B, C, or D (highest) Address hardware random failures Architecture and failure control Redundancy and diversity Diagnostics Reliability and failure exclusion Address software-related ( systematic ) failures Fault avoidance Modular design Processes, methods, tools Quality assurance

Hazard analysis and risk assessment process Determination of ASIL and Safety Goals TÜV SÜD Rail GmbH Folie 14

Concepts and principles of Functional Safety.in general ISO 26262 in particular Risk-based Requires system approach Hazard identification and risk assessment Management of functional safety Lifecycle Roles and organisation independence of assessors Supplier management Address hardware random failures Architecture and failure control Redundancy and diversity Diagnostics Reliability and failure exclusion Address software-related ( systematic ) failures Fault avoidance Modular design Processes, methods, tools Quality assurance Determine risk associated with control systems, using Automotive Safety Integrity Level : ASIL A (lowest), B, C, or D (highest) Safety culture, assessment, safety case Increasing independence, increasing assessment effort, increasing tool qualification,... the higher the ASIL. Development Interface Agreements

Overall Safety Management FSM before SoP FSM after SoP Distributed Development Safety Requirements Configuration Management Change Management Verification Documentation Software Tools Qualification of Software Qualification of Hardware Proven in Use Argument Functional Safety Management Item Development Management of Functional Safety Safety Development Capability Supporting Processes Safety Culture Quality Management System (ISO 9001 / TS 16949) TÜV SÜD Rail GmbH Folie 16

Concepts and principles of Functional Safety.in general ISO 26262 in particular Risk-based Requires system approach Hazard identification and risk assessment Management of functional safety Lifecycle Roles and organisation independence of assessors Supplier management Determine risk associated with control systems, using Automotive Safety Integrity Level : ASIL A (lowest), B, C, or D (highest) Safety culture, assessment, safety case Increasing independence, increasing assessment effort, increasing tool qualification,... the higher the ASIL. Development Interface Agreements Address hardware random failures Architecture and failure control Redundancy and diversity Diagnostics Reliability and failure exclusion Address software-related ( systematic ) failures Fault avoidance Modular design Processes, methods, tools Quality assurance Safety mechanisms, and metrics with increasing target values for Architectural metrics and diagnostic capabilities (SPFM & LFM), Probability of failures (PMHF) the higher the ASIL.

Fault concepts and hardware metrics: Architectural metrics Single-point fault metric = ASIL B ASIL C ASIL D 90 % 97 % 99 % Driver notices something alarmig Latent fault metric = ISO 26262-5; Figure C.1 Fault classification of safetyrelated hardware elements of an item ASIL B ASIL C ASIL D 60 % 80 % 90 %

Fault concepts and hardware metrics: Reliability metrics Either: Probabilistic Metric for random Hardware Failures (PMHF) to evaluate the violation of the considered safety goal using, for example, quantified FTA or Markov and to compare the result of this quantification with a target value Or: Individual evaluation of each residual and single-point fault, and of each dualpoint failure leading to the violation of the considered safety goal. This analysis method can also be considered to be a cut-set analysis. TÜV SÜD Rail GmbH Folie 19

Concepts and principles of Functional Safety.in general ISO 26262 in particular Risk-based Requires system approach Hazard identification and risk assessment Management of functional safety Lifecycle Roles and organisation independence of assessors Supplier management Determine risk associated with control systems, using Automotive Safety Integrity Level : ASIL A (lowest), B, C, or D (highest) Safety culture, assessment, safety case Increasing independence, increasing assessment effort, increasing tool qualification,... the higher the ASIL. Development Interface Agreements Address hardware random failures Architecture and failure control Redundancy and diversity Diagnostics Reliability and failure exclusion Address software-related ( systematic ) failures Fault avoidance Modular design Processes, methods, tools Quality assurance Safety mechanisms, and metrics with increasing target values for Architectural metrics and diagnostic capabilities (SPFM & LFM), Probability of failures (PMHF) the higher the ASIL. Safety measures (Methods, Activities) Increasing formality and documentation, Increasing self-test requirements, increasing verification depth the higher the ASIL.

Reference phase model for the software development TÜV SÜD Rail GmbH Folie 21

Reference phase model for the software development Traceability requirements Traceability: vertical horizontal TÜV SÜD Rail GmbH Folie 22

Fault avoidance during software development

CONFIDENCE Correctness Completeness (technical / product) Completeness (process related) Compliance ISO 26262 and FS demonstration Safety validation Verification review Test and verification FS assessment FS Audit Confirmation review Confirmation measures 24

Certification in a ISO 26262 context Not a ISO 26262 requirement Nor in any other FuSa standard (eg IEC 61508, ISO 13849) May be required by regulations, laws, industry associations, customers,... ISO 26262 as of today not formally required by national regulations or laws. Main driver for ISO 26262 application is product liability (ISO 26262 represents state of the art) Main drivers for ISO 26262 certification are customers, market situation. Accredited certification provides additional legal protection Benefits, value? The certificate/approval/listing mark/... in itself? Ideally: CONFIDENCE What is available with ISO 26262 certificate: Products (often as SEooC) Tools and/or associated workflows Organisations, Processes Individuals ( Functional Safety Engineer/Professional/Expert... ) Main question: how much confidence do such certificates inspire? This may trigger the following sub-questions: Independent, accredited certification organisation? What is the technical competency of the certification organisation? Addresses compliance, or also correctness and completeness? If correctness and completeness are addressed, what investigation depth and rigour were applied? How much effort spent? One-off certification, or combined with surveillance or follow-up? 25

Competency requirements for TÜV SÜD FuSa evaluation staff Achievement and evaluation of functional safety requires expertise in various disciplines (in addition to appropriate domain competency): quality and development process management and audit hazards-based safety engineering requirements engineering embedded control systems engineering hardware engineering microprocessor technology, semiconductor technology formalized and model-based software engineering programming languages (C, C++, assembler) hardware reliability and failure models (electric, electronic, microelectronics, electromechanical, mechanical, pneumatic, hydraulic) immunity against electromagnetic phenomena and other environmental impacts probabilistic modeling safety analysis using formalized methods and techniques (FMEA, FTA, Markov, RBD, ) verification and validation construction of safety cases 26

FuSa Evaluation Tasks Performed by TÜV SÜD Project accompanying, three types, and their objectives: Review Test complete evaluation of key work products Key WP s: those listed for confirmation and verification review Sampling, focus on critical points of WP, for detailed implementaionrelated WP s, reliance on process/methods/tools Completeness, correctness, compliance Function, fault insertion, environmental performed and/or witnessed sampling, selection of interesting and representative test cases Completeness, correctness Audit in accordance with FSM documentation on-site, meeting people Compliance, competency, safety culture 27

Independant, accredited, competent, project accompanying Review, Test, Audit INCREASED CONFIDENCE Correctness Completeness (technical / product) Completeness (process related) Compliance ISO 26262 and Certification Safety validation Verification review Test and verification FS assessment FS Audit Confirmation review Confirmation measures 28

THANK YOU!!!for FS assessment staff Your Comments and Questions are Welcome! Dr.-Ing. Thomas Maier TÜV SÜD Rail GmbH TÜV SÜD America 10040 Mesa Rim Road San Diego, CA 92121 T: +1 858-220-0783 E: tmaier@tuvam.com W: http://www.tuv-sud-america.com g

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback