An Advanced Guide to ISO 26262 - ebook : Looking back and into the future Part 2 www.iso26262-conference.com
: Looking back and into the future The 5th International Conference ISO 26262 will bring together experts from OEM s, Tier 1 Suppliers, Research Institutes, Regulatory Bodies and Technology & Safety companies for four days of case studies, workshops, panel discussions and networking sessions. As the revision of ISO 26262 is currently in process, we asked our advisory board members and plenary speakers what they expected the most important changes and developments would be. Read the résumé on IQPC s history with ISO 26262 by this year s Conference Chairman Prof. Stefan Leue (Chair for Software Engineering, University of Konstanz): IQPC s conference on the international safety standard ISO 26262 has been held annually to bring together safety and system engineers, standardization experts and academics interested in exchange on how to interpret and implement automotive safety engineering according to this standard. In the three years since the first conference was held, this event has evolved in a premier technical exchange platform that is unique in the way it focusses on communication amongst international OEMs, suppliers, legal experts and academics. While the first events in this series focused on questions how to interpret normative statements in the standard and to assess to what extent the introduction of the standard would entail a deviation from existing safety engineering processes, the interest and focus of discussions has moved to considering successful implementations of the standard, tool support for the mandated safety process steps, legal considerations, the implications for suppliers further down the supplier chain, international consistency issues and the further development of the standard in upcoming revisions. I am confident that the 5th International Conference ISO 26262, held at Berlin in March 2015, will further foster discussions regarding the implementation of the ISO standard and its further evolution. 2
The revision of the ISO standard will be an ongoing project for the next years to come. Many topics will be subject of discussion and detailed specification such as fault-tolerant system development, product liability and legal consequences to name just a few. Hear what our plenary speakers expect from the coming revisions: The change I would most like to see relates to the underlying mental model of the standard. Work on the 2011 edition started nearly 10 years earlier when vehicles had rather modest, by today s standards, networking capability and consequently most features/functions resided in a single control unit and most of the inputs and outputs were hard-wired. There were relatively few features/functions that were distributed between different control units. This situation is the underlying mental model of the 2011 edition and within that frame of reference works quite well. Roger S. Rivett (Functional Safety Technical Specialist, Jaguar Land Rover) However today s vehicles are more and more characterized by massive amounts of networking and distributed control, particularly for the growing number of ADAS features, and the standard is a lot harder to apply in this situation. Consequently I would like to see the mental model underlying the standard change to one of distributed control. The main changes I am currently aware of in the discussion about the ISO standard are scope extension to motorcycles with MSILS, scope extension to trucks, extension to cyber security, extension to Nominal Performance, Improvements to better cover autonomous driving and the lesson learnings so far. Of course, all of this is beneficial but it will take a lot of effort for all (additional) companies to adapt. Dr. Tomislav Lovirc (Safety Assessor TRW Automotive Lucas Automotive Gmbh) 3
My expectations are that Hardware metrics will be simplified, that SW safety analysis will be more descriptive, that the SEC concept will be further improved and clarified also that we see some more guidance in how to handle the nominal function and its incapability. Dr. Hakan Sivencrona (Functional Safety Manager, Lead System Engineer Delphi Automotive Systems Sweden AB) I expect the revision to provide reasonable methods for safety audit and safety assessment procedures, i.e. procedure/proceedings on how to do that, and, more importantly, against what exact criteria. Dr. Pierre Metz (Organisational Safety Manager, Brose Fahrzeugteile GmbH & Co. KG) Possibilities could be: 1a) Against all 26262 clauses. However, this is: i. Not realistic, because they are too numerous ii. Further, 26262 clauses must be categorized into process-specific and product-specific first 1b) Against the objectives in each 26262 main chapter. However: iii. The objectives are more abstract than the clauses, but they still do not cover all the aims of the clauses, for example: Objectives on the functional safety concept does not mention warning concepts 2. Clarify ambiguous, overlapping, redundant, and apparently inconsistent terms ( technical independence, co-existence of elements, freedom from interference to name a few) 3. Provide much more guidance for methods relating to safety analysis, in particular SW safety analysis and analysis of dependent failure 4
Dr. Rolf Johansson An obvious change relates to the adaptation for heavy trucks and for motorcycles. The current working groups seem to bring substantial input valuable for a coming revision. Furthermore, it is rather likely that part 10 of today will be complemented with a number of experienced examples. To what extent the area of automated functions and autonomous vehicles will be addresses in this revision, is in my opinion an open question. The most important thing from my perspective is that the ISO26262 standard can stay both on standard and also showing capability to continuously evolve over time. (Project Manager at SP Technical Research Institute of Sweden) I d like to see more emphasis on the relationship between functional safety and vehicle safety. Also, the publications of more examples and studies that discuss the advantages and limitations of certain practices and techniques would be beneficial. Dr. Ibrahim Habli (Research and Teaching Fellow in Safety-Critical Systems, Department of Computer Science, University of York) 5
Generally, I think topics like semiconductors, functional performance and other industrial domains (motorcycles, commercial vehicles) need to be addressed. Fortunately there are various working groups involving key players to solve these issues. So I m really confident about the future of the ISO 26262. And personally, I d like to see more focus on systems of systems, more precise definition of the methods in the infamous tables would support our work extensively. Adam Schnellbach (Functional Safety Group Leader, MAGNA Powertrain AG & Co. KG) In terms of changes to the standard, I would hope for the currently unsolved challenges to be addressed. For instance, SW complexity handling: No realistic state-of-the art requirement currently exists. In addition, the requirement for probability of double HW failures, model specification and validation for environment handling is currently not defined. Adela Béres Regarding a fault tolerant EPS, the handling of multiple failures is crucial and has a great impact on the architecture. Knowing what an acceptable risk is would help the development. (System Safety Manager, Thyssenkrupp Presta) 6
23 26 March 2015 Steigenberger Hotel Berlin, Germany 0 1010 0100100 01001010 010100100 0100101 01001 10010010100 1001010010010 101001001010010 00100 10100100101 00101001001010010 1001001010010010 0101001001010 01001010010 0100100 10 00101 0100100 010010100 10100100 0100101 101001 010100 1001001 100101001 0100100 1 1001010 5 th International Conference ISO 26262 Tackling functional safety challenges on all levels Meet and exchange with leading functional safety experts from all over the world Co-located with Embedded Systems 5 th International Conference ISO 26262 Tackling functional safety challenges on all levels 23 26 March 2015 Steigenberger Hotel Berlin, Germany Visit our download center for free white papers, articles and much more! www.iso26262-conference.com/mm Meet experts from the Excellent networking opportunity. A very good forum ollowing companies: to exchange on functional safety topics Rafał Dorociak, Functional Safety Manager, Hella KGaA Hueck & Co. Download the latest agenda: www.iso26262-conference.com Gain insight into the next generation ISO from ISO 26262 committee members to ensure an optimised implementation Identify interactions between automotive safety and security and benefit from best practice examples to ensure an efficient co-existence Discover how ISO 26262 can be successfully implemented on a global scale at optimal costs Join the technical Chassis or Powertrain stream and collect state-of-the-art solution approaches to tackle domain-specific challenges Examine the implications the move towards automated and autonomous functions will have on ISO 26262 implementation to be prepared for the functional safety of the future Highlight speakers include: Dr. Hakan Sivencrona, Functional Safety Manager, Lead System Engineer, Delphi Automotive Systems and ISO 26262 International Committee Member, Sweden Adam Schnellbach, Functional Safety Group Leader, MAGNA Powertrain AG & Co. KG, Germany Peter Müller, Development specialist, System- and Functional Safety Powertrain, BMW Group, Germany Fulvio Tagliabò, Global Functional Safety Manager, Magneti Marelli, Italy Sponsors: Academy Day 23 March 2015 Workshops 1: Legal requirements to apply ISO 26262 2: MBSE: A continuing source of myth and pitfalls? 3: Efficient evaluation of hardware metrics using combinational methods like FMEDA and FTA 4: Efficient system analysis and design for safety-relevant products 5: Integrated security and safety processes 6: Fault trees for methods, tools and processes: Nothing to calculate still a lot to take away 7: Re-assessing SEooC: Shared experiences To Register: T +49 (0)30 20 91 33 88 F +49 (0)30 20 91 32 10 E eq@iqpc.de www.iso26262-conference.com/mm SAVE up to 600,- with our Early Birds if you book and pay by 23 January 2015! www.iso26262-conference.com 7