Best Practices

Lowering the Cost and Risk of Achieving Functional Safety

Compliance standards, especially those that involve relatively new functional safety elements, will likely add additional requirements to the development process.

For example, the increasing complexity and abundance of automotive electronic systems led to the creation of a functional safety standard called ISO 26262 in 2011. And to ensure that new electronic functions remain functionally safe in the industry’s rapidly evolving environment, the International Organization for Standardization (ISO) recently introduced a second edition of ISO 26262 in December 2018. Similar regulations for other industries abound: DO-178B/C for aerospace standards, and IEC 60601 and ISO 14971 for medical standards.

Common to all of these safety standards is a risk-based approach to determine the criticality and potential hazards associated with key system functions. The primary goal of these standards is to prevent the failure of a system or device that could cause injury, harm or death. If a failure is unavoidable, then the system should fail gracefully.

Watch our webinar: “Understanding ISO 26262 Compliance for Automotive Suppliers”

The Impact of Tools in Functional Safety

ISO 26262 complements good systems engineering practices by requiring that hardware and software safety concerns be addressed and documented in a systematic way throughout the development lifecycle. In the past, safety design was considered part of general requirements activity. But merely identifying and tracing requirements in the software and hardware teams is not enough. The common practice of hardware and software teams working in silos will not guarantee the level of safety coverage required by ISO 26262.

How can the problem be resolved?

One of the key things missing from the general approach to requirements are the traceability links between phases. Many tools do a great job of requirements management and traceability within a particular phase but provide a poor auditable trail for traceability between phases. The activities of comprehensive and complete lifecycle traceability become an auditing afterthought, to be finished after the project is completed. This is the result that ISO 26262 tries to avoid through documented attention to the development process, decision-making and selection of supporting tools.

And because functional safety is a top priority for so many of our customers, Jama went through the process of earning a certification from internationally recognized testing body TÜV SÜD. Jama Connect™ is certified as a fit-for-purpose software tool for development of safety-related products according to ISO 26262 (up to ASIL D), IEC 61508 (up to SIL 3), IEC 62304 and EN 50128, giving our customers confidence that the products they are building are safe to use.

Learn more about ISO 26262 and automotive electronics development.

Tool Implementation Strategies

Tool qualification depends upon how the tool is used, which in turn determines what impact it could have on safety. For example, depending upon its usage, can the tool introduce a hardware defect or software bug into the system? How the tool is used within a tool chain will also determine the probability that an error introduced by the tool will be detected.

A confidence level is assigned to a given tool, or a flow within a tool, based upon the probability that it will insert or cause an error, combined with the likelihood that the error will be detected during the development process. The importance of the tool confidence level is that it will determine the cost an organization must invest in tool qualification.

As with other standards, implementing the ISO 26262 process requires iteration of a number of basic steps:

  1. Determine the existing process and tools to answer the question “Where are we now?”: Review the current embedded hardware and software development processes and tool chains. Understand the application(s) to be developed and assign levels of confidence in terms of safety.
  2. Gap analysis to answer the question “Where would we like to be?”: Perform a gap or impact analysis to identify current challenges and process efficiency improvements – often done using model-based design techniques.
  3. Training and instruction: Provide design-for-safety training and instruction to address the previously identified gaps.
  4. Hands-on deployment support: Apply the knowledge gained in the previous steps to a specific pilot project. This will require assistance in a wide range of areas including requirements traceability, modeling, simulation, code generation, verification, validation, tool qualification and system integration.

Jama Software is the first SaaS and Agile vendor to be ISO 26262 fit-for-purpose certified by TÜV SÜD. Read more.

Alignment with Best Practices for Functional Safety

This holistic approach to functional safety exemplifies several key elements of good system engineering processes: collaboration, traceability, validation and verification (V&V), risk analysis and mitigation, and careful integration within the tool chain.

Watch our webinar, “Jama ISO 26262 Certification and Best Practices for Development,” to learn more about how teams creating products for any safety-critical industry can lower the costs and risks of complying with functional safety standards.