Tag Archive for: Functional Safety

How EN 50128 Establishes Functional Safety Standards for Railway Software

In increasingly complex, rapidly evolving, and highly regulated industries, product development teams must build safety-critical products, while streamlining risk management and keeping accuracy and security at the forefront. This blog post will define functional safety and EN 50128 and explain why compliance with safety standards is critical to railway software and industrial manufacturing teams.

What is Functional Safety?

As part of the overall safety of a system or piece of equipment, functional safety is a key component that builds upon automatic protection. The best way to reduce risks in industrial manufacturing is to ensure automated protection systems have predictable responses to malfunctions or failures.

The concept of functional safety applies to everyday life and every industry you can think of. The International Electrotechnical Commission (IEC) provides this example of transportation functional safety:

“When you board a train, the subway or a cable car, functional safety ensures that the doors close before the vehicle departs and that they don’t open while it is in movement. They also ensure that the railway signaling system helps avoid that an oncoming train crosses your train’s path.”

When systems fail to operate, significant disasters can occur. Safety standards, such as EN 50128, are designed to reduce risk tolerance around these events.

What is EN 50128?

EN 50128 is a certification standard issued by CENELEC (the European Committee for Electrotechnical Standardization). The international version of this standard is IEC 62279. This standard specifies the requirements for railway applications, including communication, signaling, and processing systems for railway control and protection systems software.


RELATED: IEC 61508 Overview: The Complete Guide for Functional Safety in Industrial Manufacturing


According to Engineering360, the European standard “specifies the process and technical requirements for the development of software for programmable electronic systems for use in railway control and protection applications.” It aims toward any practical use where there are safety implications. This European Standard applies exclusively to software, the interaction between software and its system, and all safety-related software used in railway control and protection systems, including:

  • Application programming
  • Operating systems
  • Support tools
  • Firmware

Why compliance with safety standards such as EN 50128 is critical to railway software and industrial manufacturing teams

Eliminating all chances of risk may not always be possible. However, manufacturers must continuously seek strategies to mitigate potential safety issues, which is why industry experts in industrial manufacturing have created standards, such as EN 50128, and IEC 62279, to reduce risk and support the development of safety-sensitive products.

According to TUV SUD, “functional safety ensures that safety risks due to hazards caused by the mal-functional behavior of systems are reduced to an acceptable level. These safety risks are increasing in the rail industry as rail technology is becoming more and more complex, with both hardware and software interacting in different ways and components that are sourced from multiple markets.”


RELATED: The Top Six Things You Should Know About TÜV SÜD


How Jama Connect® Can Help Organizations Achieve EN 50128 Compliance

Compliance is an essential goal for organizations in regulated industries, but it is not the only factor when delivering safe and reliable products to market. Organizations need defined processes for development and production and detailed end-to-end traceability to achieve compliance, from high-level user needs to validation and verification.

Jama Connect® is TÜV SÜD certified for developing safety-related products. Jama Software® is the first vendor that is both SaaS and Agile to receive the certification. In 2019, Jama Software completed additional certification as a software tool for railway applications according to EN 50128.

Focus and rigor in the product development lifecycle drives compliance as an outcome. While the ultimate responsibility of functional safety remains with the customer, Jama Connect eases the path to compliance so companies can focus on building products right.

Ensuring Compliance & Managing Risk with Jama Connect

Jama Connect is engineered to ensure quality with frameworks aligned to key industry standards which streamline design, development, testing, and risk management while maintaining compliance. Teams can quickly see the full historical context around a requirement when they contribute to a project — reducing the probability of errors as well as the time and overhead spent on risk analysis.

Interested in learning more? Watch our webinar, Lessons Learned for Reducing Risk in Product Development



safety

Like many industries, the semiconductor industry has seen a dramatic change over the past several decades. Simple, single function devices have evolved into complex multi-function devices with firmware, supporting software and, in some cases, full reference designs. While the products that the semiconductor industry sells are still integrated circuits (ICs), in many cases the supporting software, documentation and system-level understanding are just as important as the product themselves. A key example of this are the products produced for the automotive industry that must meet the Functional Safety requirements of ISO 26262. 

Early in the days of integrated circuit design, companies generally focused on developing single function products. The development focus was on continuously optimizing for different applications and in many cases improving performance metrics like power, speed, and bandwidth. Later came an increased focus on reducing product size and cost. The common thinking was that if team could build a product with better performance metrics than the previous generation, there would be a market for the product. For these teams the skill of circuit design and the capabilities of manufacturing were the ultimate competitive advantage. A great deal of system-level understanding is not required, although many teams had Applications Engineers with an understanding of the various applications their products would be used for. 

For many companies in the semiconductor industry, circuit design and manufacturing are still competitive advantages. For others, an increased focus on integration has encouraged them to think in terms of providing a complete solution, rather than just products. Increasing levels of integration is often driven by a goal to decrease size and cost of the solution but doing so requires a better understanding of the end application and more systems-level thinking in developing the solution. This understanding of the end application leads to a focus on clearly understanding and communicating the requirements to ensure successful product development. While in single function products the requirements are often simple and the circuit design is the challenge, in more complex products the requirements can become quite complex and truly understanding the need is just as critical as executing on developing a solution. 

No aspect of integrated circuit development increased functional complexity as much as adding firmware and software to the overall solution being provided. While adding software and firmware to a solution is often done to solve a specific problem, it quickly opens up such a wide range of functional possibilities that the complexity grows rapidly. While there are still teams focused on advancing the state of the art of circuit design, just as many (maybe more) teams are developing full solutions with a semiconductor element as well as firmware, software and even system integration. The ultimate representation of this trend is semiconductor companies providing complete reference designs that contain nearly all the engineering required to produce an end-product. 


RELATED: ISO 26262 vs. ASPICE


In the automotive industry, the trend of providing a complete system-level solution has not been as strong as in other industries like IoT or consumer, but another trend has emerged: providing a safe solution. Integrated circuits sold into automotive applications have long had to achieve some of the toughest reliability standards. Now it is increasingly common for vehicle electronics to impact the safety of the vehicle, so not just reliability is required, but also functional safety. Achieving functional safety requires a lot more than circuit design and process technology. It requires understanding of how failures in an integrated circuit can impact the system. It requires robust development processes not traditionally employed in the semiconductor industry. 

Nowhere was the need for this more strongly articulated than at the “Guidance & Application of ISO 26262 to Semiconductors” conference held virtually in August 2021. In the first session of the conference, several automotive OEMs joined forces to explain how important it is for semiconductor suppliers to develop pre-integrated, pre-certified and pre-tested solutions that meet the requirements of ISO 26262 and place the minimum burden on system integrators to integrate the solution into their system and safety case. Functional Safety adds a lot of overhead to vehicle development and receiving complete solutions from their suppliers goes a long way toward reducing that burden. 

While many semiconductor suppliers have been playing catch up to meet the requirements of ISO 26262, others are turning it into a competitive advantage. These suppliers are winning business on the strength of their functional safety competency. They have developed robust processes featuring robust requirements management, configuration management and safety analysis. As a result, they can provide their customers complete safety cases that save their customers significant time when integrating their solutions. Some are even furthering the state of the art in functional safety by participating in standards development. It is common for multiple suppliers to have technically equivalent products, so in these cases safety competence can become the deciding factor in which semiconductor solution an OEM or Tier 1 supplier ultimately selects. 

With the automotive industry working toward fully autonomous vehicles, the importance of developing safe products is more critical than ever. It will take the whole industry working together to furthering the state of the art in all areas to achieve the goal of full autonomy. That state of the art includes both skillful circuit design and robust process that ensure safety. 

Never has there been a time where it was more critical for the semiconductor industry to adopt new skills. Circuit design and manufacturing will always be the core competency of semiconductor companies, but for those focused on the automotive industry safety, it is increasingly necessary for safety to be a core competency. Developing this as a core competency can lead to increased market share in today’s exciting automotive market. 



Functional Safety for Autonomous Driving

This post on functional safety for autonomous driving is Part III in our three-part series with automotive expert Patrick Freytag. If you haven’t already, please go back and read Part I, which talks about how the automotive sector is changing – and Part II, which discusses ways to address functional safety.


Since functional safety has a product lifecycle approach, it has a wide impact on all processes in a company. As a newcomer to functional safety, it’s challenging to focus on the most important aspects, especially for new entrants in the knowledge-intensive automotive sector. Here are best practices based on my observations and experience.

Functional Safety for Autonomous Driving – Best Practices for New Market Entrants 

Executive Management Team: Pay Attention to Functional Safety 

Product safety should be at topic of conversation for the Executive Management Team (EMT) because of the legal responsibilities placed upon the company by deploying a vehicle to customers. The EMT should understand that it needs dedicated resources to achieve product safety. One of the most important tasks of the EMT is to implement a Safety Engineering Management and to assure that roles and responsibilities for quality and safety are defined and communicated in the company. Members of the safety team need a specific skill set, so it is important to invest in functional safety education and qualification. It is important to foster a quality and safety culture in the company. For that reason, quality and safety should be part of goal agreement and performance evaluation. Quality and safety have to be recognized as a core responsibility and a performance indicator for employees.  

Project Management: Plan and Track Functional Safety 

Project management has to incorporate functional safety in the product concept and development plan. The Project Manager (PM) should consider the additional time and cost in the project plan and the project budget. Product development plans must include quality and safety milestones and the related work products. What should be done if the PM doesn’t receive proof that quality and safety milestones are reached at the gate reviews, for example? Well, that’s for sure a red flag. Situations like these may point to deeper rooted issues, and should not be brushed under the rug. The PM should start a GAP analysis and request an action plan. I recommend escalating the issue to the executive team ASAP in case there is missing proof of product safety. It won’t get better without commitment and planned actions, the longer you wait the worse the situation will get. Since safety considerations most typically permeate several layers of system design, it is not an attribute that can be tagged on shortly before the start of production, it has to be implemented from the beginning. 

Development & Functional Safety Team: Implement and Validate Functional Safety 

Industry experience shows that functional safety is not a topic you can assign to one responsible person. For example, a technical safety concept is created by a team of software, hardware, and system-level experts and moderated by a systems architect in collaboration with functional safety engineers. This means that the functional safety manager is a role that is played a few times in a company, while the role of a safety engineer can be assigned to even an entire team. As mentioned, functional safety requires specific domain knowledge and safety engineering expertise. But what can be done if this expertise is missing in-house? My recommendation is to compensate it with external resources as an interim solution. Start functional safety education and qualification as a long-term solution. Safety must be addressed in product development with adequate engineering methods and domain knowledge to define safety requirements. These safety requirements have to be implemented, tracked, managed, verified, and validated to make sure that risk reduction is realized, and the product is safe.  


RELATED: Learn more about the Jama Connect Functional Safety Kit for Automotive Teams 


The Evolution of Functional Safety for Autonomous Driving 

The functional safety focus is on avoiding and mitigating failures in E/E systems. That also works well for Advanced Driver Assistance Systems (ADAS). When a failure is detected, the driver gets alerted, and mitigation measures are performed to reach a safe state. These systems are called fail-safe. Let’s take Adaptive Cruise Control (ACC) as an example. When a failure is detected, a warning will be displayed in the Instrument Cluster. This visual warning is typically combined with an acoustical warning to get the attention of the driver. The ACC function will be switched off, and the driver is in charge to control the vehicle’s speed and keep a safe distance again.  

Additional Safety Considerations for Autonomous Driving 

The ADAS safety mechanism described above will not be sufficient for a fully autonomous vehicle. It’s not possible to switch off the automated driving system because there is no driver in the loop to take over. An Autonomous Vehicle (AV) has to work under all (failure) conditions, it has to be fail-operational. An AV without a driver in the loop also needs situational awareness, understand the surrounding world, decide, and act. This situational awareness is created by data fusion from a variety of complex sensor systems based on lidars, cameras, and radars. The combined data is then interpreted to plan and take action. This interpretation and planning are achieved by complex algorithms, driven by Artificial Intelligence (AI) and Machine Learning (ML).  

Today, many connected and ADAS-equipped cars are already available. Connectivity features and information sharing are increasingly used for updating vehicle features, maintenance-related diagnostics, and traffic services. This development will also increase the attractiveness of an attack on vehicles by hackers with different motivations and it introduces additional risks for vehicle cybersecurity.  

Safety Concerns Due to System Limitations and Misuse 

What happens if an automated driving system has no system failure but doesn’t work as intended? Unsafe behavior could be triggered by limitations in the sensor systems, extreme conditions, or unforeseen situations. In addition, misuse could confuse the AI algorithms and result in unsafe behavior too.  

An example of misuse of an ADAS was showed by Consumer Reports. Consumer Reports reported in April 2021 that it was able to trick a Tesla into driving in autopilot mode with no one at the wheel. Real-life proof followed in May – Police arrested Tesla driver for operating his car from the back seat while traveling on a San Francisco Bay Area freeway. The officer confirmed the sole occupant was in the backseat, so he took action to stop the car and saw the occupant move to the driver’s seat before the car stopped. In response, Tesla activated the cabin camera with a software update to detect and alert driver inattentiveness while autopilot is engaged for Model 3 and Model Y end of May.  

Here a typical example of limitations, an AV is driving and confronted with black ice conditions. While an experienced driver should be able to comprehend the situation and respond properly, an AI-based AV might not. Without sensing the icy road condition, an AV might drive faster than is safe for the condition. 

As a result, there has to be an addition to functional safety considering safety violations that occur in absence of a system failure. 


RELATED: Watch a demonstration of the Jama Connect for Automotive Solution


Safety of Intended Functionality or SOTIF (ISO/PAS 21448) 

The publicly available specification ISO/PAS 21448, titled “Road vehicles — Safety of the intended functionality” was published in 2019. SOTIF is defined in the standard as: “The absence of unreasonable risk due to hazards resulting from functional insufficiencies of the intended functionality or by reasonably foreseeable misuse by persons.” The goal of SOTIF is to avoid situations where vehicles are working as designed, but are failing under real-world scenarios. ISO 21448 provides guidance on the design, verification, and validation measures to achieve the SOTIF. The current version covers Advanced Driver Assistance Systems (SAE J3016 L1 and L2). It can be considered for higher levels of automation; however, additional measures will be necessary. 

 The Standard for the Evaluation of Autonomous Products (ANSI/UL 4600) 

The UL 4600 standard was issued in April 2020 with the scope of the Safety Evaluation of fully Autonomous Driving Systems that operate without human intervention. The goal of UL 4600 is to ensure that a comprehensive safety case is created, including safety goals, argumentation, and evidence. UL 4600 covers the safety principles, risk mitigation, tools, techniques, and life-cycle processes for building and evaluating a safety argument for vehicles that can operate in an autonomous mode without human supervision. Therefore, the ML-based system aspects of the autonomous operation are covered. UL 4600 works well with existing automotive safety standards such as ISO 26262 and ISO/PAS 21448 by building on their strengths while also filling their autonomy-specific gaps.  

Conclusion

The safety challenge for autonomous vehicles can’t be addressed with a single standard as of today. As we move on from existing Advanced Driver Assistance (L1 and L2+) to fully Automated Driving Systems (L5) the standards and methods will evolve too.  

Current state-of-the-art automotive safety is achieved with a combination of different engineering methods and processes: 

Functional Safety (ISO 26262)

Guards the E/E malfunction behavior due to systematic and random hardware failures for vehicles with a human driver present responsible for safe operation

Safety of the Intended Functionality (ISO/PAS 21448) 

Deals with the functional limitation regarding the absence of unreasonable risk due to hazards resulting from functional insufficiency of the intended functionality or reasonably foreseeable misuse by persons. SOTIF covers L1 & L2 ADAS vehicles with a human driver present responsible for safe operation. 

Cybersecurity engineering (ISO/SAE 21434)  

Protects road vehicle systems and components from harmful attacks, unauthorized access, damage, or anything else that could interfere and compromise safety functions 

Evaluation of Autonomous Products (ANSI/UL4600) 

Proofs the safety of fully autonomous road vehicles that can operate without human supervision  

Take Away: The combination of different engineering methods is needed on the way to fully Autonomous Driving  

  • Functional Safety helps you to do things right 
  • Safety of Intended Functionality helps you to do the right things 
  • Cybersecurity helps to protect the safety functions from being compromised 
  • Evaluation of Autonomous Products helps you to provide proof that you did enough safety engineering work to achieve a safe autonomous product

This blog post concludes the 3-blog miniseries on automotive insights and best practices on the way to autonomous driving. Special thanks to Jama Software for the opportunity to share my observations and experience with you. I hope you enjoyed reading my thoughts and got useful insights into the complex and interesting world of automotive safety and autonomous driving.  



functional safetyMy last blog post covered why and how the automotive sector is changing fast over the last few years – you can find that post here. A common expectation is that our future cars will be connected, automated, shared, and electric. In a current Motional Consumer Mobility report, Americans were asked what is their most important consideration to use a self-driving vehicle. Nearly two-thirds of Americans (65 percent) say safety is the most important consideration when deciding to use a self-driving vehicle. So let’s take a closer look at automotive functional safety and how to deliver a safe product. 

Safety Considerations for Product Design 

Modern cars are a complex piece of technology. They are connected, have sophisticated Infotainment Systems (IVI) and Advanced Driver Assistance Systems (ADAS). You will be surprised about the amount of software used in the 30 to 70 electronic control units in a car. There are up to 100 million lines of code deployed in a modern high-end car today. System complexity will increase even more when we move beyond ADAS-supported driving to Automated Driving Systems (ADSs) in the future.

The challenge for the industry is that new potential hazards may arise with the increasing use of electronics and software in cars. Apart from complex technology and consumers’ expectations, we will get regulations covering the safety of future cars. In the U.S., this is the responsibility of the National Highway Traffic Safety Administration (NHTSA).

Defined by the Vehicle Safety Act in 1966, the NHTSA has the sole authority to make final decisions on rules and safety standards for future road vehicles. Once the NHTSA establishes a standard, the Agency is required to ensure that manufacturers comply when producing new vehicles.

In 2016 the NHTSA published “Vision for Safety,” a non-regulatory approach to automated vehicle technology safety. “Entities are encouraged to follow a robust design and validation process based on a systems-engineering approach to design ADSs free of unreasonable safety risks. The overall process should adopt and follow industry standards, such as the functional safety process standard for road vehicles…” 


RELATED: Learn more about the Jama Connect Functional Safety Kit for Automotive Teams 


Which industry standard is the NHTSA referring to? 

The mentioned standard is the ISO 26262 standard. First issued by International Organization for Standardization (ISO) in 2011 and later updated in 2018. The ISO 26262 is titled “Road vehicles – functional safety,” the first comprehensive voluntary industry standard for safety engineering of Electrical and Electronic Systems (E/E) in road vehicles. This standard recognizes that safety is a system attribute and can be addressed using systems engineering methods. ISO 26262 emphasizes the importance of implementing a safety engineering management and fostering a safety culture. 

What is functional safety and how to comply? 

Functional safety is defined as the “absence of unreasonable risk due to hazards caused by malfunctioning behavior of electrical/electronic systems.” The goal of ISO 26262 is to ensure safety from the earliest concept to the point when the vehicle is retired. To ensure vehicle safety, the standard outlines an automotive safety life cycle that describes the entire production life cycle.  

Specific steps are required in each phase of the safety life cycle. One of the most important steps at the beginning of the safety life cycle is the Hazard & Risk Analysis of potential hazards (HARA). The result is an Automotive Safety Integrity Level (ASIL) classification of the hazard and the formulation of an overall safety goal. Safety goals are basically the level of safety required by a system or component to function without posing any threats to the vehicle. 

An ASIL is assigned by evaluating three risk parameters, severity, exposure, and controllability. Severity defines the consequences to the life of people due to the failure that may occur. Exposure is the likelihood of the conditions under which a particular failure would result in a safety hazard. Controllability determines the extent to which the driver will be able to control the vehicle should a safety goal be breached due to the failure or malfunctioning. An ISO 26262 method provides guidance on how to assign the ASIL for a hazard once severity, exposure, and controllability are determined.  

In the next step, a functional safety concept is developed for each safety goal. The functional safety concept defines functional safety requirements within the context of the vehicle architecture, including fault detection and failure mitigation mechanisms, to satisfy the safety goals. Then the technical safety concept is developed to specify the technical safety requirements within the system architecture. The technical safety concept is the basis for deriving the hardware and software safety requirements that are used for developing the product. These safety requirements have to be traced, managed and validated through product development to assure the delivery of a safe product. 


RELATED: Watch a demonstration of the Jama Connect for Automotive Solution


Why is functional safety important? 

Functional Safety describes a risk-based system engineering approach to avoid unreasonable risk. From a business aspect, using ISO 26262 as a guideline helps you to avoid costly product recalls due to safety hazards. Tesla recalled roughly 135,000 Model S and Model X vehicles over Touch-Screen failures in February 2021. The move came after the National Highway Traffic Safety Administration requested a safety recall. NHTSA asked for the recall because the center display in some models can fail when a memory chip runs out of storage capacity, affecting safety functions such as windshield defogging and defrosting controls, exterior turn signal lighting, and rearview backup camera display. 

Following the standard minimizes the risk of harm to people and non-acceptance of your products by the market. In particular, automobile manufacturers have a legal responsibility to design their vehicles to guarantee driver, passenger, and pedestrian safety. As a consequence, automobile manufacturers can be named as defendants in a product liability suit. For example, Toyota Motors agreed to pay $1.2 billion to settle the Justice Department’s criminal investigation into whether the company hid safety defects related to unintended acceleration in 2014. 

Takeaway 

Functional safety is an essential part of product development and needs to be addressed early in the concept phase and considered through the full product life-cycle. ISO 26262 offers an engineering guideline and methods to avoid or at least mitigate systematic failures and random hardware failures of Electrical and Electronic Systems. The derived functional safety requirements have to be implemented at the lowest level up to the system level, both from a hardware and software perspective. This offers the ability to prove that the added E/E-systems are free of unreasonable safety risks. 

The pragmatic engineering approach is to use existing knowledge, or how I call it, to use the industry’s memory. You should look at the ISO 26262 series as the framework, and set of guidelines and methods. ISO 26262 can help you with system engineering methods for a safe product and still give you some flexibility in the development process. This is especially helpful for newcomers to the automotive industry, who may lack specific automotive safety engineering experience. 

Let’s put it that way, using existing engineering methods and knowledge is like standing on the shoulders of a giant – you can see further. This is even more true for automotive product safety because there is no room for trial and error. 

Stay tuned: The next blog post in this series will give real-life advice on how to implement functional safety in your organization and products, and a glance at the evolution of functional safety for autonomous driving. 



Safety and Security

Editors Note: This post on safety and security in in automotive development is a guest post by from our partner Ansys. To learn more about Ansys, visit their website. 

Safety and security have always represented a driving force in automotive engineering. Today, these performance criteria are more important than ever, as vehicles continue to grow exponentially in technological complexity. Advanced technologies deliver benefits, but also create new risks and potential failure modes. 

With sales of electric vehicles projected to reach $567 billion by 20251the design of powertrains and battery management systems has been brought to the forefront. Automakers also hope to capture a share of the global autonomous vehicle market, which will account for $556.67 billion by 20262placing more focus on embedded control software, perception systems and sensors. 

Before these diverse innovations can be commercialized, they must be analyzed and verified for reliable performance under every operating condition. Equally important, all electronics must be proven to work together at the system level, which means developing a robust system-level architecture, testing every integration point, and identifying and addressing weaknesses 

The Industry’s Leading Software for Automotive Modeling, Analysis and Simulation 

Mastering these diverse, complex automotive engineering tasks may seem overwhelming ― or even impossible ― but there is good news. An established leader in engineering simulation for over 50 years, Ansys enables automakers to navigate the complex design and verification challenges associated with electrification, ADAS and other technology advancements.  

The depth and breadth of the Ansys portfolio mirrors the complexity of today’s vehicle designs ― bringing modeling, analysis and simulation together in a robust, connected platform. From physics-based simulations that focus on crash-worthiness to the verification of embedded software, sensors, cameras and radars, Ansys solutions help automakers analyze every component in today’s cars.  


RELATED: Watch a demonstration of the Jama Connect for Automotive Solution


Navigating the Unique Challenges of Safety and Security 

Regarding electronics safety and security, software from Ansys helps automotive engineers by supporting safe software development, functional safety analysis and cybersecurity analysis. 

Safer Embedded Software Development 

Underlying the advanced electronic systems found in modern cars are millions of lines of embedded software code that ensure their flawless operation under every driving scenario. Ensuring that the overall software model, and every line of code, deliver the desired functionality is critical to protecting the safety of human passengersTo meet the highest safety standards and comply with regulatory guidelines, software engineers must subject this code to rigorous testing.  

With Ansys SCADE, engineers can streamline design and verification processes via automatic code generation of ISO 26262 critical software up to ASIL D. SCADE can be easily integrated into existing AUTOSAR development flows for software components, eliminating time-consuming manual reviews.  

For example, as Subaru created control software code for its first hybrid vehicle, it automated 95% of the development process by relying on Ansys SCADE to generate code for the car’s innovative engine, called the e-BOXER. Today, it only takes Subaru engineers half a day to implement a model for the e-BOXER’s electronic control unit (ECU) once the control logic has been defined. This enables Subaru’s developers to modify the ECU’s logic and architecture much more frequently and easily as they explore continuing design innovations. 

Explore how automakers are improving the accuracy and speed of embedded software development by 50%. 

Robust, Automated Safety Analysis  

Functional safety analysis ensures that automotive electronics deliver reliable performance over time, without system failures leading to unreasonable risk. This analysis must encompass the entire electronics architectureincluding down to the chip level.  

Ansys medini analyze streamlines and automates functional safety analysis via a model-based environment that supports executing the safety-related activities required by applicable standards like ISO 26262. It has helped many customers reduce time and costs, without sacrificing analytic rigor. 

For example, LiTHIUM BALANCE develops battery management system (BMS) solutions for electric vehicles in keeping with the most stringent safety, performance and reliability standards. By leveraging medini analyze, engineers at LiTHIUM BALANCE quickly and affordably manage the functional safety verification of their BMS designs.  

By providing an easy-to-understand, visual representation of complex electronics and their integration points, Ansys has benefited ZF Friedrichshafen AG, a global technology company that supplies systems to automakers. Ansys medini analyze has streamlined and accelerated functional safety analysis for hardware, software and systems ― delivering possible efficiencies including an up to 50% reduction in the time devoted to these tasks.  

The emergence of automated driving has brought an even greater challengeWhat if components such as sensors are working as designed, but their capabilities fall short under real-world conditions? new standardISO 21448focuses on safety of the intended functionality (SOTIF). Ansys medini analyze helps engineers not only identify weaknesses, triggering conditions and causal effects, but also interfaces with simulation and testing tools to validate perception software and other ADAS components  

Ready to take your safety case to the next level? Request an Ansys medini trial.  

Rigorous Cybersecurity Analysis 

The increased amount of software and connectivity in cars has made them vulnerable to cyberattacksRecent headlines, as well as the ISO 21434 cybersecurity standard, have made cybersecurity analysis an essential part of the automotive development process.  

Ansys medini analyze for Cybersecurity addresses system-level security via an easy-to-use modeling and analysis environment, ensuring that the complex electronics architecture is impervious to attacks. By quickly identifying and addressing potential threats and vulnerabilitiesengineers can deliver secure products, reduce time to market, maximize profits and comply with upcoming cybersecurity regulations.  

Learn more about systematically performing threat analysis and risk assessment via Ansys medini analyze 

A Partnership That Delivers Added Value 

Today many automotive leaders are applying Ansys solutions, while also leveraging Jama Connect for product development. A value-added partnership between these companies means that Jama customers can seamlessly and directly integrate Ansys SCADE and Ansys medini analyze. For the first time, the automotive electronics development and testing process is supported by a linked set of industry-leading software tools.  

To learn more about the benefits of this partnership, watch our recent webinar or review our white paper  


To learn more about how Jama Connect for Automotive can help your team achieve safety and security compliance, streamline development, and speed time to market, download our solution overview.

DOWNLOAD NOW

Safety-CriticalDesigning complex electronic systems not only requires a significant number of specialized stakeholders, but also efficient collaboration during safety-critical product development and verification activities. With some teams working remote and working together around the globe, there may be gaps in communication, locations, or tools that need to be overcome in order to deliver the expected product on time and on budget. 
 
In a recent webinar Michael Jastram, Senior Solutions Architect at Jama Software and Francois Xavier Dormoy, Senior Product Manager at Ansys discuss how you can bridge these gaps by integrating a product development platform, such as Jama Connect, together with a model-based embedded software tool, such as Ansys SCADE. From high-level requirements to verification and validation (V&V) activities to implementation, this allows you to share a single source of truth among the stakeholders and facilitate alignment across teams. 

Below you’ll find an abbreviated transcript and the full webinar recording.


Bridging the Gaps in Safety-Critical Product Development

 

<script src=”https://fast.wistia.com/embed/medias/us1kb7yxa0.jsonp” async></script><script src=”https://fast.wistia.com/assets/external/E-v1.js” async></script><div class=”wistia_responsive_padding” style=”padding:56.25% 0 0 0;position:relative;”><div class=”wistia_responsive_wrapper” style=”height:100%;left:0;position:absolute;top:0;width:100%;”><div class=”wistia_embed wistia_async_us1kb7yxa0 videoFoam=true” style=”height:100%;position:relative;width:100%”><div class=”wistia_swatch” style=”height:100%;left:0;opacity:0;overflow:hidden;position:absolute;top:0;transition:opacity 200ms;width:100%;”><img src=”https://fast.wistia.com/embed/medias/us1kb7yxa0/swatch” style=”filter:blur(5px);height:100%;object-fit:contain;width:100%;” alt=”” aria-hidden=”true” onload=”this.parentNode.style.opacity=1;” /></div></div></div></div>

Michael Jastrom: In case you’ve never heard of Jama Software, Jama Connect is a solution for product development. Product development includes, of course, capturing the requirements, requirements management but also activities like test and quality management, which gives you end to end traceability. Also, risk and hazard analysis because a lot of our customers are using Jama Connect for functional safety-critical work the same way that

Ansys SCADE is being used. Jama Connect is a platform that achieves these things by providing you with key capabilities, like traceability, collaboration, reuse, and many others. I don’t want to go here into detail. In a minute, Francois and I will give you a live demonstration so that you can actually see how all this plays out in practice.

One thing that is very important that I would like to point out is that Jama Connect is an open platform. It is very easy to seamlessly integrate it with other tools. We see Jama Connect as the best of class solution. For this part of your development you want to use best of class and so do you want for others. That’s why you’re using SCADE, I assume. We ensure that you have a seamless integration.

Before I give you a tour of the solution, let’s look at the problem with respect to product development today. In product development, you typically follow the V-model if you have to do with functional safety critical systems. This has been practiced since the ’60s very successfully. There’s just one problem with it. The V-model in systems engineering tends to be slow. By the time you define your concept of operations, you went all the way down to implementation there. By the time you can do the verification and validation activities of the top level, a lot of time passed. There’s a lot of interest these days in HM methodologies. One question that we often hear is how do you apply HM methods in the context of functional safety critical work and systems engineering. The answer to that we call continuous engineering.

This is how it works and where Jama Connect applies. Jama Connect basically covers the top two thirds of the V-model by providing you with a platform for modern requirements management that gives you cross functional collaboration, which allows you to easily exchange information, capture decision, conduct reviews of electronic signatures, and so forth.

At some point, you reach the point where the scope of Jama Connect ends. That’s where something like Ansys SCADE comes in. We provide you with real time and seamless traceability across two boundaries so that you have end to end traceability with best of class solutions. On the top right here, this is again where Jama Connect comes in. Jama Connect also supports you with test management activities so that you have end to end traceability from your requirements all the way to your test cases and test results. Jama Connect doesn’t end there because Jama Connect provides you with reuse capabilities that allows you to build the next version by using branching and merging of variant management so that you can easily manage multiple variants and take advantage of the good work that you already did.


RELATED: Learn more about the Jama Connect Functional Safety Kit for Automotive Teams 


The next question is how do you actually apply that in practice? This requires a paradigm shift. This is visualized on the left-hand side here by depicting the traditional systems engineering approach, which tends to be document based, which you can see here with example outlines from the corresponding RS standard. Now, we haven’t worked with documents in systems engineering for a while. There are tools around for requirements management. Yet, if you look at all the generation of requirements tools, that still has a very strong document feel to it. In Jama Connect we really switch away from that and go to an item-based mindset where you have fine grade traceability. Obviously, to really understand on a fine grade level what the impact of change is, where you have gaps in your coverage, and so forth.

Here you see you simply find relationship model that shows you how you can connect to various items. For example, you can have themes and epics, which are terms from the ancient world, but still mixed it up with things like product concept and system architecture, which are more traditional systems engineering. If we have a look at that, then you get something like this. This relationship diagram has been actually taken directly from Jama Connect so you can flexibly adapt it there. The arrows indicate the traceability capabilities. For example, you that epics and user stories are connected. Jama Connect will tell you if you have a gap between your epic and your user story. You can find gaps in your coverage. Jama Connect helps you with impact and change management. If you change the epic, then all the connected user stories and validation test cases will be marked as suspect. There are a number of other features, roles, workflows, templates. A number of capabilities that really allow you to have repeat iterations following the traditional systems engineering process but with an agile mindset. We have customers from many different industries. Just to provide you with one example, one of our customers from the avionics industry used Jama Connect in a lot of areas. Just to pick up one metric, they managed to increase the speed of resolving issues by 30% by using what Jama Connect provides you with.


RELATED: Watch a demonstration of the Jama Connect for Automotive Solution


Francois Xavier Dormoy: Yes, the topic is how we can make this synchronization and how we can integrate both SCADE models, and these requirements, and these traceability. In fact, we have in SCADE and in all SCADE tools, we have a gateway. A gateway to requirement management tool, like Jama Connect. For instance, in Jama Connect, of course, you will be able to create requirements, to manage requirements, manage traceability links. You can create links. You can see all the traceability. You can perform your impact analysis. You can generate matrices, etc. All these, of course, will be done in Jama Connect and you will use SCADE for design, for the architecture, for the testing, etc.

What we allow in this gateway is for people designing to have a look at the requirements. We have a way to import in SCADE requirements and we have a way in SCADE to create links between SCADE elements, SCADE artifacts, and any requirements. These links will not be stored in SCADE. They will be stored in Jama Connect. We have the six portraiture in order to export back to Jama SCADE artifacts together with traceability.


To learn more about how Jama Connect for Automotive can help your team simplify compliance, streamline development, and speed time to market, download our solution overview.

DOWNLOAD NOW

In today’s competitive market, automobile makers are racing to define the future of transportation. And given the complexity of modern, connected automobiles, it’s imperative that vehicle safety is adequately accounted for in the product development process.

Plus, as vehicles become more complex — e.g. autonomous driving and connected systems — so too are the standards for emissions, fuel economy, functional safety, cybersecurity, and system designs.

That’s why we’ve partnered with LHP Engineering Solutions (LHP) to ensure our visionary clients comply with all relevant functional safety and cybersecurity standards — like ISO 26262 and SAE J3061 — by seamlessly integrating compliance into the product development process.

Founded in 2001 with the mission to make safer products, LHP provides a variety of engineering services and products to assist customers in speeding up their product development cycles and solving product design and testing issues.

We recently spoke with the LHP team to talk about modern challenges in complex product development, and how this new partnership between LHP and Jama Software can help. Let’s dive into what customers can gain from this partnership:

Jama Software: Can you give us a rundown of the state of the automotive industry? How is it different than 10 years ago?

LHP: The next generation of automobiles are increasingly incorporating modern electronic technologies, from on-board diagnostics to engine controllers to infotainment systems to driver assist systems. As technology advances, the trend is to partially/fully automate vehicles. While some new features are entertainment- and convenience-based, the trend for autonomous vehicles is, to a large extent, functional safety related. The end goal is to reduce the number of deaths on public roadways by providing vehicles with the ability to recognize and avoid hazards or security threats.

Safety and security are the two biggest barriers to innovation and we’re helping companies overcome those barriers. The biggest reason why we don’t see self-driving cars everywhere is because, before that happens, we must prove that they’re not going to harm people, that they’re safe, and that the software can’t be compromised and used for unintended usage.

JS: What are some of the biggest challenges facing product development teams in the automotive industry today?

LHP: Compliance to ISO 26262 and SAE J3061 involves a change in culture that is difficult for established product development teams to implement. Part of this change means looking at the product(s) being developed differently, and part is a change in infrastructure to better control the product development lifecycle and the development artifacts.

Learn more about ISO 26262 and automotive electronics development.

JS: How does leveraging the partnership between LHP and Jama Software help customers when it comes to overall functional safety as well as complying with ISO 26262?

LHP: ISO 26262 complements good systems engineering practices by requiring that hardware and software safety concerns be addressed and documented in a systematic way throughout the product development lifecycle. In the past, safety design was considered part of general requirements activity. But merely identifying and tracing requirements in the software and hardware designs is not enough. The common practice of hardware and software teams working in silos will not guarantee the level of safety coverage required by ISO 26262.

Part of LHPs offering is development of data, infrastructure consultation, and process optimization. Now, thanks to our partnership with the Jama team, we can implement proper functional safety workflows in Jama Connect, with templates to facilitate the creation of data. Additionally, Jama Software customers in the automotive industry who have questions and concerns about how to use Jama Connect to support a safety lifecycle can tap into LHPs extensive knowledge and experience in functional safety and ISO 26262.

In order to demonstrate compliance with ISO 26262, you must have the ability to manage safety requirements, including traceability. Typically, our respective customers would need to address functional safety and requirements management separately. Working together, LHP and Jama Software can address both sets of concerns in concert.

Learn how Jama Software worked with TÜV SÜD on our ISO 26262 certification process, and how you can lower the costs and risks of complying with functional safety standards, by watching our webinar.

JS: What does LHP bring to the table that other requirements management platforms might not have access to?

LHP: What makes us better and unique compared to a lot of the other organizations is our wealth of knowledge. Our functional safety team actually came out of the aerospace industry with multiple decades of experience implementing safety-critical systems. The experience that they bring with them has time and time again proven to make us stand above the rest.

Just like Jama, LHP excels at custom integrations and tailoring flexible solutions for our customers. At LHP, we consult on and implement the latest automotive industry practices to ensure vehicle systems are safe, reliable, and secure. Customers come to LHP for our deep knowledge in embedded controls, integration support, and overall implementation of functional safety and cybersecurity processes.

Proving compliance with functional safety and cybersecurity standards like ISO 26262 and SAE J3061 requires a harmonious balance of processes, people, and tools. And together with LHP Engineering Solutions, Jama Software is helping automotive companies safely and confidently bring the future of transportation to market.


To learn more about how to maintain compliance with automotive functional safety standards and how to avoid common ISO 26262 mistakes, download our whitepaper, “Top 15 ISO 26262 Snafus.”

Functional Safety Compliance

In Part II of our six-part automotive series, our experts discuss how to ensure functional safety compliance using Jama Connect for Automotive. If you’re new to our Automotive Development blog series, you may want to go back and read Part I and the Series Intro

While safety has long been an important aspect of developing automotive systems, traditional safety considerations have largely involved mechanical systems. The modern automobiles, however, are increasingly relying on electronic systems and significant amounts of software.  This increase in electronics in vehicles brings in new considerations when it comes to functional safety compliance.

Note: Now that our automotive development blog series has concluded, you can go back and read series intro and Part I.

Functional Safety Compliance: ISO 26262

The standard that is concerned with the functional safety of electronic systems is ISO 26262. ISO 26262 is actually a series of standards that provides a framework for developing both electronic hardware and software systems where functional safety must be achieved. The standard describes a process for identifying risks in a system and provides guidance for mitigating those risk. The guidance is provided in the form of requirements and processes that are understood by the industry as the current state of the art for achieving functional safety.


RELATED: Watch a demonstration of the Jama Connect for Automotive Solution


A major component of ISO 26262 is a robust series of processes for requirements management and traceability. The processes require that organizations develop safety goals, translate those into functional requirements, technical requirements, and eventually both hardware and software requirements as appropriate for the system. The system must then be fully verified against all requirements and specifications. Critically, the processes require that traceability between the requirements, specifications, and verification activities be maintained and all documentation carefully reviewed.

Jama Connect for Automotive

A requirements management tool like Jama Connect for Automotive reduces the manual effort required in adhering to ISO 26262. Jama Connect for Automotive’s traceability features are ideally suited to maintaining and analyzing the required traceability. The review features are the ideal way to ensure documentation is fully reviewed and approved by a cross-functional team. The export features generate well-formatted documents for many of the work products required by ISO 26262.

The flow diagram below summarizes the ISO 26262 processes that can be managed in Jama Connect for Automotive. The boxes with an orange border represent the recommended work products to be captured in Jama Connect for Automotive. The boxes with a gray border represent the work products that benefit from being captured in Jama Connect for Automotive, but some organizations might choose to capture elsewhere.


RELATED: Learn more about the Jama Connect Functional Safety Kit for Automotive Teams 


High-Level ISO 26262 Process in Jama Connect for Automotive

Jama Connect for Automotive includes a fully functional framework that software teams can use to start getting value immediately. This includes complete documentation for how to complete each process most efficiently in Jama Connect for Automotive. Industry-specific Professional Services are also included to guide customers through the inevitable customizations needed by each organization. A complete list of the processes for working in Jama Connect for Automotive that align with ISO 26262 are listed in the table below.

ISO 26262 Alignment to Jama Connect Processes


To learn more about how Jama Connect for Automotive can help your team simplify compliance, streamline development, and speed time to market, download our solution overview.

Learn more about the Jama Connect Functional Safety Kit for Automotive Teams 

Jama Connect for AutomotiveToday we’re excited to introduce Jama Connect for Automotive, a new solution designed specifically to accelerate product development for automotive engineering teams in the autonomous, electric, and traditional vehicle space. This new solution is designed to assist engineering teams in improving development lifecycles and to better manage requirements, risk, hazard analysis, and test management, while simplifying alignment to safety-critical standards, including ISO 26262. 

The average life of vehicles on the road today exceeds 12 years, increasing the impact to the business of safety recalls and associated expenses to repair. Continued innovation in automotive product development, coupled with the need to meet safety-critical standards, creates a development environment where engineering teams must balance speed-to-market with product quality in support of functional safety standards. 

As the requirements management platform for six of the top 10 electric vehicle startups on the frontlines of innovation, we recognize these challenges and have been working closely with companies in the automotive industry to offer an all-in-one solution. Jama Connect for Automotive helps engineering teams get set up quickly, allowing them to focus on product design and innovation, while reducing the costs and effort required to align their development processes to functional safety standards. 

“Developers are balancing safety-critical standards and regulations with getting innovative products to market faster and in a highly disruptive and competitive climate,” said Josh Turpen, Chief Product Officer at Jama Software. “We’re excited to introduce our new solution designed specifically for automotive development teams, which will help facilitate the development process from the start. Jama Connect allows developers to hit the ground running with preconfigured templates and best practices built for automotive teams, saving critical time in the development process. This will be hugely beneficial for them especially now as teams continue to navigate the complexities of a remote work lifestyle.”  


RELATED: 5 Challenges in Automotive Product Development


Jama Connect for Automotive accelerates the development lifecycle with key features including: 

  • Automotive framework aligned to key industry standards and regulations: ISO 26262:2018, Automotive SPICE (ASPICE) and SEBoK 
  • Best practices including procedure and configuration guides for automotive manufacturing activities 
  • Document export templates including requirements specifications 
  • Functional safety kit with TÜV SÜD certificate and report 
  • Supply chain collaboration to enable an ongoing exchange of requirements between customers and suppliers 
  • Training and documentation aligned to automotive regulations, that provide accelerated onboarding to set developers up quickly   

The built-in templates and best practices guides provided in Jama Connect enable engineering teams to reduce development cycle times. Jama Software is helping to streamline development processes, ultimately accelerating new product launches to market while ensuring customers meet safety-critical standards and regulations for the highly evolving automotive industry.  


Register for our upcoming webinar with Ansys to learn more about bridging the gaps in safety-critical product development. 

REGISTER NOW

  

Safety Standard Compliance

Companies are facing immense pressure to deliver complex products to market faster while balancing rigorous safety standard compliance with standards like ISO 26262 in the automotive industry and DO-178C in aerospace.

Testing plays a key role in the successful development of safety-critical systems. However, many organizations still perform testing manually which can lead to the introduction of errors, inconsistencies in code analysis, delays in project timelines, and increased chances of recalls or failure to meet safety standard compliance.

Teams and managers need to feel audit-ready and confident they are meeting the objectives in these standards. Execution teams need the flexibility to work in their preferred tools to maintain efficiency. Striking the right balance is crucial.

On January 15th, we teamed up with Liverpool Data Research Associates (LDRA) for a webinar discussing how — through a direct integration between the Jama Connect™ and LDRA tool suites — organizations can better strike this balance.

Watch the full webinar here or read the highlights below.

 

Integrating Jama Connect & LDRA for Increased Confidence

Jama Connect makes it easy for teams to define, align, and execute on requirements (high level to low level), tests and other assets across the product development lifecycle. Jama Connect’s built-in traceability can help organizations identify coverage gaps in the product development process. Jama Connect’s Test Management Center supports workflows for manual testing enabling engineering and quality assurance teams to organize and execute requirements-based test plans and test cases to ensure quality and compliance. As products become more complex and automation becomes required, Jama Connect integrates to automated testing tools to support a cost-effective, scalable, and flexible solution

The LDRA tool suite specializes in automated software verification, including the analysis of standards compliance and of structural coverage. The LDRA tool suite can run unit tests, dynamic tests, and static code analysis on embedded software code used to power complex products and systems in regulated industries.

Automated Testing is now commonplace, not only in the unregulated software space, but in safety critical products and systems as well. Manual testing simply will not scale as products become more complex with embedded software. These automated tests and results of automated test runs need to be traced to requirements for compliance and safety reasons.

Through an integration between Jama Connect and LDRA, organizations can combine the strengths of a market leading, fit-for-purpose requirements management tool and a powerful, automated testing tool.

Driving Value

But why integrate? What value does this bring to organizations and teams?

Firstly, by integrating these tools, teams gain efficiency. This integration removes manual export/import processes that waste time and can lead to errors. The nature of the integration gives testing teams greater control over the movement of assets across tools and builds confidence in the overall compliance process.

Additionally, this integration strengthens traceability across tools. Requirements, tests, and test results are published in both tools. Traceability reports can be produced in both tools to review results and analyze system coverage. Teams can gain confidence that the entire system is covered, from requirements down to code.

Lastly, this integration eases the path to compliance and helps strike the balance between speed and safety. Improved efficiency through the integration lets teams work in their tools of choice and makes results available in both tools. Through strengthened traceability, teams will feel more “audit ready” and will help meet the objectives set in rigorous compliance standards like ISO 26262 and DO-178C.

To learn more about how the ISO 26262 standard impacts automotive development, download our white paper.