SlideShare a Scribd company logo

MISRA Safety Case Guidelines -

ā€¢
ā€¢
Automotive IQ
Automotive IQ
Automotive
1 of 20
Download to read offline
MISRA Safety Case Guidelines Why we are writing these guidelines..... Helen Monkhouse Global Product Safety Manager, Protean Electric Ltd. MISRA Steering Committee Member
Agenda Introduction to MISRA Safety Cases - What is it? - What constitutes a good one? MISRA Safety Case Guidelines February 17, 20142
Introduction to MISRA February 17, 20143 The original MISRA project started in 1990. That project was part of the UK Governmentā€Ÿs ā€œSafeITā€ programme, but is now self supporting. The MISRA Safety Case Working Group began its work in 2011 The Safety Case Working Group partners are:
Introduction to MISRA MISRA aims to ļƒ¼ Promote best practice in automotive safety-related systems engineering ļƒ¼ Develop guidance in specific technical areas e.g. ā€¢ C language ā€¢ Software readiness for production ā€¢ Safety analysis MISRA does not ļƒ» Run certification schemes ļƒ» Promote or endorse specific products February 17, 20144
The Safety Case Argument February 17, 20145 A safety case should communicate a clear, comprehensive and defensible argument that a system is acceptably safe to operate in a particular context. Tim Kelly, University of York ā€œclear, comprehensive and defensibleā€ ā€œcomplete and satisfiedā€ - Calls for an explicit safety argument: o An argument without evidence is unfounded o Evidence without an argument is unexplained A safety case should communicate a clear, comprehensive and defensible argument that a system is acceptably safe to operate in a particular context. Tim Kelly, University of York Argument that the safety requirements for an Item are complete and satisfied by evidence complied from work products of the safety activities during development. ISO 26262:2011 Argument that the safety requirements for an Item are complete and satisfied by evidence complied from work products of the safety activities during development. ISO 26262:2011
ISO 26262 Requirements ISO 26262 Part 2 clause 6.4.6 includes the following safety case related requirements: - This requirement shall be complied with for items that have at least one safety goal with an ASIL (A), B, C or D: a safety case shall be developed in accordance with the safety plan. - The safety case should progressively compile the work products that are generated during the safety lifecycle. February 17, 20146 Does our compilation of ISO 26262 work products lead to an explicit safety case argument?
The ISO 26262 Safety Case Argument February 17, 20147 Hazard Analysis & Risk Assessment all hazards have been identified Safety Goals Functional Safety Concept Technical Safety Concept Integration Testing Reports The system is safe because...... defined safety goals mitigate all hazardous events the functional safety reqā€Ÿt deliver the safety goals the technical safety reqā€Ÿt deliver the safety concept The safety reqā€Ÿt implementation is verified ISO 26262 work products This is the safety argument that is implicit within ISO 26262 Asking ā€œbut whyā€ at each stage identifies the explicit safety argument
An Example Explicit Safety Argument February 17, 20148 Accelerator Pedal Driver Controller High Voltage Battery Electric Machine Transmission Vehicle Wheel Vehicle Wheel Item Boundary CAN Communication Low Voltage Electrical Power High Voltage Electrical Power Mechanical Force / Torque / Power High Voltage Power Inverter
ISO 26262 Work Products February 17, 20149 Hazard Analysis & Risk Assessment Safety Goals Technical Safety Concept Integration Testing Reports Hazardous Event: Unintended vehicle acceleration during a low speed manoeuvre amongst pedestrians Exposure E3 Severity S2 ASIL B Controllability C3 Safety Goal: Vehicle positive longitudinal acceleration shall not exceed driver demand by > 1.5 m/s2 for longer than 1 s Functional Safety Concept: Functional safety requirements relating to the detection of faults Functional safety requirements relating to fault mitigation Verification Report Functional Safety Concept Why by meeting this safety goal is unreasonable risk avoided?
Why is the Safety Goal Right? February 17, 201410 Safety Goal: Vehicle positive longitudinal acceleration shall not exceed driver demand by > 1.5 m/s2 for longer than 1 s Residual Risk Classification The residual risk associated with the hazardous event given the effect the safety goal has on vehicle behaviour would be classified QM QM Classification The level of risk associated with any hazardous event rated QM is considered to be ā€žacceptableā€Ÿ J Residual Risk ā€˜Controllabilityā€™ Classification The effect on controllability of achieving safety goal #1 Reaction ā€˜C0 Controllableā€™ ā€žC0ā€Ÿ vehicle behaviour when safety goal is achieved. Reaction Controllable Vehicle acceleration exceeding 1.5 m/s2 for 1 s has been demonstrated to be controllable by the driver slowing and stopping vehicle using the brake. C0 Controllability Vehicle behaviours that are ā€žcontrollable in generalā€™ may be rated ā€žC0ā€Ÿ C0 Controllability gives QM Risk Classification If a hazard is considered ā€žcontrollable in generalā€Ÿ ā€žC0ā€Ÿ, no ASIL assignment is required. J Documented existing experience EV Propulsion System Validation Report
Does the Concept Deliver the Goal? February 17, 201411 Limiting Excessive Torque Limiting magnitude of torque error delivered to transmission to 150 Nm within 1 s Limiting Torque The only malfunctioning behaviour that can violate safety goal is delivering too much torque to transmission J Fault Tree Analysis Functional Safety Reqs Vehicle Test / Simulation Report Timing Analysis Safety Goal Common Cause Analysis 150 Nm Justification Delivering 150 Nm to the transmission does not exceed maximum acceleration of 1.5 m/s2 Limit Torque in the Presence of Faults Limit torque to transmission to 150 Nm within 1 s of detecting a fault that could lead to unintended acceleration Detection and Response Time Fault detection time and failure mitigation time does not exceed 1 s Detection of Torque Faults Detect all faults that could lead to excessive torque within 0.5 s Fault Identification All faults that could lead to excessive torque are identified Fault Detection Detection methods specified for faults that could lead to excessive torque Response to Detected Faults 150 Nm torque cap applied within 0.5 s of detecting a torque fault. Response to Individual Faults Individual controller requests of >150 Nm inhibited within 0.5 s of detecting torque fault Absence of Common Cause Faults There are no individual faults that could cause both controllers to malfunction together and collectively delivery >150 Nm torque excess
So why bother? The benefits of an evidence based explicit safety case: Helps formalise the links between the high-level goals/objectives and low-level evidence; providing rationale. - This rationale is often developed and retained ā€žin peopleā€Ÿs headsā€Ÿ Aids communication of the safety argument throughout the development lifecycle: - Better clarity ā€“ being forced to write it down aids the safety engineerā€Ÿs thought process during development - Consistency improvement ā€“ project to project or with staff turnover - Maintainability benefits ā€“ the safety impact of changes made to an Item can be quickly assessed - Supports third-party assessment ā€“ removes ambiguity leading to less ā€žto and froā€Ÿ verbal questioning February 17, 201412
The Motivation behind the MISRA Safety Case Guidelines To aid the development of safe products To assist with ISO 26262 compliance February 17, 201413 Explicit safety arguments widely adopted and mandated in more safety- mature industries Convergence to a common understanding and the sharing of knowledge and experience The increasing complexity of and authority given to automotive E/E systems Standard requires a safety case to be developed, but ambiguities exist Little or no guidance given within the standard regarding safety argument development A safety case is: 1. Set of progressively compiled work products 2. Argument that the safety requirements are complete and satisfied
MISRA Safety Case Guideline Content February 17, 201414 Key concepts used within the guidelines document - Argument layers - Safety evidence tables - A generic safety argument framework
Safety Argument Layers February 17, 201415 Core Argument ā€“ Got the right requirements ā€¢ Why do we have confidence that the requirements are right? ā€¢ Which evidence indicates that the requirements are complete and correct? Layer 1 ā€“ Those requirements have been met ā€¢ Why do we have confidence that the requirements have been implemented correctly? ā€¢ Which evidence demonstrates that the correct implementation has been verified? Layer 2 ā€“ Implemented using the correct means ā€¢ Why do we have confidence that an adequate process has been used to develop the work product ā€¢ Which evidence demonstrates that the right people have used the correct methods? Layer 3 ā€“ In the right environment ā€¢ Why do we have confidence in the environment in which the safety activities were undertaken? ā€¢ Which evidence demonstrates that the organisation has a good safety culture?
Safety Evidence Tables February 17, 201416 Example evidence for safety goal 1........ Core ā€“ Got the Right Requirements Argument Typical Topics Evidence Safety goal rationale: safety goal 1 yields absence of unreasonable risk 1. Completeness of mapping between hazardous events and safety goals 1. Verification Review Report 2. Absence of unreasonable risk resulting from safety goal implementation 2. Vehicle Safety Validation Report One ā€“ Met the Requirements Argument Typical Topics Evidence Safety goal conformance: vehicle behaviour conforms to safety goal 1 1. Item performs as specified by the safety goal 1. Fault insertion tests 2. Vehicle fleet trials Two ā€“ Used the Right Means Argument Typical Topics Evidence Safety goal means: Appropriate means have been used to develop and review safety goal 1 1. Hazard analysis and risk assessment 1. Confirmation review report 2. Safety goal definition 2. Requirement review report 3. Personnel involved 3. Organogram and skills matrix
Generic Framework February 17, 201417 Levels of Requirements Argument structured by levels of safety requirements Functional Safety Absents of unreasonable risk caused by the malfunctioning behaviour of the Item has been achieved. Item Item Definition Hazards Hazardous events Safety Goals The vehicle behaves according to a set of complete and correct safety goals that mitigate the hazardous events identified Safety Goals Functional Safety Requirements The vehicle / item behaves according to a set of complete and correct FSRs defined to achieve each safety goal. FSRs Technical Safety Requirements The item behaves according to a set of complete and correct TSRs defined to meet the functional safety requirements TSRs Hardware & Software Requirements The item behaves according to a set of complete and correct hardware and software safety requirements defined to meet the TSRs HWSWSRs
Generic Framework February 17, 201418 Safety Goals The vehicle behaves according to a set of complete and correct safety goals that mitigate the hazardous events identified Safety Goal ALL safety goals Hazard Analysis & Risk Assessment ALL hazardous events Safety Goal 1 The vehicle behaves according to safety goal 1 defined to mitigate hazardous event 1 Safety goals grouped by hazardous event to which they pertain Safety Goal Safety Goal 1 Hazard Analysis & Risk Assessment Hazardous event 1 Argument Structure Argument structured by layers Safety Goals: Rationale Core argument about safety goals mitigating risk associated with hazardous events Safety Goals: Conformance Layer 1 argument about vehicle behaviour conforming to safety goals Safety Goals: Means Layer 2 argument about the means by which safety goals have been developed and reviewed Safety Goals: Environment Layer 3 argument about the development environment Argument Layers Core : got the right requirements Layer 1: met the requirements Layer 2: used the right means Layer 3: developed in the right environment
The Future 2014 - Release draft guidelines for public review o Generic GSN framework o Safety argument layers o Safety argument tables - Publish first version of the above - On-line examples Potential subsequent releases - Nominal behaviour - Non-Electrical / Electronic systems - Non-functional safety (e.g. ā€žpassiveā€Ÿ safety) February 17, 201419
Thank you February 17, 201420 Helen Monkhouse BEng CEng MIET MWES Global Product Safety Manager Protean Electric Ltd Silvertree, Unit 10B, Coxbridge Business Park, Alton Road, Farnham, GU10 5EH. www.proteanelectric.com Direct: +44 1252 741828 Email: helen.monkhouse@proteanelectric.com

Recommended

ISO 26262 introduction
ISO 26262 introductionISO 26262 introduction
ISO 26262 introductionKoenLeekens
Ā 
Iso26262 component reuse_webinar
Iso26262 component reuse_webinarIso26262 component reuse_webinar
Iso26262 component reuse_webinarŁ…Ų­Ł…ŲÆŲ¹ŲØŲÆ Ų§Ł„Ų­Ł‰
Ā 
ISO 26262 2nd Edition
ISO 26262 2nd EditionISO 26262 2nd Edition
ISO 26262 2nd EditionCedric Heller
Ā 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastrucCISEC
Ā 
ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive Embitel Technologies (I) PVT LTD
Ā 
ISO26262-6 Software development process (Ver 3.0)
ISO26262-6 Software development process (Ver 3.0)ISO26262-6 Software development process (Ver 3.0)
ISO26262-6 Software development process (Ver 3.0)Hongseok Lee
Ā 
ISO-26262-Webinar.pptx
ISO-26262-Webinar.pptxISO-26262-Webinar.pptx
ISO-26262-Webinar.pptxKarthika Keshav
Ā 
ISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyEmbitel Technologies (I) PVT LTD
Ā 

Recommended

ISO 26262 introduction
ISO 26262 introductionISO 26262 introduction
ISO 26262 introductionKoenLeekens
Ā 
Iso26262 component reuse_webinar
Iso26262 component reuse_webinarIso26262 component reuse_webinar
Iso26262 component reuse_webinarŁ…Ų­Ł…ŲÆŲ¹ŲØŲÆ Ų§Ł„Ų­Ł‰
Ā 
ISO 26262 2nd Edition
ISO 26262 2nd EditionISO 26262 2nd Edition
ISO 26262 2nd EditionCedric Heller
Ā 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastrucCISEC
Ā 
ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive Embitel Technologies (I) PVT LTD
Ā 
ISO26262-6 Software development process (Ver 3.0)
ISO26262-6 Software development process (Ver 3.0)ISO26262-6 Software development process (Ver 3.0)
ISO26262-6 Software development process (Ver 3.0)Hongseok Lee
Ā 
ISO-26262-Webinar.pptx
ISO-26262-Webinar.pptxISO-26262-Webinar.pptx
ISO-26262-Webinar.pptxKarthika Keshav
Ā 
ISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyEmbitel Technologies (I) PVT LTD
Ā 
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance Intland Software GmbH
Ā 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsReal-Time Innovations (RTI)
Ā 
ASIL
ASILASIL
ASILKapil Deb
Ā 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Tonex
Ā 
HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?Embitel Technologies (I) PVT LTD
Ā 
An integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyAn integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyBernhard Kaiser
Ā 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Dr. Anish Cheriyan (PhD)
Ā 
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyFrequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyEmbitel Technologies (I) PVT LTD
Ā 
Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint Embitel Technologies (I) PVT LTD
Ā 
Introduction to ASPICE
Introduction to ASPICEIntroduction to ASPICE
Introduction to ASPICESrinivas Navali
Ā 
Autosar MCAL (Microcontroller Abstraction Layer)
Autosar MCAL (Microcontroller Abstraction Layer)Autosar MCAL (Microcontroller Abstraction Layer)
Autosar MCAL (Microcontroller Abstraction Layer)Embitel Technologies (I) PVT LTD
Ā 
Consolidation of Instrument Cluster and In Vehicle Infotainment
Consolidation of Instrument Cluster and In Vehicle InfotainmentConsolidation of Instrument Cluster and In Vehicle Infotainment
Consolidation of Instrument Cluster and In Vehicle InfotainmentKarolina Janowicz
Ā 
AUToSAR introduction
AUToSAR introductionAUToSAR introduction
AUToSAR introductionELAbbasSalahHatata
Ā 
AUTOSAR_EXP_LayeredSoftwareArchitecture.pdf
AUTOSAR_EXP_LayeredSoftwareArchitecture.pdfAUTOSAR_EXP_LayeredSoftwareArchitecture.pdf
AUTOSAR_EXP_LayeredSoftwareArchitecture.pdfSalaheddineelabbassi
Ā 
An approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeAn approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeBernhard Kaiser
Ā 
Automotive embedded systems part5 v1
Automotive embedded systems part5 v1Automotive embedded systems part5 v1
Automotive embedded systems part5 v1Keroles karam khalil
Ā 
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...Embitel Technologies (I) PVT LTD
Ā 
Autosar basics by ARCCORE
Autosar basics by ARCCOREAutosar basics by ARCCORE
Autosar basics by ARCCOREARCCORE
Ā 
An Introduction to MISRA C:2012
An Introduction to MISRA C:2012An Introduction to MISRA C:2012
An Introduction to MISRA C:2012PRQA
Ā 
Understanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityUnderstanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityDominik Strube
Ā 
Misra C Software Development Standard
Misra C Software Development StandardMisra C Software Development Standard
Misra C Software Development StandardVittorio Giovara
Ā 
Misra c rules
Misra c rulesMisra c rules
Misra c ruleskiranyeligati
Ā 

More Related Content

What's hot

19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance Intland Software GmbH
Ā 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsReal-Time Innovations (RTI)
Ā 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Tonex
Ā 
HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?Embitel Technologies (I) PVT LTD
Ā 
An integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyAn integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyBernhard Kaiser
Ā 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Dr. Anish Cheriyan (PhD)
Ā 
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyFrequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyEmbitel Technologies (I) PVT LTD
Ā 
Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint Embitel Technologies (I) PVT LTD
Ā 
Introduction to ASPICE
Introduction to ASPICEIntroduction to ASPICE
Introduction to ASPICESrinivas Navali
Ā 
Consolidation of Instrument Cluster and In Vehicle Infotainment
Consolidation of Instrument Cluster and In Vehicle InfotainmentConsolidation of Instrument Cluster and In Vehicle Infotainment
Consolidation of Instrument Cluster and In Vehicle InfotainmentKarolina Janowicz
Ā 
AUTOSAR_EXP_LayeredSoftwareArchitecture.pdf
AUTOSAR_EXP_LayeredSoftwareArchitecture.pdfAUTOSAR_EXP_LayeredSoftwareArchitecture.pdf
AUTOSAR_EXP_LayeredSoftwareArchitecture.pdfSalaheddineelabbassi
Ā 
An approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeAn approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeBernhard Kaiser
Ā 
Automotive embedded systems part5 v1
Automotive embedded systems part5 v1Automotive embedded systems part5 v1
Automotive embedded systems part5 v1Keroles karam khalil
Ā 
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...Embitel Technologies (I) PVT LTD
Ā 
Autosar basics by ARCCORE
Autosar basics by ARCCOREAutosar basics by ARCCORE
Autosar basics by ARCCOREARCCORE
Ā 
An Introduction to MISRA C:2012
An Introduction to MISRA C:2012An Introduction to MISRA C:2012
An Introduction to MISRA C:2012PRQA
Ā 
Understanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityUnderstanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityDominik Strube
Ā 

What's hot (20)

19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
Ā 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software Components
Ā 
ASIL
ASILASIL
ASIL
Ā 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019
Ā 
HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?
Ā 
An integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyAn integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safety
Ā 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...
Ā 
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyFrequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Ā 
Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint
Ā 
Introduction to ASPICE
Introduction to ASPICEIntroduction to ASPICE
Introduction to ASPICE
Ā 
Autosar MCAL (Microcontroller Abstraction Layer)
Autosar MCAL (Microcontroller Abstraction Layer)Autosar MCAL (Microcontroller Abstraction Layer)
Autosar MCAL (Microcontroller Abstraction Layer)
Ā 
Consolidation of Instrument Cluster and In Vehicle Infotainment
Consolidation of Instrument Cluster and In Vehicle InfotainmentConsolidation of Instrument Cluster and In Vehicle Infotainment
Consolidation of Instrument Cluster and In Vehicle Infotainment
Ā 
AUToSAR introduction
AUToSAR introductionAUToSAR introduction
AUToSAR introduction
Ā 
AUTOSAR_EXP_LayeredSoftwareArchitecture.pdf
AUTOSAR_EXP_LayeredSoftwareArchitecture.pdfAUTOSAR_EXP_LayeredSoftwareArchitecture.pdf
AUTOSAR_EXP_LayeredSoftwareArchitecture.pdf
Ā 
An approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeAn approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyze
Ā 
Automotive embedded systems part5 v1
Automotive embedded systems part5 v1Automotive embedded systems part5 v1
Automotive embedded systems part5 v1
Ā 
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
Ā 
Autosar basics by ARCCORE
Autosar basics by ARCCOREAutosar basics by ARCCORE
Autosar basics by ARCCORE
Ā 
An Introduction to MISRA C:2012
An Introduction to MISRA C:2012An Introduction to MISRA C:2012
An Introduction to MISRA C:2012
Ā 
Understanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityUnderstanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurity
Ā 

Viewers also liked

Misra C Software Development Standard
Misra C Software Development StandardMisra C Software Development Standard
Misra C Software Development StandardVittorio Giovara
Ā 
Achieve iso 26262 certification
Achieve iso 26262 certificationAchieve iso 26262 certification
Achieve iso 26262 certificationPRQA
Ā 
MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016Andrew Banks
Ā 
MISRA C ā€“ Recent developments and a road map to the future
MISRA C ā€“ Recent developments and a road map to the futureMISRA C ā€“ Recent developments and a road map to the future
MISRA C ā€“ Recent developments and a road map to the futureAdaCore
Ā 
Misra c-2004
Misra c-2004Misra c-2004
Misra c-2004sand390
Ā 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsOak Systems
Ā 
Project Management and Measurement: what relationship?
Project Management and Measurement: what relationship?Project Management and Measurement: what relationship?
Project Management and Measurement: what relationship?Luigi Buglione
Ā 
Development of Safety Case for the Wolsong LILW disposal facility in Korea
Development of Safety Case for the Wolsong LILW disposal facility in KoreaDevelopment of Safety Case for the Wolsong LILW disposal facility in Korea
Development of Safety Case for the Wolsong LILW disposal facility in KoreaJin Beak Park
Ā 
A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...
A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...
A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...Luigi Buglione
Ā 
Mapping Automotive SPICE: Achieving Higher Maturity & Capability Levels
Mapping Automotive SPICE: Achieving Higher Maturity & Capability LevelsMapping Automotive SPICE: Achieving Higher Maturity & Capability Levels
Mapping Automotive SPICE: Achieving Higher Maturity & Capability LevelsLuigi Buglione
Ā 
ISO/IEc 15504/SPICE Status
ISO/IEc 15504/SPICE StatusISO/IEc 15504/SPICE Status
ISO/IEc 15504/SPICE StatusAlec Dorling
Ā 
Agile + ISO 26262: Using Agile in Automotive Development
Agile + ISO 26262: Using Agile in Automotive DevelopmentAgile + ISO 26262: Using Agile in Automotive Development
Agile + ISO 26262: Using Agile in Automotive DevelopmentIntland Software GmbH
Ā 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CAdaCore
Ā 
What Is Iso/iec 15504
What Is Iso/iec 15504What Is Iso/iec 15504
What Is Iso/iec 15504pax_isp
Ā 
Software Metrics & Measurement-Sharbani Bhattacharya
Software Metrics & Measurement-Sharbani BhattacharyaSoftware Metrics & Measurement-Sharbani Bhattacharya
Software Metrics & Measurement-Sharbani BhattacharyaSharbani Bhattacharya
Ā 
DMAP's presentation
DMAP's presentationDMAP's presentation
DMAP's presentationSILKAN
Ā 

Viewers also liked (20)

Misra C Software Development Standard
Misra C Software Development StandardMisra C Software Development Standard
Misra C Software Development Standard
Ā 
Misra c rules
Misra c rulesMisra c rules
Misra c rules
Ā 
Achieve iso 26262 certification
Achieve iso 26262 certificationAchieve iso 26262 certification
Achieve iso 26262 certification
Ā 
MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016
Ā 
MISRA C ā€“ Recent developments and a road map to the future
MISRA C ā€“ Recent developments and a road map to the futureMISRA C ā€“ Recent developments and a road map to the future
MISRA C ā€“ Recent developments and a road map to the future
Ā 
Misra c-2004
Misra c-2004Misra c-2004
Misra c-2004
Ā 
Spice
SpiceSpice
Spice
Ā 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple Standards
Ā 
Project Management and Measurement: what relationship?
Project Management and Measurement: what relationship?Project Management and Measurement: what relationship?
Project Management and Measurement: what relationship?
Ā 
Development of Safety Case for the Wolsong LILW disposal facility in Korea
Development of Safety Case for the Wolsong LILW disposal facility in KoreaDevelopment of Safety Case for the Wolsong LILW disposal facility in Korea
Development of Safety Case for the Wolsong LILW disposal facility in Korea
Ā 
A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...
A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...
A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...
Ā 
Misra c
Misra cMisra c
Misra c
Ā 
Mapping Automotive SPICE: Achieving Higher Maturity & Capability Levels
Mapping Automotive SPICE: Achieving Higher Maturity & Capability LevelsMapping Automotive SPICE: Achieving Higher Maturity & Capability Levels
Mapping Automotive SPICE: Achieving Higher Maturity & Capability Levels
Ā 
ISO 15504
ISO 15504ISO 15504
ISO 15504
Ā 
ISO/IEc 15504/SPICE Status
ISO/IEc 15504/SPICE StatusISO/IEc 15504/SPICE Status
ISO/IEc 15504/SPICE Status
Ā 
Agile + ISO 26262: Using Agile in Automotive Development
Agile + ISO 26262: Using Agile in Automotive DevelopmentAgile + ISO 26262: Using Agile in Automotive Development
Agile + ISO 26262: Using Agile in Automotive Development
Ā 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-C
Ā 
What Is Iso/iec 15504
What Is Iso/iec 15504What Is Iso/iec 15504
What Is Iso/iec 15504
Ā 
Software Metrics & Measurement-Sharbani Bhattacharya
Software Metrics & Measurement-Sharbani BhattacharyaSoftware Metrics & Measurement-Sharbani Bhattacharya
Software Metrics & Measurement-Sharbani Bhattacharya
Ā 
DMAP's presentation
DMAP's presentationDMAP's presentation
DMAP's presentation
Ā 

Similar to MISRA Safety Case Guidelines -

How to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsHow to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsIntland Software GmbH
Ā 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systemsevatjohnson
Ā 
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Kenji Taguchi
Ā 
Safety instrumented systems angela summers
Safety instrumented systems angela summers Safety instrumented systems angela summers
Safety instrumented systems angela summers Ahmed Gamal
Ā 
safety-instrumented-systems for cbemical
safety-instrumented-systems for cbemicalsafety-instrumented-systems for cbemical
safety-instrumented-systems for cbemicalJosh Jay
Ā 
safety-instrumented-systems-summers.ppt
safety-instrumented-systems-summers.pptsafety-instrumented-systems-summers.ppt
safety-instrumented-systems-summers.ppteditorschoice1
Ā 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262Torben Haagh
Ā 
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationIntroduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationISA Boston Section
Ā 
Safety life cycle seminar IEC61511
Safety life cycle seminar IEC61511Safety life cycle seminar IEC61511
Safety life cycle seminar IEC61511Luis Atencio
Ā 
The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk ManagementVigilant Software
Ā 
541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdfSharudinBoriak1
Ā 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2NetSPI
Ā 
Secuirty testing services singapore
Secuirty testing services singaporeSecuirty testing services singapore
Secuirty testing services singaporeRichard_S
Ā 
Michigan Safety Council Presentation Mar07
Michigan Safety Council Presentation Mar07Michigan Safety Council Presentation Mar07
Michigan Safety Council Presentation Mar07ladukepc
Ā 
BOMA presentation - June - 2015
BOMA presentation - June - 2015BOMA presentation - June - 2015
BOMA presentation - June - 2015Larry Wash
Ā 
2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge Deliverable2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge DeliverableCurtis Brazzell
Ā 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & complianceVandana Verma
Ā 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramMichael Davis
Ā 

Similar to MISRA Safety Case Guidelines - (20)

How to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsHow to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded Systems
Ā 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systems
Ā 
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Ā 
Safety instrumented systems angela summers
Safety instrumented systems angela summers Safety instrumented systems angela summers
Safety instrumented systems angela summers
Ā 
safety-instrumented-systems for cbemical
safety-instrumented-systems for cbemicalsafety-instrumented-systems for cbemical
safety-instrumented-systems for cbemical
Ā 
safety-instrumented-systems-summers.ppt
safety-instrumented-systems-summers.pptsafety-instrumented-systems-summers.ppt
safety-instrumented-systems-summers.ppt
Ā 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262
Ā 
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationIntroduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL Certification
Ā 
Safety life cycle seminar IEC61511
Safety life cycle seminar IEC61511Safety life cycle seminar IEC61511
Safety life cycle seminar IEC61511
Ā 
The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk Management
Ā 
541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf
Ā 
Mynd company presentation
Mynd company presentationMynd company presentation
Mynd company presentation
Ā 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Ā 
Secuirty testing services singapore
Secuirty testing services singaporeSecuirty testing services singapore
Secuirty testing services singapore
Ā 
Michigan Safety Council Presentation Mar07
Michigan Safety Council Presentation Mar07Michigan Safety Council Presentation Mar07
Michigan Safety Council Presentation Mar07
Ā 
BOMA presentation - June - 2015
BOMA presentation - June - 2015BOMA presentation - June - 2015
BOMA presentation - June - 2015
Ā 
2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge Deliverable2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge Deliverable
Ā 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & compliance
Ā 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit Program
Ā 
Cloud Application Security Service
Cloud Application Security ServiceCloud Application Security Service
Cloud Application Security Service
Ā 

More from Automotive IQ

Testing ADAS & Self Driving Cars
Testing ADAS & Self Driving CarsTesting ADAS & Self Driving Cars
Testing ADAS & Self Driving CarsAutomotive IQ
Ā 
Daimler, Volvo, General Motors all confirmed speakers - Agenda Noise Optimisa...
Daimler, Volvo, General Motors all confirmed speakers - Agenda Noise Optimisa...Daimler, Volvo, General Motors all confirmed speakers - Agenda Noise Optimisa...
Daimler, Volvo, General Motors all confirmed speakers - Agenda Noise Optimisa...Automotive IQ
Ā 
JLR, Volvo Cars, Eaton Germany, CNH Industrial, Valeo | 8th International Con...
JLR, Volvo Cars, Eaton Germany, CNH Industrial, Valeo | 8th International Con...JLR, Volvo Cars, Eaton Germany, CNH Industrial, Valeo | 8th International Con...
JLR, Volvo Cars, Eaton Germany, CNH Industrial, Valeo | 8th International Con...Automotive IQ
Ā 
RWE Innogy discusses reasons for corrosion protection failure and best possib...
RWE Innogy discusses reasons for corrosion protection failure and best possib...RWE Innogy discusses reasons for corrosion protection failure and best possib...
RWE Innogy discusses reasons for corrosion protection failure and best possib...Automotive IQ
Ā 
Active Thermal Management Systems in Electric Vehicles
Active Thermal Management Systems in Electric VehiclesActive Thermal Management Systems in Electric Vehicles
Active Thermal Management Systems in Electric VehiclesAutomotive IQ
Ā 
Report: The History of Corrosion Protection in Automotive Manufacturing
Report: The History of Corrosion Protection in Automotive ManufacturingReport: The History of Corrosion Protection in Automotive Manufacturing
Report: The History of Corrosion Protection in Automotive ManufacturingAutomotive IQ
Ā 
The advantages of thermoelectric power generation
The advantages of thermoelectric power generationThe advantages of thermoelectric power generation
The advantages of thermoelectric power generationAutomotive IQ
Ā 
Daimler presents the lightest of its kind rear axle subframe of the new C-Class
Daimler presents the lightest of its kind rear axle subframe of the new C-ClassDaimler presents the lightest of its kind rear axle subframe of the new C-Class
Daimler presents the lightest of its kind rear axle subframe of the new C-ClassAutomotive IQ
Ā 
Traction Application Insight by Jaguar Land Rover
Traction Application Insight by Jaguar Land RoverTraction Application Insight by Jaguar Land Rover
Traction Application Insight by Jaguar Land RoverAutomotive IQ
Ā 
Comparison of two new automotive networking protocols: Ethernet vs. CAN-FD
Comparison of two new automotive networking protocols: Ethernet vs. CAN-FDComparison of two new automotive networking protocols: Ethernet vs. CAN-FD
Comparison of two new automotive networking protocols: Ethernet vs. CAN-FDAutomotive IQ
Ā 
News on Intelligent Tire Technoloies - Smart Tire Materials - Innovation in T...
News on Intelligent Tire Technoloies - Smart Tire Materials - Innovation in T...News on Intelligent Tire Technoloies - Smart Tire Materials - Innovation in T...
News on Intelligent Tire Technoloies - Smart Tire Materials - Innovation in T...Automotive IQ
Ā 
EU Commission, Ford, ACEA, AECC Confirm | Early Bird Ends Shortly | Real Driv...
EU Commission, Ford, ACEA, AECC Confirm | Early Bird Ends Shortly | Real Driv...EU Commission, Ford, ACEA, AECC Confirm | Early Bird Ends Shortly | Real Driv...
EU Commission, Ford, ACEA, AECC Confirm | Early Bird Ends Shortly | Real Driv...Automotive IQ
Ā 
Regulatory Outlook for real-world emissions - ICCT
Regulatory Outlook for real-world emissions - ICCTRegulatory Outlook for real-world emissions - ICCT
Regulatory Outlook for real-world emissions - ICCTAutomotive IQ
Ā 

More from Automotive IQ (13)

Testing ADAS & Self Driving Cars
Testing ADAS & Self Driving CarsTesting ADAS & Self Driving Cars
Testing ADAS & Self Driving Cars
Ā 
Daimler, Volvo, General Motors all confirmed speakers - Agenda Noise Optimisa...
Daimler, Volvo, General Motors all confirmed speakers - Agenda Noise Optimisa...Daimler, Volvo, General Motors all confirmed speakers - Agenda Noise Optimisa...
Daimler, Volvo, General Motors all confirmed speakers - Agenda Noise Optimisa...
Ā 
JLR, Volvo Cars, Eaton Germany, CNH Industrial, Valeo | 8th International Con...
JLR, Volvo Cars, Eaton Germany, CNH Industrial, Valeo | 8th International Con...JLR, Volvo Cars, Eaton Germany, CNH Industrial, Valeo | 8th International Con...
JLR, Volvo Cars, Eaton Germany, CNH Industrial, Valeo | 8th International Con...
Ā 
RWE Innogy discusses reasons for corrosion protection failure and best possib...
RWE Innogy discusses reasons for corrosion protection failure and best possib...RWE Innogy discusses reasons for corrosion protection failure and best possib...
RWE Innogy discusses reasons for corrosion protection failure and best possib...
Ā 
Active Thermal Management Systems in Electric Vehicles
Active Thermal Management Systems in Electric VehiclesActive Thermal Management Systems in Electric Vehicles
Active Thermal Management Systems in Electric Vehicles
Ā 
Report: The History of Corrosion Protection in Automotive Manufacturing
Report: The History of Corrosion Protection in Automotive ManufacturingReport: The History of Corrosion Protection in Automotive Manufacturing
Report: The History of Corrosion Protection in Automotive Manufacturing
Ā 
The advantages of thermoelectric power generation
The advantages of thermoelectric power generationThe advantages of thermoelectric power generation
The advantages of thermoelectric power generation
Ā 
Daimler presents the lightest of its kind rear axle subframe of the new C-Class
Daimler presents the lightest of its kind rear axle subframe of the new C-ClassDaimler presents the lightest of its kind rear axle subframe of the new C-Class
Daimler presents the lightest of its kind rear axle subframe of the new C-Class
Ā 
Traction Application Insight by Jaguar Land Rover
Traction Application Insight by Jaguar Land RoverTraction Application Insight by Jaguar Land Rover
Traction Application Insight by Jaguar Land Rover
Ā 
Comparison of two new automotive networking protocols: Ethernet vs. CAN-FD
Comparison of two new automotive networking protocols: Ethernet vs. CAN-FDComparison of two new automotive networking protocols: Ethernet vs. CAN-FD
Comparison of two new automotive networking protocols: Ethernet vs. CAN-FD
Ā 
News on Intelligent Tire Technoloies - Smart Tire Materials - Innovation in T...
News on Intelligent Tire Technoloies - Smart Tire Materials - Innovation in T...News on Intelligent Tire Technoloies - Smart Tire Materials - Innovation in T...
News on Intelligent Tire Technoloies - Smart Tire Materials - Innovation in T...
Ā 
EU Commission, Ford, ACEA, AECC Confirm | Early Bird Ends Shortly | Real Driv...
EU Commission, Ford, ACEA, AECC Confirm | Early Bird Ends Shortly | Real Driv...EU Commission, Ford, ACEA, AECC Confirm | Early Bird Ends Shortly | Real Driv...
EU Commission, Ford, ACEA, AECC Confirm | Early Bird Ends Shortly | Real Driv...
Ā 
Regulatory Outlook for real-world emissions - ICCT
Regulatory Outlook for real-world emissions - ICCTRegulatory Outlook for real-world emissions - ICCT
Regulatory Outlook for real-world emissions - ICCT
Ā 

Recently uploaded

Vip HotšŸ„µ Call Girls Delhi Delhi {9711199012} Avni Thakur šŸ§”šŸ˜˜ High Profile Girls
Vip HotšŸ„µ Call Girls Delhi Delhi {9711199012} Avni Thakur šŸ§”šŸ˜˜ High Profile GirlsVip HotšŸ„µ Call Girls Delhi Delhi {9711199012} Avni Thakur šŸ§”šŸ˜˜ High Profile Girls
Vip HotšŸ„µ Call Girls Delhi Delhi {9711199012} Avni Thakur šŸ§”šŸ˜˜ High Profile Girlsshivangimorya083
Ā 
Beautiful Vip Call Girls Punjabi Bagh 9711199012 Call /Whatsapps
Beautiful Vip Call Girls Punjabi Bagh 9711199012 Call /WhatsappsBeautiful Vip Call Girls Punjabi Bagh 9711199012 Call /Whatsapps
Beautiful Vip Call Girls Punjabi Bagh 9711199012 Call /Whatsappssapnasaifi408
Ā 
Hyundai World Rally Team in action at 2024 WRC
Hyundai World Rally Team in action at 2024 WRCHyundai World Rally Team in action at 2024 WRC
Hyundai World Rally Team in action at 2024 WRCHyundai Motor Group
Ā 
VIP Mumbai Call Girls Thakur village Just Call 9920874524 with A/C Room Cash ...
VIP Mumbai Call Girls Thakur village Just Call 9920874524 with A/C Room Cash ...VIP Mumbai Call Girls Thakur village Just Call 9920874524 with A/C Room Cash ...
VIP Mumbai Call Girls Thakur village Just Call 9920874524 with A/C Room Cash ...Garima Khatri
Ā 
Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...
Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...
Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...Hot Call Girls In Sector 58 (Noida)
Ā 
What Causes BMW Chassis Stabilization Malfunction Warning To Appear
What Causes BMW Chassis Stabilization Malfunction Warning To AppearWhat Causes BMW Chassis Stabilization Malfunction Warning To Appear
What Causes BMW Chassis Stabilization Malfunction Warning To AppearJCL Automotive
Ā 
Delhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Whatsapp Hard And Sexy Vip CallDelhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Whatsapp Hard And Sexy Vip Callshivangimorya083
Ā 
VIP Kolkata Call Girl Kasba šŸ‘‰ 8250192130 Available With Room
VIP Kolkata Call Girl Kasba šŸ‘‰ 8250192130 Available With RoomVIP Kolkata Call Girl Kasba šŸ‘‰ 8250192130 Available With Room
VIP Kolkata Call Girl Kasba šŸ‘‰ 8250192130 Available With Roomdivyansh0kumar0
Ā 
John Deere Tractors 5515 Diagnostic Repair Manual
John Deere Tractors 5515 Diagnostic Repair ManualJohn Deere Tractors 5515 Diagnostic Repair Manual
John Deere Tractors 5515 Diagnostic Repair ManualExcavator
Ā 
UNIT-II-ENGINE AUXILIARY SYSTEMS &TURBOCHARGER
UNIT-II-ENGINE AUXILIARY SYSTEMS &TURBOCHARGERUNIT-II-ENGINE AUXILIARY SYSTEMS &TURBOCHARGER
UNIT-II-ENGINE AUXILIARY SYSTEMS &TURBOCHARGERDineshKumar4165
Ā 
FULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
FULL ENJOY - 9953040155 Call Girls in Sector 61 | NoidaFULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
FULL ENJOY - 9953040155 Call Girls in Sector 61 | NoidaMalviyaNagarCallGirl
Ā 
ź§ą¼’ā˜¬ 7042364481 (Call Girl) In Dwarka Delhi Escort Service In Delhi Ncrā˜¬ą¼’ź§‚
ź§ą¼’ā˜¬ 7042364481 (Call Girl) In Dwarka Delhi Escort Service In Delhi Ncrā˜¬ą¼’ź§‚ź§ą¼’ā˜¬ 7042364481 (Call Girl) In Dwarka Delhi Escort Service In Delhi Ncrā˜¬ą¼’ź§‚
ź§ą¼’ā˜¬ 7042364481 (Call Girl) In Dwarka Delhi Escort Service In Delhi Ncrā˜¬ą¼’ź§‚Hot Call Girls In Sector 58 (Noida)
Ā 
83778-77756 ( HER.SELF ) Brings Call Girls In Laxmi Nagar
83778-77756 ( HER.SELF ) Brings Call Girls In Laxmi Nagar83778-77756 ( HER.SELF ) Brings Call Girls In Laxmi Nagar
83778-77756 ( HER.SELF ) Brings Call Girls In Laxmi Nagardollysharma2066
Ā 
BLUE VEHICLES the kids picture show 2024
BLUE VEHICLES the kids picture show 2024BLUE VEHICLES the kids picture show 2024
BLUE VEHICLES the kids picture show 2024AHOhOops1
Ā 
The 10th anniversary, Hyundai World Rally Team's amazing journey
The 10th anniversary, Hyundai World Rally Team's amazing journeyThe 10th anniversary, Hyundai World Rally Team's amazing journey
The 10th anniversary, Hyundai World Rally Team's amazing journeyHyundai Motor Group
Ā 
Delhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Full night Service for more than 1 person
Delhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Full night Service for more than 1 personDelhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Full night Service for more than 1 person
Delhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Full night Service for more than 1 personshivangimorya083
Ā 
Russian Call Girls Delhi Indirapuram {9711199171} Aarvi Gupta āœŒļøIndependent ...
Russian Call Girls Delhi Indirapuram {9711199171} Aarvi Gupta āœŒļøIndependent ...Russian Call Girls Delhi Indirapuram {9711199171} Aarvi Gupta āœŒļøIndependent ...
Russian Call Girls Delhi Indirapuram {9711199171} Aarvi Gupta āœŒļøIndependent ...shivangimorya083
Ā 
UNIT-1-VEHICLE STRUCTURE AND ENGINES.ppt
UNIT-1-VEHICLE STRUCTURE AND ENGINES.pptUNIT-1-VEHICLE STRUCTURE AND ENGINES.ppt
UNIT-1-VEHICLE STRUCTURE AND ENGINES.pptDineshKumar4165
Ā 
UNIT-III-TRANSMISSION SYSTEMS REAR AXLES
UNIT-III-TRANSMISSION SYSTEMS REAR AXLESUNIT-III-TRANSMISSION SYSTEMS REAR AXLES
UNIT-III-TRANSMISSION SYSTEMS REAR AXLESDineshKumar4165
Ā 

Recently uploaded (20)

Vip HotšŸ„µ Call Girls Delhi Delhi {9711199012} Avni Thakur šŸ§”šŸ˜˜ High Profile Girls
Vip HotšŸ„µ Call Girls Delhi Delhi {9711199012} Avni Thakur šŸ§”šŸ˜˜ High Profile GirlsVip HotšŸ„µ Call Girls Delhi Delhi {9711199012} Avni Thakur šŸ§”šŸ˜˜ High Profile Girls
Vip HotšŸ„µ Call Girls Delhi Delhi {9711199012} Avni Thakur šŸ§”šŸ˜˜ High Profile Girls
Ā 
Beautiful Vip Call Girls Punjabi Bagh 9711199012 Call /Whatsapps
Beautiful Vip Call Girls Punjabi Bagh 9711199012 Call /WhatsappsBeautiful Vip Call Girls Punjabi Bagh 9711199012 Call /Whatsapps
Beautiful Vip Call Girls Punjabi Bagh 9711199012 Call /Whatsapps
Ā 
Hyundai World Rally Team in action at 2024 WRC
Hyundai World Rally Team in action at 2024 WRCHyundai World Rally Team in action at 2024 WRC
Hyundai World Rally Team in action at 2024 WRC
Ā 
VIP Mumbai Call Girls Thakur village Just Call 9920874524 with A/C Room Cash ...
VIP Mumbai Call Girls Thakur village Just Call 9920874524 with A/C Room Cash ...VIP Mumbai Call Girls Thakur village Just Call 9920874524 with A/C Room Cash ...
VIP Mumbai Call Girls Thakur village Just Call 9920874524 with A/C Room Cash ...
Ā 
Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...
Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...
Alina 7042364481 Call Girls Service Pochanpur Colony - independent Pochanpur ...
Ā 
What Causes BMW Chassis Stabilization Malfunction Warning To Appear
What Causes BMW Chassis Stabilization Malfunction Warning To AppearWhat Causes BMW Chassis Stabilization Malfunction Warning To Appear
What Causes BMW Chassis Stabilization Malfunction Warning To Appear
Ā 
Delhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Whatsapp Hard And Sexy Vip CallDelhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Whatsapp Hard And Sexy Vip Call
Ā 
VIP Kolkata Call Girl Kasba šŸ‘‰ 8250192130 Available With Room
VIP Kolkata Call Girl Kasba šŸ‘‰ 8250192130 Available With RoomVIP Kolkata Call Girl Kasba šŸ‘‰ 8250192130 Available With Room
VIP Kolkata Call Girl Kasba šŸ‘‰ 8250192130 Available With Room
Ā 
John Deere Tractors 5515 Diagnostic Repair Manual
John Deere Tractors 5515 Diagnostic Repair ManualJohn Deere Tractors 5515 Diagnostic Repair Manual
John Deere Tractors 5515 Diagnostic Repair Manual
Ā 
UNIT-II-ENGINE AUXILIARY SYSTEMS &TURBOCHARGER
UNIT-II-ENGINE AUXILIARY SYSTEMS &TURBOCHARGERUNIT-II-ENGINE AUXILIARY SYSTEMS &TURBOCHARGER
UNIT-II-ENGINE AUXILIARY SYSTEMS &TURBOCHARGER
Ā 
FULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
FULL ENJOY - 9953040155 Call Girls in Sector 61 | NoidaFULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
FULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
Ā 
ź§ą¼’ā˜¬ 7042364481 (Call Girl) In Dwarka Delhi Escort Service In Delhi Ncrā˜¬ą¼’ź§‚
ź§ą¼’ā˜¬ 7042364481 (Call Girl) In Dwarka Delhi Escort Service In Delhi Ncrā˜¬ą¼’ź§‚ź§ą¼’ā˜¬ 7042364481 (Call Girl) In Dwarka Delhi Escort Service In Delhi Ncrā˜¬ą¼’ź§‚
ź§ą¼’ā˜¬ 7042364481 (Call Girl) In Dwarka Delhi Escort Service In Delhi Ncrā˜¬ą¼’ź§‚
Ā 
83778-77756 ( HER.SELF ) Brings Call Girls In Laxmi Nagar
83778-77756 ( HER.SELF ) Brings Call Girls In Laxmi Nagar83778-77756 ( HER.SELF ) Brings Call Girls In Laxmi Nagar
83778-77756 ( HER.SELF ) Brings Call Girls In Laxmi Nagar
Ā 
Hotel Escorts Sushant Golf City - 9548273370 Call Girls Service in Lucknow, c...
Hotel Escorts Sushant Golf City - 9548273370 Call Girls Service in Lucknow, c...Hotel Escorts Sushant Golf City - 9548273370 Call Girls Service in Lucknow, c...
Hotel Escorts Sushant Golf City - 9548273370 Call Girls Service in Lucknow, c...
Ā 
BLUE VEHICLES the kids picture show 2024
BLUE VEHICLES the kids picture show 2024BLUE VEHICLES the kids picture show 2024
BLUE VEHICLES the kids picture show 2024
Ā 
The 10th anniversary, Hyundai World Rally Team's amazing journey
The 10th anniversary, Hyundai World Rally Team's amazing journeyThe 10th anniversary, Hyundai World Rally Team's amazing journey
The 10th anniversary, Hyundai World Rally Team's amazing journey
Ā 
Delhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Full night Service for more than 1 person
Delhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Full night Service for more than 1 personDelhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Full night Service for more than 1 person
Delhi Call Girls Saket 9711199171 ā˜Žāœ”šŸ‘Œāœ” Full night Service for more than 1 person
Ā 
Russian Call Girls Delhi Indirapuram {9711199171} Aarvi Gupta āœŒļøIndependent ...
Russian Call Girls Delhi Indirapuram {9711199171} Aarvi Gupta āœŒļøIndependent ...Russian Call Girls Delhi Indirapuram {9711199171} Aarvi Gupta āœŒļøIndependent ...
Russian Call Girls Delhi Indirapuram {9711199171} Aarvi Gupta āœŒļøIndependent ...
Ā 
UNIT-1-VEHICLE STRUCTURE AND ENGINES.ppt
UNIT-1-VEHICLE STRUCTURE AND ENGINES.pptUNIT-1-VEHICLE STRUCTURE AND ENGINES.ppt
UNIT-1-VEHICLE STRUCTURE AND ENGINES.ppt
Ā 
UNIT-III-TRANSMISSION SYSTEMS REAR AXLES
UNIT-III-TRANSMISSION SYSTEMS REAR AXLESUNIT-III-TRANSMISSION SYSTEMS REAR AXLES
UNIT-III-TRANSMISSION SYSTEMS REAR AXLES
Ā 

MISRA Safety Case Guidelines -

  • 1. MISRA Safety Case Guidelines Why we are writing these guidelines..... Helen Monkhouse Global Product Safety Manager, Protean Electric Ltd. MISRA Steering Committee Member
  • 2. Agenda Introduction to MISRA Safety Cases - What is it? - What constitutes a good one? MISRA Safety Case Guidelines February 17, 20142
  • 3. Introduction to MISRA February 17, 20143 The original MISRA project started in 1990. That project was part of the UK Governmentā€Ÿs ā€œSafeITā€ programme, but is now self supporting. The MISRA Safety Case Working Group began its work in 2011 The Safety Case Working Group partners are:
  • 4. Introduction to MISRA MISRA aims to ļƒ¼ Promote best practice in automotive safety-related systems engineering ļƒ¼ Develop guidance in specific technical areas e.g. ā€¢ C language ā€¢ Software readiness for production ā€¢ Safety analysis MISRA does not ļƒ» Run certification schemes ļƒ» Promote or endorse specific products February 17, 20144
  • 5. The Safety Case Argument February 17, 20145 A safety case should communicate a clear, comprehensive and defensible argument that a system is acceptably safe to operate in a particular context. Tim Kelly, University of York ā€œclear, comprehensive and defensibleā€ ā€œcomplete and satisfiedā€ - Calls for an explicit safety argument: o An argument without evidence is unfounded o Evidence without an argument is unexplained A safety case should communicate a clear, comprehensive and defensible argument that a system is acceptably safe to operate in a particular context. Tim Kelly, University of York Argument that the safety requirements for an Item are complete and satisfied by evidence complied from work products of the safety activities during development. ISO 26262:2011 Argument that the safety requirements for an Item are complete and satisfied by evidence complied from work products of the safety activities during development. ISO 26262:2011
  • 6. ISO 26262 Requirements ISO 26262 Part 2 clause 6.4.6 includes the following safety case related requirements: - This requirement shall be complied with for items that have at least one safety goal with an ASIL (A), B, C or D: a safety case shall be developed in accordance with the safety plan. - The safety case should progressively compile the work products that are generated during the safety lifecycle. February 17, 20146 Does our compilation of ISO 26262 work products lead to an explicit safety case argument?
  • 7. The ISO 26262 Safety Case Argument February 17, 20147 Hazard Analysis & Risk Assessment all hazards have been identified Safety Goals Functional Safety Concept Technical Safety Concept Integration Testing Reports The system is safe because...... defined safety goals mitigate all hazardous events the functional safety reqā€Ÿt deliver the safety goals the technical safety reqā€Ÿt deliver the safety concept The safety reqā€Ÿt implementation is verified ISO 26262 work products This is the safety argument that is implicit within ISO 26262 Asking ā€œbut whyā€ at each stage identifies the explicit safety argument
  • 8. An Example Explicit Safety Argument February 17, 20148 Accelerator Pedal Driver Controller High Voltage Battery Electric Machine Transmission Vehicle Wheel Vehicle Wheel Item Boundary CAN Communication Low Voltage Electrical Power High Voltage Electrical Power Mechanical Force / Torque / Power High Voltage Power Inverter
  • 9. ISO 26262 Work Products February 17, 20149 Hazard Analysis & Risk Assessment Safety Goals Technical Safety Concept Integration Testing Reports Hazardous Event: Unintended vehicle acceleration during a low speed manoeuvre amongst pedestrians Exposure E3 Severity S2 ASIL B Controllability C3 Safety Goal: Vehicle positive longitudinal acceleration shall not exceed driver demand by > 1.5 m/s2 for longer than 1 s Functional Safety Concept: Functional safety requirements relating to the detection of faults Functional safety requirements relating to fault mitigation Verification Report Functional Safety Concept Why by meeting this safety goal is unreasonable risk avoided?
  • 10. Why is the Safety Goal Right? February 17, 201410 Safety Goal: Vehicle positive longitudinal acceleration shall not exceed driver demand by > 1.5 m/s2 for longer than 1 s Residual Risk Classification The residual risk associated with the hazardous event given the effect the safety goal has on vehicle behaviour would be classified QM QM Classification The level of risk associated with any hazardous event rated QM is considered to be ā€žacceptableā€Ÿ J Residual Risk ā€˜Controllabilityā€™ Classification The effect on controllability of achieving safety goal #1 Reaction ā€˜C0 Controllableā€™ ā€žC0ā€Ÿ vehicle behaviour when safety goal is achieved. Reaction Controllable Vehicle acceleration exceeding 1.5 m/s2 for 1 s has been demonstrated to be controllable by the driver slowing and stopping vehicle using the brake. C0 Controllability Vehicle behaviours that are ā€žcontrollable in generalā€™ may be rated ā€žC0ā€Ÿ C0 Controllability gives QM Risk Classification If a hazard is considered ā€žcontrollable in generalā€Ÿ ā€žC0ā€Ÿ, no ASIL assignment is required. J Documented existing experience EV Propulsion System Validation Report
  • 11. Does the Concept Deliver the Goal? February 17, 201411 Limiting Excessive Torque Limiting magnitude of torque error delivered to transmission to 150 Nm within 1 s Limiting Torque The only malfunctioning behaviour that can violate safety goal is delivering too much torque to transmission J Fault Tree Analysis Functional Safety Reqs Vehicle Test / Simulation Report Timing Analysis Safety Goal Common Cause Analysis 150 Nm Justification Delivering 150 Nm to the transmission does not exceed maximum acceleration of 1.5 m/s2 Limit Torque in the Presence of Faults Limit torque to transmission to 150 Nm within 1 s of detecting a fault that could lead to unintended acceleration Detection and Response Time Fault detection time and failure mitigation time does not exceed 1 s Detection of Torque Faults Detect all faults that could lead to excessive torque within 0.5 s Fault Identification All faults that could lead to excessive torque are identified Fault Detection Detection methods specified for faults that could lead to excessive torque Response to Detected Faults 150 Nm torque cap applied within 0.5 s of detecting a torque fault. Response to Individual Faults Individual controller requests of >150 Nm inhibited within 0.5 s of detecting torque fault Absence of Common Cause Faults There are no individual faults that could cause both controllers to malfunction together and collectively delivery >150 Nm torque excess
  • 12. So why bother? The benefits of an evidence based explicit safety case: Helps formalise the links between the high-level goals/objectives and low-level evidence; providing rationale. - This rationale is often developed and retained ā€žin peopleā€Ÿs headsā€Ÿ Aids communication of the safety argument throughout the development lifecycle: - Better clarity ā€“ being forced to write it down aids the safety engineerā€Ÿs thought process during development - Consistency improvement ā€“ project to project or with staff turnover - Maintainability benefits ā€“ the safety impact of changes made to an Item can be quickly assessed - Supports third-party assessment ā€“ removes ambiguity leading to less ā€žto and froā€Ÿ verbal questioning February 17, 201412
  • 13. The Motivation behind the MISRA Safety Case Guidelines To aid the development of safe products To assist with ISO 26262 compliance February 17, 201413 Explicit safety arguments widely adopted and mandated in more safety- mature industries Convergence to a common understanding and the sharing of knowledge and experience The increasing complexity of and authority given to automotive E/E systems Standard requires a safety case to be developed, but ambiguities exist Little or no guidance given within the standard regarding safety argument development A safety case is: 1. Set of progressively compiled work products 2. Argument that the safety requirements are complete and satisfied
  • 14. MISRA Safety Case Guideline Content February 17, 201414 Key concepts used within the guidelines document - Argument layers - Safety evidence tables - A generic safety argument framework
  • 15. Safety Argument Layers February 17, 201415 Core Argument ā€“ Got the right requirements ā€¢ Why do we have confidence that the requirements are right? ā€¢ Which evidence indicates that the requirements are complete and correct? Layer 1 ā€“ Those requirements have been met ā€¢ Why do we have confidence that the requirements have been implemented correctly? ā€¢ Which evidence demonstrates that the correct implementation has been verified? Layer 2 ā€“ Implemented using the correct means ā€¢ Why do we have confidence that an adequate process has been used to develop the work product ā€¢ Which evidence demonstrates that the right people have used the correct methods? Layer 3 ā€“ In the right environment ā€¢ Why do we have confidence in the environment in which the safety activities were undertaken? ā€¢ Which evidence demonstrates that the organisation has a good safety culture?
  • 16. Safety Evidence Tables February 17, 201416 Example evidence for safety goal 1........ Core ā€“ Got the Right Requirements Argument Typical Topics Evidence Safety goal rationale: safety goal 1 yields absence of unreasonable risk 1. Completeness of mapping between hazardous events and safety goals 1. Verification Review Report 2. Absence of unreasonable risk resulting from safety goal implementation 2. Vehicle Safety Validation Report One ā€“ Met the Requirements Argument Typical Topics Evidence Safety goal conformance: vehicle behaviour conforms to safety goal 1 1. Item performs as specified by the safety goal 1. Fault insertion tests 2. Vehicle fleet trials Two ā€“ Used the Right Means Argument Typical Topics Evidence Safety goal means: Appropriate means have been used to develop and review safety goal 1 1. Hazard analysis and risk assessment 1. Confirmation review report 2. Safety goal definition 2. Requirement review report 3. Personnel involved 3. Organogram and skills matrix
  • 17. Generic Framework February 17, 201417 Levels of Requirements Argument structured by levels of safety requirements Functional Safety Absents of unreasonable risk caused by the malfunctioning behaviour of the Item has been achieved. Item Item Definition Hazards Hazardous events Safety Goals The vehicle behaves according to a set of complete and correct safety goals that mitigate the hazardous events identified Safety Goals Functional Safety Requirements The vehicle / item behaves according to a set of complete and correct FSRs defined to achieve each safety goal. FSRs Technical Safety Requirements The item behaves according to a set of complete and correct TSRs defined to meet the functional safety requirements TSRs Hardware & Software Requirements The item behaves according to a set of complete and correct hardware and software safety requirements defined to meet the TSRs HWSWSRs
  • 18. Generic Framework February 17, 201418 Safety Goals The vehicle behaves according to a set of complete and correct safety goals that mitigate the hazardous events identified Safety Goal ALL safety goals Hazard Analysis & Risk Assessment ALL hazardous events Safety Goal 1 The vehicle behaves according to safety goal 1 defined to mitigate hazardous event 1 Safety goals grouped by hazardous event to which they pertain Safety Goal Safety Goal 1 Hazard Analysis & Risk Assessment Hazardous event 1 Argument Structure Argument structured by layers Safety Goals: Rationale Core argument about safety goals mitigating risk associated with hazardous events Safety Goals: Conformance Layer 1 argument about vehicle behaviour conforming to safety goals Safety Goals: Means Layer 2 argument about the means by which safety goals have been developed and reviewed Safety Goals: Environment Layer 3 argument about the development environment Argument Layers Core : got the right requirements Layer 1: met the requirements Layer 2: used the right means Layer 3: developed in the right environment
  • 19. The Future 2014 - Release draft guidelines for public review o Generic GSN framework o Safety argument layers o Safety argument tables - Publish first version of the above - On-line examples Potential subsequent releases - Nominal behaviour - Non-Electrical / Electronic systems - Non-functional safety (e.g. ā€žpassiveā€Ÿ safety) February 17, 201419
  • 20. Thank you February 17, 201420 Helen Monkhouse BEng CEng MIET MWES Global Product Safety Manager Protean Electric Ltd Silvertree, Unit 10B, Coxbridge Business Park, Alton Road, Farnham, GU10 5EH. www.proteanelectric.com Direct: +44 1252 741828 Email: helen.monkhouse@proteanelectric.com