What does functional safety mean and what is ISO 26262?

There are risks involved with the development of driving functions, especially those for driver assistance or autonomous driving. Self-driving cars can easily become a hazard if the complex technology does not work reliably and precisely. A number of regulations and standards ensure that driving functions used in road-legal vehicles are safe.

Why use certified tools?

ISO 26262 is an ISO standard for safety-relevant electrics/electronics systems in motor vehicles. It is applied wherever electronic functions and software that have an impact on functional safety are used in the vehicle. This standard is of enormous importance to many vehicle manufacturers and suppliers today, because certification of the test and development tools used in accordance with this standard directly certifies that development has been carried out carefully and with a focus on functional safety in accordance with the current state of the art. This can become particularly relevant in product liability issues.  For this and other reasons, automotive manufacturers and suppliers are striving to qualify their development process according to ISO 26262.

Significance of ISO 26262 for Automotive Manufacturers and Suppliers

Individual systems today already achieve a high level of system complexity. The interaction of the systems leads to an almost unmanageable variety of system states and can therefore only be validated with immense effort. Furthermore, the environments and tools used in the development process are becoming more diverse and heterogeneous. This makes it increasingly difficult for suppliers and automotive manufacturers to qualify their own process, in which these tools are used, according to ISO 26262. Here, it clearly helps automotive manufacturers and suppliers if they can use tools or components that are already ISO 26262-certified. They can then exclude these tools from audits as qualified and focus on the rest of the process chain, since it can be assumed that these tools or components comply with the functional safety guidelines mentioned in the standard and the generated artifacts and results can be considered trustworthy in this context.

This is the main reason why dSPACE is pushing for ISO 26262 certification of its tools. With SIMPHERA, certification has now been successfully completed just a few months after the product launch.

We want dSPACE customers to be able to concentrate on their core competencies and use dSPACE tools with the certainty that the functions developed with them meet the highest industry standards in terms of functional safety.

SIMPHERA and ISO 26262

SIMPHERA is the new, highly scalable simulation and validation solution that enables our customers to validate their functions for advanced driver assistance systems and autonomous driving and thus bring them safely onto the road. Because highly safety-critical functions must be validated with SIMPHERA, maximum functional safety demands are imposed on the tool and the associated tool development. In order to provide this safety evidence for our solutions, we have worked closely with TÜV Süd (a German certification authority) in recent months to achieve certification of SIMPHERA in accordance with ISO 26262.

The Certification

At the beginning, a risk analysis was carried out. In addition, the development process for SIMPHERA was analyzed and optimized to meet the highest standards of quality and safety. SIMPHERA was developed in several agile teams in the context of SAFe (Scaled Agile Framework). This is an extended agile development method that defines the communication, collaboration, and execution across numerous agile teams. Agile development means that dSPACE, as a customer-oriented partner, is always able to respond to the requirements of its customers and/or the market and to implement and provide solutions for these requirements promptly. This type of development already includes in-depth quality assurance measures by design, such as code reviews, continuous code integration with automated test stages at various levels, etc., which already leads to high tool quality. Other additional measures, such as continuous identification and assessment of product risks, for example, also ensure that all developers get a feel for where critical points are in the tool that should be given special attention. In addition, a safety expert is appointed in each team to ensure that attention is paid to functional safety aspects for all new features to be implemented. This, together with in-depth documentation of the solution and the product development process, ensured that the TÜV Süd certification could be carried out without any objections.

What will be your next steps?

As mentioned above, SIMPHERA is developed in an agile manner. This ensures that an updated software version of SIMPHERA is ready every month. So far, each software version has been certified individually by TÜV Süd. This is no longer practical with a release schedule of one month. According to the joint ideas of dSPACE and TÜV Süd, increments will be certified in a continuous certification process in the future. TÜV Süd and dSPACE plan to start process development for this shortly. The new process is then intended to enable continuous certification of software developed in an agile manner. This means that dSPACE customers can always use the latest software version with the latest features. In doing so, they can rely on using a consistently certified software solution.

About the author:

Dominik Dörr

Dominik Dörr

Automated Driving & Software Solutions, dSPACE GmbH

ニュースレターを購読します

メールマガジンの購読希望・変更/配信停止手続き