Professional Documents
Culture Documents
Peter Grabs, Ph.D. intedis GmbH & Co. KG, Germany Pierre Metz, Ph.D. Brose Fahrzeugteile GmbH & Co. KG, Hallstadt, Germany
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
Content
1. What 1 Wh t ISO 26262-2 S 26262 2 Says 2. Different Views on Independence 3. Our Considerations 4. Change Request to ISO 26262-2 5. 5 Scenarios
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
Content
1. What 1 Wh t ISO 26262-2 S 26262 2 Says 2. Different Views on Independence 3. Our Considerations 4. Change Request to ISO 26262-2 5. 5 Scenarios
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
Some thi d S third-party service providers claim t i id l i certification of individuals would be necessary for satisfying I1 and I2 1 it would be state of the art to have safety assessments performed by accredited third parties 2,3 I3 would require purely external services being free of economical or any other kind of dependency to the organization assessed 2
1)
as perceived by the authors from 2009 to 2012 based on personal community communications, EUROFORUM ISO 26262 conference publications & debates, IQPC ISO 26262 conference publications & debates, VDA Sys Conference debates, public advertisements & service offers, Functional Safety Executive Summary publication of ZVEI working group on functional safety, internet articles, white papers, journal articles Schmidt M., Rau M., Helmig E., Bauer B., SGS TV Saar, Funktionale Sicherheit Umgang mit Unabhngigkeit, rechtlichen Rahmenbedingungen und Haftungsfragen ( p g g (http://www.sgs-tuev-saar.com/pdf/Fachartikel-ISO-26262-Jura-08-2011.pdf) and Rechtliche Folgen der ISO26262, Hanser Automotive, g p p ) g Germany, Nov. 2011 Quotation: In Bezug auf die Sorgfaltspflicht ist es als Stand der Wissenschaft und Technik anzusehen, dass der Teil der Produktabsicherung Assessment zur Funktionalen
Sicherheit von hierfr gem ISO/IEC 17025 bzw. ISO/IEC 17020 akkreditierten, sich nicht im eigenen Konzernverbund befindlichen Prfstellen durchgefhrt wird.
2)
Quotation: Wirkliche Unabhngigkeit ist nur gegeben, wenn keine wirtschaftliche oder arbeitsrechtliche Abhngigkeit der analysierenden Stelle vom herstellenden
Unternehmen gegeben ist.
3)
Molle E. Rau M. Besttigungsmanahmen der ISO 26262 und organisatorische Umsetzungsbeispiele, Safetronic conference, Nov.2011, Munich, Germany. Quotation: Fr eine hchtmgliche Risikoreduzierung im Umfeld der Produkthaftung wird empfohlen auf unabhngige nach ISO/IEC 17025 akkreditierte Prfstellen
zurckzugreifen. Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved. 5
Helmig H l i 4
Even an external service provider is not entirely independent as he might seek follow-up contracts
Kriso/Unruh5
Certification of processes, products, or indidivuals is required neither by ISO 26262 nor from a legal point of view Organizational independency does not necessarily mean external 5,6 Competence is necessary for functional safety audits and assessments However, the more independent a person is, the less is its specific knowledge and vice versa
4)
Helmig E. Funktionale Sicherheit nach ISO 26262 und Produkthaftung fr No-trouble-found-Flle, journal Haftpflicht Interational Recht & Versicherung, No. 1/2012, http://www.fb.tmg-web.de/genre/HI_recht_versicherung_2012_01/index.html, also available on (http://www.notarhelmig.de/de/publikationen.html). Quotation: Auch ein externer Berater ist kaum unabhngig, wenn er um den nchsten Auftrag in diesem sehr begrenzten Umfeld
seiner Geschftsmglichkeiten nur weniger Kunden frchten muss.
5)
Kriso S./Unruh J. Implementation of Functional Safety Audits and Assessments at Bosch, IQPC conference Experiences with ISO 26262, Munich, Germany, 28th 30th March 2012 FAQ Ed. 2 on IEC internet page, answered by IEC 61508 standardization board (IEC/SC65A/WG14) http://www.iec.ch/functionalsafety/faq-ed2/page4.htm
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved. 6
6)
Molle/Rau M ll /R 7
It is considered necessary to have confirmation measures done by company-internal parties.
depts.8
more internal competence arguing independence is more difficult less know-how/skill at present stage of ISO 26262 experience establishing central depts next to the product lines leads to bigger organizations depts.
7)
Molle E., Rau M. Besttigungsmanahmen der ISO 26262 und organisatorische Umsetzungsbeispiele, Safetronic conference, Nov.2011, Munich, Germany. Quotation: Daher ist es unumgnglich, die erforderlichen Besttigungsmanahmen zur Funktionalen Sicherheit durch firmeninterne Organisationslsungen praktikabel und
effizient zu erfllen.
8)
Taken from the reported results of workshop Process Experience With ISO 26262 Audits and What Can Be Concluded From These led by Richard Krger, BMW AG, at IQPC conference Experiences with ISO 26262, Munich, Germany, 28th 30th March 2012
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved. 7
Content
1. What 1 Wh t ISO 26262-2 S 26262 2 Says 2. Different Views on Independence 3. Our Considerations 4. Change Request to ISO 26262-2 5. Scenarios
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
C Conclusion: l i
Independence merely is a method but not a goal !
Therefore:
The true goal needs to be identified !
9)
Statements of VDA AK 16 members and delegates to ISO/TC22/SC3/WG16, e.g. during debates at EUROFORUM ISO 26262 conferences 2010, 2011 and VDA AK 16 board meetings e.g. the ASIL method tables are recommendations and guidance only; the actual requirements to fulfill are the goals stated in the corresponding paragraphs above. Generally, the requirements in chapters x.4 are designed to be refinements of the objectives in chapters x.1 (indirectly by means of grouping those requirements in terms of logical work products) Personal opinion, and experiences with international standards, of the authors
10)
11)
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
10
This goal is also explicitly required by ISO/IEC TR 15504-7 (SPICE assessment types A to D) This goal is also explicitly required by ISO/IEC 15504-2 This goal is also explicitly required by ISO/IEC TR 15504-7 (SPICE assessment types A to D)11) This goal is also required by Standard CMMI Appraisal Method for Process Improvement (SCAMPISM) A, Version 1.3, Method Definition Document SCAMPI, Upgrade Team, March 2011, HANDBOOK CMU/SEI-2011-HB-001 Process step Select and Prepare Appraisal Team Guidelines for auditing management systems (ISO 19011:2011); German and English version EN ISO 19011:2011
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved. 11
15)
Already mentioned
5. Internal heterogeneous teams Our new suggestions (do not require additional headcount/ resources)
12
Content
1. What 1 Wh t ISO 26262-2 S 26262 2 Says 2. Different Views on Independence 3. Our Considerations 4. Change Request to ISO 26262-2 5. 5 Scenarios
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
13
(1/3)
Table 1 Evaluation of methods wrt. the proposed goals Different person, same team Person from different team Independent. dept. Purely external services Internal heterogeneous teams Mixed heterogeneous teams
High
(O)bjectivity
Low Medium Mediume/ High Mediumc/ High Mediumf/ Highf High
a) b)
Depending on product variants, different customers/product lines etc. Depends on process maturity, e.g. High only in presence of standard processes (e.g. CMMI Maturity Level 3, SPICE Maturity Level 3, or Automotive SPICE HIS scope Capability Level 3, respectively) Potential P t ti l economical bi i l bias, see H l i above Helmig b
d) e) f) g)
See Kriso/Unruh, above Psychology not reflected, see above Group consensus, but still depending on team selection Depending on how familiar the particular external individual is with the company
c)
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
14
(2/3)
Table 2 Hazard & Ri k A l i H d Risk Analysis Safety plan Item Integration & Testing Pl T ti Plan Validation Plan Safety Analyses Tool Qualification Report Proven-In-Use Arguments Safety Case Safety Audit Safety Assessment
B
T High, P Low O High High Low,
T Low, P Medium, O Low, T Medium, P Low, O Low T Medium, P Low, O Low T High, P Low, O Low T Low , P Low, O Low T Medium, P Low, O Low T Medium, P Medium, O Low T Low, P High, O Low L T High, P Medium, O Low
T Low, P Medium, O Medium T Medium, P Low, O Medium T Medium, P Low, O Medium T High, P Low, O Medium T Low , P Low, O Low T Medium, P Low, O Medium T Medium, P Medium, O Medium T Low, P High, O Medium M di T High, P Medium, O Medium
T Low, P Medium, O High T Medium, P Low, O Medium T Medium, P Low, O Medium T High, P Low, g O High T Low , P Low, O Low T Medium, P Low, O High T Medium, P Medium, O High T Low, P High, O High Hi h T High, P Medium, O High
15
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
(3/3)
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
16
Content
1. What 1 Wh t ISO 26262-2 S 26262 2 Says 2. Different Views on Independence 3. Our Considerations 4. Change Request to ISO 26262-2 5. 5 Scenarios
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
17
Metz P. Experience report - Functional safety standard conformance via process monitoring using a product line approach, IQPC conference Experiences with ISO 26262, Munich, Germany, 28th 30th March 2012
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved. 18
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
19
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
20
Conclusion
(1/2)
W revealed the notion of independence in ISO 26262-2 as b i We l d th ti f i d d i 26262 2 being a method instead of a goal As a c a ge request for t e upco s change equest o the upcoming ISO 26262 revision we suggested g SO 6 6 e s o e
replacing it with the goal of ensure a competent & objective evaluation mapping the approaches
1. 2. 3. 4. 5. 5 6.
Different person, same team p Person from different team Independent depts. Purely external services Internal heterogeneous teams Mixed heterogeneous teams
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
21
Conclusion
(2/2)
At the present stage of ISO 26262 our suggestions would have to be agreed on with the customer
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
22
pierre.metz@brose.com peter.grabs@intedis.com
Intedis GmbH & Co. KG, Brose Fahrzeugteile GmbH & Co. KG. All rights reserved.
Expertenwissen fr Entscheider
Die bereitgestellten Tagungsunterlagen sind urheberrechtlich geschtzt. Es gelten die bei Buchung der Veranstaltung akzeptierten AGB der EUROFORUM Deutschland SE.
www.inform-you.de