PREEvision – Development of ISO 26262 Conform Safety-Related E/E Systems

Designing safety-related systems with PREEvision.

To minimize the effort for development and maintenance of safety-related systems as per ISO 26262, PREEvision offers consistent development support.

Advantages

  • Integrated approach from system design, through HARA, FMEA and FTA, to the safety case
  • Consistent modeling of all design artifacts in a single tool
  • Transparency and traceability for all stakeholders
  • Automatic consistency checks
  • Libraries for functions, malfunctions and operating situations and modes
  • Generation of reports for the safety case
  • Adjustable templates for the safety plan

The Use Case

The ISO 26262 standard for functional safety of road vehicles places considerable requirements on the development of safety-related systems. The system must achieve the required Automotive Safety Integrity Level (ASIL) of the safety functions. This also applies to all hardware and software components that contribute to the execution of a safety function.

PREEvision supports the entire safety process with a large number of editors, charts, analyses and reports.

The requirements of ISO 26262 include responsibilities, development processes, documentation and technologies for the development of safety-relevant systems. PREEvision supports the entire safety process, from system design to safety case.

Functions / Features

Item Definition

According to ISO 26262 the item definition describes the vehicle system (item) and its interactions with both the environment and with other items. On the basis of this step, a comprehensive understanding of the item is to be imparted so that all activities in the downstream development phases can be executed smoothly.

In PREEvision the item can be described in text form with customer functions and modeled graphically based on system diagrams. In addition, PREEvision supports the item definition by providing adaptable catalogs with operating situations and operating modes. These can be used in turn to create catalogs with driving situations that are relevant for the item. This information can be reused in downstream analysis steps such as the hazard and risk analysis.

Hazard and Risk Analysis (HARA)

The Hazard and Risk Analysis (HARA) identifies and classifies the hazards that can potentially come from an item. Another objective according to ISO 26262 is the formulation of safety goals for prevention or reduction of hazardous situations in order to rule out excessively high risks.

PREEvision supports the hazard and risk analysis with a powerful editor. Libraries of functions, malfunctions, operating situations, and operating modes ensure maximum efficiency.

Functional Safety Concept (FSC)

The objective of the Functional Safety Concept (FSC) is to derive requirements for functional safety from the safety goals. In addition, the requirements for functional safety are allocated to the tentative architecture components or external measures.

PREEvision supports the development of the functional safety concept on the basis of editors for refining and decomposing safety goals into functional safety requirements. The tentative design can be developed within the logical architecture layer by using graphic editors. Functional safety requirements can be easily and efficiently allocated to architecture components with trace editors.

Technical Safety Concept (TSC)

According to ISO 26262 the Technical Safety Concept (TSC) is developed jointly with the system design. The requirements for technical safety are derived from the functional safety requirements and the assumptions regarding the architecture.

In addition, the technical safety requirements are allocated to components of the system design on whose basis the technical safety requirements are to be met.

PREEvision supports the development of the technical safety concept with convenient editors for refining and decomposing functional safety requirements into technical safety requirements. The system design can be modeled using graphic editors. Technical safety requirements can be easily and efficiently allocated to architecture components with trace editors.

Hardware-Software-Interface (HSI)

The specification of the Hardware-Software-Interface (HSI) defines the interaction between hardware and software. Consistency with the technical safety concept must be ensured here. The HSI specification includes the hardware elements that are controlled by the software elements and the hardware elements that are responsible for running the software.

PREEvision supports the development of the HSI specification with convenient editors. This enables a high degree of reusability of developed hardware and software components of the system design. Thus, it is very easy to add hardware and software components to the HSI. In addition, HSI specification documents can be created with adaptable, automatically generated reports.

Qualitative Safety Analysis

ISO 26262 recommends a set of methods for qualitative safety analysis in order to validate the functional and technical safety concept.

PREEvision supports the Failure Mode and Effects Analysis (FMEA) and the Fault Tree Analysis (FTA). Unlike other tools, PREEvision can use the existing system design for analysis and optimization. This significantly reduces the expense for implementation and maintenance of a consistent analysis.

The traceability, e.g., between malfunctions and safety mechanisms, can also be easily implemented and efficiently maintained over the complete development life cycle.

Quantitative Safety Analysis

ISO 26262 requires the use of a set of methods for quantitative safety analysis in order to validate the functional and technical safety concept. This is critically important especially for systems with high ASIL (Automotive Safety Integrity Level).

PREEvision supports the quantitative Fault Tree Analysis (FTA) as well as the quantitative hardware safety evaluations according to Part 5 of the standard. These include the Hardware Architectural Metrics and the Failure Rate Class Method.

In PREEvision analysis and optimization is based on the existing system design. The traceability, e.g., between malfunctions and safety mechanisms, can also be easily implemented and efficiently maintained over the complete development life cycle.

Verification and Validation

According to ISO 26262 the objective of verification is to ensure that Work Products meet requirements. In early development phases this is ensured by checking and analyzing work results, such as the requirement specification and architecture structure, or models. During the test phases, verification is performed within the framework of test environments and test methods.

The validation can be implemented on the basis of similar methods. However, the objective is to ensure that the product conforms to requirements of the corresponding interest group, such as customers.

PREEvision supports the verification of all work results achieved during the life cycle with a large number of adaptable consistency checks. This automatic detection of inconsistencies reduces expenses for manual checks. In addition, the checking and testing of results can be recorded and processed in the form of tickets. Furthermore, PREEvision offers a test engineering and test management for specifying, implementing, and tracking manual and automatic product tests.

Safety Case

The objective of the Safety Case according to ISO 26262 is to demonstrate that the system is free from excessive risks within a defined context. The creation of the report for the safety case is generally not an activity that should be left to the end of a development phase. Instead reports for the safety case should be generated in the individual phases of a development project.

PREEvision supports this concept with a powerful module for generation of reports for the safety case. This module uses the work results created by the Safety Manager in order to create consistent, high-quality safety cases. It reduces the expense for creation of documentation for the safety case drastically when compared with manual creation of a report.

The objective of the Safety Plan is to manage and control the implementation of safety activities within a project. This includes the specification of data, results, responsibilities, and resources.

PREEvision offers a template for the safety plan and a corresponding editor. The template can be used directly but can also be adapted to special requirements in the company. The safety plan is used together with the results from the individual activities as an argument for justification of the process for the safety case.

Exibir mais

The Development Interface Agreement (DIA) defines, among other things,  the responsibilities for activities, argumentation, and work results, which are exchanged between the development partners.

PREEvision supports the definition of the development interface agreement with a DIA template that can be adapted to special requirements and a corresponding DIA editor. PREEvision automatically ensures that the DIA and safety plan are always consistent and synchronized.

Exibir mais

Related Pages

Exibir mais

Requirements Engineering

Integrated requirements engineering and management for vehicle electronics and automotive E/E systems.

PREEvision Use Case
Exibir mais

Testing

Integrated test engineering and test management across the entire E/E development process.

PREEvision Process & Team Support