Functional SafetyPREEvision Process & Team Support
- Beginning of the page
PREEvision – Developing ISO 26262 Compliant E/E Systems
To minimize the effort for development and maintenance of safety-related systems as per ISO 26262, PREEvision offers consistent development support including editors, diagrams and templates for HAZOP, HARA, FMEA, FMEDA, and FTA.
- Integrated approach from system design, through HARA, FMEA and FTA, to the safety case
- Consistent modeling of all design artifacts in a single tool
- Transparency and traceability for all stakeholders
- Automatic consistency checks
- Libraries for functions, malfunctions and operating situations and modes
- Generation of reports for the safety case
- Adjustable templates for the safety plan
The Use Case
The ISO 26262 standard "Road vehicles - Functional safety" is intended to guarantee the functional safety of a system with electrical/electronic components in vehicles. This ISO standard places considerable requirements on the development and production of safety-relevant systems: ISO 26262 defines processes, the methods to be applied, and the required work products such as tests and documentation.
The hazard and risk analysis (HARA) identifies hazards on the system, hardware and software level and classifies them according to ASIL. In the following, functional and technical safety requirements are described and assigned to the respective components. With ISO 26262 compliant methods like FMEA, FMEDA and FTA, qualitative and quantitative safety analyses are carried out.
Checks and tests ensure that work products comply to the safety requirements. At the end as well as during the development, a safety case report must be provided which ensures a sufficient and acceptable level of safety.
PREEvision supports the entire safety process, from system design to safety case.
Functions / Features
According to ISO 26262 the item definition describes the vehicle system (item) and its interactions with both the environment and with other items. On the basis of this step, a comprehensive understanding of the item is to be imparted so that all activities in the downstream development phases can be executed smoothly.
In PREEvision the item can be described in text form with customer functions and modeled graphically based on system diagrams. In addition, PREEvision supports the definition of catalogs with operating situations and operating modes. These can be used in turn to create catalogs with driving situations that are relevant for the item. This information can be reused in downstream analysis steps such as the hazard and risk analysis.
Hazard and Risk Analysis (HARA)
The Hazard and Risk Analysis (HARA) identifies and classifies the hazards that can potentially come from an item. Another objective according to ISO 26262 is the formulation of safety goals for prevention or reduction of hazardous situations in order to rule out excessively high risks.
PREEvision supports the hazard and risk analysis with a powerful editor. Libraries of functions, malfunctions, operating situations, and operating modes ensure maximum efficiency.
Functional Safety Concept (FSC)
The objective of the Functional Safety Concept (FSC) is to derive requirements for functional safety from the safety goals. In addition, the requirements for functional safety are allocated to the tentative architecture components or external measures.
PREEvision supports the development of the functional safety concept on the basis of editors for refining and decomposing safety goals into functional safety requirements. The tentative design can be developed within the logical architecture layer by using graphic editors. Functional safety requirements can be easily and efficiently allocated to architecture components with trace editors.
Technical Safety Concept (TSC)
According to ISO 26262 the Technical Safety Concept (TSC) is developed jointly with the system design. The requirements for technical safety are derived from the functional safety requirements and the assumptions regarding the architecture.
In addition, the technical safety requirements are allocated to components of the system design on whose basis the technical safety requirements are to be met.
PREEvision supports the development of the technical safety concept with convenient editors for refining and decomposing functional safety requirements into technical safety requirements. The system design can be modeled using graphic editors. Technical safety requirements can be easily and efficiently allocated to architecture components with trace editors.
The specification of the Hardware-Software-Interface (HSI) defines the interaction between hardware and software. Consistency with the technical safety concept must be ensured here. The HSI specification includes the hardware elements that are controlled by the software elements and the hardware elements that are responsible for running the software.
PREEvision supports the development of the HSI specification with convenient editors. This enables a high degree of reusability of developed hardware and software components of the system design. Thus, it is very easy to add hardware and software components to the HSI. In addition, HSI specification documents can be created with adaptable, automatically generated reports.
Qualitative Safety Analysis
ISO 26262 recommends a set of methods for qualitative safety analysis in order to validate the functional and technical safety concept.
PREEvision supports the Failure Mode and Effects Analysis (FMEA) and the Fault Tree Analysis (FTA). Unlike other tools, PREEvision can use the existing system design for analysis and optimization. This significantly reduces the expense for implementation and maintenance of a consistent analysis.
The traceability, e.g., between malfunctions and safety mechanisms, can also be easily implemented and efficiently maintained over the complete development life cycle.
Quantitative Safety Analysis
ISO 26262 requires the use of a set of methods for quantitative safety analysis in order to validate the functional and technical safety concept. This is critically important especially for systems with high ASIL (Automotive Safety Integrity Level).
PREEvision supports the quantitative Fault Tree Analysis (FTA) as well as the quantitative hardware safety evaluations according to Part 5 of the standard. These include the Hardware Architectural Metrics and the Failure Rate Class Method.
In PREEvision analysis and optimization is based on the existing system design. The traceability, e.g., between malfunctions and safety mechanisms, can also be easily implemented and efficiently maintained over the complete development life cycle.
Verification and Validation
According to ISO 26262 the objective of verification is to ensure that Work Products meet requirements. In early development phases this is ensured by checking and analyzing work results, such as the requirement specification and architecture structure, or models. During the test phases, verification is performed within the framework of test environments and test methods.
The validation can be implemented on the basis of similar methods. However, the objective is to ensure that the product conforms to requirements of the corresponding interest group, such as customers.
PREEvision supports the verification of all work results achieved during the life cycle with a large number of adaptable consistency checks. This automatic detection of inconsistencies reduces expenses for manual checks. In addition, the checking and testing of results can be recorded and processed in the form of tickets. Furthermore, PREEvision offers a test engineering and test management for specifying, implementing, and tracking manual and automatic product tests.
The objective of the Safety Case according to ISO 26262 is to demonstrate that the system is free from excessive risks within a defined context. The creation of the report for the safety case is generally not an activity that should be left to the end of a development phase. Instead reports for the safety case should be generated in the individual phases of a development project.
PREEvision supports this concept with a powerful module for generation of reports for the safety case. This module uses the work results created by the Safety Engineer in order to create consistent, high-quality safety cases. It reduces the expense for creation of documentation for the safety case drastically when compared with manual creation of a report.
The objective of the Safety Plan is to manage and control the implementation of safety activities within a project. This includes the specification of data, results, responsibilities, and resources.
PREEvision offers a template for the safety plan and a corresponding editor. The template can be used directly but can also be adapted to special requirements in the company. The safety plan is used together with the results from the individual activities as an argument for justification of the process for the safety case.
The Development Interface Agreement (DIA) defines, among other things, the responsibilities for activities, argumentation, and work results, which are exchanged between the development partners.
PREEvision supports the definition of the development interface agreement with a DIA template that can be adapted to special requirements and a corresponding DIA editor. PREEvision automatically ensures that the DIA and safety plan are always consistent and synchronized.
Designing Advanced Systems – Safely!
Model-Based E/E Development Conforming to ISO 26262
Model-based environments provide different views of a vehicle’s E/E content and are a powerful tool in development. They enable consistent design of functionally safe systems and help engineers to focus on the core activities of their work. Powerful tools like PREEvision also offer process support which can be adapted to the specific needs of OEMs and Tier-1 suppliers. An integrated approach results in traceability: from the requirements specification to the safety verification. This article sheds light on functional safety as an integral component of E/E development with PREEvision and explains how to design advanced systems safely.
Translation of a German-language publication in "Elektronik automotive", special issue "Software" 2018