Software Technologies - Home
Mastering Functional Safety
Christof Ebert
MAR 08, 2013 11:21 AM
A+ A A-

 

 

We increasingly rely on complex electronic functions to ensure functional safety. These functions are realized by systems of sensors, actuators and interconnected electronic control units. To mitigate product liability risks associated with such systems as well as to ensure the high level of quality under varying operational conditions, significant improvements to engineering processes are necessary. This blog shows how to master functional safety.

A while ago an electronic parking brake system was introduced in order to assist the driver as well as to save on weight and mechanical overhead and cost. The principle was very simple. Once the brake was activated it would prevent the car from rolling and as soon as the driver activated the throttle, it would release, thus relieving the driver from handling the synchronization of releasing the brake while simultaneously pushing the throttle. The concept worked fine and of course, the electronic parking brake had two redundant channels straight from the parking button to the brakes. During a test drive on a hot summer day, the driver stopped the car to check something outside and activated the electronic parking brake. He left the engine running as it was a short stop and he only intended to briefly leave the vehicle. The car was, after all, secured by the parking brake. A few seconds after he had left the vehicle, it suddenly accelerated and crashed into a wall. What had happened? The electronic parking brake system just worked fine. But, when the driver left the car, he naturally opened the door. This allowed hot air into the vehicle. The air condition activated itself to sustain the desired interior climate. Since it needed more power, it slightly increased the throttle – which released the brake…

Safety-critical systems have the potential to cause physical harm should they fail in their intended function. Failures can be due to random hardware faults (e.g. short circuits) or systematic design errors (e.g. software defects). The risk associated with the system is reduced by minimizing the probability of a failure occurring and limiting the consequences of unavoidable failures. With the increasing complexity of systems, its electronic components and their interworking, safety concepts will therefore be at the core of any new design, be it for the change of an existing function, such as in above example, or be it for a completely new function.

What exactly is functional safety? Functional safety is a property of the system as a whole rather than just a component property, i.e., it depends on the integrated operation of all sensors, actors, control devices, etc. The goal is to reduce the residual risk associated with a functional failure of the system below a threshold given by the assessment of severity, exposure and controllability. Functional safety standards such as IEC 61508 (all domains), ISO 26262 (Automotive), DO 178 (Aerospace), EN 501xx (Railways), IEC 60601 (Medical) and ISO 13849 (Machinery), EN 62061 (Automation) have evolved – and will further grow in relevance and content – based on experiences and to cover new challenges and development techniques.

From our experiences in introducing safety concepts to OEMs and tier-one suppliers around the world, we see three needs to establish a safety engineering culture – on top of already institutionalized disciplined management and engineering practices, namely

1.         System-oriented development

2.         Safety being an integral part of engineering methods

3.         Improved process maturity

Today we have to acknowledge that safety has reached a new level of impact and risk. It is not anymore individual components that add to safety, but rather their interworking at the system level, that is the entire vehicle with its physical assembly of mechanical and electronic subsystems.

Safety will in the future even more impact software and systems engineering:

-        OEMs and suppliers in many cases need to improve their process capabilities to fulfill the requirements of the safety standards and to better collaborate with suppliers

-        Suppliers of established safety critical components need to further improve field observation and abilities for complete safety case.

-        Suppliers of new and innovative components need to build up good basic process capabilities as a reliable foundation for safety.

-        Safety capabilities will become part of standard supplier evaluations.

Migrating to a safety-conform development will only be successful if it is understood and performed as a cultural and thus organizational change. However, too often, safety is understood primarily as a technical challenge where few additional requirements are added to an already overly long specification. A safety culture needs to be established. Management and engineering needs to understand the challenge of safety as a multidimensional need which impacts management processes, responsibilities and engineering methods. Functional safety needs to be seen as a critical product liability issue with all consequences on disciplined and formalized development. Engineers need to understand safety needs on the system level and adopt their engineering methods towards systematic and traceable decision-making from architectural to functional and component-levels.

More:

IEEE Software theme issue on “Safety-Critical Software Systems”: http://www.computer.org/csdl/mags/so/2013/03/index.html   

White Papers and resources: http://www.vector.com/functional-safety

Author:

Dr. Christof Ebert is managing director at Vector Consulting Services. He supports clients around the world to sustainably improve product strategy and product development and to manage organizational changes. He has worked extensively in requirements engineering and product management, and serves as a frequent keynote speaker and RE evangelist at conferences and with many companies. An IEEE senior member, he serves on a number of advisory and industry bodies, teaches at the University of Stuttgart and has authored several bestselling books including his most recent book “Global Software and IT” published by Wiley-IEEE.

Contact him at christof.ebert@vector.com

FIRST
PREV
NEXT
LAST
Page(s):
[%= name %]
[%= createDate %]
[%= comment %]
Share this:
Please login to enter a comment:
 
RESET