Enabling Efficient Functional Safety Audits - The Missing Link between ISO 26262 and Automotive SPICE 2019-01-0144
In the field of electric and electronic (E/E) design for the automotive area, there are separate traditions related to ensuring functional safety and to high software quality, respectively. Since the first release of ISO 26262, there has been an understanding in this community that this gap needs to be bridged to reach a complete functional safety assessment.
In this paper we show how this missing link between ISO 26262 and Automotive SPICE can been solved by the formalization of a process assessment model (PAM) fulfilling the purpose of a functional safety audit according to ISO 26262. This PAM named SS 7740, is in edition 2 and based on ISO 26262 edition 1 and Automotive SPICE version 2.5. Currently there is an ongoing work with edition 3 of SS7740, where the assessment model relates to the process capabilities called for by ISO 26262 edition 2 and referencing the Automotive SPICE version 3.0.
ISO 26262 requires formal functional safety audits as a minimum for the part of the life cycle activities related to elements having ASIL C and ASIL D requirements. The purpose is to assess the implementation of the necessary safety processes according to the claimed scope as defined by the safety plan. In ISO 26262 there is a general proposal to coordinate the functional safety audit with an Automotive SPICE assessment. However, it is also noted that the Automotive SPICE assessment as such is not sufficient for this purpose. This implies that a dedicated process assessment model, complementary to Automotive SPICE, is necessary in order to specifically audit the processes prescribed by ISO 26262.
In the full paper the complete structure of SS 7740 is described in detail, and it is also shown how combined Functional Safety Audits and Automotive SPICE Assessments are performed in a coordinated way.
Rolf Johansson, Per Johannessen, Jonas Borg, Ireri Ibarra