This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Enabling Efficient Functional Safety Audits - The Missing Link between ISO 26262 and Automotive SPICE
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 2, 2019 by SAE International in United States
Annotation ability available
In the field of electric and electronic (E/E) design for the automotive industry, there are separate traditions related to functional safety and software quality assurance. Both relying on the evaluation of the processes used; Automotive SPICE provides detailed guidance on how to perform this evaluation whilst ISO 26262 does not and simply mention Automotive SPICE as one possible solution. ISO 26262 additionally requires for an evaluation of the functional safety achieved by the product and uses the process evaluation (or functional safety audit in ISO 26262 terms) to support the final functional safety assessment. The purpose is to evaluate the implementation of the necessary safety processes according to the claimed scope defined in the safety plan.
Automotive SPICE does not make a distinction on whether the application of the software under evaluation is safety related or not. ISO 26262 requires formal functional safety audits as a minimum for the part of the life cycle activities related to elements having ASIL C and ASIL D requirements
In this paper we show how the link between ISO 26262 and Automotive SPICE can be established by the formalization of a process assessment model (PAM) fulfilling the purpose of a functional safety audit according to ISO 26262. This PAM is named SS 7740, as it has been developed by industry contributors in Sweden. The second edition of SS 7740 is based on ISO 26262 Edition 1 and Automotive SPICE version 2.5. Currently work ongoing to publish Edition 3 of SS 7740, where the assessment model relates to the process capabilities called for by ISO 26262 Edition 2 and referencing the Automotive SPICE version 3.1 In ISO 26262 there is a general proposal to coordinate the functional safety audit with an Automotive SPICE assessment. However, it is also noted that the Automotive SPICE assessment as such is not sufficient for this purpose. This implies that a dedicated process assessment model, complementary to Automotive SPICE, is necessary in order to specifically audit the processes prescribed by ISO 26262. In the paper the complete structure of SS 7740 is described in detail, and it is also shown how combined Functional Safety Audits and Automotive SPICE Assessments are performed in a coordinated way.
CitationJohansson, R., Johannessen, P., Borg, J., and Ibarra, I., "Enabling Efficient Functional Safety Audits - The Missing Link between ISO 26262 and Automotive SPICE," SAE Technical Paper 2019-01-0144, 2019, https://doi.org/10.4271/2019-01-0144.
- ISO International Standard, “Road Vehicles - Functional Safety,” ISO 26262, Rev 2011.
- ISO International Standard, “Road Vehicles - Functional Safety,” ISO 26262, Rev 2018.
- The Procurement Forum, “Automotive SPICE, Process Assessment Model,” Release v2.5, May 10, 2010.
- VDA, “Automotive SPICE Process Reference Model Process Assessment Model,” Version 3.0, July 16, 2015.
- Johannessen, P., Halonen, Ö., Örsmark, O., “Functional Safety Extensions to Automotive SPICE According to ISO 26262,” in Proceedings from 11th International Conference, SPICE 2011, Dublin, Ireland, May 30-June 1, 2011.
- SIS Standard, “Road vehicles - Functional Safety Process Assessment Model,” SS 7740, Revision 1, 2012.
- SIS Standard, “Road vehicles - Functional Safety Process Assessment Model,” SS 7740, Revision 2, 2018.
- http://agilemanifesto.org/, “Manifesto for Agile Software Development,” last accessed October 16, 2018.