View
273
Download
1
Category
Preview:
Citation preview
ISO-26262 CERTIFICATIONINTRODUCTION
Functional Safety & Automotive Electronics
SGS Taiwan
Bentley Lin
2
HIERARCHICAL STRUCTURE
� SGS & Bentley Lin
� ISO 26262 introduction
� International market trend
� ISO 26262 certification introduction
� ISO 26262 QM certification introduction
� Conclusion: Telematics & ISO-26262
� Q&A
3
SGS & BENTLEY LINFunctional Safety & Automotive Electronics
4
COMPANY & COMPETENCE CENTER INTRODUCTION
� SGS:The 1st (world biggest) inspection and verification
company
� SGS-TÜV Functional Safety competence centre:
The competence centre are accredited to provide FS
services in below area:
Automotive│ Automation │ Semiconductors │ Machinery │ Process Industry │ Software
5
SGS-TÜV COMPETENCE CENTRE ORGANIZATION
6
MARTIN SCHMIDT –HEAD OF SUPERVISION BOARD
Leader of Global Competence Center Functional Safety
SGS-TÜV GmbH
E-Mail: martin.schmidt@sgs.com
Dipl.-Ing.
1989 – 1995 Studies of Automotive Engineering at Munich University of Applied Sciences
1995 – 1999 Authorised Expert Electronics,
TÜV SÜD Automotive GmbH, Munich2000 – 2010 Manager Electronics Safety,
TÜV SÜD Automotive GmbH, Munichsince 2010 Leader Competence Center Functional Safety,
SGS-TÜV GmbH, Germany
Member of FKT-SA Elektronik ( Consulting committee to the German Ministry of traffic with regard to Safety in Electronics); Co-initiator of ISO 26262
7
BENTLEY LIN (林譽森)
Regional Functional Safety Coordinator/ Project ManagerE-Mail: Bentley.Lin@sgs.com
2010 – 2011 Project Leader for Functional Safety Automotive, Mobility of TUV Rheinland Greater China- Authorized by Cologne HQ
2011 – 2012 Project Manager Functional Safety & Automotive Electronics, SGS� The 1st qualified Automotive Functional Safety Professional among China and
Taiwan area- Achieving high score without being trained
� The 1st authorized non-German AFSP/IEC-61508 trainer in whole Asia region
� Functional Safety project experiences with Japanese experts for various Japanese OEMs/ suppliers
� IEC-61508 project experiences with Schneider Electric Shanghai
Since 2012 Regional Functional Safety Coordinator, SGS East Asia- Japan, Korea, Taiwan� To implement and coordinate Functional Safety projects with automotive
customers together with local experts in Japan, Korea and Taiwan
Master of Engineering / AFSP
8
SERVICE REFERENCE INTRODUCTION
� Below automotive companies are our world-wide
customers in Functional Safety Automotive area:
� AGCO
� Al-Ko
� Audi
� BMW
� Bosch
� Bourns Automotive
� Bozzio
� Continental
� Daimler
� Dainese
� Delphi
� Denso
� EFA-S
� Evobus
� Ford
� Freescale
� Getrag
� GM (Opel)
� Karmann
� Knorr Bremse
� Knott
� Kraus Maffei
� Liebherr
� MAN
� Magna Steyr
� MAGNA E-Car
� Nissan
� Renault
� Rheinmetall
� Rosenbauer
� Ruf
� Siemens
� SKF
� Thyssen-Krupp Presta
� Valeo
� Voith Turbo
� Webasto
� ZF
� Zollner
9
ISO-26262 INTRODUCTIONFunctional Safety & Automotive Electronics
10
ISO-26262 INTRODUCTION
� The roadmap of key auto standards:
1985 1990 1995 2000 2005 2010
TS-
16949
ISO-
16750
ISO-
7637
ISO-
11451
ISO-
11452
ISO-
11898
ISO-
14230
ISO-
15118
ISO-
17356
ISO-
21609
ISO-
12405
11
ISO-26262 INTRODUCTION
Number Requirement Type Content
ISO 16949 QM Particular requirements for the application of ISO 9001:2008 for automotive production and relevant service part organizations
ISO 16750 Testing Environmental conditions and testing for electrical and electronic equipment
ISO 7637 Testing Electrical disturbances from conduction and coupling
ISO 11451 Testing Vehicle test methods for electrical disturbances from narrowband radiated electromagnetic energy
ISO 11452 Testing Component test methods for electrical disturbances from narrowband radiated electromagnetic energy
ISO 11898 DV Controller area network (CAN)
ISO 12405 Testing Test specification for lithium-ion traction battery packs and systems
ISO 14230 DV Diagnostic systems -- Keyword Protocol 2000
ISO 15118 DV Vehicle to grid Communication Interface
ISO 17356 DV Open interface for embedded automotive applications
ISO 21609 Testing (EMC) guidelines for installation of aftermarket radio frequency transmitting equipment
12
ISO-26262 INTRODUCTION
� What’s missing:
� TS 16949: General requirement (applicable to E/E or mechanical)
� ISO 16750/ 7637/ 11451/ 11452/ 12405/ 21609: Assure strength of hardware parts under certain scenario
� ISO 11898/ 14230/ 15118/ 17356: Assure robust protocol or interface for automotive application
� Then , who should be responsible for:
1. General robustness (not scenario-oriented) ?
2. The correctness of system behavior ?
3. The software quality and control ability?
13
ISO-26262 INTRODUCTION
� The main purpose of every product is to
deliver correct function:
� Can your product deliver faulty function?
� To what extent, the faulty function is allowed?
User Product Expected
Result
14
ISO-26262 INTRODUCTION
� How a function is implemented ?
User
Product
Expected
Result
H/W parta
S/W comp a
H/W part
H/W partb
H/W partc
S/W comp
S/W comp b
S/W comp c
Module 1
Module 2
Module 3
Module 4
15
ISO-26262 INTRODUCTION
� How to prevent faulty function?
� Every part and component which is involved in this functional flow should be fault-tolerant
User Expected
Result
H/W parta
S/W comp a
H/W partb
H/W partc
S/W comp b
S/W comp c
H/W parta
H/W partb
H/W partc
This is Functional Safety- A study in the software & hardware which is related to certain functional flow
16
ISO-26262 INTRODUCTION
� How to achieve “Functional Safety”?
� No perfect hardware part
� No perfect software quality
� So, a systematic method is developed
17
ISO-26262 INTRODUCTION
� The first born solution- IEC 61508
� Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems
� It covers one of three items of system safety:
1. Primary safety
2. Functional safety
3. Indirect safety
� First published from 1998, a “generic standard”- Designed to fit all industries
18
ISO-26262 INTRODUCTION
� The evolution of IEC 61508, different
application-specific standard is derived:� IEC 61511- Process safety (Manufacturing process)
� IEC 62061- Machine safety
� ISO 13849- Safety of machinery, Safety-related parts of
control systems
� ISO 25119- Tractors and machinery for agriculture and
forestry -- Safety-related parts of control systems
� IEC 62425- Railway applications - Communication,
signaling and processing systems - Safety related
electronic systems for signaling
� IEC 61513- Nuclear power plants - Instrumentation and
control for systems important to safety
� IEC 60601- Medical electrical equipment
19
ISO-26262 INTRODUCTION
� Every industry has its own unique
considerations/ methods
� The first auto company which looks for the
application of IEC-61508 is: BMW� BMW almost leads any advanced automotive E/E
technologies: OSEK/ Functional Safety/ AUTOSAR…
� But IEC-61508 is not very suitable for
automotive companies!
20
ISO-26262 INTRODUCTION
� Who starts the discussion in applying IEC-
61508 to auto E/E application?
21
ISO-26262 INTRODUCTION
� Who starts the discussion in applying IEC-
61508 to auto E/E application?
They’re the first two people in drafting ISO-26262 !
22
ISO-26262 INTRODUCTION
� Automotive industry has its own rule and
method in following aspects:1. Supplier management
2. Quality management system
3. Mass production process
4. Larger system architecture – Complex interaction and
interface:
• CAN/ KW2000/ Flex-ray/ MOST/ LIN bus…
5. More complicated operation scenario and target
environments
6. Unique V-cycle development flow in both of hardware
and software
7. Advanced simulation and software development tool
23
ISO-26262 INTRODUCTION
� Hence, IEC-61508 is not appropriate. We
need an automotive-specific standard.
� Then, ISO TC22/ SC3/ WG16 starts their
works:
� TC22: In charge of road vehicle
� SC3: In charge of Electrical & Electronic equipment
� WG16: In charge of Functional Safety
24
ISO-26262 INTRODUCTION
� WG16, who are they?
25
ISO-26262 INTRODUCTION
� The time line of ISO-26262:
2005 2006 2007 2008 2009 2010 2011
DIS FDIS/ ISWD CD
-FDIS completed voting process in 29th/June, 2011
-The IS version is released in 14th/Nov, 2011
26
ISO-26262 INTRODUCTION
� The global auto companies start their
activities regarding ISO-26262 typically after
the release of DIS, which is in the end of
2009
� Training activities provided by accredited 3rd
parties
� Some suppliers are requested to make their product comply with ISO-26262
27
ISO-26262 INTRODUCTION
� What are impacts to these global companies
after release of DIS:
� Terrified:
• Applicable scope: series production passenger
cars up to 3.5 ton. Originally included trucks/
bus/ …etc
• Technical barrier
• Cost issue
� Preparation:
• Most of these companies dare not start their
works until IS version officially releases
• It takes time to get things right
28
ISO-26262 INTRODUCTION
� What drives them to push forward to this
standard?
� No one likes trouble, this standard is really a trouble
� Law-related issue
29
ISO-26262 INTRODUCTION
� Fulfillment of latest standard can avoid
“product liability”:
� “State-of-the-art”: The latest standard is the “minimum threshold” of claiming “State-of-the-art”
� For example: German railway accident
Latest standard
Your technology
Latest standard
Your technology
Latest standard
Your technology
30
ISO-26262 INTRODUCTION
� Please pay attention to below requirements:
31
ISO-26262 INTRODUCTION
� If a company doesn’t understand ISO-26262, how can this company give quotation to its customers?
• How much money you should prepare in order
to roll out ISO 26262?
• How much money you should charge to your
customer regarding his RFQ?
Europe
US
Japan
Korea
India
China
2011
Big Chinese railway accident ! → Now Chinese government focuses on safety more
32
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What kind of products are covered by ISO-26262 scope?
• CAR → All ISO 26262 (part 1- part 10)
33
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What kind of products are covered by ISO-26262 scope?
• OEM System- Tier I supplier
• AM System- Repair system
All ISO-26262
(part 1 to 10)
34
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What kind of products are covered by ISO-26262 scope?
• Complex component
Partial ISO-26262
(1, 2, 4, 5, 6, 7, 8, 9,
10)
35
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What kind of products are covered by ISO-26262 scope?
• Intermediate hardware component
Partial ISO-26262
(1, 2, 4, 5, 7, 8, 9,
10)
36
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What kind of products are covered by ISO-26262 scope?
• Intermediate hardware part
Partial ISO-26262
(1, 2, 4, 5, 7, 8, 9,
10)
37
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What kind of products are covered by ISO-26262 scope?
• Basic hardware part
Partial ISO-26262
(1, 2, 7, 8- standard
qualification, 9, 10)
38
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What kind of products are covered by ISO-26262 scope?
• Software component/ Off-the-shelf software
Partial ISO-26262
(1, 2, 6, 7, 8, 9, 10)
39
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What kind of products are covered by ISO-26262 scope?
• Software development tool
Partial ISO-26262
(1, 2, 6, 7, 8, 9, 10)
40
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What kind of products are covered by ISO-26262 scope?
• Safety related- ASIL A/ B/ C/ D-� Fully comply with ISO 26262 (Meet every
requirement)
• Reliability related- QM-� Partially comply with ISO 26262
� Need to understand and use the techniques
defined inside ISO 26262 (Able to use essential
requirements, not necessary to meet)
Huge cost difference !!
41
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What is ISO-26262?
• It is not a QM (System certification) standard,
however:
1. It covers many process issues
2. It needs audit activities
42
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What is ISO-26262?
• It is not an engineering standard, however:
1. It defines many Design Verification
requirements
43
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What is ISO-26262?
• It is not a testing standard, however:
1. It defines pass/ failed criteria for testing/
verification activities
2. The many testing items inside are not
prescriptive- SGS/ SGS-TUV help to
design customized testing spec
44
HOW DO GLOBAL AUTO COMPANIES ROLL OUT ISO 26262?
� What is ISO-26262?
• Generally speaking, it’s a standard covers QM
(System), engineering and testing
requirements
• It’s also a technical guideline generated from
many years experiences of global OEMs/
suppliers
45
BREAK (15 MINUTES)Functional Safety & Automotive Electronics
46
INTERNATIONAL MARKET TRENDFunctional Safety & Automotive Electronics
47
INTERNATIONAL MARKET TREND
� How about European company? (100% involved)
• Needed time2006 2007 2008 2009 2010 201120052004
EuropeanCompany
IEC 61508 ISO 26262
Compliance ?
1. It’s hard to change big and old company’s
culture
2. It’s hard to synchronize everyone’s knowledge
and common sense, for example: DFMEA
49
INTERNATIONAL MARKET TREND
� How about European company? (100% involved)
• Needed expertise (for example)
EuropeanCompany
FunctionalEngineer
50
INTERNATIONAL MARKET TREND
� How about European company? (100% involved)
• Regarding defined Work Product
� A qualified work product will contain needed consideration
� There are more than 100 different required work products in ISO-26262
� If a company can successfully manage all these work products, it can reach 80% compliance already.
EuropeanCompany
These work products are also
proof of fulfilling product liability !
51
INTERNATIONAL MARKET TREND
� How about European company? (100% involved)
• The European OEMs will request associated
suppliers to follow ISO-26262 completely
• Even for the same OEM company:
1. Some projects might be assessed by OEM
itself (for example: BMW FS team 150)
2. Some projects might be required by OEM to
use accredited 3rd party to do assessment
• The OEMs and suppliers have the highest
maturity in ISO-26262, but still not fully
compliant yet !
EuropeanCompany
The difference is:
Who should take responsibility to sign up the
critical documents !
SGS-TÜV
Bosch:Project-wide compliance is
possible !
Company-wide compliance is
not possible so far
53
INTERNATIONAL MARKET TREND
� The current situation of global market
• The Japanese companies now are pushing
forward to ISO-26262 urgently:
1. NISSAN Motor is the main leader of Functional
Safety Auto activity in Japan
2. TOYOTA organizes a FS team last year
3. Honda and NEC have a joint-venture company
to focus on electronics system which is based
on Functional Safety last year
4. Panasonic heads for ISO-26262 compliance
regarding their software section
• Japanese companies love “ISO-26262
certification” very much !
JapaneseCompany
55
INTERNATIONAL MARKET TREND
� The current situation of global market
• The Indian markets now have a lot of ISO
26262 training demands
• Some customers (mainly suppliers) seek for
product compliance certification now
IndianCompany
56
INTERNATIONAL MARKET TREND
� The current situation of global market
• The variation of Chinese auto companies is
quite big now:
� Some joint-venture suppliers already start ISO-
26262 activities
� Some OEMs are starting their activities already
ChineseCompany
57
ISO 26262 CERTIFICATION INTRODUCTION
Functional Safety & Automotive Electronics
58
ISO-26262 CERTIFICATION INTRODUCTION
� Why do you need SGS/ SGS-TUV:
� To prove to your buyers that you really comply
with ISO-26262
� To really complete your product liability according
to “state-of-the-art” definition:
• The existence of ISO-26262
• The compliance with ISO-26262:
� Self-declaration
� Low quality level certification/ assessment/ audit
� Achieve above two points through our accredited
certification or technical assessment/ audit report
� The core team members of SGS are well known
and recognized by global buyers
59
ISO-26262 CERTIFICATION INTRODUCTION
� What should customers do to start ISO-26262
certification?
1. To have an officially defined Functional Safety Manager
and Functional Safety team
2. To get all the supporting process (part 8) and
Functional Safety Management (part 2) criteria done
3. To develop a safety plan for the target item and install
safety lifecycle (distinguished development phase)
according to ISO-26262
4. To develop the Functional Safety Assessment plan with
SGS according to Functional Safety Management
criteria
5. To implement relevant process and output relevant
work products for each phase
6. To receive audit and assessment “phase by phase”
7. To conduct the re-engineering according to the
audit/assessment results
60
ISO 26262 QM CERTIFICATION INTRODUCTION
Functional Safety & Automotive Electronics
61
ISO 26262 QM CERTIFICATION INTRODUCTION
Hazard Analysis &
Risk Assessment
In ISO-26262, every automotive E/E system:
Establish QM system
Fulfill safety design according to
ISO-26262
Formal Functional Safety
Assessment before production
ALL automotive E/E-related
company
ALL automotive E/E-related
company
Automotive E/E-related
company with ASIL A/B/C/D
Automotive E/E-related
company with ASIL (B)/C/D
ISO 26262 QM
Certification
62
ISO 26262 QM CERTIFICATION INTRODUCTION
� ISO-26262 is legal relevant standard !!
� An ISO-26262 QM certification to prove your
product is really QM: Judged by the most
powerful accredited 3rd parties in the world� Possible scenario? –Argument between buyer and you
� An ISO-26262 QM certification to prove
you’re compliant with ISO-26262, and you
have entry know-how about ISO-26262� Possible scenario? –Extend business scope in the
future
63
ISO 26262 QM CERTIFICATION INTRODUCTION
� Any project starts from ASIL A/B/C/D, there will be
many additional requirements to follow
� And you should consider our following services in
order to fully comply with ISO-26262:
People training &
qualification
Diagnosis Consultancy Verification Certification Including
Qualification &
Assessment
64
CONCLUSION: TELEMATICS & ISO-26262
Functional Safety & Automotive Electronics
65
CONCLUSION: TELEMATICS & ISO-26262
� BMWAuto-pilot/ Self-driving function is under development
66
CONCLUSION: TELEMATICS & ISO-26262
� GoogleAuto-pilot/ Self-driving function is under development
67
CONCLUSION: TELEMATICS & ISO-26262
� GMOn-star system: Vehicular functions being integrated into
mobile phone:
68
CONCLUSION: TELEMATICS & ISO-26262
� The future of telematics� More intelligent, safety-related telematics systems are
required by global automotive industries due to these
innovative functions.
� Higher safety integrity and reliability are considered to
implement these new functions.
� ISO-26262 is the only solution to ensure the proper
settlement of new technologies whether:
• To ensure the correct boundary of QM
• To ensure the compliance with ASIL A/B/C/D
69
FORECAST
� For SGS recent activities, we offer:
� AFSP training and qualification program- June 18th to June 22nd, 2012
� In-house training (2 hours, 4 hours, 1 day to 5 days)- Negotiable
� Pre-engineering capability assessment (2 days)
� ISO 26262 QM certification
70
Q&AFunctional Safety & Automotive Electronics
71
THANKS FOR YOUR ATTENTION
Functional Safety & Automotive Electronics
Please contact:Bentley Lin-林譽森SGS East Asia, Regional Functional Safety CoordinatorSGS Taiwan, Project Manager AFSP
E-mail: bentley.lin@sgs.comphone: 886-2-2299-3279 ext 3660
Recommended