SVENSK STANDARD SS 7740:2018

Transcription

1 SVENSK STANDARD SS 7740:2018 Fastställd/Approved: Utgåva/Edition: 2 Språk/Language: engelska/english ICS: Vägfordon Processutvärderingsmodell för funktionssäkerhet Road vehicles Functional Safety Process Assessment Model

2 Standarder får världen att fungera SIS (Swedish Standards Institute) är en fristående ideell förening med medlemmar från både privat och offentlig sektor. Vi är en del av det europeiska och globala nätverk som utarbetar internationella standarder. Standarder är dokumenterad kunskap utvecklad av framstående aktörer inom industri, näringsliv och samhälle och befrämjar handel över gränser, bidrar till att processer och produkter blir säkrare samt effektiviserar din verksamhet. Delta och påverka Som medlem i SIS har du möjlighet att påverka framtida standarder inom ditt område på nationell, europeisk och global nivå. Du får samtidigt tillgång till tidig information om utvecklingen inom din bransch. Ta del av det färdiga arbetet Vi erbjuder våra kunder allt som rör standarder och deras tillämpning. Hos oss kan du köpa alla publikationer du behöver allt från enskilda standarder, tekniska rapporter och standardpaket till handböcker och onlinetjänster. Genom vår webbtjänst e-nav får du tillgång till ett lättnavigerat bibliotek där alla standarder som är aktuella för ditt företag finns tillgängliga. Standarder och handböcker är källor till kunskap. Vi säljer dem. Utveckla din kompetens och lyckas bättre i ditt arbete Hos SIS kan du gå öppna eller företagsinterna utbildningar kring innehåll och tillämpning av standarder. Genom vår närhet till den internationella utvecklingen och ISO får du rätt kunskap i rätt tid, direkt från källan. Med vår kunskap om standarders möjligheter hjälper vi våra kunder att skapa verklig nytta och lönsamhet i sina verksamheter. Vill du veta mer om SIS eller hur standarder kan effektivisera din verksamhet är du välkommen in på eller ta kontakt med oss på tel Standards make the world go round SIS (Swedish Standards Institute) is an independent non-profit organisation with members from both the private and public sectors. We are part of the European and global network that draws up international standards. Standards consist of documented knowledge developed by prominent actors within the industry, business world and society. They promote cross-border trade, they help to make processes and products safer and they streamline your organisation. Take part and have influence As a member of SIS you will have the possibility to participate in standardization activities on national, European and global level. The membership in SIS will give you the opportunity to influence future standards and gain access to early stage information about developments within your field. Get to know the finished work We offer our customers everything in connection with standards and their application. You can purchase all the publications you need from us - everything from individual standards, technical reports and standard packages through to manuals and online services. Our web service e-nav gives you access to an easy-to-navigate library where all standards that are relevant to your company are available. Standards and manuals are sources of knowledge. We sell them. Increase understanding and improve perception With SIS you can undergo either shared or in-house training in the content and application of standards. Thanks to our proximity to international development and ISO you receive the right knowledge at the right time, direct from the source. With our knowledge about the potential of standards, we assist our customers in creating tangible benefit and profitability in their organisations. If you want to know more about SIS, or how standards can streamline your organisation, please visit or contact us on phone +46 (0)

3 Denna standard ersätter SS 7740:2012, utgåva 1. This standard supersedes the Swedish Standard SS 7740:2012, edition 1. Copyright/Upphovsrätten till denna produkt tillhör SIS, Swedish Standards Institute, Stockholm, Sverige. Användningen av denna produkt regleras av slutanvändarlicensen som återfinns i denna produkt, se standardens sista sidor. Copyright SIS, Swedish Standards Institute, Stockholm, Sweden. All rights reserved. The use of this product is governed by the end-user licence for this product. You will find the licence in the end of this document. Upplysningar om sakinnehållet i standarden lämnas av SIS, Swedish Standards Institute, telefon Standarder kan beställas hos SIS som även lämnar allmänna upplysningar om svensk och utländsk standard. Information about the content of the standard is available from the Swedish Standards Institute (SIS), telephone Standards may be ordered from SIS, who can also provide general information about Swedish and foreign standards. Denna standard är framtagen av kommittén för Funktionssäkerhet i elektroniksystem, SIS/TK 240/AG 08 Har du synpunkter på innehållet i den här standarden, vill du delta i ett kommande revideringsarbete eller vara med och ta fram andra standarder inom området? Gå in på - där hittar du mer information.

4 Copyright Notice This standard reproduces material from the Automotive SPICE Process Reference Model Version 4.5 and Process Assessment Model Version 2.5, for which permission has been granted by the SPICE User Group and the VDA QMC. The original document is available free of charge at Automotive SPICE is a registered trademark of the Verband der Automobilindustrie e. V. (VDA) For further Information about Automotive SPICE visit This standard also reproduces relevant material from ISO/IEC :2003, Information Technology Process Assessment Part 2: Performing an assessment ISO/IEC :2006, Information Technology Process Assessment Part 5: An exemplar Process Assessment Model NOTE: ISO/IEC :2003 Information Technology Process Assessment Part 2: Performing an assessment has been withdrawn and replaced by ISO/IEC 33002:2015 Information technology -- Process assessment -- Requirements for performing process assessment ISO/IEC provides the following copyright release: Users of this part of ISO/IEC may freely reproduce relevant material as part of any Process Assessment Model, or as part of any demonstration of conformance with this international standard, so that it can be used for its intended purpose. ISO/IEC Part 5 provides the following copyright release: Users of this part of ISO/IEC may freely reproduce the detailed descriptions contained in the exemplar assessment model as part of any tool or other material to support the performance of process assessments, so that it can be used for its intended purpose. Derivative Works The detailed descriptions contained in this document may be incorporated as part of any tool or other material to support the performance of process assessments, so that this Process Assessment Model can be used for its intended purpose, provided that any such material is not offered for sale. Acknowledgement SIS, the Swedish Standards Institute, acknowledges the work carried out by Working Group TK 240/AG 08, and all the involved people from the many organisations, who have contributed to the development of this standard. ii Copyright SIS. Reproduction in any form without permission is prohibited.

5 Contents Introduction... iv 1 Scope Normative references Terms and definitions Abbreviations Process Assessment Model Introduction Naming Conventions Process Dimension Capability Dimension Assessment Indicators Process Performance Indicators (level 1) General Acquisition Process Group (ACQ) Supply Process Group (SPL) Engineering Process Group (ENG) Supporting Process Group (SUP) Management Process Group (MAN) Process Improvement Process Group (PIM) Reuse Process Group (REU) Production and Operation Process Group (POP) Process Capability Indicators (level 1 to 3) Level 1: Performed process Level 2: Managed process Level 3: Established process Annex A (informative) Process mapping between ISO Work products and SS 7740 Processes Annex B (informative) Mapping between ISO Requirements and SS 7740 Processes and Practices B.1 ISO B.2 ISO B.3 ISO B.4 ISO B.5 ISO B.6 ISO B.7 ISO B.8 ISO Bibliography Copyright SIS. Reproduction in any form without permission is prohibited. iii

6 Introduction This document provides a Functional Safety Process Assessment Model for use in performing process assessments, in accordance with the requirements of ISO/IEC of safety-related projects developed according to ISO requirements and practices. ISO (all parts) prescribes both functional safety assessments considering the product being developed and functional safety audits considering the development process for this product. The overall objective with this document is to maximize an approach to performing an Automotive SPICE assessment in relation to safety-related projects, which can also be used to fulfil the need of performing ISO functional safety audits. Automotive SPICE (ASPICE) 2 is the de-facto approach for performing conformant assessments of the process capability on the development of embedded automotive systems. This document complements Automotive SPICE with respect to ISO by extending the Automotive SPICE Process Assessment Model (PAM) with an extended and modified set of processes and a set of ISO unique indicators. These indicators can also be used when implementing a process improvement program following an assessment, or as a means to guide a functional safety assessment of products that is focused on practices and the quality of work products. Traceability between this document and ISO is maintained between the process requirements of ISO and the processes and practices in this document. 1 SS-ISO 26262:2011 (all parts) is the national Swedish implementation of ISO 26262:2011 (all parts). The SS-ISO version is identical to the version published by ISO. In order to not create confusion for users outside Sweden, the references in this document are made to ISO and not to SS-ISO The Automotive SPICE Process Assessment Model v2.5 is available at iv Copyright SIS. Reproduction in any form without permission is prohibited.

7 1 Scope This document provides a Process Assessment Model (PAM) for functional safety processes for the automotive industry supporting the implementation of ISO 26262:2011 (all parts) 3. The process assessment model has been developed according to and is conformant with the requirements of ISO/IEC It can be used when performing conformant assessments of the process capability of the development, production and operation of embedded automotive systems according to the requirements of ISO/IEC ISO addresses possible hazards caused by malfunctioning behaviour of electrical and/or electronic (E/E) safety-related systems in road vehicles. The Functional Safety Process Assessment Model incorporates material from Automotive SPICE Process Reference Model Version 4.5 and Process Assessment Model Version 2.5. A subset of the processes is extended, and new processes added, to incorporate the requirements and recommended practices from ISO NOTE 1 The Functional Safety Process Assessment Model's underlying Process Reference Model incorporated in this document is signified with a redline bar to the left of the text. Additionally, an Automotive Safety Integrity Level (ASIL) dimension is incorporated in the process assessment model so that a process profile and capability level rating can be achieved for different ASILs. An assessment with respect to a higher ASIL should be valid for a lower ASIL given the same assessment scope and context; however, the reverse is not valid. NOTE 2 This document assumes the reader is familiar with the Automotive SPICE Process Assessment Model (PAM) v2.5 and has a basic understanding of functional safety as elaborated in ISO Normative references The following referenced documents are indispensable for the application of this standard. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO :2011, Road vehicles Functional Safety Part 1: Vocabulary ISO :2011, Road vehicles Functional safety Part 2: Management of functional safety ISO :2011, Road vehicles Functional Safety Part 3: Concept phase ISO :2011, Road vehicles Functional Safety Part 4: Product development at the system level ISO :2011, Road vehicles Functional Safety Part 5: Product development at the hardware level ISO :2011, Road vehicles Functional Safety Part 6: Product development at the software level ISO :2011, Road vehicles Functional Safety Part 7: Production and operation ISO :2011, Road vehicles Functional Safety Part 8: Supporting processes ISO :2011, Road vehicles Functional Safety Part 9: Automotive Safety Integrity Level (ASIL)- oriented and safety-oriented analyses Automotive SPICE Process Assessment Model (PAM) v May This edition of SS 7740 is adapted to the ISO 26262:2011 edition only. Copyright SIS. Reproduction in any form without permission is prohibited. 1

8 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. NOTE 1 This standard assumes the reader is familiar with the terminology used in the Automotive SPICE Process Assessment Model (PAM) v2.5. NOTE 2 For a complete list of functional safety terms and definitions, see ISO : assessment examination of a characteristic of an item or element NOTE A level of independence of the party or parties performing the assessment is associated with each assessment. [SOURCE: ISO :2011, 1.4] 3.2 Automotive Safety Integrity Level ASIL one of four levels to specify the item's or element's necessary requirements of ISO and safety measures to apply for avoiding an unreasonable residual risk, with D representing the most stringent and A the least stringent level [SOURCE: ISO :2011, 1.6] 3.3 audit examination of an implemented process [SOURCE: ISO :2011, 1.5] 3.4 confirmation measure confirmation review, audit or assessment concerning functional safety [SOURCE: ISO :2011, 1.17] 3.5 confirmation review confirmation that a work product meets the requirements of ISO with the required level of independence of the reviewer NOTE 1 A complete list of confirmation reviews is given in ISO NOTE 2 The goal of confirmation reviews is to ensure compliance with ISO [SOURCE: ISO :2011, 1.18] 3.6 element system or part of a system including components, hardware, software, hardware parts, and software units [SOURCE: ISO :2011, 1.32] 4 The Automotive SPICE Process Assessment Model v2.5 is available at 2 Copyright SIS. Reproduction in any form without permission is prohibited.

9 3.7 functional safety process assessment evaluation of the implementation of the processes required for the functional safety activities 3.8 functional safety product assessment evaluation of the functional safety achieved by the item 3.9 functional safety requirement specification of implementation-independent safety behaviour, or implementation-independent safety measure, including its safety-related attributes NOTE 1 A functional safety requirement can be a safety requirement implemented by a safety-related E/E system, or by a safety-related system of other technologies, in order to achieve or maintain a safe state for the item taking into account a determined hazardous event. NOTE 2 The functional safety requirements might be specified independently of the technology used in the concept phase, of product development. NOTE 3 Safety-related attributes include information about ASIL. [SOURCE: ISO :2011, 1.53] 3.10 item system or array of systems to implement a function at the vehicle level, to which ISO is applied [SOURCE: ISO :2011, 1.69] 3.11 safety goal top-level safety requirement as a result of the hazard analysis and risk assessment NOTE One safety goal can be related to several hazards, and several safety goals can be related to a single hazard. [SOURCE: ISO :2011, 1.108] 3.12 safety validation assurance, based on examination and tests, that the safety goals are sufficient and have been achieved NOTE ISO provides suitable methods for validation. [SOURCE: ISO :2011, 1.116] 3.13 technical safety requirement requirement derived for implementation of associated functional safety requirements NOTE The derived requirement includes requirements for mitigation. [SOURCE: ISO :2011, 1.133] 3.14 work product result of one or more associated requirements of ISO Copyright SIS. Reproduction in any form without permission is prohibited. 3

10 NOTE A reference can be an independent document containing the complete information of a work product or a list of references to the complete information of a work product. [SOURCE: ISO :2011, 1.142] 4 Abbreviations ACQ ASPICE ASIL BP ENG FMEA FTA HW MAN PAM PIM PRM POP REU SE SPICE SPL SUP SW Acquisition Process Group Automotive SPICE Automotive Safety Integrity Level Base Practice Engineering Process Group Failure Mode and Effect Analysis Fault Tree Analysis Hardware Management Process Group Process Assessment Model Process Improvement Process Group Process Reference Model Production and Operation Process Group Reuse Process Group Safety Extension Software Process Improvement and Capability Determination Supply Process Group Supporting Process Group Software 5 Process Assessment Model 5.1 Introduction This Functional Safety Process Assessment Model (PAM) comprises a set of process definitions and assessment indicators of process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to assign ratings that result in a process profile and to be able to derive a process capability level rating for each process in the scope of an assessment. The process assessment model defines a two-dimensional model of process capability. In one dimension, the process dimension, the processes are defined and classified into process groups according to the type of activity they address. In the other dimension, the capability dimension, a set of process attributes grouped into capability levels is defined. The process attributes provide the measurable characteristics of process capability. When planning the performance of an assessment, the assessor should have the necessary competence and experience to perform an Automotive SPICE assessment together with adequate knowledge of the ISO 26262:2011 requirements and practices for the scope of assessment to be performed. 4 Copyright SIS. Reproduction in any form without permission is prohibited.

11 The ASIL to be investigated for each process needs to be included in the definition of the scope of assessment and documented in the report of the assessment with the process profile. Annex A includes a complete mapping of ISO 26262:2011 work products to the processes in this document. This mapping can be useful when tailoring an assessment or when looking for evidences for functional safety in the form of work products that are the process performance indicators on level 1. Annex B includes a complete mapping of ISO 26262:2011 requirements to the processes and practices in this document. This mapping can be useful when establishing the scope for an assessment so that process selection can be made based on the relevant ISO 26262:2011 requirements to be met. 5.2 Naming Conventions The following provides the design pattern and naming conventions used in elaborating the process definitions and safety practice indicators for the Functional Safety Process Assessment Model (PAM) ASPICE or ISO/IEC processes used as-is are identified with existing process identifier e.g. MAN.3 (Project management). Reused ASPICE processes with safety extensions are identified by using SE as a suffix to the process identifier, e.g. SPL.2.SE (Product release). Additional processes to ASPICE are identified by using the abbreviation SE (Safety Extension) as a prefix to the process identifier, e.g. SE.ENG.11 (Specification Item integration and testing). There are no changes to a process purpose statement. A need to change a process purpose results in a new process definition. Additional safety-related process outcomes are denoted SE.y where y is an incremental number. Additional safety practices (corresponding to base practices) are identified by using SPy (where y is an incremental number) as a suffix to the process identifier, e.g. SE.ENG.5.SP1. This holds for both existing and additional processes. Additional safety-related sub-practices are identified by using SEy (where y is an incremental number) as a suffix to the practice identifier, e.g. ENG.6.BP1.SE1. This holds for both base practices and generic practices. In some cases a generic practice is extended with a safety sub-practice for a specific process only. This is denoted as above but this safety sub-practice is then defined in the table for the corresponding process in a part of the table called Generic Practices. All additional processes to ASPICE which are identified by using the abbreviation SE (Safety Extension) are defined only with safety practices (corresponding to base practices). Any notes (safety-related or otherwise) are named NOTE y (where y is an incremental number). Safety-related notes can be added to a base practice, generic practice, sub-practice or safety practice of a reused ASPICE processes with safety extensions. The note is then named SE.NOTE y (where y is an incremental number) and the relevant practice identifier gets SE as a suffix. Safety-related notes can be added to a base process purpose or process outcome. The note is then named SE.NOTE y (where y is an incremental number). Safety-related notes start a new incremental numbering sequence within process purpose, process outcomes, base practices and generic practices. Whenever a base practice, generic practice, sub-practice or safety practice is mandatory for ISO 26262:2011 compliance a reference to the relevant requirement(s) in ISO 26262:2011 is added. The Copyright SIS. Reproduction in any form without permission is prohibited. 5

12 reference includes information on for what ASILs the practice is relevant. For example, [(B) C D] (ISO : , ) means that the practice in question is recommended for ASIL B and mandatory for ASIL C and D in order to fulfil the requirements and in ISO : Process Dimension General The set of processes in the process assessment model is shown in Figure 1. The processes are defined and classified into process groups according to the type of activity they address. Process Group ACQ SPL ENG SUP MAN PIM REU POP Description Acquisition Process Group Supply Process Group Engineering Process Group Supporting Process Group Management Process Group Process Improvement Process Group Reuse Process Group Production and Operation Process Group 6 Copyright SIS. Reproduction in any form without permission is prohibited.

13 Acquisition Process Group (ACQ) ACQ.3.SE Contract Agreement SE.ENG.1 Item Definition Engineering Process Group (ENG) SE.ENG.2 Hazard Analysis SE.ENG.3 Functional safety Concept Management Process Group (MAN) MAN.3 Project management ACQ.4.SE Supplier Monitoring Supply Process Group (SPL) SPL.1 Supplier Tendering Production and Operation Process Group (POP) SE.POP.1 Product ion SE.POP.2 Operation service and decomissioning Legend: SPL.2.SE Product Release ASPICE as is ASPICE amended New process Primary Life Cycle Processes Supporting Life Cycle Processes Organizational Life Cycle Processes ENG.1 Requirements Elicitat ion SE.ENG.5 Hardware saf ety requirement s ENG.4.SE Software Requirements Analysis ENG.2.SE Syst em Requirements Analysis SE.ENG.6 Hardware design SE.ENG.7 Evaluat ion of hardware architectural metrics SUP.1 Quality Assurance SUP.3.SE Validation ENG.5.SE Software Design SE.SUP.1 Safet y-oriented req. and analysis ENG.3 System Architectural Design ENG.6.SE Software Construction SE.ENG.4 System Design SE.ENG.8A Evaluation of safety goal violations due to random hardware failures PMHF method ENG.9 System Integration Test SE.ENG.10 Software Configuration Supporting Process Group (SUP) SUP.4 Joint review SUP.7.SE Documentation SE.SUP.2 Confidence in the use of software tools ENG.10 System testing SE.ENG.11 Item integration and testing SE.ENG.8B Evaluation of safety goal violations due to random hardware failures individual fault evaluation method ENG.7.SE Software Integration Test SUP.9 Problem resolution management SUP.8.SE Configuration management SE.SUP.3 Qualification of software components SE.ENG.9 Hardware Integration and testing ENG.8.SE Software Testing SUP.2.SE Verification SUP.10.SE Change request management SE.SUP.4 Qualification of hardware components MAN.5 Risk management MAN.6 Measurement SE.MAN.1 Overall safety management SE.MAN.2 Functional safety management SE.MAN.3 Confirmation measures Reuse Process Group (RE U) REU.2 Reuse program management SE.REU.1 Proven in use argument Process Improvem ent Process Group (PIM) PIM.3 Process Improvement Figure 1 Processes in the Process Assessment Model If processes beyond the scope of this process assessment model are needed, appropriate processes from other process assessment models may be included in the scope of an assessment based on the business needs of the organization. Each process in the model is described in terms of a purpose statement, see the Process Purpose in each process. The purpose statement contains the unique functional objectives of the process when performed in a particular environment. For each purpose statement a list of specific outcomes is associated, as a list of expected positive results of the process performance Acquisition Process Group (ACQ) The Acquisition process group (ACQ) consists of processes that are performed by the customer, or by the supplier when acting as a customer for its own suppliers, in order to acquire a product and/or service. Process ID Process Name Source ACQ.3.SE Contract agreement ASPICE ACQ.4.SE Supplier monitoring ASPICE Copyright SIS. Reproduction in any form without permission is prohibited. 7

14 5.3.3 Supply Process Group (SPL) The Supply process group (SPL) consists of processes performed by the supplier in order to supply a product and/or a service. Process ID Process Name Source SPL.1 Supplier tendering ASPICE SPL.2.SE Product release ASPICE Engineering Process Group (ENG) The Engineering process group (ENG) consists of processes addressing the system, hardware, software and safety engineering and evaluation encompassing concepts, requirements, item definition, design, development, integration and testing. Process ID Process Name Source ENG.1 Requirements elicitation ASPICE ENG.3 System architectural design ASPICE ENG.9 System integration test ASPICE ENG.10 System testing ASPICE ENG.2.SE System requirements analysis ASPICE ENG.4.SE Software requirements analysis ASPICE ENG.5.SE Software design ASPICE ENG.6.SE Software construction ASPICE ENG.7.SE Software integration test ASPICE ENG.8.SE Software testing ASPICE SE.ENG.1 Item definition SS7740 SE.ENG.2 Hazard analysis SS7740 SE.ENG.3 Functional safety concept SS7740 SE.ENG.4 System design SS7740 SE.ENG.5 Hardware safety requirements SS7740 SE.ENG.6 Hardware design SS7740 SE.ENG.7 Evaluation of hardware architectural metrics SS7740 SE.ENG.8A Evaluation of safety goal violations due to random hardware failures PMHF method SS7740 SE.ENG.8B Evaluation of safety goal violations due to random hardware failures individual fault evaluation method SS7740 SE.ENG.9 Hardware integration and testing SS7740 SE.ENG.10 Software configuration SS7740 SE.ENG.11 Item integration and testing SS Copyright SIS. Reproduction in any form without permission is prohibited.

15 5.3.5 Supporting Process Group (SUP) The Supporting process group (SUP) consists of processes that may be employed by any of the other processes at various points in the life cycle. Process ID Process Name Source SUP.1. Quality assurance ASPICE SUP.4 Joint review ASPICE SUP.9 Problem resolution management ASPICE SUP.2.SE Verification ASPICE SUP.3.SE Validation ISO/IEC SUP.7.SE Documentation ASPICE SUP.8.SE Configuration management ASPICE SUP.10.SE Change request management ASPICE SE.SUP.1 Safety oriented requirements and analyses SS7740 SE.SUP.2 Confidence in the use of software tools SS7740 SE.SUP.3 Qualification of software components SS7740 SE.SUP.4 Qualification of hardware components SS Management Process Group (MAN) The Management process group (MAN) consists of management processes that may be employed by any project within the life cycle. Process ID Process Name Source MAN.3 Project management ASPICE MAN.5 Risk management ASPICE MAN.6 Measurement ASPICE SE.MAN.1 Overall safety management SS7740 SE.MAN.2 Functional safety management SS7740 SE.MAN.3 Confirmation measures SS Process Improvement Group (PIM) The Process Improvement process group (PIM) consists of processes performed in order to define, deploy and improve the processes performed in the organizational unit. Process ID Process Name Source PIM.3 Process improvement ASPICE Reuse Process Group (REU) The Reuse process group (REU) systematically exploit reuse opportunities in the organization s reuse programs. Copyright SIS. Reproduction in any form without permission is prohibited. 9

16 Process ID Process Name Source REU.2 Reuse program management ASPICE SE.REU.1 Proven in use argument SS Production and Operation Group (POP) The Product and Operation process group (POP) consists of processes that are performed by organizations responsible for production and operation of the developed product in order to ensure safety during these phases. Process ID Process Name Source SE.POP.1 Production SS7740 SE.POP.2 Operation, service and decommissioning SS Capability Dimension For the capability dimension, the process capability levels and process attributes are identical to those defined in Automotive SPICE V2.5. Evolving process capability is expressed in the process assessment model in terms of process attributes grouped into capability levels. Process attributes are features of a process that can be evaluated on a scale of achievement, providing a measure of the capability of the process. They are applicable to all processes. Each process attribute describes a facet of the overall capability of managing and improving the effectiveness of a process in achieving its purpose and contributing to the business goals of the organization. A capability level is a set of process attribute(s) that work together to provide a major enhancement in the capability to perform a process There are six capability levels, incorporating nine process attributes. This standard however is focused on capability levels 0 to 3. Level 0: Incomplete process The process is not implemented, or fails to achieve its process purpose. At this level, there is little or no evidence of any systematic achievement of the process purpose. Level 1: Performed process The implemented process achieves its process purpose. Level 2: Managed process The previously described Performed process is now implemented in a managed fashion (planned, monitored and adjusted) and its work products are appropriately established, controlled and maintained. Level 3: Established process The previously described Managed process is now implemented using a defined process that is capable of achieving its process outcomes 10 Copyright SIS. Reproduction in any form without permission is prohibited.

17 Level 4: Predictable process The previously described Established process now operates within defined limits to achieve its process outcomes. Level 5: Optimizing process The previously described Predictable process is continuously improved to meet relevant current and projected business goals. The process attributes associated with the capability levels are shown below. Process Attribute Capability Levels and Process Attributes Level 0: Incomplete process Level 1: Performed process PA 1.1 PA 2.1 PA 2.2 PA 3.1 PA 3.2 PA 4.1 PA 4.2 PA 5.1 PA 5.2 Process performance Level 2: Managed process Performance management Work product management Level 3: Established process Process definition Process deployment Level 4: Predictable process Process measurement Process control Level 5: Optimizing process Process innovation Continuous optimization 5.5 Assessment Indicators The process assessment model is based on the principle that the capability of a process can be assessed by demonstrating the achievement of process attributes on the basis of evidences related to assessment indicators. There are two types of assessment indicators: process performance indicators, which apply exclusively to capability level 1, and process capability indicators, which apply to capability levels 1 to 5. For a full description of the types on process performance and process capability indicators, refer to Automotive SPICE Process Assessment Model V Process Performance Indicators (level 1) 6.1 General The individual processes are provided with a unique Process ID and described in terms of Process name, Process purpose, and Process outcomes. Copyright SIS. Reproduction in any form without permission is prohibited. 11

18 Each process has a defined set of Base Practices, providing a definition of the tasks and activities needed to accomplish the process purpose and fulfil the process outcomes, together with Process notes, when needed. Each process also has a defined set of Output work products referenced either to the list of work products and their characteristics defined in Automotive SPICE Process Assessment Model V2.5, or referenced to the relevant clause in the relevant part of ISO 26262:2011. Additionally, some processes have a set of Generic Practices also defined which are specific to the process and which are used in conjunction and in addition with the Process Capability Indicators described in clause 7 of this standard which are applicable to all processes. 6.2 Acquisition Process Group (ACQ) Process ID Process name Process purpose Process outcomes Base Practices ACQ.3.SE Contract agreement The purpose of Contract Agreement Process is to negotiate and approve a contract/agreement with the supplier. As a result of successful implementation of this process: 1) a contract/agreement is negotiated, reviewed, approved and awarded to the supplier(s); 2) the contract/agreement clearly and unambiguously specifies the expectations, responsibilities, work products/deliverables and liabilities of both the supplier(s) and the acquirer; 3) mechanisms for monitoring the capability and performance of the supplier(s) and for mitigation of identified risks are reviewed and considered for inclusion in the contract conditions; 4) proposers/tenderers are notified of the result of proposal/tender selection; SE.1) process capability is delivered to the customer; and SE.2) a Distributed Interface Agreement (DIA) is established between the parties. ACQ.3.BP1.SE: Negotiate the contract/agreement. Negotiate all relevant aspects of the contract/agreement with the supplier. [Outcome 1] NOTE 1: Relevant aspects of the procurement may include system requirements acceptance criteria and evaluation criteria linkage between payment and successful completion of acceptance testing process requirements, process interfaces and joint processes. SE.NOTE 1: Apply hardware requirement according to SE.ENG.5 SE.ENG.9 and SE.MAN.2 except for off-the-shelf hardware parts if no hardware related safety requirements are allocated to them or if the off-the-shelf hardware part is qualified to well-established procedures. [A B C D] (ISO : ) SE.NOTE 2: The RFQ content to potential suppliers includes a formal request to comply with ISO 26262, the item definition or functional specification of the element, the safety goals and the functional safety requirements or the technical safety requirements. [A B C D] (ISO : ) SE.NOTE 3: An agreement is to be reached on which party (supplier or customer) to perform the safety validation in accordance with ISO :2011. If the supplier performs the integration and validation, an agreement on the capabilities and resources needed by the supplier is important since safety validation requires the integrated vehicle (see ISO :2011). [A B C D] (ISO : ) ACQ.3.BP1.SE1: Evaluate the supplier: Evaluate the supplier's capability to develop and produce items and elements of comparable complexity and ASIL. [A B C D] (ISO : ) ACQ.3.BP1.SE2: Specify a DIA: Specify a DIA including: the customer s and the supplier s safety managers; a joint tailoring of the safety lifecycle; the activities and processes to be performed by the customer and by the supplier; the information and the work products to be exchanged; parties or persons responsible for the activities; the communication of target values for single-point faults metric and latent faults metric and the supporting processes and tools, including interfaces, to assure compatibility between customer and supplier. The functional safety concept is to be developed in accordance with ISO :2011 by the 12 Copyright SIS. Reproduction in any form without permission is prohibited.

19 Output work products responsible for the item development. The customer and the supplier are to agree on the functional safety requirements. [Outcome SE.1] [A B C D] (ISO : , ) ACQ.3.BP2: Specify rights and duties. Unambiguously specify the expectations, responsibilities, work products/deliverables and liabilities of the parties in the contract/agreement. [Outcome 2] SE.NOTE 4: Apply requirement on all level of customer-supplier relationship including subcontractors. (This setup can also be used for internal suppliers). [A B C D] (ISO : ) ACQ.3.BP3: Review contract/agreement for supplier capability monitoring. Review and consider a mechanism for monitoring the capability and performance of the supplier for inclusion in the contract/agreement conditions. [Outcome 3] ACQ.3.BP4: Review contract/agreement for risk mitigation actions. Review and consider a mechanism for the mitigation of identified risk for inclusion in the contract/agreement conditions. [Outcome 3] ACQ.3.BP5: Approve contract/agreement. The contract/agreement is approved by relevant stakeholders. [Outcome 1] ACQ.3.BP6: Award contract/agreement. The contract/agreement is awarded to the successful proposer/tenderer. [Outcome 1] ACQ.3.BP7: Communicate result to tenderers. Notify the result of the proposal/tender selection to proposers/tenders. After contract award inform all tenderers of the decision. [Outcome 4] ACQ.3.SP1: Provide evidence for process capability. Provide evidence for process capability to the customer that the process capability is being met and maintained in accordance with ISO :2011, Clause 7, and ISO :2011, Clause 5. [Outcome SE.1] [A B C D] (ISO : ) ACQ.3.SP2: Develop supply agreement: Develop supply agreement between the customer and the supplier which address the responsibilities for functional safety in accordance with ISO :2011, , and define the safety activities for each party. [Outcome SE.2] [A B C D] (ISO : ) Meeting support record [Outcome 1] [ASPICE] Commitment/agreement [Outcome 1] [ASPICE] Contract [Outcomes 1, 2, 3] [ASPICE] Contract review record [Outcome 1] [ASPICE] Communication record [Outcome 4] [ASPICE] Meeting support record [Outcome 1] [ASPICE] Commitment/agreement [Outcome 1] [ASPICE] Supplier selection report [Outcome 4] [ISO : ] Development interface agreement (DIA) [Outcome SE.2] [ISO : ] Supplier's project plan [Outcome 1] [ISO : ] Supplier's safety plan [Outcome 1] [ISO : ] Functional safety assessment report [Outcome 3] [ISO : ] Supply agreement [Outcome 1] [ISO : ] Process ID Process name Process purpose ACQ.4.SE Supplier monitoring The purpose of the Supplier monitoring process is to monitor the performance of the supplier against agreed requirements. Copyright SIS. Reproduction in any form without permission is prohibited. 13