Introducing SAFETY in ORGANIZATIONS Lessons Learned. Henrik Thane Adj. Professor in Functional Safety, MDH SAFETY INTEGRITY AB

Similar documents
Lessons Learned: How to Write Good Safety Plans. Henrik Thane Adj. Professor in Functional Safety, MDH SAFETY INTEGRITY AB

Safety cannot rely on testing

Integrating Functional Safety with ARM. November, 2015 Lifeng Geng, Embedded Marketing Manager

Functional Safety and Embedded Software. Marijn Temmerman KdG-Hogeschool. Seminar Functional Safety, KHBO, 6/2/2013

Driving Compliance with Functional Safety Standards for Software-Based Automotive Components

Research on software systems dependability at the OECD Halden Reactor Project

Functional Safety Implications for Development Infrastructures

Smart Strategic Approach for Functional Safety Implementation. Chandrashekara N Santosh Kumar Molleti

Model-Driven Development for Safety-Critical Software Components

Our Ref. April 28, 2005 Page 1/9. 1. Introduction References Certification... 4

Functional Safety with ISO Principles and Practice Dr. Christof Ebert, Dr. Arnulf Braatz Vector Consulting Services

Medical Device Directive

> 50 YEARS OF EXPERIENCE > 12,500 EMPLOYEES A NEW PATH TO GROWTH TRANSPORTATION SYSTEMS SOFTWARE SAFETY GLOBAL ENGINEERING SERVICES

Chapter 1. Software Engineering Supporting Processes

Bridging the European and North American Rail Safety Assurance Gaps. Examples of Typical Cases of Cross Acceptance in Both Directions

Avoiding Top Mistakes in Safety Critical Software Development

TURBO MACH A DIVISION OF VT SAA

Towards Systematic Software Reuse in Certifiable Safety-Critical Systems

IEC Functional Safety Assessment

Next Generation Design and Verification Today Requirements-driven Verification Methodology (for Standards Compliance)

Results of the IEC Functional Safety Assessment HART transparent repeater. PR electronics

IEC and ISO A cross reference guide

Quality Management of Software and Systems: Terminology

Commercial vehicles Functional safety implementation process and challenges. Dr Chitra Thyagarajan Safety and Reliability Consultant Mahindra Satyam

Functional Safety: ISO26262

Development of Safety Related Systems

ISO : Rustam Rakhimov (DMS Lab)

Development Support. Worldwide Activities Support in all Areas of Safety

Frontload the design, V&V and certification of software-intensive mechatronic systems by adopting the Digital Twin approach

The Components of the SW Quality Assurance System - Overview. 08/09/2006 SE7161 Software Quality Assurance Slide 1

Inside! icteam, a confluence of parallels. - Jyothi G Shivashankar (Robert Bosch Engineering and Business Solutions) Eclipsecon 2013

AP Quality Consulting works with you to provide a custom solution

ABB DRIVES. Technical guide No. 10 Functional safety

New Machine Safety Standards Usher in Era of Better Design Flexibility and Safety Performance

Model-Based Design Maturity: Benchmarking the Automotive Industry Vinod Reddy Manager, Consulting Services

How CMMI supports efficient Implementation of Functional Safety

Achieving ISO Compliance in Silicon (And Beyond?)

Results of the IEC Functional Safety Assessment. Pressure, Temperature and Vacuum Switches. BETA B.V. Rijswijk The Netherlands

Implementation of requirements from ISO in the development of E/E components and systems

A Cost-effective Methodology for Achieving ISO26262 Software Compliance. Mark Pitchford

Eurailspeed Parallel Session D.1. Carlo Carganico Director Approval and Certification, RFI

ENSURING QUALITY THROUGH COMPLIANCE [ COMPLIANCE ]

Technical report. Type testing

An Integrated R & D Program for the Railway Safety Improvement in Korea

Juha Halminen Teollisuuden Voima Oy Olkiluoto, Finland. Lic. Tech. Risto Nevalainen Finnish Software Measurement Association ry FiSMA Espoo, Finland

Safe and Secure by Design: Systems Engineering Best Practices for Connected Vehicles

Automotive Safety and Security in a Verification Continuum Context

ESE Engineering und Software-Entwicklung GmbH. Technology Consulting Engineering Services

Machine Safety Symposium Software Tools

ISO Compliance Using Approved Software Components for Road Vehicles

LEAD Free Language For Statement of Work

Deterministic Modeling and Qualifiable Ada Code Generation for Safety-Critical Projects

EMC 2 Living Lab Automotive

Abstraction Layers for the rollout of Automotive SPICE

Functional Safety Machinery

Using formal methods means. Industrial use of formal methods 6. Traditional software construction. Mathematical models.

Maximizing Safety Without Compromising Reliability

ABB drives. Technical guide no.10 Functional safety

Model-Based Design for ISO Applications. April 2010

SafeDesign: Machine Safety Validation

Global Automotive E/E Standard. Rick Flores, General Motors, AUTOSAR Steering Committee Open Architecture Summit Washington, D.C.

NI Hardware-in-the-Loop Test

Lecture 9 Dependability; safety-critical systems

Enterprise SPICE Good to Go!

Agile-R. intecs Solutions. A new approach to combine Agile and EN for Railway software development. Agile-R. Trademark registered

SMB/6286/R. The current title of TC56 is "Dependability".

Results of the IEC Functional Safety Assessment

Environmental Aspects - Gaining Control by Environmental Assurance

Functional safety handbook, training courses and certificates

Application of an Agile Development Process for EN50128/railway conformant

Evaluation of open source operating systems for safety-critical applications Master s thesis in Embedded Electronic System Design

Testability of Dynamic

Development of AUTOSAR Software Components with Model-Based Design

Ixxat Safe T100 CIP Safety protocol software FSoE protocol software. Functional safety solutions

Contents. List of Acronyms Preface

Mentor Safe IC ISO & IEC Functional Safety

RANGE OF SERVICES FUNCTIONAL SAFETY TRAINING PERSONAL QUALIFICATION CONSULTANCY SAFETY ANALYTICS TESTING CERTIFICATION

A Cost-Effective Model-Based Approach for Developing ISO Compliant Automotive Safety Related Applications

CASS TOES FOR FUNCTIONAL SAFETY MANAGEMENT ASSESSMENT (IEC : 2010)

Developing for Success in Consumer Electronics

Project Summary. Acceptanstest av säkerhetskritisk plattformsprogramvara

Agile Practices in Regulated Railway Software Development

Quality Management of Software and Systems

A TEAM-BASED PROJECT QUALITY MANAGEMENT SYSTEM

C-17 Software Development Process

A Model-Based Reference Workflow for the Development of Safety-Critical Software

Safety Critical Open Systems. David Emery

Fields of Interest. Products. We build the future together. Defence (military) Transportation (railway) Power and Environment.

Renault Nissan new Software Strategy V07 Olivier Guetta, Emmanuel Coutenceau, Kazuhiro Ishigami

Certificating a safety related part of a control system

Safety assessment methodology of railway signalling systems in Korea

Results of the IEC Functional Safety Assessment. ABB, Inc. Baton Rouge, LA USA

SCHMERSAL tec.nicum USA Services relating to machine safety and industrial safety

Logistics Community of Interest 0856 Electronics Technician Series Competency-Based Learning Map and Training Strategy. Page 1

A systematic approach to drive Superior Environmental Performance

Evolving Technology Trends Impacting Manufacturing Industry

APIQR - Monogram Programs Update. January 25, 2018

Systems and software engineering Software life cycle processes

RANGE OF SERVICES FUNCTIONAL SAFETY TRAINING PERSONAL QUALIFICATION CONSULTANCY SAFETY ANALYTICS TESTING CERTIFICATION

Midlife services. Extend equipment life

Transcription:

Safety Integrity Introducing SAFETY in ORGANIZATIONS Lessons Learned Day 1 Henrik Thane Adj. Professor in Functional Safety, MDH SAFETY INTEGRITY AB 2016-03-16

CV Dr. Henrik Thane Senior Safety Assessor and Safety Manager, Safety Integrity AB Professor in Functional Safety, Mälardalen Real Time Research Center, MDH, 2012- Founded Safety Integrity AB in 2009 Member of national standardization committees for IEC61508 and EN50128 Product M Manager at ENEA, Responsible for all operating systems and tools CEO ZealCore, co-founded ZealCore 2001, acquired by ENEA 2008 Associate Professor (Docent) at Mälardalen Real-Time Center until 2008 Ph.D. from the Royal Institute of technology in Stockholm, 2000 In addition to research I have during the last 15 years worked as an expert consultant for the industry and given numerous industrial courses on design and test of software in safety-critical computer based systems. 2

Safety Integrity AB SOFTWARE SAFETY We provide SERVICES, EDUCATION, DOCUMENTATION TEMPLATES We are experts on the functional safety standards: IEC61508 and it derivatives e.g., ISO26262, EN50128/9, EN62061, EN13849 We provide SERVICES as: Independent SAFETY ASSESSORS (ISA) SAFETY MANAGERS SAFETY MANAGEMENT STARTUP We offer TRAINING in Safety Management courses for IEC61508, EN50128/9 and ISO26262, IEC62061, EN13849. 3

Inspection Body INDEPENDENT SAFETY ASSESSOR Accredited TYPE A Inspection Body QUALITY SYSTEM SS-EN17020:2012 Conformity assessment Requirements for the operation of various types of bodies performing inspection 10043 ISO/IEC 17020 (A) 4

OUR MARKET All manufacturers of safety related products Customers: ABB Robotics, Volvo Construction Equipment, Bombardier Transportation, Atlas Copco, Trafikverket, ABB Mining, Westermo, Arcticus Systems, Öresundsbron, etc. Products: High speed trains (400km/h), Driverless trains, Autonomous vehicles/construction equipment, Industrial Robots, Mining Elevators (2 km ride), Operating systems/tool vendors, etc. Position One of a few accredited inspection bodies in Sweden Most customers are based in Sweden. We have however had contracts for customers in South Korea, India, China, UK, Canada, and Italy.

Key in Functional Safety Standards Independence Between doer and verifier Doer Verifier Validator Assessor 6

What is Assessment? Process of analysis to determine whether software, which may include process, documentation, system, subsystem hardware and/or software components, meets the specified requirements and to form a judgment as to whether the software is fit for its intended purpose. Safety assessment is focused on but not limited to the safety properties of a system EN50128:2011 Examination of a characteristic of an item or element ISO26262-1:2011 7

Audit and Assessor? Audit Examination of an Implemented process ISO26262-1:2011 Assessor Entity that carries out an assessment EN50128:2011 8

Assessment parts Safety Planning Project plan Safety management plan Verification plan Validation plan Change management plan Documentation plan Tools and COTS qualification plan Assessment plan All plans verification report After SOP: Maintenance Phase Impact analysis Maintenance & Change records Maintenance Validation Report Assessment report (for every new release) After SOP: Deployment Safety Manual Release Notes Deployment verification report Safety Concept Phase System Definition Hazard Analysis Hazard log Safety Function Identification Safety Function specification Safety Function Validation Test Specification Safety Concept verification report Product development: System level HW/SW Determine the required performance level Safety Function design Architecture selection (Single or Dual channel) Evaluation of achieved PL report (MTTF, DC, CCF) System integration test specification Tools and COTS qualification report System level verification report Validation Functional Safety Assessment Assessment Assessment report Safety Function Validation Phase Safety Function Validation Test Records Safety Function Validation Test Report System Integration Test Phase System Integration Test Records System Integration Test Report Software V-model. See Figure 2 Hardware V-model. See Figure 3 ISO 13849 9

Safety Integrity Assessment parts Product development: Software Safety Specification Software safety requirements Specification Software safety requirements Parameterization Specification Software Validation test specification Software safety requirements verification report Validation Software Validation Phase Software Validation Test Records Software Validation Test Report Product development: Software Architecture Software Architecture Design Specification Software Integration Test Specification Software Architecture Design Verification Report Software Integration Test Phase Software Integration Test Record(s) Software Integration Test Report Product development: Software Unit Design Software Unit Design Specification Software Unit Test Specification Software Unit Design Specifications Verification Report Software Unit Test Phase Software Unit Test Records Software Unit Test Report Product development: Software Implementation Software Source Code Software Source Code Verification Report Figure 2 ISO 13849 10

Safety Integrity I have assessed many projects and performed hundreds of assessments

Recent Projects Safety Assessor, V300 Zefiro High speed train (400km/h), Bombardier Transportation Italy, 2011-2015 Safety Assessor Articus Systems, ISO26262 ASIL D certification of Real-Time Operating System. 2012-2015 Safety Assessor, TCMS C30, Bombardier Transportation Sweden, 2014- Safety Assessor/mentor, Pentronic AB, IEC61508, 2014- Safety Assessor/mentor, Atlas Copco Rock Drills, EN13849, 2013-2014 Safety Manager, Mining Rock Drill Protection System, Etteplan, Atlas Copco Rock Drills, 2013 Safety Assessor, Öresund Bridge, upgrade of Computer control and SCADA system for Tunnel safety and supervision, EN50129/EN50128, 2013 Safety Manager ABB Robotics, Safety Controller, EN13849, 2012- Managing the update of the entire life cycle process for Volvo Construction Equipment towards ISO26262 compliance, 2011-2012 Safety Manager ABB Mining, regarding IEC62061, 2011- Safety Manager Volvo CE, project CEA2+, NEAT, RFT, regarding ISO26262, 2011-2012 Safety Process Mentor for Leine & Linde regarding EN62061/EN-ISO138491, 2011 Safety Process Mentor for Data Respons, and Westermo regarding EN50129 and EN50128, 2010-2012 Safety Assessor Volvo CE, Process and tools, regarding IEC61508, 2010 Safety Assessor, Regina SJ, intercity train project, Bombardier, 2010- Safety Assessor, Zefiro China, High speed train (400km/h), Bombardier Transportation, 2009-2013 Safety Assessor, Delhi Metro project (DM2), Bombardier Transportation. 2009-2010 Safety Assessor, London underground project (SSL), Bombardier Transportation. 2008-2011 Senior expert/consultant/mentor on a number of safety critical applications, within Transportation/Vehicles, and Industrial automation 1995-2011. 12

Non compliant safety process Experience No project has had a streamlined organization and Development/Lifecycle Process for complying with the required safety standard.

Compliance has been fulfilled through: Repetitive assessments/gap analysis Corrective actions, i.e., changed process and updated documentation Assessment This is has not been cheap Cost factor: 3x-10x from initial estimate Documentation/ Tests Issue List Zero Issues Certificate / report on Compliance Compliant Process Update Process/ Update Product Compliant Product

Example of costly convergence

Safety Integrity Observed Manufacturer Challenges Separated processes and organizations One for development One for safety management Similar to HW development and SW development processes and organizations 16

Safety Integrity Observed Manufacturer Challenges Fragile (one-off mentality) After first release change management is not harmonized Development documentation and artifacts diverge from safety documentation Safety anxiety Organization change takes time Safety culture implementation takes time Harmonized safety and development process takes time 17

Safety Integrity Lessons learned Reuse is very important Reuse documentation from previous projects Plans, templates, verification checklists, etc. Preferable have a certified safety management system That can be instantiated for every new project Continuous improvement Continuous Training Role centric training Project Manager, Safety Manager, Requirements Manager Architect, Implementer, Test manager, Verification manager Validator Assessor Configuration Manager Mentors (with experience from previous projects) New people who are introduced late in a project often think the process is over ambitions and require way too much work. They need to be trained and mentored. 18

Safety Integrity Lessons learned When the deadline approaches Often all ambitious safety goals are washed out All kinds of shortcuts are sought. Extremely important to keep to the process then and that there are sufficient resources. Regard the safety standards with respect but not fear. They are there to help. 19

Safety Integrity Functional Safety Standards SS-EN-IEC 61508 2001 & 2010 EN 50126 EN 50129 EN 50128 Railroad IEC 61513 Nuclear Power IEC 61511 Process Industry IEC 62061 Safety of Machinery ISO 26262 Automotive 1999/2001/2011 2001 2003 2003 2011 Embedded Systems Safety IEC 61508 (2001) and (2010 2nd ed.) Industry specific Software for Machines ISO13849-1 ISO 62061 Transportation EN 50128 railway software ISO 26262 Automotive/Trucks/Construction Equip. Industry specific Aerospace and aviation DO-178B, Aviation, USA NASA-STD-8719-13, NASA, USA ESA PSS-05-0, Space, European Military MIL-STD-882D, DoD, USA 00-55/00-56, MoD, UK MIL-STD-498, DoD, USA 20

Functional Safety Challenges Current situation It is about a 10 year turn-around time for new functional safety standards

Functional Safety Challenges High complexity The complexity of computer controlled systems increase exponentially Current standards do not deal with high complexity systems Multiple concerns: Safety and security jointly More and more systems are connected to the Internet: IoT, Cars, Trains, Functional safety deals with dangerous faults stemming from the system itself Security deals with intentional sabotage of systems, this is not covered by current functional safety standards to any extent. Multiple domains Need to be able to deal with many functional safety standards concurrently in a cost efficient manner For example OEMs who target Automotive, Construction Equipment, and railway at the same time Tool vendors, who want to certify their tools for many different safety standards in order to increase customer value and market share

Summary: Safety Assessment SS-EN-IEC 61508 2001 & 2010 EN 50126 EN 50129 EN 50128 Railroad IEC 61513 Nuclear Power IEC 61511 Process Industry IEC 62061 Safety of Machinery IEC 26262 Automotive 1999/2001/2011 2001 2003 2003 2012 Compliance by fulfillment of all Product and Process Requirements: Plans & Process Requirements Verification for each phase Static (reviews) Dynamic (tests) Independence Between doer and verifier Doer Verifier Validator -Assessor Reports for each phase Change management A complete documentation trail Assessment

Safety Integrity Important to integrate safety process & development process Assessment Documentation/ Tests Issue List Zero Issues Certificate / report on Compliance Compliant Process Update Process/ Update Product Compliant Product

Safety Integrity THANK YOU! henrik.thane@safetyintegrity.se Figure 1. Allegedly the first computer bug - found by Grace Hopper's Team in 1945. Exhibited at the Museum History of American Technology/Smithsonian

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback