{"title":"有效管理ISO 26262标准的功能安全","authors":"P. Stirgwolt","doi":"10.1109/RAMS.2013.6517758","DOIUrl":null,"url":null,"abstract":"The ISO 26262 standard is strongly affecting today's development behavior in the Automotive Industry. It defines the new development process requirements for the shift from the quality management system (QMS, ISO/TS 16949) to a safety oriented work culture. There are four key barriers to make this shift; 1) the existing business decision environment based only on cost, 2) the typical project work culture to directly jump to a solution without first defining the requirements (as defined by the “V” model), 3) the knowledge gap on how to shift from qualitative to quantitative product reliability assessment and 4) the time and awareness to manage the implementation of the additional safety confirmation measures. The challenge for the automotive industry is to overcome these barriers as established with the ISO/TS16949 quality management system processes. The ISO 26262 standard has covered the first three barriers by; 1) defining the requirements for a good safety culture, 2) deriving the safety requirements from the “Top Down”, 3) providing a quantitative product reliability or failure in Time (FIT) methodology. However, the standard only defined how a single developer needs to manage the functional safety but not how to address the development interfaces between the multiple organization during the safety lifecycle. With the learning from the Aerospace & Aviation industry it would be beneficial to the Automotive Industry to improve the interaction between the distributed developers. The Aerospace & Aviations “Flight Readiness Review” is a proven Safety Management Review network. To further improve the management of functional safety in the Automotive industry, this paper proposes to incorporate a “Safety Manager Review” network within the next revision of the ISO 26262 standard. The key benefits that would be achieved are: 1) Provide “closed loop” learning with common definitions throughout the multiple organisation. 2) Earlier resolution of the safety anomalies during the product lifecycle. 3) A more effective Management of Functional Safety by implementing the decisions based on field data. With this proposal in place the multiple organisation would have a better chance to confirm that the Safety Function complies adequately to the quantitative targets. Only when all three levels of the distributed developers have the same process language and quantitative units, the safety targets can be accomplished.","PeriodicalId":189714,"journal":{"name":"2013 Proceedings Annual Reliability and Maintainability Symposium (RAMS)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Effective management of functional safety for ISO 26262 standard\",\"authors\":\"P. Stirgwolt\",\"doi\":\"10.1109/RAMS.2013.6517758\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The ISO 26262 standard is strongly affecting today's development behavior in the Automotive Industry. It defines the new development process requirements for the shift from the quality management system (QMS, ISO/TS 16949) to a safety oriented work culture. There are four key barriers to make this shift; 1) the existing business decision environment based only on cost, 2) the typical project work culture to directly jump to a solution without first defining the requirements (as defined by the “V” model), 3) the knowledge gap on how to shift from qualitative to quantitative product reliability assessment and 4) the time and awareness to manage the implementation of the additional safety confirmation measures. The challenge for the automotive industry is to overcome these barriers as established with the ISO/TS16949 quality management system processes. The ISO 26262 standard has covered the first three barriers by; 1) defining the requirements for a good safety culture, 2) deriving the safety requirements from the “Top Down”, 3) providing a quantitative product reliability or failure in Time (FIT) methodology. However, the standard only defined how a single developer needs to manage the functional safety but not how to address the development interfaces between the multiple organization during the safety lifecycle. With the learning from the Aerospace & Aviation industry it would be beneficial to the Automotive Industry to improve the interaction between the distributed developers. The Aerospace & Aviations “Flight Readiness Review” is a proven Safety Management Review network. To further improve the management of functional safety in the Automotive industry, this paper proposes to incorporate a “Safety Manager Review” network within the next revision of the ISO 26262 standard. The key benefits that would be achieved are: 1) Provide “closed loop” learning with common definitions throughout the multiple organisation. 2) Earlier resolution of the safety anomalies during the product lifecycle. 3) A more effective Management of Functional Safety by implementing the decisions based on field data. With this proposal in place the multiple organisation would have a better chance to confirm that the Safety Function complies adequately to the quantitative targets. Only when all three levels of the distributed developers have the same process language and quantitative units, the safety targets can be accomplished.\",\"PeriodicalId\":189714,\"journal\":{\"name\":\"2013 Proceedings Annual Reliability and Maintainability Symposium (RAMS)\",\"volume\":\"21 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-05-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 Proceedings Annual Reliability and Maintainability Symposium (RAMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RAMS.2013.6517758\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 Proceedings Annual Reliability and Maintainability Symposium (RAMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RAMS.2013.6517758","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
摘要
ISO 26262标准强烈地影响着当今汽车行业的发展行为。它定义了从质量管理体系(QMS, ISO/TS 16949)向以安全为导向的工作文化转变的新开发过程要求。实现这一转变有四大障碍:1)现有的商业决策环境仅基于成本,2)典型的项目工作文化直接跳到解决方案,而不首先定义需求(由“V”模型定义),3)关于如何从定性转向定量产品可靠性评估的知识差距,以及4)管理实施额外的安全确认措施的时间和意识。汽车行业面临的挑战是克服ISO/TS16949质量管理体系流程所建立的这些障碍。ISO 26262标准已经覆盖了前三个障碍:1)定义良好安全文化的要求,2)从“自上而下”推导安全要求,3)提供定量的产品可靠性或时间失效(FIT)方法。然而,该标准只定义了单个开发人员需要如何管理功能安全,而没有定义如何在安全生命周期中处理多个组织之间的开发接口。借鉴航空航天行业的经验,改善分布式开发人员之间的互动,将有利于汽车行业的发展。航空航天“飞行准备审查”是一个经过验证的安全管理审查网络。为了进一步改善汽车行业的功能安全管理,本文建议在ISO 26262标准的下一次修订中纳入“安全经理审查”网络。实现的关键好处是:1)在多个组织中提供具有共同定义的“闭环”学习。2)产品生命周期中安全异常的早期解决。3)通过实施基于现场数据的决策,更有效地管理功能安全。有了这个建议,多个组织将有更好的机会确认安全功能充分符合定量目标。只有当所有三个级别的分布式开发人员具有相同的过程语言和定量单元时,安全目标才能实现。
Effective management of functional safety for ISO 26262 standard
The ISO 26262 standard is strongly affecting today's development behavior in the Automotive Industry. It defines the new development process requirements for the shift from the quality management system (QMS, ISO/TS 16949) to a safety oriented work culture. There are four key barriers to make this shift; 1) the existing business decision environment based only on cost, 2) the typical project work culture to directly jump to a solution without first defining the requirements (as defined by the “V” model), 3) the knowledge gap on how to shift from qualitative to quantitative product reliability assessment and 4) the time and awareness to manage the implementation of the additional safety confirmation measures. The challenge for the automotive industry is to overcome these barriers as established with the ISO/TS16949 quality management system processes. The ISO 26262 standard has covered the first three barriers by; 1) defining the requirements for a good safety culture, 2) deriving the safety requirements from the “Top Down”, 3) providing a quantitative product reliability or failure in Time (FIT) methodology. However, the standard only defined how a single developer needs to manage the functional safety but not how to address the development interfaces between the multiple organization during the safety lifecycle. With the learning from the Aerospace & Aviation industry it would be beneficial to the Automotive Industry to improve the interaction between the distributed developers. The Aerospace & Aviations “Flight Readiness Review” is a proven Safety Management Review network. To further improve the management of functional safety in the Automotive industry, this paper proposes to incorporate a “Safety Manager Review” network within the next revision of the ISO 26262 standard. The key benefits that would be achieved are: 1) Provide “closed loop” learning with common definitions throughout the multiple organisation. 2) Earlier resolution of the safety anomalies during the product lifecycle. 3) A more effective Management of Functional Safety by implementing the decisions based on field data. With this proposal in place the multiple organisation would have a better chance to confirm that the Safety Function complies adequately to the quantitative targets. Only when all three levels of the distributed developers have the same process language and quantitative units, the safety targets can be accomplished.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
