Training Competent Functional Safety Hardware Engineer

The training seminar "Safety Hardware Engineer" contains the detailed preparation for successfully completing the tasks of a Hardware developer in accordance with ISO 26262:2018.

For enabling the developer to successfully collaborate with the safety manager, the basics of the safety management are explained, together with the typical supporting processes that a developer is using throughout the project.

The Safety Hardware Engineer has detailed knowledge of the requirements of the ISO 26262:2018 towards a safe Hardware development, including the correct understanding of the V development model. The approach to random hardware failures and quantitative measures are well known after the training.

The respective competence is established by applying this knowledge to a simple piece of hardware in a group work exercise. In this exercise, central work products for functional safety are created, including requirements, architecture, design, reviews, and safety analysis.

Theory (Level 1)

1. Theoretical Content

The theoretical part contains both the expectations from the ISO 26262:2018 towards the project and organization, as well as a self-check with training questions in the style of the examination. The online training is spread over four training sprints and one examination sprint. Each sprint has the theoretical elements available as online content that can be viewed, suspended, resumed, and repeated at any time. In addition, there are dedicated time slots each sprint for asking the training questions that arise during the theoretical part. 

2. Theoretical Examination

The knowledge achieved on functional safety is tested in a multiple-choice examination. As the examination is designed as an on-demand online examination, you can take your time to prepare and select your favorite time to take the exam. Upon successful completion of the theoretical examination, the first certification level, the "Certified Safety Hardware Engineer" is achieved.

‍

Practical (Level 2)

3. Practical Exercise

The practical part is designed synchronously with the theoretical part and puts an equal focus on practical exercises that allow the trainees to gain vital understanding on how to achieve work products compliant with ISO 26262:2018. The practical exercise sends the group to create typical work products for a safety related development according to ISO 26262:2018. Within the group, discussions and exchange of experience enhances the learning experience, being supplemented with trainer meetings as part of the practical examination.

4. Practical Examination

The practical exercise is accompanied with the practical examination, where the trainer is providing feedback to the created content with the rigor that will be encountered in functional safety assessments. The respective examination record is shared with the team each sprint and rates the degree of conformity with review questions answered by the trainer. This allows the trainer to provide detailed feedback on the actual competence presented and prepares the team for any upcoming functional safety assessment. Upon successful completion of the theoretical and practical examination, the second certification level, the "Certified Competent Safety Hardware Engineer" is achieved.

‍

‍

Training Sprint 1: Technical Safety Concept

Introduction to ISO 26262 (ISO 26262:2018−2, Clause 4)
Introduction to functional safety and core aspects for achieving this. The ISO 26262 is introduced and explained, including how to read this standard.

Technical Safety Concept (ISO 26262:2018−4, Clause 6)
This module addresses the systems level design activities. The iterative nature of the system level and its boundaries are explained, followed by a detailed discussion on the definition of the technical safety concept and its technical safety requirements. The iteration loop of achieving functional safety is explained as well as its exit criteria: the hardware metrics.

Documentation Management (ISO 26262:2018−8, Clause 10)
This module explains the definition and handling of the documentation that is the basis for the Safety Case and the Release for Production. It discusses the differences between work products and documents, as well as expected document properties and attributes.

Requirements Management (ISO 26262:2018−8, Clause 6)
The hierarchical structure of the safety requirements are explained as well as their proper notation. Both expectations on individual requirements as well as the entire set of requirements are explained. This module finishes with a detailed discussion on requirement verification and a short explanation of ASIL tailoring. 

Training Sprint 2: Hardware Development

Hardware Safety Requirements (ISO 26262:2018−5, Clause 6)
This module details the generic guidance for safety requirements to the hardware safety requirements. We also discuss the role of the technical safety concept in relation to the hardware safety requirements and to the hardware-software interface document. This module finishes with the design phase verification activities and their relationship to the overall verification.

Architectural Design (−)
Generic introduction to the concept of architectures that can be applied in any discipline - system, hardware, or software. We discuss the iterative nature of architectural design and discuss what an architectural design process is all about. This modules concludes with the expected verification activities.

Hardware Architectural Design (ISO 26262:2018−5, Clause 7.4.1)
This module explains where hardware architectural design is located in the overall technical system breakdown structure and how it differs from hardware detailed design. The principles of hardware architectural design and the verification activities of the design phase are discussed in detail.

Hardware Detailed Design (ISO 26262:2018−5, Clauses 7.4.2, 7.4.4, 7.4.5)
This module explains the design of hardware units and what is expected by ISO 26262. Some typical additional safety-related tasks are discussed, as well as the design phase verification activities required for hardware detailed design.

Reusing Components (ISO 26262−2, Clauses 6.4.4, 6.4.6.7)
Avoiding to reinvent the wheel is one of the key approaches to efficiency. The ISO 26262 does not stand in our way, yet, the key concepts for re-using elements in accordance with ISO 26262 must be understood. This module explains the basic reuse flow, the different categories of component sources, as well as the interesting topic of trusting release collaterals.

Sourcing of Hardware Components (ISO 26262:2018−8, Clause 13)
This module focuses on hardware-reuse by sourcing hardware components. Building confidence in those components is essential for their subsequent use in safety-related designs. Firstly, the general procurement process is considered. Component classification is then introduced, leading to various activities such as basic automotive qualification, hardware component evaluation and additional measures. 

Reusing Hardware (ISO 26262:2018−8, Clause 13)
This module provides the hardware-specific guidelines for generic component reuse. It considers the differences between reuse and configurability, and discusses the different levels of abstraction for hardware reuse.

Training Sprint 3: Hardware Verification

Verification (ISO 26262:2018−8, Clause 9)
This module covers the generic approach to verification used throughout the safety lifecycle. The three main pillars of verification are introduced: Verification, Testing and Analysis. Their interactions are explained and the generic safety verification process is detailed.

Reviews (−)
A detailed explanation for one of the three main pillars of verification: the review. It starts with explaining the conduct of a review, then relating the review to the change management. Subsequently, this module covers different review methods that you may come across, deep diving into the review method "inspection".

Testing (ISO 26262:2018−8, Clause 9)
This module covers the expectations for the tests performed in a safety lifecycle. The testing process is explained in detail with all the expected work products. This is followed by a discussion of the two main categories of testing: functional testing and robustness testing. Finally, some specific test environments are considered.

Hardware Integration and Testing (ISO 26262:2018−5, Clause 10)
This module examines what integration means for hardware design. The different test methods and methods for deriving test cases are explained.

Testing the Hardware (ISO 26262:2018−5, Clause 10)
Based on the generic guidance on verification and testing, this module details the expectations for hardware testing. The various sources of requirements in ISO 26262 are detailed and the requirements for test methods and the methods for deriving test cases are shown."

Training Sprint 4: Safety Analyses

Fault Classification (ISO 26262:2018−5, Clause 7.4.3.2 and Annex C)
One of the key concepts in functional safety is the forecast of the technical risk. This general module introduces important general considerations regarding faults and failures. It fist discusses the distiction between random and systematic, faults and failures, and soft and hard faults. The core failure concepts of single point faults and latent faults are then discussed in detail. To give a complete picture, the faults are related to the safety mechanisms installed, and how the safety mechanisms affect the classification of a fault.

Safety Analysis (ISO 26262:2018−9, Clause 8)
The concepts explained in this module are core to any safety analysis required for safety related elements. The role of the safety analysis is explained as well as the procedure for conducting this analysis. The different types of safety analyses are discussed and the methods explained before this is illustrated with a small and simple example.

Hardware Safety Analysis (ISO 26262:2018−5, Clause 7.4.3)
This module covers one of the core topics of a safety lifecycle: the evaluation of technical risk within the hardware design. This is done through safety analysis, which is explained in detail and related to the hardware design activities. The analyses produce the rating achieved by the design for the SPFM, LFM, and PMHF. The meaning of these metrics is discussed in detail and visualized in a practical example. This module also briefly covers the EEC concept, which is an alternative to the PMHF.

Dependent Failure Analysis (ISO 26262:2018−9, Clauses 6, 7)
This module introduces dependent failures with both common cause and cascading failures. After discussing the various sources of dependent failures, the procedure for dependent failure analysis is explained. Finally, the dependent failure initiators are discussed one by one with some examples.

Assessment Briefing (−)
A brief introduction to the assessment and audit activities for the project team. The core elements of the functional safety assessment are briefly explained, followed by a discussion of the sampling approach used in the assessment. The module concludes with an explanation of what to expect and the do's and don'ts during the interviews and assessment.

Training Sprint 5: Examination

Time to prepare for the exam with practice questions and Q&A with the instructor.

‍