Training Competent Functional Safety Software Engineer

Theory (Level 1)

1. Theoretical Content

The theoretical part contains both the expectations from the ISO 26262:2018 towards the project and organization, as well as a self-check with training questions in the style of the examination. The online training is spread over four training sprints and one examination sprint. Each sprint has the theoretical elements available as online content that can be viewed, suspended, resumed, and repeated at any time. In addition, there are dedicated time slots each sprint for asking the training questions that arise during the theoretical part. 

2. Theoretical Examination

The knowledge achieved on functional safety is tested in a multiple-choice examination. As the examination is designed as an on-demand online examination, you can take your time to prepare and select your favorite time to take the exam. Upon successful completion of the theoretical examination, the first certification level, the "Certified Safety Software Engineer" is achieved.

‍

Practical (Level 2)

3. Practical Exercise

The practical part is designed synchronously with the theoretical part and puts an equal focus on practical exercises that allow the trainees to gain vital understanding on how to achieve work products compliant with ISO 26262:2018. The practical exercise sends the group to create typical work products for a safety related development according to ISO 26262:2018. Within the group, discussions and exchange of experience enhances the learning experience, being supplemented with trainer meetings as part of the practical examination.

4. Practical Examination

The practical exercise is accompanied with the practical examination, where the trainer is providing feedback to the created content with the rigor that will be encountered in functional safety assessments. The respective examination record is shared with the team each sprint and rates the degree of conformity with review questions answered by the trainer. This allows the trainer to provide detailed feedback on the actual competence presented and prepares the team for any upcoming functional safety assessment. Upon successful completion of the theoretical and practical examination, the second certification level, the "Certified Competent Safety Software Engineer" is achieved.

‍

Training Sprint 1: Safety Management

Introduction to ISO 26262 (ISO 26262:2018−2, Clause 4)
Introduction to functional safety and core aspects for achieving this. The ISO 26262 is introduced and explained, including how to read this standard.

Requirements Management (ISO 26262:2018−8, Clause 6)
The hierarchical structure of the safety requirements are explained as well as their proper notation. Both expectations on individual requirements as well as the entire set of requirements are explained. This module finishes with a detailed discussion on requirement verification and a short explanation of ASIL tailoring. 

Software Safety Requirements (ISO 26262:2018−6, Clause 6)
Based on the generic guidance on safety requirements, this module focuses on the software safety requirements. It explains the different aspects that need to be considered and details on the expected design phase verification activities.

Documentation Management (ISO 26262:2018−8, Clause 10)
This module explains the definition and handling of the documentation that is the basis for the Safety Case and the Release for Production. It discusses the differences between work products and documents, as well as expected document properties and attributes.

Verification (ISO 26262:2018−8, Clause 9)
This module covers the generic approach to verification used throughout the safety lifecycle. The three main pillars of verification are introduced: Verification, Testing and Analysis. Their interactions are explained and the generic safety verification process is detailed.

Reviews (−)
A detailed explanation for one of the three main pillars of verification: the review. It starts with explaining the conduct of a review, then relating the review to the change management. Subsequently, this module covers different review methods that you may come across, deep diving into the review method ""inspection"".

Training Sprint 2: Software Development

General Software Topics (ISO 26262:2018−6, Clause 5)
Before any safety-related software development can begin, the development processes must be in place. This module explains what this means, focusing not so much on the general idea of processes, but on the actual expectations on software development processes. It therefore covers specific expectations on the programming language and programming guidelines. It concludes with the importance of guidelines and how to demonstrate compliance.

Architectural Design (−)
Generic introduction to the concept of architectures that can be applied in any discipline - system, hardware, or software. We discuss the iterative nature of architectural design and discuss what an architectural design process is all about. This modules concludes with the expected verification activities.

Software Architectural Design (ISO 26262:2018−6, Clause 7)
This module is about understanding the safety perspective during designing a software architecture. The architectural characteristics and their manifestation in the guidelines are discussed before considering the design principles for safety software architectures. Practical topics such as ASIL allocation, smart and risky safety approaches, and  verification of the software architecture during the design phase are also discussed.

Software Unit Design and Implementation (ISO 26262:2018−6, Clause 8)
Both software unit design and software unit implementation are detailed in this module. The expected software properties and the software design principles to be followed are discussed, as well as the mechanisms for applying and verifying compliance. The concept of ""requirement"" is reviewed to highlight the differences between design and implementation and the expectations of the assessors. This module concludes with the discussion of objective metrics for defining the appropriate size of software units.

Reusing Components (ISO 26262−2, Clauses 6.4.4, 6.4.6.7)
Avoiding to reinvent the wheel is one of the key approaches to efficiency. The ISO 26262 does not stand in our way, yet, the key concepts for re-using elements in accordance with ISO 26262 must be understood. This module explains the basic reuse flow, the different categories of component sources, as well as the interesting topic of trusting release collaterals.

Reusing Software (ISO 26262:2018−8, Clause 12)
Software reuse is one of the core paradigms in software development. Based on the generic reuse concepts, this module focuses on the different reuse paths available for software. The different black-box or white-box activities that make these concepts work are explained. The concept of software qualification is explained with the complete qualification flow, highlighting the requirements for the qualification specification and qualification documents by ISO 26262.

Training Sprint 3: Software Verification

Testing (ISO 26262:2018−8, Clause 9)
This module covers the expectations for the tests performed in a safety lifecycle. The testing process is explained in detail with all the expected work products. This is followed by a discussion of the two main categories of testing: functional testing and robustness testing. Finally, some specific test environments are considered.

Software Unit Verification (ISO 26262:2018−6, Clause 9)
This module covers both design phase verification and unit testing as defined in ISO 26262. The different verification activities are shown in the flow from the requirements assigned to the software unit to the software unit executable. The methods for deriving the unit test specification and measuring the structural code coverage of these tests are explained. Finally, some additional considerations for good testing are given.

Software Integration and Testing (ISO 26262:2018−6, Clause 10)
Software integration builds the test object for software integration testing. The scope of this integration is shown and the objectives of software integration testing are explained. The methods for deriving the test cases and the metrics for measuring their completeness are discussed.

Testing of the Embedded Software (ISO 26262:2018−6, Clause 11)
Testing the fully integrated software is the demonstration of compliance with the requirements. This module explains the expected test methods, test environments, and methods for defining test cases. It also loops back to other activities that may produce test cases, ultimately demonstrating completeness in testing.

Safety Analysis (ISO 26262:2018−9, Clause 8)
The concepts explained in this module are core to any safety analysis required for safety related elements. The role of the safety analysis is explained as well as the procedure for conducting this analysis. The different types of safety analyses are discussed and the methods explained before this is illustrated with a small and simple example.

Software Safety Analysis (ISO 26262:2018−4, Clause 7.4.10)
Beyond the general principles and guidelines for safety analysis, ISO 26262 provides little guidance for software safety analysis. However, this module addresses the core paradigms that will lead to a successful software safety analysis, highlighting which parts within the software breakdown structure should be subject to software safety analysis and which methods could be applied.

Training Sprint 4: Supporting Processes

Configurable Software (ISO 26262:2018−6, Annex C)
Since software configurability and calibration are essential for its reuse or component-specific adaptation, this module covers the additional requirements that must be met when using software configuration and calibration. First, a distinction is made between configuration and calibration, including a mapping of each to the different phases of the safety software lifecycle. Key safety management aspects of configuration and calibration are discussed before both the configuration and calibration process are explained in detail.

Software Tools (ISO 26262:2018−8, Clause 11)
Tools are our small or large helpers that facilitate our engineering work. Whereas they support us systematically, we should be aware of the risk that comes from the level of trust we put into these tools. This module covers how to justify the trust we put into the software tools that are used throughout the safety lifecycle.

Problem and Change Management (ISO 26262:2018−2, Clause 5.4.3; ISO 26262:2018−8, Clause 8)
Problem and Change Management is about keeping track of problems found and changes made during the safety lifecycle. While considered two separate processes, we see them as so interdependent that we cover both in one module.

Assessment Briefing (−)
A brief introduction to the assessment and audit activities for the project team. The core elements of the functional safety assessment are briefly explained, followed by a discussion of the sampling approach used in the assessment. The module concludes with an explanation of what to expect and the do's and don'ts during the interviews and assessment.

Training Sprint 5: Examination

Time to prepare for the exam with practice questions and Q&A with the instructor.

‍