Training Competent Functional Safety Systems Engineer

The training seminar "Safety Systems Engineer" contains the detailed preparation for successfully completing the tasks of a Systems developer in accordance with ISO 26262:2018.

For enabling the developer to successfully collaborate with the safety manager, the basics of the safety management are explained, together with the typical supporting processes that a developer is using throughout the project.

The Safety Systems Engineer has detailed knowledge of the requirements of the ISO 26262:2018 towards a safe Systems development, including the correct understanding of the V development model. The approach to random Systems failures and quantitative measures are well known after the training.

The respective competence is established by applying this knowledge to a simple piece of Systems in a group work exercise. In this exercise, central work products for functional safety are created, including requirements, architecture, design, reviews, and safety analysis.

Theory (Level 1)

1. Theoretical Content

The theoretical part contains both the expectations from the ISO 26262:2018 towards the project and organization, as well as a self-check with training questions in the style of the examination. The online training is spread over four training sprints and one examination sprint. Each sprint has the theoretical elements available as online content that can be viewed, suspended, resumed, and repeated at any time. In addition, there are dedicated time slots each sprint for asking the training questions that arise during the theoretical part. 

2. Theoretical Examination

The knowledge achieved on functional safety is tested in a multiple-choice examination. As the examination is designed as an on-demand online examination, you can take your time to prepare and select your favorite time to take the exam. Upon successful completion of the theoretical examination, the first certification level, the "Certified Safety Systems Engineer" is achieved.

‍

Practical (Level 2)

3. Practical Exercise

The practical part is designed synchronously with the theoretical part and puts an equal focus on practical exercises that allow the trainees to gain vital understanding on how to achieve work products compliant with ISO 26262:2018. The practical exercise sends the group to create typical work products for a safety related development according to ISO 26262:2018. Within the group, discussions and exchange of experience enhances the learning experience, being supplemented with trainer meetings as part of the practical examination.

4. Practical Examination

The practical exercise is accompanied with the practical examination, where the trainer is providing feedback to the created content with the rigor that will be encountered in functional safety assessments. The respective examination record is shared with the team each sprint and rates the degree of conformity with review questions answered by the trainer. This allows the trainer to provide detailed feedback on the actual competence presented and prepares the team for any upcoming functional safety assessment. Upon successful completion of the theoretical and practical examination, the second certification level, the "Certified Competent Safety Systems Engineer" is achieved.

‍

Training Sprint 1: Concept Phase

Introduction to ISO 26262 (ISO 26262:2018−2, Clause 4)
Introduction to functional safety and core aspects for achieving this. The ISO 26262 is introduced and explained, including how to read this standard.

Item Definition (ISO 26262:2018−3, Clause 5)
The item definition is a central specification for all safety-related development in the context of the whole vehicle. It not only defines the scope of the safety lifecycle and is the basis for all development activities, but also serves as the central synchronisation document between this item and the other items of the vehicle.

Hazard Analysis and Risk Assessment (ISO 26262:2018−3, Clause 6)
The Hazard Analysis and Risk Assessment is determining the technical risk emanating from the vehicle in the different operating scenarios and classifies this risk into the ASIL. Based on this ASIL that has been determined for a representative set of operational scearios, the Safety Goals are defined as top-level safety requirements for the item. This module explains this whole evaluation procedure step-by-step.

Functional Safety Concept (ISO 26262:2018−3, Clause 7)
The Functional Safety Concept sets the path for achieving safety for the item at vehicle level. It includes functional degradation, user interactions, and requirement from and to other items.

Documentation Management (ISO 26262:2018−8, Clause 10)
This module explains the definition and handling of the documentation that is the basis for the Safety Case and the Release for Production. It discusses the differences between work products and documents, as well as expected document properties and attributes.

Training Sprint 2: System Development

Requirements Management (ISO 26262:2018−8, Clause 6)
The hierarchical structure of the safety requirements are explained as well as their proper notation. Both expectations on individual requirements as well as the entire set of requirements are explained. This module finishes with a detailed discussion on requirement verification and a short explanation of ASIL tailoring. 

Technical Safety Concept (ISO 26262:2018−4, Clause 6)
This module addresses the systems level design activities. The iterative nature of the system level and its boundaries are explained, followed by a detailed discussion on the definition of the technical safety concept and its technical safety requirements. The iteration loop of achieving functional safety is explained as well as its exit criteria: the hardware metrics.

Architectural Design (−)
Generic introduction to the concept of architectures that can be applied in any discipline - system, hardware, or software. We discuss the iterative nature of architectural design and discuss what an architectural design process is all about. This modules concludes with the expected verification activities.

System Architectural Design (ISO 26262:2018−4, Clause 6)
System architecture in compliance with ISO 26262. This module covers the system breakdown structure required, the architectural desig process at system level as well as the ASIL allocation methodology. The core architectural concepts are explained using a small example.

Verification (ISO 26262:2018−8, Clause 9)
This module covers the generic approach to verification used throughout the safety lifecycle. The three main pillars of verification are introduced: Verification, Testing and Analysis. Their interactions are explained and the generic safety verification process is detailed.

Training Sprint 3: System Verification

Testing (ISO 26262:2018−8, Clause 9)
This module covers the expectations for the tests performed in a safety lifecycle. The testing process is explained in detail with all the expected work products. This is followed by a discussion of the two main categories of testing: functional testing and robustness testing. Finally, some specific test environments are considered.

Hardware-Software integration (ISO 26262:2018−4, Clause 7)
A general Introduction to the system integration, followed by the requirements on the first integration step: the hardware-software integration.

System and Item Integration (ISO 26262:2018−4, Clause 7)
The requirements on the intermediate integration steps of a vehicle from the lowest system level up to the item.

Vehicle Integration (ISO 26262:2018−4, Clause 7)
How to integrate and test the integrated item into the vehicle.

Safety Validation (ISO 26262:2018−4, Clause 8)
How to demonstrate that the item is safe when used within the vehicle. The validation is the counter-part of the concept phase on the right leg of the V development cycle.

Safety Analysis (ISO 26262:2018−9, Clause 8)
The concepts explained in this module are core to any safety analysis required for safety related elements. The role of the safety analysis is explained as well as the procedure for conducting this analysis. The different types of safety analyses are discussed and the methods explained before this is illustrated with a small and simple example.

Training Sprint 4: Supporting Processes

Reusing Components (ISO 26262−2, Clauses 6.4.4, 6.4.6.7)
Avoiding to reinvent the wheel is one of the key approaches to efficiency. The ISO 26262 does not stand in our way, yet, the key concepts for re-using elements in accordance with ISO 26262 must be understood. This module explains the basic reuse flow, the different categories of component sources, as well as the interesting topic of trusting release collaterals.

Reusing Systems (ISO 26262:2018−2, Clauses 6.4.3 and 6.4.4; ISO 26262:2018−8, Clauses 14 through 16)
This module focuses on eth system level reuse, discussing internal reuse and reuse management, followed by considering off-the-shelf reuse that may come with safety evidence from other safety standards.

Reviews (−)
A detailed explanation for one of the three main pillars of verification: the review. It starts with explaining the conduct of a review, then relating the review to the change management. Subsequently, this module covers different review methods that you may come across, deep diving into the review method ""inspection"".

POSD in a Nutshell (ISO 26262:2018−7)
A short introduction to the Production, Operation, Service, and Decommissioning Phase. In this module the product safety lifecycle is matched to the three areas of safety management, and the interactions between the different activities explained.

Training Sprint 5: Examination

Time to prepare for the exam with practice questions and Q&A with the instructor.

‍

‍