Guest author: Joe Wlad, Vice President, Business Development, Verocel, Inc.
The automotive industry has adopted ISO 26262 as its functional safety standard for electronic systems. The current version of ISO 26262 was published in 2011, with a second edition scheduled for release in 2018. The increased use of software in automotive systems such as driver assist, brake control and engine and systems management has placed a greater scrutiny on ensuring the software is safe. Modern vehicles now contain millions of lines of software and software quality is more important than ever. While automotive designers and suppliers have 5 years’ experience using ISO 26262, the bar for software compliance is now higher due to increased complexity, integration and automation. Moreover, one can expect regulatory oversight to increase in the future due to changing policies. In September 2016, the U.S. DOT issued a new federal policy for safe testing and deployment of automated vehicles. This new policy seeks to strike a fair balance between innovation and regulatory oversight but will require additional effort from vehicle makers and suppliers who wish to use forms of automation in their future designs.
Historically, all automotive companies and suppliers practiced a form of “self-certification” regarding their systems, hardware and software. To date, there is no pre-market approval process and no government regulator in the loop. Manufacturers do their own due diligence and any government oversight of safety design, development and production comes into play only after vehicles go into production. Even though a pre-market approval process for road vehicles would be impractical even for autonomous features, designers will have to place additional emphasis on software design and verification practices in the near future. Fortunately, ISO 26262 addresses the key requirements for software development and design and software suppliers like RTI are prepared to assist designers in ensuring compliance with ISO 26262 software requirements.
ISO 26262 covers functional safety at the system, hardware and software levels. To be considered fully compliant with ISO 26262, all areas must be addressed at once meaning that the software has to be integrated onto a given hardware platform and within a given system before it is approved. This poses a dilemma for suppliers who wish to use COTS software such as an operating system or communication layer because it places an additional certification burden on the supplier to represent software they may not have designed themselves. Companies like RTI and Verocel have addressed this problem by providing both certification evidence and a framework to use that evidence in any system design and achieve ISO 26262 compliance at ASIL-D. The details of this approach are documented in a whitepaper called ISO 26262 Compliance Using Approved Software Components for Road Vehicles which can be downloaded at both the RTI and Verocel websites.
The whitepaper provides a complete background on ISO 26262 processes and what parts of the standard would apply to COTS software components. It also provides a summary of key characteristics of COTS software that can be used in road vehicle designs as well as documentation and evidence to assist the integrator in achieving ISO 26262 compliance. RTI Connext DDS Cert supports the DDS (Data Distribution Service) family of standards and is a certifiable middleware available with a complete, commercially supported certification package to support ISO 26262 certification, including ASIL-D. Connext DDS Cert provides an architecture and hardware-independent layer of software that can be used on virtually any system design. It also comes with the certification evidence that supports ISO 26262, sections 2, 6 and 8 as well as additional guidance and information that helps designers integrate Connext DDS and retain certification credit in their system.
Automotive designers and suppliers need to prepare for a future where increased regulatory compliance for software will be a norm. The days of complete self-certification autonomy are coming to an end and suppliers will need to rely on an entire software ecosystem of suppliers who can meet the current and future ISO 26262 requirements head-on. RTI and Verocel have broad experience in delivering certified software to customers in many industries and we are prepared to assist you.