Templates are essential for a smooth functional safety process. Nevertheless, ISO 26262 does not make any specific requirements in this regard, so you are responsible yourself. For a good reason! Otherwise, all users of ISO 26262 would be bound to the same tools, identical processes and the same working methods, which cannot be further from practice.
So, what do you have to consider when introducing templates in order to effectively and efficiently create recurring work products of ISO 26262? Conformity to the requirements of ISO 26262 is just as important as it is obvious. We would like to present some of our most important best practice tips, which may be easily overlooked.
Six Practical Tips for Creating Templates for ISO 26262 Work Products
1. Conduct Independent Reviews for all Templates
Depending on the work product, ISO 26262 requires a greater or lesser degree of independence when reviewing these work products. Among other things, this is ensured by the confirmation measures. At least the same level of independence should be applied when checking and approving the relevant templates. One of the greatest benefits of templates is that you don’t have to reinterpret ISO 26262 for every project. As already mentioned in the introduction, the standard does not give any specific instructions on how to create a template. However, it defines normative requirements for the content of a work product and it is precisely this content that the template must either already specify or enable. Hence, check your template independently of the project, then you will be on the safe side.
2. Ensure Consistency with the Process
Safety culture is the catchphrase here. A template only makes sense if it is used, surely everyone agrees on this. Imagine that the template demands certain data which is only available after the deadline date of the template. This would lead to an unsolvable conflict concerning the release of the work product.
If your template is not seamlessly integrated into your specified functional safety process and therefore also not integrated into your project development, this either leads to bypassing the template or to extensive adjustments in each project “…in order to be able to work with the template at all”. A clear integration in the process is essential.
3. Traceability – All Templates Are Interlinked
Just as ISO 26262 clearly defines what the inputs and outputs of required work products are, this should also be clearly evident in every template. The creation of ISO 26262 work products is mainly serial, based on the v-model. The safety goals resulting from the hazard analysis and risk assessment are the input variables for the functional safety concept. The requirements of the functional safety concept are the input variables for the technical safety concept and so forth.
If your inputs and outputs are not exactly (!) maintained in a template, there will be uncertainties, inquiries and, in the worst case, inconsistencies in the verification.
4. References to ISO 26262 Will Help
“Why? We don’t create a process description!”
This may come into mind first and is a valid objection. After all, a template should not be a process description, but a pragmatically applicable document. Nevertheless, even the most experienced safety responsible person probably does not know all 816 pages of ISO 26262 by heart. A short reference to ISO 26262, perhaps only in the footnote, speeds up the creation of the corresponding document. Here you should strike a good balance between referring to ISO 26262 and relying on the competence of the expert using it.
Too many references to ISO 26262 quickly make the document difficult to read and therefore lead to the skipping of (sub)chapters and thus to incompleteness.
5. Guidelines – The Balance Between Guidance and Room for Expertise
A template must be understandable and, at best, self-explanatory. The complexity of functional safety according to ISO 26262 inevitably results in complex templates from time to time. Thus, the actual goal of the templates – to make work easier – is not led to absurdity and ends in increased effort due to the complexity of the template. A complex template should be supplemented by a guide. At best, there is a tool-based option to show and hide this guide within the template. The usage of this option should be explained in the template and not in the guide itself. If this is not possible and the guidelines are included as comments in the template, we recommend removing these guidelines from the final work product for the sake of readability.
Nevertheless, this approach also has a downside. The guide should not give the impression of being a guide for fulfilling the requirements of ISO 26262. Employees, who do not have sufficient knowledge of the work product, often use these guidelines as the sole source of information and may not even realize that they are not sufficiently qualified.
6. Pay Attention to Flexibility and Individuality
Functional safety work products are often very project-specific and therefore not generic. The template should offer sufficient flexibility to the author of the respective work product. A template that is changed due to a lack of flexibility is quickly criticized in reviews or audits and classified as invalid. The advantage of the template would then be obsolete.
Sometimes, this is a tricky task because automotive development consists of different constellations. So, the task of a template is rather to clearly define the scope within the requirements of ISO 26262 and not to specify rigid solutions. The necessary expertise is provided by the person responsible for the work product. A template cannot and should not take on this task, not even partly. The template has solely a supporting function.
Conclusion and Outlook
What are your thoughts on our six tips for creating templates? Do you agree, do you have additions or do you consider certain aspects worth discussing? Feel free to contact us directly or comment on this article so that everyone can participate in the resulting knowledge gain!
Do you need templates, guidelines or processes for your company? We have already been able to successfully create and implement all of this at large OEMs within the framework of ISO 26262. We will certainly find pragmatic solutions for your requirements together. Please do not hesitate to contact us!
Thanks for reading!
Written by:
Zbigniew Bober