1 min read
An Introduction to Project-Dependent Safety Management
An Introduction to Project-Dependent Safety Management Safety is one of the primary influences in the development of modern road vehicles. This...
9 min read
Ashutosh Chandel : Nov 29, 2022 11:34:07 AM
A safety culture is the compilation of ideologies, mindsets, perceptions, knowledge, attitudes, and values, that employees share related to the risks within an organization, such as those found in a workplace. It reflects the organization’s attitude about safety from top to bottom, and across all functions, disciplines, teams, and processes.
An effective organizational safety culture is much more than just putting up safety posters in the break room and attending occasional “punch the ticket” safety briefings. Creating and maintaining a safety culture represents a formal process that defines what an organization actually does about safety, rather than just focusing on projecting a certain type of image.
The safety culture of an organization is more than just an attitude, it is a series of formal documents created through vetted processes that define the safety requirements and expectations for all persons, behaviors, and elements that impact the safety of a product or element to any degree. Thus, the importance of the safety culture cannot be overstated. The safety culture is such a deep and intrinsic part of an organization that it is woven into the cultural fabric of the organization itself, a reflection of who the organization is, why they exist, and how they choose to interact with and impact the world around them.
The safety culture defines both the requirements and the processes to be followed. It defines trustworthy examples of safety, provides the driving force behind the proper execution of safety policies and procedures, and clarifies the criteria by which the application of safety will be measured.
Organizations that are either involved with the implementation and enforcement of the safety lifecycle or are fulfilling safety activities within the safety lifecycle must:
There are some of the elements that are common to good safety cultures:
In the article Safety Culture, published by Air Safety Support International at: https://www.airsafety.aero/Safety-Information-and-Reporting/Safety-Management-Systems/Safety-Culture.aspx, Dr. James Reason is referenced as suggesting that safety culture consists of five elements:
One comparison that might be drawn from Dr. Reason’s assertions, can be that a safety culture is much like a living, dynamic thing. It possesses and acquires knowledge and puts it to work as it continuously improves itself. It enables communication in an atmosphere of trust built on data rather than emotional foibles. And it conducts all of this effort in an evenhanded and fair-minded manner. In more than one sense, a good safety culture can be thought of as a reflection of what we as a people want in our world.
Simply put, safety anomalies are a deviation from the norm or the expected safe state, a safety-related inconsistency that is odd, peculiar, or strange. When they are encountered, safety anomalies must be addressed in a straightforward and disciplined manner.
This activity begins with the organization defining and implementing a process that explicitly communicates safety anomalies to the people who have responsibility for accomplishing or maintaining functional safety during the course of the safety lifecycle. Typically, many of these people are fulfilling safety manager roles in customer safety, supplier safety, product development, product production, operation, service, or decommissioning. It is imperative that they be informed of these anomalies early in the process, so they can help ensure that the safety anomaly is processed by the proper persons in a manner that accommodates all of the appropriate safety considerations and interactions.
After the process is put in place, it is put to work. The safety anomaly is analyzed and evaluated in accordance with the process. This evaluation can include a root cause analysis that results in future corrective action. An appropriate resolution is defined, and the safety anomaly is managed to closure in a timely and competent manner. If this work results in any changes, those changes are handled in accordance with the change management process defined in ISO 26262-8:2018, Clause 8.
A safety anomaly will only be considered closed if:
Note: The rationale is important. It must be documented and formally reviewed. If no rationale is presented, the safety anomaly is not considered to be closed.
If a safety anomaly is not managed to closure, then it must be escalated to the proper persons who are responsible for functional safety. These persons must have the proper authority to bring together the right people to drive a safety anomaly to closure. If a functional safety assessment is performed as part of this process, then the safety anomaly must be explicitly communicated to the person responsible for conducting the assessment.
Proper management of the safety lifecycle is of paramount importance. The most important thing that the managers do is to plan, coordinate, and track all of the activities that are related to functional safety in any way, during all phases of the safety lifecycle. These include:
For product development, safety activities are initiated right at the beginning, during the concept phase. Refinement is continued during the subsequent product development phases as required until the decision is made to release the item or element for production.
One of the first tasks of the safety lifecycle is to develop an accurate and complete description of the item that includes:
The boundary of the item is then defined, including the item itself and its interfaces. The boundary description must encompass a complete envelope with no overlaps or gaps. If other assumptions need to be made regarding other items, elements, or other external measures, they are done so in accordance with the steps defined in ISO 26262-3:2018, Clause 5.
A hazard analysis and a risk assessment of the item are then performed. The hazard analysis produces an estimate of three key considerations:
When factored together, these three considerations dictate the Automotive Safety Integrity Levels (ASILs) of the hazardous events. In turn, this information determines what the safety goals will be for the item. Each ASIL is assigned to a corresponding safety goal. Then, during the subsequent phases and sub-phases, more detailed safety requirements are derived. Each safety requirement inherits the ASIL of its corresponding safety goal, or it receives the ASIL if ASIL tailoring has been applied.
The functional safety concept is a sub-phase of the concept phase that is based on the safety goals, and preliminary assumptions about the architecture. It extracts functional safety requirements from the safety goals and connects these functional safety requirements to elements that make up the item.
This step might include the consideration of other technologies or external measures; subsequent validation might determine that these fall outside the scope of ISO 26262 and thus, outside the scope of the development of the item.
After the functional safety concept is defined, the item is developed at the system level. This is where the V-model of the Verification and Validation (V&V) process comes into play. Starting at the top and moving downward on the left side of the V-model, the technical safety requirements are specified, as are the system architecture, the system design, and its implementation. Progressing back upward on the right side, the integration, verification, and safety validation are addressed. The interfaces between hardware and software are first defined in this phase and then refined and updated during the actual hardware and software development.
During system-level development, other safety validation tasks also occur, including:
At this point, the hardware is developed in accordance with the V-model. Then the software is developed, also in accordance with the V-model. For each, the specification of the requirements and the design and implementation falls on the left side, and the integration and the verification fall on the right side.
The planning of these phases and the defining of the associated requirements start during the development of the product at the system level, but it takes place in parallel with the development of the system, hardware, and software.
Details and requirements are established and communicated regarding the processes, means, and instructions for ensuring functional safety during these phases. In addition, quality management standards and processes may also be considered, such as IATF 16949, ISO 9001, the ISO/IEC 33000 series of standards, Capability Maturity Model Integration (“CMMI®”), or the Automotive SPICE®1 series of standards.
Confirmation measures are performed to ascertain the functional safety that is achieved by the item, or the contributions made to the achievement of functional safety by the development of the elements.
During the hazard analysis and risk assessment, credit can be given to the driver and other persons at risk for avoiding harm, even when this avoidance is bolstered by external measures. The exposure to risk and its severity depends on the scenario.
External measures outside the boundary of the item that reduce or eliminate potential hazards can also be considered and validated. This can include measures attached to the vehicle such as anti-sway bars, as well as measures that are part of the surrounding infrastructure such as guardrails.
The act of releasing an item for production formalizes the organization’s decision to release the item for production, after taking into consideration the results of the safety lifecycle and the applicable confirmation measures. Further improvements and refinements are processed in a like manner and implemented at the next formal release.
The safety lifecycle is both the embodiment and product of an organization-level attitude, as well as a formal process that results in specific criteria that must be met. It is driven from the top down, governed by formal vetted processes, and defines what both the risks to, and the achievement of, functional safety looks like. Most importantly, it is a systematic road map for making safety actionable and achievable, as we turn functional safety from just a good idea, into reality.
1 min read
An Introduction to Project-Dependent Safety Management Safety is one of the primary influences in the development of modern road vehicles. This...
1 min read
What is Tailoring in Functional Safety? The international standard that governs functional safety is ISO 26262-2:2018, “Road vehicles — Functional...