Home › 5-day course: Embedded automotive systems using ISO 26262

5-day course: Embedded automotive systems using ISO 26262

MIRA Ltd (logo) Modern automobiles can contain 50 – 100 embedded microcontrollers and between 100 MB and 1 GB of object code. Over 85% of a vehicle’s functions are under software control. Functional safety is the discipline of ensuring that these systems operate correctly in response to their inputs and thereby maintain safe operation of the vehicle.

Using a mixture of informal seminars and hands-on classroom exercises, this course has been designed to bring you up-to-date with state-of-the-art processes for developing safe and reliable embedded systems in road vehicles. The course is based upon the processes described in a new international standard, ISO 26262 Road vehicles — Functional safety” which has been developed to address these challenges.

[Module code: A3b]

Learning goals

You will:

  • Learn how to define a safety plan for a safety-related embedded system;
  • Learn how to perform hazard analysis and risk assessment, and how to identify the safety requirements for a system;
  • Learn how to define the hardware and software development requirements for the system;
  • Learn how to verify the system has been developed in accordance with these requirements;
  • Learn how to validate that the completed system meets its safety requirements;
  • Learn how to compile a safety case for the completed system.

Where and when will this course be delivered next?

This course will be delivered as follows:

Places can be reserved by e-mail (places will be confirmed on receipt of payment).

Registration details

Please contact us to reserve your place on this course.

You will then be sent an invoice: your place on the course will be confirmed when payment is received.

Formal quotations can be provided on request.

Price

Places are available on this course at the “Taster” rate of £500 + VAT per place.

Organisations and individuals can apply Taster rates to their first booking only: for subsequent bookings, the normal short-course fee (£1,800 + VAT in the UK) or MSc fee applies. Please refer to our fees page for full information.

Pre-requisites for this course

While some previous experience with embedded systems would be useful, this is not an essential pre-requisite for this exploratory course.

Some previous experience in hardware and/or software design for embedded systems (e.g. design of microcontroller-based hardware, or programming experience in a high-level language such as C, C++ or using model-based development) is assumed at the start of the course. If you have not had this experience, suggestions for background reading can be provided.

Trainer biodata

This module is delivered by Prof. David Ward from MIRA Ltd.

Prof David D Ward holds an MA in Natural Science (Physics and Theoretical Physics) from the University of Cambridge, UK, and a PhD in Electrical and Electronic Engineering from the University of Nottingham, UK. He is an RAE Visiting Design Professor at University of Leicester and is Head of Functional Safety at MIRA Limited, an independent automotive engineering consultancy in the UK. He is the UK’s principal technical expert to the ISO committee that developed ISO 26262.

Prof Ward has 20 years’ experience in the safety of automotive electronic systems and is the author/co-author of more than 70 publications in this field.

Detailed course contents

Day 1

Seminar 1 – Standards and requirements for safety-related systems

This seminar will introduce the key standards and guidelines for safety-related electronic systems such as IEC 61508, ISO 26262, DO-178B, MISRA; the different certification or approval regimes that they operate under; how they relate to each other.

Seminar 2 – Functional safety management using ISO 26262 and MISRA

This seminar will explain the safety management framework of ISO 26262-2 and how to set this up. The guidelines in the MISRA Safety Analysis are useful in establishing these processes.

Seminar 3ISO 26262 concept phase – Item definition

A key principle in ISO 26262 is to define the “item” – the system or function to which the requirements of the standard are applied. This seminar will explain the principles of defining the “item” – how to determine which systems or functions are in scope, the boundary and environment, and the criteria for dealing with new development versus modification of an existing system.

These seminars will be followed by a workshop exercise where the students define a concept for a vehicle system, perform the item definition, and define the safety plan for the item.

Day 2

Seminar 4ISO 26262 concept phase – Hazard analysis and risk assessment This seminar will explain the principles of hazard analysis and risk assessment in ISO 26262-3 and MISRA Safety Analysis and give worked examples. Hazard analysis and risk assessment is the process of:

  • Identifying the hazards associated with the prospective system;
  • Determining the level of risk reduction required to reduce the risk associated with the hazards to an acceptable level;
  • Defining safety goals to mitigate or prevent the hazards.

The level of risk reduction required from electronic systems is designated by a safety integrity level (SIL) in IEC 61508 and its derived standards; and automotive safety integrity level (ASIL) in ISO 26262. This seminar will be followed by a workshop exercise where the students perform hazard analysis on their chosen vehicle system resulting in a list of hazards, safety goals and associated SILs or ASILs.

Day 3

Seminar 5ISO 26262 Concept phase – Functional safety concept

This seminar will explain the principles of functional safety concepts and how to define them. The functional safety concept in ISO 26262 is the form of safety requirements specification used to satisfy the safety goals.

This seminar will be followed by a workshop exercise where the students define the safety concepts for their system based on the hazards they have previously identified and classified and the defined safety goals.

Seminar 6ISO 26262 Development phase – System development and technical safety concept

This seminar will introduce the requirements of ISO 26262 Part 4 for product development at the system level with particular emphasis on the activities on the left-hand side of a typical “V” model. The seminar will explain the principles of technical safety concepts and how to define them. The technical safety concept in ISO 26262 is the first level of refinement of the safety requirements into the system design and the allocation of these safety requirements to hardware and software elements of the architecture.

This seminar will be followed by a workshop exercise where the students define the technical safety concepts for their system based on the functional safety concept and a preliminary architectural design.

Day 4

Seminar 7ISO 26262 Development phase – Hardware development

Seminar 8ISO 26262 Development phase – Software development

These two seminars will give an introduction to the requirements for hardware and software development using ISO 26262 Parts 5 and 6 respectively.

These seminars will be followed by a workshop exercise where the students produce a hardware or software development plan for their system. The students will be free to choose the hardware or software exercise depending on their own expertise. The plan will have to take into account reuse of existing items, use of commercial off-the-shelf (COTS) items, selection of tools, selection and customization of guidelines, etc. The plan will need to include an estimation of resources, and how the development decisions they make will affect this.

Day 5

Seminar 9ISO 26262 Development phase – integration, verification and validation

This seminar will complete the overview of the requirements of Part 4 of ISO 26262, with particular emphasis on the activities on the right-hand side of a typical “V” model. This seminar will show how individual hardware and software elements are integrated together into a complete system and then into the complete vehicle, followed by validation of the safety requirements.

Seminar 10ISO 26262 supporting processes.

This seminar will introduce the supporting processes of ISO 26262 Part 8, for example for configuration management and documentation.

Seminar 11 – The safety case

This seminar will introduce the concept of the safety case, and how such a safety case typically consists of claims concerning the level of safety achieved by a system, the evidence for that level of safety and the argument that justifies the claims based on the available evidence.

This seminars will be followed by a workshop exercise where the students will produce a safety case structure and outline for their chosen system.

Course objectives

After attending this course, participants will:

  • Understand what functional safety is and how this applies in the automotive industry;
  • Have a good understanding of the need for safety management activities and the creation of a safety plan;
  • Understand the process of hazard analysis and risk assessment;
  • Understand how safety requirements are defined for an embedded system and how these requirements are cascaded to the hardware and software design;
  • Be ready to join the MSc in Reliable Embedded Systems if they wish to do so.

Course options

This course is delivered by MIRA Ltd.

University of Leicester You can attend this course as a self-contained 5-day training module or as part of the University of Leicester’s MSc in Reliable Embedded Systems.

ISO 26262 support from TTE Systems

Meeting ISO 26262 requirements

We have created a short brochure that provides an overview of some of the ways in which products and services from TTE Systems may be able to help your organisation to develop reliable embedded systems in compliance with ISO 26262 requirements.

Reliable, safety-related and safety-critical embedded systems

All of our training courses are designed to help participants who wish to improve the reliability of the embedded systems produced by their organisation. Beyond this general goal, some courses have a sharper focus on techniques which are appropriate for use in safety-related or safety-critical systems: a summary of these links is provided in the table below (please click on the table to increase the text size).

Table linking to training courses to safety levels

Embedded processors now have an enormous impact in many products, including - for example - high-end consumer applications such as washing machines and set-top boxes and various automotive applications (for example, control of door mirrors). Manufacturers need to maximise the reliability of such systems in order to reduce the cost of warranty repairs, minimise product recalls and ensure repeat orders. All of our courses are designed to support the developers of such reliable embedded systems.

In many cases, embedded processors are employed in safety-related systems: these include automotive, medical and industrial systems. In a safety-related design, the embedded processor will never have total control: there will always be some form of backup device — or “backup person” — available in the event that the embedded system operates incorrectly (or fails to operate at all). For example: [i] an automotive “anti-lock” braking system (ABS) may have a mechanical backup; [ii] a medical system may be used to provide information to a qualified clinician: the doctor will make the final treatment decision; [iii] a train control system may require final authorisation from the driver before moving the vehicle. Even with the availability of a “backup” option, great reliance is placed on safety-related embedded systems and they must — clearly — be developed with great care.

The challenges facing the developer become even more significant when we start to consider safety-critical embedded systems. In such systems the system cannot rely on external backups option, and failure is likely to result in injury or death, either to users of the system (for example, with a medical design) or those in the vicinity (for example, with an aerospace or industrial design). Without doubt, the development of safety-critical embedded systems represents one of the greatest challenges faced by engineers on the planet today.

It should also be noted that — while failure of a particular embedded system may not result in loss of life — it may still be appropriate to develop the systems to “safety critical” standards. Such an approach may be considered (for example) when developing business-related applications where failure would result in huge financial losses (for example, some forms of electronic trading system for use in a stock exchange, or a system used to monitor electricity usage in consumer homes).