What is the Functional Safety Life Cycle?
| 注:图文无关,本文摘选自LHP,仅供学习参考!
Safety characteristics and behavior must be specified, and then designed into the product or system. The Functional Safety Life Cycle plays a critical role in defining how functional safety is to be implemented and accomplished. It consists of three phases:
Analysis: Hazards are identified, risk is assessed, and measures are identified for reducing risk. Then, anAutomotive Safety Integrity Level (ASIL)is assigned to each hazard based on those three values. The ASIL defines the necessary steps that must then be taken during the development of the product or system, and after the start of production.
Implementation: The risk reduction steps become inputs that are engineered into the design, constructed, and installed. Thefunctional safety requirementsremain traceable back to the documented items that verify them. In turn, they are broken down into technical safety requirements. Personnel are trained on the proper execution of the risk reduction measures. They ensure that all requirements are properly addressed during development, and they are educated on the hazards that the steps are designed to protect against.
Next comes verification and validation, a complex series of planning, specification, and execution procedures. The verification process asks the question: “Was the system built right?” The validation process asks the question: “Was the right system built?” During these processes, the hardware and software components are tested and then integrated together into systems, which in turn are integrated into the vehicle.Operation: Personnel analyze the safe operation of the component or system, conduct inspections, perform testing and maintenance, and receive continuous training. They also implement safe modifications and perform end-of-life decommissioning.
What are the roles and responsibilities
in functional safety management?
The management of functional safety is overseen by the safety manager. However, implementing the management of safety is not just a separate thing that “somebody else” is doing over in the corner, with the safety manager off to the side, doing their own thing. No, the management of functional safety needs to be integrated into the entire project plan, top to bottom, start to finish. And, it is the job of the safety manager and the objective of functional safety, to make sure that is happening.
Right from the start, the rest of the team needs to be aware of, respect, and acknowledge, the independence and authority of the safety manager. A safety manager is critical in these types of projects because you want someone in the role who is free and independent from the pressures of accounting for other aspects of the project, such as budget, schedule, or resources. Their sole focus is the safety of the product. Sometimes people want to take shortcuts. There are customer milestones that need to be adhered to, such as making the target date of the startup of production. When it comes to the safety objectives and safety managers, all that is irrelevant. If it"s safe, it"s safe; if it"s not, the safety manager needs to speak up about it. He or she needs to raise the flag to the right people to make sure that functional safety is not compromised. In essence, that is the main purpose of a safety manager.
The safety manager may not own control of the resources; nonetheless, it is the responsibility of the safety manager to ensure that adequate resources are in place. For example, these can include adequate knowledge, expertise, time, and availability. In theory, the safety manager should be working closely with the program manager or the project manager to ensure that they are achieving synergy in all the decisions that are being made, and that safety is appropriately considered. All the leaders must recognize that everybody else at that table has a reason for being there.
Part of the planning and execution of the safety measures is to ensure that, yes, everything is progressing as planned, all the steps are being adhered to, and no shortcuts are being taken. That is all part of monitoring. Because in real life, when you get a program rolling, deadlines get tight. Sometimes they slip and there can be a lot of pressure to take shortcuts.
The functional safety manager must focus on functional safety from now until the product is delivered, and beyond. That focus and attention to detail continues throughout the process, it never ends. Also, there must be steps in the process for after the system is released; the job is not done once the vehicle is deployed. How is the safety of that vehicle or product going to be monitored once it hits production? Once feedback is received from the public, if any issues become known, how are they communicated back to the engineering team and corrected? How is it ensured that identical or similar errors are not propagated into similar designs? In our type of industry, a lot of vehicles are designed based upon past vehicles that continue to be improved. It is something we pay very close attention to. Ownership of safety doesn"t end when the product is delivered.
What happens when an engineering manager
or safety manager realizes
that they haven"t been implementing functional safety?
Typically, we have found that either customers are used to designing things in a certain manner using legacy processes where functional safety wasn"t taken into consideration, or they have been implementing part of the standard but not all of it, or their customers begin to mandate functional safety. In response, they must change the way they do business with both their customers and their suppliers and change how they do things internally. However, change is difficult, especially for large organizations. It doesn"t happen overnight, and their corporate culture needs to adapt.
We try to focus on methodically introducing change. We don"t change everything overnight. Instead, change is introduced little by little, with a focus on the high priority items. We educate as we go, so our customers understand the reason for a change before it is implemented, and how it will improve the overall process.
Slowly, we start introducing the proper changes in the proper order, not only at the company level, but also at the product level. Because typically, products that are being developed now, or were developed in the past, are going to be the baseline for the next iteration. It is very rare that you have a design that is starting from scratch, because doing so is expensive.
关键词: 生命周期