Skip to content

Resolve comments from Interim Audit #5 - Safety Analysis #48

New issue
New issue
Closed
Task
Closed
Resolve comments from Interim Audit #5 - Safety Analysis#48
Task
Assignees
PandaeDo
Labels
documentationImprovements or additions to documentation
Milestone
Release 1.2.x - E09/2025
@PandaeDo

Description

@PandaeDo
PandaeDo
opened on Jun 27, 2025

Safety Analysis

  • - Picture under "getting started" is on an older version as from the final review
  • - Explain for every level what is the goal and end criterium for the FMEA/DFA
  • - Safety Analysis is defined in ISO 26262. Naming of process area might be changed / also in the documentation
  • - Separate feature and component failure initiators
  • - Define acceptance criteria. Example: The analysis is done if it could be proofed that a function and the corresponding safety monitoring are not effected both
  • - Description of goals of DFA under "concept" shall be updated according to the example
  • - Explain also how to do the mitigations for FMEA/DFA findings: e.g. first check complexity, if not completely deterministic and testable: create safety mechanism
  • - Cascading failures could be analyzed in FMEA and not in DFA (this is actually already the case as “corrupted message input” is a failure mechanism of our FMEA).
  • - Link to safety requirement missing in FMEA template
  • - Criteria missing when a component is complex so that a DFA is needed.
  • - Common used library ins only a problem if the features have a dependency. If only a lib is used in more features/components that's no dependency failure
  • - FMEA for systematically failures. There are only two options. First we can element them by showing that there is no possibility a systematically failure is undetected (modular, less-complex, fully tested). If this is not possible, a safety mechanism has to be defined
  • - Discussion FMEA "message corrupted". We can assume that we can trust safety related signals. Within a feature/component this couldn't happen, because the is no bus communication inbetween
  • - Example for DFA & FMEA shall be updated. It should be clearly shown how to use the failure initiators / fault models and what the goals are and how the will be reached (e.g. on platform level: "if there are two features which provide redundancy or are function and safety mechanism, then a commonly used component would be a common cause failure.")
  • - Workflow: Add description how to proceed if a component is changed: "Perform an Impact Analysis for Safety Analysis)

Link to considered process description: https://eclipse-score.github.io/process_description/main/process_areas/safety_analysis/safety_analysis_getstrt.html

Metadata

Metadata

Assignees

Labels

documentationImprovements or additions to documentation

Type

Task

Projects

S-CORE Roadmap

Status

Done
PRC - Process Development Community

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions