Presentation is loading. Please wait.

Presentation is loading. Please wait.

Submitted by the experts of OICA

Published byDoddy Cahyadi Modified over 5 years ago

Similar presentations

Presentation on theme: "Submitted by the experts of OICA"— Presentation transcript:

1 Submitted by the experts of OICA
Submitted by the experts of OICA TFAV-SG Preliminary input: Structure and building blocks of the Audit/Assessment , Den Haag, TF AutoVeh, 1st meeting of the subgroup Physical Testing and Audit Submitted by the experts of OICA L. Ballaux on behalf of OICA

2 Introduction Purpose: Objective:
Next to physical testing on test track and in the real world, a complex system such as an automated driving system needs to be designed, developed and validated following particular (safety) processes. Objective: For certification authorities and technical services to understand and certify these processes, an audit and an assessment of the manufacturer’s development and design process is proposed (like the one for complex braking/steering systems). The intention of this presentation is to start the discussion and to explain a structure and different blocks of which such an audit/assessment could consist of.

3 Overview of complete certification structure
Certification of Automated Driving Systems (L3-L5) Objective: System is safe and technical compliant Certification-tests on test track Real-world-test-drive Audit and Assessment Highway/ Motorway Urban Inter-urban/ rural Highway/ Motorway Urban Inter-urban/ rural Development processes and methods (use-case independent) Highway/ Motorway Inter-urban/ rural Urban Test scenarios (use-case-specific) Test drive under real conditions (use-case-specific) Safety concept to address fault- and non-fault conditions Pass/fail criteria: tbd (e.g. criteria of existing technical standards like ISO 26262) General system safety requirements Pass/fail criteria: Defined performance requirements and test procedures under dry/normal conditions Pass/fail criteria: Individual qualitative checklist Implementation and change management regarding traffic laws and rules Traffic rules Safety-relevant areas: Assess system’s strategies/rest performance to address (multiple) fault-conditions and disturbances due to deteriorating external influences; vehicle behavior in variations of critical scenarios Safety-relevant areas: Assess critical scenarios that are technically difficult for the system, have a high injury severity and are likely to occur in real traffic Safety-relevant areas: Assess the overall system capabilities in typical traffic scenarios; general system safety requirements like HMI; behavior in some fault-conditions? Safety-relevant areas: Assess that the applied processes and design/test methods for overall system development (HW and SW) are effective, complete and consistent

4 Audit structure: Processes and documentation
Certification of Automated Driving Systems (L3-L5) Objective: System is safe and technical compliant Audit  Focus: Processes and Documentation Processes and methods (use-case independent) Purpose: Assess that the applied processes and design/test methods for overall system development (HW and SW) are effective, complete and consistent Safety analysis Safety plans of the system and of relevant components/ECUs Pass/fail criteria: tbd (e.g. criteria of existing technical standards like ISO 26262) Development process incl. Specifications management, Testing, Failure Tracking Requirements’ implementation Development process plans and quality management plans Implementation and change management regarding traffic laws and rules Validation and change/ release management plans Documentation of the system Purpose: Understand the system to be audited and assessed System layout/architecture and schematics Description of the components and functions Identification of relevant HW and SW List of all input and sensed variables Description of the ODD (boundaries of functional operation) List of all output variable controlled by the system Signal flow chart and priorities OEM to make open for inspection OEM to submit to technical service

5 Assessment Structure: Safety Concept and Validation
Certification of Automated Driving Systems (L3-L5) Objective: System is safe and technical compliant Assessment  Focus Safety Concept and Validation Safety concept to address fault- and non-fault conditions Purpose: Assess the system’s strategies/rest performance to address (multiple) fault-conditions and disturbances due to deteriorating external influences; vehicle behavior in variations of critical scenarios *Safety-relevant: Behavior that results in unintended leaving of the ego-lane or in a collision Safety Goals Purpose: Identify all safety relevant* hazards and risks Pass/fail criteria: -The system is fail-operational; -The system can cope with all relevant external/environmental conditions; -The system can cope with all relevant traffic scenarios; -The system does not endanger under fault- and non-fault conditions other traffic participants Hazard Analysis and Risks Assessment (HARA) Purpose: confirmation of the process Functional Safety Concept Assessment Reports Purpose: Analyze failure modes, occurrence probabilities, severity/effects and detection capabilities Failure Mode Effective Analysis (FMEA) Failure Tree Analysis (FTA) Matrix of all failures, failure simulation and strategy, safe state/risk minimal condition Purpose: Identify all non-fault conditions (e.g. disturbances/environmental constraints) that lead to a safety-relevant*/traffic-compliance-relevant system behavior Safety of the Intended Function Analysis (SOTIF) System/component specifications Purpose: Consistent requirements management Integration/Implementation testing: Testing and Safety Assessment Reports Purpose: Verification that the safety requirements are effectively implemented Safety-Case Purpose: Gives evidence (collects work products) in a consistent/structured way that the system is acceptably safe Manufacturers’ statement/self-declaration OEM to make open for inspection OEM to submit to technical service

6 Assessment Structure: Safety Concept and Validation
Certification of Automated Driving Systems (L3-L5) Objective: System is safe and technical compliant Assessment  Focus Safety Concept and Validation General system safety requirements Internal vehicle HMI Requirements tbd in the regulation (Annex 3 General requirements) OEM to explain the strategy and the requirements’ implementation in the system Part of this to be (exemplarily) covered by real-world test drive and OEM self declaration Driver Monitoring Transition Scenario Traffic rules The system complies with traffic rules/traffic laws Integration/Implementation testing: Test Reports (Note: Analysis of relevant traffic rules/laws is part of the process audit) Self declaration OEM to make open for inspection OEM to submit to technical service

7 Next steps What is the expectation of the Contracting Parties regarding the development of the audit/assessment part? As soon as the group agrees on the overall vision/structure of the audit/assessment, the detailed content can be defined, e.g.: Agree on necessary data/documentation to be included under consideration of IP-issues Agree on necessary/acceptable procedures/tools to be applied Define acceptable criteria/standards for the safety concept

Download ppt "Submitted by the experts of OICA"

Similar presentations

Building a Cradle-to-Grave Approach with Your Design Documentation and Data Denise D. Dion, EduQuest, Inc. and Gina To, Breathe Technologies, Inc.

Building a Cradle-to-Grave Approach with Your Design Documentation and Data Denise D. Dion, EduQuest, Inc. and Gina To, Breathe Technologies, Inc.
Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
1 Welcome Safety Regulatory Function Handbook April 2006.

1 Welcome Safety Regulatory Function Handbook April 2006.
Medical Device Software Development

Medical Device Software Development
Overview Lesson 10,11 - Software Quality Assurance

Overview Lesson 10,11 - Software Quality Assurance
Vectus Ltd. 2008 Copyright Page 1 Safety Process in Vectus ’ PRT Project Inge Alme: Safety Manager Jörgen Gustafsson: CTO.

Vectus Ltd Copyright Page 1 Safety Process in Vectus ’ PRT Project Inge Alme: Safety Manager Jörgen Gustafsson: CTO.
Quality Risk Management ICH Q9 Annex I: Methods & Tools

Quality Risk Management ICH Q9 Annex I: Methods & Tools
National Highway Traffic Safety Administration Electrical Safety William Joel Sánchez.

National Highway Traffic Safety Administration Electrical Safety William Joel Sánchez.
16.5.20021 VTT-STUK assessment method for safety evaluation of safety-critical computer based systems - application in BE-SECBS project.

VTT-STUK assessment method for safety evaluation of safety-critical computer based systems - application in BE-SECBS project.
WHAT IS SYSTEM SAFETY? The field of safety analysis in which systems are evaluated using a number of different techniques to improve safety. There are.

WHAT IS SYSTEM SAFETY? The field of safety analysis in which systems are evaluated using a number of different techniques to improve safety. There are.
The Development of BPR Pertemuan 6 Matakuliah: M0734-Business Process Reenginering Tahun: 2010.

The Development of BPR Pertemuan 6 Matakuliah: M0734-Business Process Reenginering Tahun: 2010.
1 ACSF Test Procedure Draft proposal – For discussion OICA and CLEPA proposal for the IG Group ACSF Tokyo, 2015, June 16-17 Informal Document ACSF-02-07.

1 ACSF Test Procedure Draft proposal – For discussion OICA and CLEPA proposal for the IG Group ACSF Tokyo, 2015, June Informal Document ACSF
Over View of CENELC Standards for Signalling Applications

Over View of CENELC Standards for Signalling Applications
SAFETY MANAGEMENT SYSTEM IN TURKISH STATE RAILWAYS (TCDD)

SAFETY MANAGEMENT SYSTEM IN TURKISH STATE RAILWAYS (TCDD)
SwCDR (Peer) Review 1 UCB MAVEN Particles and Fields Flight Software Critical Design Review Peter R. Harvey.

SwCDR (Peer) Review 1 UCB MAVEN Particles and Fields Flight Software Critical Design Review Peter R. Harvey.
Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.

Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.
Failure Modes, Effects and Criticality Analysis

Failure Modes, Effects and Criticality Analysis
1 6th ACSF meeting Tokyo, 19-21 April 2016 Requirements for “Sensor view” & Environment monitoring version 1.0 Transmitted by the Experts of OICA and CLEPA.

1 6th ACSF meeting Tokyo, April 2016 Requirements for “Sensor view” & Environment monitoring version 1.0 Transmitted by the Experts of OICA and CLEPA.
An Integrated Model-Based Approach to System Safety and Aircraft System Architecture Development Eric Villhauer – Systems Engineer Brian Jenkins – System.

An Integrated Model-Based Approach to System Safety and Aircraft System Architecture Development Eric Villhauer – Systems Engineer Brian Jenkins – System.
Transmitted by the Experts of TRL (EC)

Transmitted by the Experts of TRL (EC)

Similar presentations

Ads by Google