August 10, 2021 – Reading time: 5 minutes
We all know that safety management is an essential part of the automotive engineering. But what seems to be obvious sometimes isn’t that obvious at all. So, I want to take the chance to share 5 current key insights into Automotive Safety Management with you.
1. Understanding Product Liability is Key to Understanding Safety Management
In the day-to-day business of automotive engineering and safety management, trying to meet customer specifications, design systems using state of the art technologies, and keep up with validation efforts, is easy to lose sight of why we do all of this.
Here’s your little reminder: No one wants to design a product that is unsafe, and no one wants to be responsible when something goes wrong. While this is true at an individual level for every engineer in safety management, for the business, it’s also very costly to be wrong. During the Automotive Safety Technologies 2021 Conference, Mashad Mally, Product Owner Functional Safety at Volvo Cars, shared some key insights to remind us of the legal precedent that was established from the previous errors in the automotive space including events like the Toyota Camry Sudden Acceleration fiasco.
We put in so much effort into the design, documentation, and validation of our systems not just because of the moral obligations, but also because of the legal ones. No one wants to be at fault for the next safety catastrophe – it can be as expensive on the conscious as it is on the pocketbook.
2. Strong Architecture and Modeling is necessary to achieve the goals of Functional Safety Management
Pictures! Good engineering design happens with pictures. It’s not enough to just break down and decompose requirements. Dr. Mario Kupries, Chief Software Architect Officer & Founder at .:ConnectomiX.IT, .:Iconnect.cX, knows this, and so do we at INVENSITY. It may sound silly but in order to do a good analysis on the system and ensure that the system is meeting the safety standards set forth in the modern era of vehicle development, we have to design using models.
It may sound simple, and in truth it is, but how many times do we skip steps and go straight to implementation when we think we know how to solve a problem already and are left trying to retrace our steps and document our architecture after the fact?
We see it all the time at our clients – but the reality is that architecture should be a part of the DESIGN phase. Model based architectures give us the means to really pull apart the system and look at them with strong safety analyses. This helps to reduce costly errors coming late in the process, and it makes it easier to evaluate the impact of changes on our system, a strong foundation for safety management efforts.
Besides, let’s be honest, drawing is the fun part of engineering!
3. SOTIF and Functional Safety Management are BOTH needed to create safe systems
They may sound similar, but in reality they are very different. Safety of the Intended Function (SOTIF) and Functional Safety Management (FuSa) both serve a similar purpose in the sense that they are process frameworks to ensure that, when we follow them, our system is safe. But the reality is that they do this in very different ways, with very different considerations. Neither is sufficient on its own to ensure safety of a modern system, so we need both to ensure a quality safety management program!
FuSa covers systematic and random failures of electronics, hardware, etc. while SOTIF covers situational and environmental scenarios. SOTIF assumes your system is working correctly, while FuSa aims to identify and mitigate the failures that lead to safety goal violations. To be sure we are safe with increasingly complex and autonomous vehicles, it really is necessary to account for failures AND situational and environmental scenarios, both in design and in validation.
4. Artificial Intelligence isn’t just a black box!
How can we ensure that artificial intelligence is safe when used in vehicles? As this new technology is increasingly becoming a part of our vehicles, it is important that we consider it intelligently as a part of our safety management programs. Timo Saemann, Product Technical Leader at Valeo, gave some wonderful insights into how intelligent use of data sets can allow us to have greater confidence in the safety of our AI.
While AI is often a black box that isn’t clear what the inner workings are, it is possible to build these systems in a way that can minimize the residual risk. It is also worth remembering that AI is safe when the product is safe! This gets harder and harder as we hand over more control to our vehicles, but through effective design and validation practices, AI can be implemented in a way that adds functionality, without adding risk.
5. What is considered safe depends on what culture we are operating in
Different cultures present different operating domains for vehicles. This also means that they have in many cases, different expectations around what safe means. So, what does safe really mean? How does this effect our Safety Management approach? “Functional Safety” means “absence of unreasonable risk due to hazards caused by malfunctioning behavior” as defined by ISO26262.
This means that it could mean something different in different parts of the world. Dr. Mario Kupries (Chief Software Architect Officer & Founder at .:ConnectomiX.IT, .:Iconnect.cX), Dr. Huw Davies (Assistant Professor in Automotive Systems Engineering at Coventry University Centre for Mobility and Transport), and Saurabh Deshpande (Techno-Commercial Manager- Vehicle Crashworthiness Engineering Design & Simulation Centre at Automotive Research Association of India) talked about this in a panel discussion during the conference. It’s an interesting perspective as I think when we usually develop vehicles, we design our safety management approach around the environments that we are used to, and just as important the infrastructure that we are used to.
When we start thinking about autonomous driving, it becomes clear that certain parts of infrastructure, like clear lanes, road signs, and other markings, need to be present before we can even start considering implementing autonomous vehicles. This is even true for many of the ADAS features that we’ve come to enjoy. While our current safety management programs are developing autonomous vehicles in a way where they will present close to 0 risk by the time they are mainstream, in some parts of the world this may not be possible for quite some time without either some infrastructure improvements, or some technological improvements as well.
If you are interested in discussing the topic of Automotive Safety Management further, please get in touch with me.