How do companies successfully pass a Functional Safety Audit – A Guide

May 15, 2024 – Reading time: 7 minutes

A common scene: The development of a new product is almost done, and the finishing touches are made. However, one major obstacle is still to be overcome, since the functional safety audit for the product is coming up. Often, safety managers end up in stressful situations to make sure the product is aligned with the requirements of the respective safety norms in the industry, such as the IEC 61508, ISO 26262 (automotive), or EN 50126 (rail). To ensure that the demands from the buyer are met, both at system and process level, we have compiled the most important tips and tricks to show you how you can successfully pass your next functional safety audit, even on a time crunch. The following article will guide you along the three phases of a safety audit – preparation, execution, and completion – to provide an insight into the most important aspects of a safety audit.

Audit preparation

Solid audit preparation is the key to success. However, the actual preparation does not begin with the planning stage of the audit. Building a solid safety culture promotes a high level of understanding and commitment to safety in product development. Establishing a safety culture ensures that safety work packages are not just seen as a separate requirement, but as an integral part of the entire development process. In addition, acceptance of and commitment to audit and assessment processes are increased.

Establishing and living a safety culture is required by the safety relevant standards . But don’t worry, experience shows that many companies still have some catching up to do here. Safety is often only considered at a late stage of development – a fact that urgently needs to be changed for the reasons mentioned above, but requires a long-term rethink and adaptation of the development process.

However, even if a safety audit is due at short notice, there are solutions for bringing product development to a successful conclusion. We recommend carrying out a safety assessment as a first step. Depending on the safety classification of the project, which results from the risk assessment of the hazards, it is determined who carries out the assessment. It can be performed either by an internal safety manager or by external safety providers. In most cases, companies have internal guidelines on how independent the assessor must be. Safety assessments are a standardized, proven procedure that can be performed within a short period of time in order to compare the current state of development with the requirements of the relevant standards at both product and process level. The result is not only a gap analysis of the remaining gaps to be closed to be able to pass an audit but also a very specific action plan on how to proceed. Even when not mandatory by the respective standards, external outsourcing is recommended when experiencing resource bottlenecks. These bottlenecks can be related to staffing shortages, lack of expertise, or time and money.

During the direct preparation for an functional safety audit, there are a few points that should be considered. Every audit should be planned and communicated in advance. Open communication about the audit at an early stage promotes acceptance and internal willingness to cooperate, which can have a direct impact on the success of the audit. In addition, early communication of the audit allows the company to prepare itself for the audit so that the exchange with the audit firm and the auditors is also optimal. The standard specifies which documents are to be created during development, depending on the application. These documents are continuously improved and updated during the development process. Examples of these documents from ISO 26262 are the safety case, the safety plan, the functional and the technical safety concept. In most companies the quality management specifies which safety relevant documents must be created. These should be up to date at the time of the audit to ensure that all development progress is shown to the auditor.

Audit execution

Typically, the proofreading of documents is done remotely, while the testing of a product, for example, is done on-site. The process can take hours, days or weeks depending on the product. There are at least two auditors involved in an audit process, but the number can be higher depending on the project. On the company side, the people involved are the safety managers, project managers, system experts, hardware and software experts. The team must be aligned in terms of communication and cooperation with the auditor.

During the audit, interaction and communication with the auditing company, the auditors and your own team is crucial to the success of the audit. A key aspect of this is cooperation on an equal footing between all parties involved. This makes it possible to clarify any misunderstandings that may arise and ensure that all relevant information is exchanged. It is also important to analyze any recommendations made by the auditor through your own experts. Wherever possible, the recommendations made should be implemented or dealt with immediately.

Another key aspect is the mindset and attitude of your own experts towards the auditor. In general, good cooperation and mutual commitment with the auditor should be ensured. Transparency about the development process and a detailed explanation of the individual steps by the experts lead to increased trust on both sides. This information should therefore be as comprehensive, detailed and truthful as possible.

Audit completion

The completion of the functional safety audit is crucial for securing the audit results and following up on possible new work packages. The findings from the audit should be incorporated into the safety process in order to eliminate weaknesses and enable better performance in future audits. Sufficient time planning ensures that the implementation of the necessary measures is not rushed and that the quality of the measures is not compromised. Finally, it must be ensured that all audit results are properly documented to enable an improvement in the development process.

Once the audit has been completed, the results will be reported to you. If you have passed the audit, you will receive a certification of confirmation that you developed the product according to the norm. If you have failed the audit, you will be given the opportunity to close the gaps resulting from the audit.

In today’s technology landscape, safety standards are critical to ensuring the safety and reliability of systems. Through good preparation, effective interaction during the audit and careful follow-up, companies can overcome audit challenges.

Download Dos & Don’ts

Do you want to make your audits even more successful? Download our Do’s and Don’ts checklist and optimize your audit process today.

Authors

  • Philipp Hofmann

    Head of Safety Management

  • Niklas Hammes

    Safety Management Consultant

How can we accelerate your development?
Let’s start

Resources

Learn more