Important Functional Safety Words - Red Lights and Alarms

Tuesday, November 13, 2018

#Functional Safety

When reviewing an RFQ for new business, it is important to search for two key phrases. These phrases should set off red lights and alarm bells, especially if no supporting analysis is overtly provided by your customer in the RFQ package to clarify them. They are:

1.) "Not Safety Critical" -- The RFQ and/or other customer correspondence implies in this situation that the device or module being quoted is not going to be used in a safety critical application; that is, it has no safety critical characteristics under ISO 26262. In this case, ISO 26262 does not apply. This frees you and the customer from the extra work required to design, test and manufacture a safety critical part or module, and the corresponding system into which it will be placed.

2.) "QM" or "Quality Management" -- Stated overtly, usually of the form "The module is not safety critical, even though it's part of a Safety Critical system, because it's rated QM." The implication here is that a detailed analysis has been conducted under ISO 26262 and it has been determined by your customer that the functionality to be provided by your part is not safety critical, and that you don't have to worry about it as a result.

Ask a few Questions

With either of these phrases present, most of us would immediately make a few preliminary assumptions and proceed to quote the business without further thought. This would not be a good idea. A bit of due diligence is required in order to make sure that either determination, if present, is correct. Furthermore, that you and your customer both understand why it's correct, and what the implications of the determination are before proceeding.

Let's start with the second of these. For a determination of QM to be made a non-trivial, up-front analysis must be conducted by the customer. ISO 26262 very clearly describes the Work Products necessary, starting with a Vehicle-level Hazard Analysis and Risk Assessment (HARA). You owe it to yourself to ask to see this analysis. It would be a good idea to take advantage of a review to ensure that you agree with the method(s) used to make the determination and the conclusions that have come out of the analysis. One consequence of accepting any business with the terms as offered is that you have a responsibility to check them. Customers can make mistakes, perhaps not often, but they do occur. Remember that safety is about sweating the smallest details. The tiniest detail, if missed, could lead to the violation of a safety goal and someone could get hurt.

Now let's return to the first one. Surprisingly a determination of "Not Safety Critical" is also not a trivial conclusion, yet it is treated as such in too many instances. You need to make sure that your customers have not trivialized it so that they could avoid the detailed work required. Just as important, if your customers have not been exposed to ISO 26262 beforehand, they may not realize that what they're asking you to provide is actually safety critical, at least in some way. In fact, don't rely upon them to know even if they have been trained and are seasoned. If they insist that it's not safety critical, you need to insist on seeing the analysis. This too starts with a HARA. If you don't receive an analysis indicating how they've determined whether it's safety critical or not, you should seriously reconsider your business strategy for the opportunity. You'll likely be caught by the missing details later, costing extra time and money that exceeds the project budget and negatively impacts your profit.

Remember, the most overlooked safety case is the RFQ with only one Work Product stated.   Always request a copy of the analysis that indicates that the product to be quoted isn't safety critical.


Do you need to improve your automotive product development, to increase efficiency, or to comply with ASPICE and Functional Safety? You are at the right place.