Skip to content

Commit 5758ba4

Browse files
update safety analysis template
1 parent 08cb1fb commit 5758ba4

1 file changed

Lines changed: 95 additions & 25 deletions

File tree

docs/safety_mgt/module_safety_analysis_fdr.rst

Lines changed: 95 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -34,67 +34,137 @@ Safety Analysis Checklist
3434

3535

3636
**Purpose**
37-
38-
The purpose of this Safety Analysis (DFA and FMEA) checklist template is to collect the topics to be checked during verification of the Safety Analysis.
37+
The purpose of this Safety Analysis (DFA and FMEA) formal review report template is to collect the topics to be checked during verification of the Safety Analysis.
3938

4039
**Conduct**
41-
4240
As described in :need:`wf__p_formal_rv`, the formal document review is performed by an "external" safety manager:
4341

44-
- reviewer: <committer with safety manager skills explicitly named here>
42+
- reviewer: **<committer with safety manager skills explicitly named here>**
43+
- scope: **<describe the scope of the review here, e.g. "the safety analysis of the module and its results">**
4544

4645
**Checklist**
4746

48-
Please note that the "passed" column must contain "yes" or "no" for each checklist item. Additionally, the remarks column must explain why item passed or did not passed. In case of "no" an issue link to the issue tracking system has to be added in the last column. See also the review concept for further information about reviews in general and inspection in particular.
47+
Please note that it is mandatory to fill in the "passed" column with "yes" or "no" for each checklist item and additional to add in the remarks why it is passed or not passed. In case of "no" an issue link to the issue tracking system has to be added in the last column. See also :ref:`review_concept` for further information about reviews in general and inspection in particular.
48+
49+
50+
.. list-table:: General Checklist
51+
:header-rows: 1
52+
:widths: 10,30,10,30,20
53+
54+
* - ID
55+
- Safety analysis activity
56+
- Compliant to ISO 26262?
57+
- Reference
58+
- Comment
59+
60+
* - Gen 1
61+
- Are the safety analysis performed according to the defined process and templates? See :ref:`process_requirements_safety_analysis` and also :ref:`FMEA_templates` and :ref:`dfa_templates`
62+
- [YES | NO ]
63+
- :need:`[[title]] <std_req__iso26262__analysis_841>`, :need:`[[title]] <std_req__iso26262__analysis_849>`, :need:`[[title]] <std_req__iso26262__analysis_8410>`, :need:`[[title]] <std_req__iso26262__analysis_748>`
64+
- <Rationale for result>
65+
66+
* - Gen 2
67+
- Are the safety analysis performed in a systematic way to identify the potential dependent failures / failure modes and their effects? Are the failure effect and the mitigation described?
68+
- [YES | NO ]
69+
- :need:`[[title]] <std_req__iso26262__analysis_849>`, :need:`[[title]] <std_req__iso26262__analysis_8410>`
70+
- <Ensured and checked by application of the defined templates and processes>
71+
72+
* - Gen 3
73+
- Is the result of the safety analysis indicate if the safety requirements are complied?
74+
- [YES | NO ]
75+
- :need:`[[title]] <std_req__iso26262__analysis_842>`
76+
- <Rationale for result>
77+
78+
* - Gen 4
79+
- Are the mitigations effective and implemented?
80+
- [YES | NO ]
81+
- :need:`[[title]] <std_req__iso26262__analysis_844>`
82+
- <Rationale for result>
83+
84+
* - Gen 5
85+
- Are all AoU's that are used as mitigation's created and covered in the safety manual?
86+
- [YES | NO ]
87+
- :need:`[[title]] <std_req__iso26262__analysis_845>`
88+
- <Rationale for result>
4989

50-
.. list-table:: Safety Analysis Checklist
90+
* - Gen 6
91+
- Are additional safety-related test cases determined by potential results of the safety analyses?
92+
- [YES | NO ]
93+
- :need:`[[title]] <std_req__iso26262__analysis_847>`
94+
- <Rationale for result>
95+
96+
97+
.. list-table:: DFA Checklist
5198
:header-rows: 1
52-
:widths: 10,10,30,30,20
99+
:widths: 10,30,10,30,20
53100

54101
* - ID
55102
- Safety analysis activity
56103
- Compliant to ISO 26262?
57104
- Reference
58105
- Comment
59106

60-
* - 1
107+
* - DFA 1
108+
- Are the potential dependent failures identified by performming a DFA?
109+
- [YES | NO ]
110+
- :need:`[[title]] <std_req__iso26262__analysis_741>`
111+
- <Rationale for result>
112+
113+
* - DFA 2
61114
- Is it plausible that each potential identified dependent failure that has been identified, will lead to a dependent failure which cause a violation of FFI?
62115
- [YES | NO ]
63116
- :need:`[[title]] <std_req__iso26262__analysis_742>`
64117
- <Rationale for result>
65118

66-
* - 2
67-
- Are the failure initiators :need:`[[title]] <gd_guidl__dfa_failure_initiators>` / fault models :need:`[[title]] <gd_guidl__fault_models>` applied?
119+
* - DFA 3
120+
- Are applicable operational situations and operating modes considered?
121+
- [YES | NO ]
122+
- :need:`[[title]] <std_req__iso26262__analysis_743>`
123+
- <Rationale for result>
124+
125+
* - DFA 4
126+
- Are the failure initiators :need:`[[title]] <gd_guidl__dfa_failure_initiators>` suitable and applied?
68127
- [YES | NO ]
69128
- :need:`[[title]] <std_req__iso26262__analysis_744>`
70129
- <Rationale for result>
71130

72-
* - 3
73-
- Are measures defined to resolute the identified potential dependent failures?
131+
* - DFA 5
132+
- Is a rationale provided for each identified potential dependent failure?
74133
- [YES | NO ]
75-
- :need:`[[title]] <std_req__iso26262__analysis_746>`, :need:`[[title]] <std_req__iso26262__analysis_747>`
134+
- :need:`[[title]] <std_req__iso26262__analysis_745>`
76135
- <Rationale for result>
77136

78-
* - 4
79-
- Is the result of the safety analysis indicate if the safety requirements are complied?
137+
* - DFA 6
138+
- Are measures defined to resolve the identified potential dependent failures?
80139
- [YES | NO ]
81-
- :need:`[[title]] <std_req__iso26262__analysis_842>`
140+
- :need:`[[title]] <std_req__iso26262__analysis_746>`, :need:`[[title]] <std_req__iso26262__analysis_747>`, :need:`[[title]] <std_req__iso26262__analysis_843>`
82141
- <Rationale for result>
83142

84-
* - 5
85-
- Are for all not complied safety requirements mitigations defined to resolute the non-compliance? The mitigations shall have a direct influence on the violation by prevention, detection or mitigation to reduce the risk to an acceptable level.
143+
* - DFA 7
144+
- Can be the required level of independence shown for the identified potential dependent failures?
86145
- [YES | NO ]
87-
- :need:`[[title]] <std_req__iso26262__analysis_843>`
146+
- :need:`[[title]] <std_req__iso26262__analysis_748>`
88147
- <Rationale for result>
89148

90-
* - 6
91-
- Are the mitigations effective and implemented?
149+
150+
.. list-table:: FMEA Checklist
151+
:header-rows: 1
152+
:widths: 10,30,10,30,20
153+
154+
* - ID
155+
- Safety analysis activity
156+
- Compliant to ISO 26262?
157+
- Reference
158+
- Comment
159+
160+
* - FMEA 1
161+
- Are the fault models suitable and applied for the FMEA? See :ref:`fault_models` and also :ref:`process_requirements_safety_analysis`
92162
- [YES | NO ]
93-
- :need:`[[title]] <std_req__iso26262__analysis_844>`
163+
- :need:`[[title]] <std_req__iso26262__analysis_846>`
94164
- <Rationale for result>
95165

96-
* - 7
97-
- Are the templates for DFA and/or FMEA used? See the DFA templates, FMEA templates, and process requirements for safety analysis.
166+
* - FMEA 2
167+
- Are measures defined to resolve the identified faults?
98168
- [YES | NO ]
99-
- :need:`[[title]] <std_req__iso26262__analysis_748>`, :need:`[[title]] <std_req__iso26262__analysis_849>`, :need:`[[title]] <std_req__iso26262__analysis_8410>`
169+
- :need:`[[title]] <std_req__iso26262__analysis_843>`
100170
- <Rationale for result>

0 commit comments

Comments
 (0)