Subscribe, Like, Rate...
Related Content

View more by KFabris

EZ Spotlight Topics
A cute teddy bear comfortably sits in the back seat of a car, ready for an adventure.

Driving Safety Forward: A Deep Dive into ISO 26262 Reviews.

KFabris
4 minute read time.

by Arpita Potdar

When it comes to the automotive industry, safety is crucial. We trust vehicles to protect us during our daily commutes, long road trips, and everything in between. As cars become smarter, with more electronics and automated systems, ensuring their safety becomes even more complex. This is where ISO 26262, the global standard for functional safety in automotive systems, plays a crucial role in ensuring vehicles operate safely. A core element of this standard is verification reviews and confirmation measures—but what exactly are they, and why do they matter so much? 

In this blog, I will take you through the different reviews mentioned in ISO 26262 and what are the objectives or goals of each kind of review. How can we build a functional safe product based on confidence to confirm that established protocols have been followed?  

ISO 26262, automotive functional safety standard mentions different levels of review to be conducted at different phases of product development. A review involves examining the results of an activity to ensure it meets its intended objectives and provides the necessary evidence to justify completeness and correctness. ISO 26262 has specified two main types of review--verification review and confirmation measures. Both reviews have different objectives to achieve in the product development lifecycle. 

Verification: Building the Foundation

Verification activity is to ensure that the result of a development activity fulfills the project requirements, technical requirements which are the foundation of design. Examples include technical review, walkthrough, inspection, simulation, and testing. 

Verification review is product-focused. 

  Verification and verification review.

Figure 1. Verification and verification review. 

  • Review: Examination of a work product, for achievement of the intended work product goal, according to the purpose of the review. 
  • Walkthrough: Systematic examination of work products to detect anomalies through meetings and overview given by the author. 
  • Inspection: Examination of work products, following a formal procedure, to detect anomalies via a checklist or formal check procedure by a trained moderator.  

Inspection involves a group of reviews: The creator of the evidence, a moderator who drives the inspection, and SMEs/Senior Designers. 

 

Why a Verification Review? 

A verification review is a structured, independent evaluation of the work products—example, the technical safety requirements verification will ensure that they: 

  • Are complete, correct, and consistent with the functional safety requirements (derived from the safety goals). 
  • Provide sufficient evidence that the design and implementation will meet the safety requirement at the highest level. 
  • Maintain bidirectional traceability between safety goals, technical safety requirements, and verification results. 

Perform verification reviews iteratively at key milestones to identify and address issues early in the development process. 

Confirmation Measures: The Independent Assurance 

The goal of the confirmation measure is to ensure the intent of the safety activity and how it has contributed to the achievement of functional safety. Confirmation measures are performed for process and safety activities intent confidence. Confirmation measures provide confidence that the work product has sufficient and convincing evidence of its contribution to the achievement of functional safety considering the requirements of ISO 26262. 

 

There are three levels of confirmation measures to corroborate the achievement of functional safety of the item:  

 

  Control Measures.

 

Figure 2. Control Measures. 

 

How Verification and Confirmation Work Together? 

The figure below shows the relationship between verification and confirmation measure reviews and how they instill confidence in compiling safety case report. 

  Safety Case Report Compilation

 

Confirmation measures are intended to provide redundant checks on development activities and not to devolve the team of responsibilities. Functional safety assessment on top of confirmation review provides the assessor with an integrated view of different work products and can filter out issues, if present. The safety case report is a summary of the results of the defined activities completed, and the evidence that the claims are complete and correct. The safety case report is built on the evidence mentioned in the verification, confirmation, assessment and audit report. 

 

By confirming that all established protocols are followed, confirmation measures provide a robust safety case. This not only reassures stakeholders but also minimizes risks such as product recalls or failures that could lead to potential hazards or malfunctions. 

  • Verification review questions “Did we build the product according to requirements?” It answers questions about the correctness of implementation and whether the design and implementation comply with safety requirements. 
  • Confirmation measures questions “Can we prove, independently, that development process is methodologically acceptable?” It provides a higher level of assurance that the verification activities were executed properly, and that the final safety case is robust. 

 

By integrating both measures, we create a dual-layered defense—first internally through rigorous analyses, testing and reviews, and then externally via independent (from development teams) assessments. This two-tiered approach is central to achieving a functionally safe product and is a best practice recommended by ISO 26262. 

The Unsung Hero of Functional Safety: 

The next time you’re faced with the question, why so many reviews, isn't it overburdening the project team and extending timelines? No, they are critical -Verification and confirmation measures in ISO 26262 are not just checklists—they are fundamental pillars of a robust functional safety strategy. 

As automotive systems become ever more complex, embedding rigorous verification and confirmation processes into your development lifecycle is key to ensuring safety—and ultimately, saving lives. 

 

 Read more from the Automotive FuSa blog series

Tags: Automotive FuSa Automotive Solutions SafetyInDesign safety360 functional safety
    •  Analog Employees 

    Good article.  Two key points to highlight from Arpita's blog are:

    1. Verification and Confirmation reviews early in development (i.e. even before product is implemented) allows for much quicker and less expensive resolution of problems.  This is one of the biggest motivations as it is much more efficient and effective to catch problems earlier in development rather than waiting for the product to be implemented and for verification by test to find the problems.  This doesn't just help safety, but also efficiencies and costs.

    2. For any form of verification, the focus is on some comparison of an output with some input(s).  Some of the differences that Arpita calls out e.g., between Verification and Confirmation reviews, can be better understood by detailed exploring of what input(s) the outputs are being compared.  In general, the functional requirements are the easiest to capture while various non-functional requirements (e.g., compliance to a standard) don't always make it into the requirements in detail.  These different variations on verification and different analysis methods allow for broader coverage even when requirements may be missed.