by Dieter Wiedenhofer
The ISO 26262 Functional Safety standard is foundational for ensuring that vehicles are both safe and reliable. While ASIL compliance generally occurs at the end of the development phase, the standard also underscores the need for ongoing maintenance and the manufacturer’s responsibility for field monitoring after product release. This continuous oversight involves evaluating any safety implications that may result from customer returns or the failures observed during real-world operation. It also improves the overall quality and trustworthiness of the product, contributing to safer roads and greater customer satisfaction.
The Dual Value of Field Monitoring
Field monitoring serves two primary functions: detecting safety anomalies and extracting valuable lessons for future improvements. Both aspects are essential for maintaining the highest standards of safety and quality in automotive products.
- Safety Anomalies
The first and most critical role of field monitoring is to identify potential safety anomalies in returned parts. This step is vital for validating the safety concepts that were implemented during the development phase. If anomalies are detected, immediate corrective actions must be taken. The feedback from these evaluations is then used to update the original safety case, specifically the product's risk analysis called FMEDA (Failure Modes, Effects, and Diagnostic Analysis). This ensures that the safety mechanisms are robust and can handle real-world scenarios effectively.
- Lessons Learned
Field monitoring also provides a wealth of insights and lessons learned for specific products or product categories. These insights are crucial for the 8D problem resolution process, which is a structured method for solving complex issues. The lessons learned from returned parts must drive preventive measures to avoid future failures. Any corrective actions taken are documented in the DFMEA (Design FMEA) and serve as references for future designs. To ensure a comprehensive feedback loop, new failure modes and corrective actions are transferred to internal databases, which are then integrated into the DFMEA and FMEDA templates for upcoming projects.
Closing the Loop with Efficient Field Monitoring Processes
Figure 1: Closing the loop using Field Monitoring
To effectively close the loop and support a process of continuous improvement, the field monitoring process can be broken down into three main steps:
- Analyze 8D Reports:
- Step 1: Review all safety-related automotive 8D reports within a specific time frame to identify root causes of failures. Document the status of observed failure modes, their effects at the application level, and the root causes associated with components within the IC (Integrated Circuit). Classify these reports into main root cause categories such as "IC Production (Fab)," "Test Coverage," "Design," or "Assembly." A dedicated peer review can help draw meaningful conclusions from this analysis.
- Document Preventive Measures:
- Step 2: If corrective actions are necessary to address failures in areas like design or test coverage, document the corresponding preventive measures in the risk analysis, specifically in the DFMEA. For fault types related to IC production or assembly, review the PFMEA (Process FMEA) to ensure it includes preventive or detection measures for future occurrences. This step aligns with international quality management standards like IATF 16949, ensuring a holistic approach to safety and quality.
- Evaluate Safety Impact:
- Step 3: Assess the impact of observed symptoms on the product-specific safety goals. Verify whether the failure mode is already addressed by the existing safety concept and whether a dedicated safety mechanism is in place to detect or mitigate it. This evaluation is typically conducted through bench testing during the failure analysis. If the failure mode is effectively managed by a safety mechanism or naturally leads the system to a safe state, it is not classified as a safety anomaly. A team of experts, usually functional safety managers, summarizes the evaluation results and documents them in the relevant database or 8D systems.
Field Monitoring Processes Supporting Lessons Learned
The data extracted from the field monitoring process contains valuable additional information that can be used for new projects. Any new set of potential failure modes or additional preventive/detective measures can be collected and transferred back to the corresponding risk analysis tools. For instance, items relevant to a DFMEA would lead to an update of the associated DFMEA templates, supported by our DFMEA tools. Users can be automatically informed about these updates, ensuring that new projects always start with the most current and relevant information.
Similarly, any items pertinent to the FMEDA can result in updates to the related components within the component reuse libraries. This efficient implementation of the field monitoring process is not just a formal requirement of ISO 26262; it adds significant value by identifying risks related to field returns and closing potential gaps. Moreover, it serves as a valid source of lessons learned, enhancing the safety and reliability of future products.
Helping to Ensure Automotive Well-Being
Field monitoring plays a vital role in ISO 26262 Functional Safety, ensuring both safety and quality are maintained across the entire product lifecycle. By detecting safety anomalies and extracting valuable lessons, manufacturers can continuously improve their products and processes. The structured approach outlined in the 8D problem resolution process, combined with the systematic documentation and updating of risk analysis tools, creates a robust feedback loop that enhances the safety and reliability of automotive systems. In an industry where safety is paramount, efficient field monitoring processes are not just a requirement—they are essential for earning trust and protecting the well-being of drivers and passengers alike.
Read more from the Automotive FuSa blog series