文章“合规性工具管理:面向功能安全、SOTIF、人工智能(AI)与网络安全”目前仅提供英文版本。在安全关键型项目中,开发工具发挥着核心作用。ISO 26262针对这类工具制定了成熟的资质认证流程。其他相关标准,例如ISO 21448(SOTIF)、ISO 21434(网络安全)以及ISO/PAS 8800(人工智能安全),同样要求对所使用的工具进行系统的评估与资质确认。本文为您展示如何在实际项目中有效落实这些标准要求。
合规性工具管理:面向功能安全、SOTIF、人工智能(AI)与网络安全
Within safety-related standards in the automotive industry, ISO 26262 provides thorough guidance on tool management from a functional safety perspective. However, ISO 26262 is not the only standard addressing tool-related requirements in the automotive domain. In this article, we broaden the scope of tool management in the automotive industry by including perspectives from Safety of the intended functionality (SOTIF), Artificial Intelligence (AI), and Cybersecurity standards.
What Is Tool Management and How It Works?
In the world of safety-related software development, many tools have been used, sometimes complete toolchains. However, errors, or commonly known as “bugs” may happen within them. The work products produced by these tools are interdependent: the errors are transferable and can ultimately lead to errors in the final product. The consequences of these errors can be difficult to quantify, and even minor errors can lead to unpredictable safety defects or risks in safety-critical systems. Safety-critical software developers are working so hard to eliminate them. To help developers gain confidence in the tools, tool-related prevention methods have been introduced by modern functional safety standards, and tool management is one of them.
Tool Management in Automotive Safety Standards
In fact, tool management is addressed by more than just ISO 26262. It is recommended to thoroughly assess the intended use of development tools from multiple perspectives early in the development process to reduce rework and save time and effort.
The following figure lists the standards that address tool management in automotive E/E systems: Functional Safety (ISO 26262), SOTIF (ISO 21448), AI Safety (ISO/PAS 8800), and Cybersecurity (ISO 21434).
In ISO 26262-8, the functional safety standard for the automotive industry has included requirements related to tool management. The process recommended by ISO 26262 standard is described as a two-step approach:
- Tool classification: to determine the confidence level for each software tool.
- Tool qualification: if the Tool Confidence Level (TCL) of the software is classified as TCL 3 or TCL 2, tool qualification should be executed to establish the required confidence might be necessary.
To learn more about this topic, please refer to the article: Tool Classification and Qualification in Compliance with ISO 26262, where we introduce the process in detail.
In the section on support processes in ISO 21448:2022 (Safety of the Intended Functionality, SOTIF), the standard recommends applying methods from ISO 26262-8 to software tools relevant to SOTIF-related development:
- Beyond explicit tool errors, the capability of a simulation tool to represent the real world within defined tolerances is especially relevant in the SOTIF context.
- Likewise, the accuracy of real-world data measurement plays a critical role in SOTIF-relevant validation processes.
When bringing the safety and Artificial Intelligence (AI) to the discussion, it is necessary to consider the confidence in use of AI development frameworks and the software tools used for AI model development. During the training and optimizations of AI models, tools such as data labeling tools are commonly used. The use of these tools can potentially introduce errors that happen to training or deployment. According to ISO/PAS 8800, confidence in the use of such software tools must be ensured to avoid introducing unacceptable safety risks. In these cases, ISO 26262-8 Clause 11 provides a suitable approach for tool qualification.
From a cybersecurity perspective, ISO 21434 emphasizes the need for tool management. The standard requires organizations to provide evidence that the tools used during software development do not adversely affect cybersecurity. The tool category here has been extended to development tools, production tools, and maintenance tools.
In short, tool management approaches defined in ISO 21448 and ISO/PAS 8800 are based on the tool classification and qualification concepts introduced by ISO 26262. In contrast, ISO 21434 follows a distinct approach to tool categorization and qualification. It is worth noting that tool categories may vary across standards: a tool might be categorized differently depending on the applied standards.
Conclusion
Tool management is critical for establishing confidence in the use of development tools in safety- and security-related automotive projects. ISO 26262 provides a structured approach with defined methods for tool classification and qualification. Other related standards such as ISO 21434, ISO 21448, and ISO/PAS 8800 either follow similar principles or propose alternative approaches.
In practice, many of these related standards offer limited detailed guidance on how to implement tool management. Nevertheless, it is highly beneficial to assess early in the development process which tools may require qualification under which standard. This proactive evaluation supports more efficient, compliant, and effective tool management across your projects.
More From Our Experts
We offer various information to support you dive deeper in this topic.
Training: ISO 26262 Tool Classification and Qualification
Starting with a systematic introduction to the tool classification and qualification requirements of ISO 26262-8, this one-day training class also provides current industry best practices and discusses trends and lessons learned.
Webinar: How to Prevent Tool Errors from Jeopardizing the Safety of Your System
In this webinar, we share insights, best practices, and lessons learned from applying the related ISO 26262 requirements in a real-world engineering setting.
