Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
GB/T 34590 consists of the following parts under the general title Road Vehicles - Functional Safety:
——Part 1: Vocabulary;
——Part 2: Management of Functional Safety;
——Part 3: Concept Phase;
——Part 4: Product Development at the System Level;
——Part 5: Product Development at the Hardware Level;
——Part 6: Product Development at the Software Level;
——Part 7: Production and Operation;
——Part 8: Supporting Processes;
——Part 9: Automotive Safety Integrity Level (ASIL)-oriented and Safety-oriented Analyses;
——Part 10: Guideline.
This part is Part 8 of GB/T 34590.
This part is developed in accordance with the rules given in GB/T 1.1-2009.
This part has been redrafted and modified in relation to ISO 26262-8:2011 Road Vehicles - Functional Safety - Part 8: Supporting Processes.
There are technical deviations between this part and ISO 26262-8:2011. The technical deviations, together with their justifications, are as follows:
——the application scope of this part is modified from "ISO 26262 is intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars with a maximum gross vehicle mass up to 3 500kg" to "This standard is intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars.";
——in order to adapt to the technical conditions in China, adjustment on technical deviations has been made in "Normative References" of this part, which is mainly reflected in Chapter 2 "Normative References" and detailed as follows:
ISO 26262-1:2011 is replaced with GB/T 34590.1-2017 which is modified in relation to international standard;
ISO 26262-2:2011 is replaced with GB/T 34590.2-2017 which is modified in relation to international standard;
ISO 26262-3:2011 is replaced with GB/T 34590.3-2017 which is modified in relation to international standard;
ISO 26262-4:2011 is replaced with GB/T 34590.4-2017 which is modified in relation to international standard;
ISO 26262-5:2011 is replaced with GB/T 34590.5-2017 which is modified in relation to international standard;
ISO 26262-6:2011 is replaced with GB/T 34590.6-2017 which is modified in relation to international standard;
ISO 26262-7:2011 is replaced with GB/T 34590.7-2017 which is modified in relation to international standard;
ISO 26262-9:2011 is replaced with GB/T 34590.9-2017 which is modified in relation to international standard.
The following editorial changes present in this part:
——the introduction and its expression as well as Figure 1 of international standard are modified.
This part was proposed by and is under the jurisdiction of National Technical Committee on Automobiles of Standardization Administration of China (SAC/TC 114).
Introduction
ISO 26262 is prepared based on IEC 61508 to comply with needs specific to the application sector of electrical and/or electronic (E/E) systems within road vehicles.
GB/T 34590 is the adaptation of ISO 26262 and applies to all activities during the safety lifecycle of safety-related systems comprised of electrical, electronic and software components.
Safety is one of the key issues of future automobile development. New functionalities not only in areas such as driver assistance, propulsion, in vehicle dynamics control and active and passive safety systems increasingly touch the domain of system safety engineering. Development and integration of these functionalities will strengthen the need for safe system development processes and the need to provide evidence that all reasonable system safety objectives are satisfied.
With the trend of increasing technological complexity, software content and mechatronic implementation, there are increasing risks from systematic failures and random hardware failures. GB/T 34590 includes guidance to avoid these risks by providing appropriate requirements and processes.
System safety is achieved through a number of safety measures, which are implemented in a variety of technologies (e.g. mechanical, hydraulic, pneumatic, electrical, electronic, programmable electronic) and applied at the various levels of the development process. Although GB/T 34590 is concerned with functional safety of E/E systems, it provides a framework within which safety-related systems based on other technologies can be considered. GB/T 34590:
a) provides an automotive safety lifecycle (management, development, production, operation, service, decommissioning) and supports tailoring the necessary activities during these lifecycle phases;
b) provides an automotive-specific risk-based approach to determine integrity levels [Automotive Safety Integrity Levels (ASIL)];
c) uses ASILs to specify applicable requirements of GB/T 34590 so as to avoid unreasonable residual risk;
d) provides requirements for validation and confirmation measures to ensure a sufficient and acceptable level of safety being achieved;
e) provides requirements for relations with suppliers.
Functional safety is influenced by the development process (including such activities as requirements specification, design, implementation, integration, verification, validation and configuration), the production and service processes and by the management processes.
Safety issues are intertwined with common function-oriented and quality-oriented development activities and work products. GB/T 34590 addresses the safety-related aspects of development activities and work products.
Figure 1 shows the overall structure of this edition of GB/T 34590. GB/T 34590 is based upon a V-model as a reference process model for the different phases of product development. Within the figure:
——the shaded “V”s represent the interconnection between GB/T 34590.3-2017, GB/T 34590.4-2017, GB/T 34590.5-2017, GB/T 34590.6-2017 and GB/T 34590.7-2017;
——the specific clauses are indicated in the following manner: "m-n", where "m" represents the number of the particular part and "n" indicates the number of the chapter within that part.
Example: "2-6" represents Chapter 6 of GB/T 34590.2-2017.
Figure 1 Overview of GB/T 34590-2017
Road Vehicles - Functional Safety - Part 8: Supporting Processes
1 Scope
This part of GB/T 34590 specifies requirements for supporting processes, including the following:
——interfaces within distributed developments;
——overall management of safety requirements;
——configuration management;
——change management;
——verification;
——documentation;
——confidence in the use of software tools;
——qualification of software components;
——qualification of hardware components; and
——proven in use argument.
This standard is intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars.
It does not address unique E/E systems in special purpose vehicles such as vehicles designed for drivers with disabilities.
Systems and their components released for production, or systems and their components already under development prior to the publication date of this standard, are exempted from the scope. For further development or alterations based on systems and their components released for production prior to the publication of this standard, only the modifications will be developed in accordance with this standard.
This standard addresses possible hazards caused by malfunctioning behavior of E/E safety-related systems, including interaction of these systems. It does not address hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy and similar hazards, unless directly caused by malfunctioning behavior of E/E safety-related systems.
This standard does not address the nominal performance of E/E systems, even if dedicated functional performance standards exist for these systems (e.g. active and passive safety systems, brake systems, Adaptive Cruise Control).
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 34590.1-2017 Road Vehicles - Functional Safety - Part 1: Vocabulary (ISO 26262-1:2011, MOD)
GB/T 34590.2-2017 Road Vehicles - Functional Safety - Part 2: Management of Functional Safety (ISO 26262-2:2011, MOD)
GB/T 34590.3-2017 Road Vehicles - Functional Safety - Part 3: Concept Phase (ISO 26262-3:2011, MOD)
GB/T 34590.4-2017 Road Vehicles - Functional Safety - Part 4: Product Development at the System Level (ISO 26262-4:2011, MOD)
GB/T 34590.5-2017 Road Vehicles - Functional Safety - Part 5: Product Development at the Hardware Level (ISO 26262-5:2011, MOD)
GB/T 34590.6-2017 Road Vehicles - Functional Safety - Part 6: Product Development at the Software Level (ISO 26262-6:2011, MOD)
GB/T 34590.7-2017 Road Vehicles - Functional Safety - Part 7: Production and Operation (ISO 26262-7:2011, MOD)
GB/T 34590.9-2017 Road Vehicles - Functional Safety - Part 9: Automotive Safety Integrity Level(ASIL)-oriented and Safety-oriented Analyses (ISO 26262-9:2011, MOD)
ISO/IEC 12207 Systems and Software Engineering - Software Life Cycle Processes
3 Terms, Definitions and Abbreviated Terms
For the purposes of this document, the terms, definitions and abbreviated terms given in GB/T 34590.1-2017 apply.
4 Requirements
4.1 General Requirements
When claiming compliance with GB/T 34590-2017, each requirement shall be complied with, unless one of the following applies:
a) tailoring of the safety activities in accordance with GB/T 34590.2-2017 has been planned and shows that the requirement does not apply;
b) a rationale is available that the non-compliance is acceptable and the rationale has been assessed in accordance with GB/T 34590.2-2017.
Information marked as a “Note” or “Example” is only for guidance in understanding, or for clarification of the associated requirement, and shall not be interpreted as a requirement itself or as complete or exhaustive.
The results of safety activities are given as work products. “Prerequisites” are information which shall be available as work products of a previous phase. Given that certain requirements of a clause are ASIL-dependent or may be tailored, certain work products may not be needed as prerequisites.
"Further supporting information" is information that can be considered, but which in some cases is not required by GB/T 34590-2017 as a work product of a previous phase and which may be made available by external sources that are different from the persons or organizations responsible for the functional safety activities.
4.2 Interpretations of Tables
Tables are normative or informative depending on their context. The different methods listed in a table contribute to the level of confidence in achieving compliance with the corresponding requirement. Each method in a table is either
a) a consecutive entry (marked by a sequence number in the leftmost column, e.g. 1, 2, 3), or
b) an alternative entry (marked by a number followed by a letter in the leftmost column, e.g. 2a, 2b, 2c).
For consecutive entries, all methods shall be applied as recommended in accordance with the ASIL. If methods other than those listed are to be applied, a rationale shall be given that these fulfil the corresponding requirement.
For alternative entries, an appropriate combination of methods shall be applied in accordance with the ASIL indicated, independent of whether they are listed in the table or not. If methods are listed with different degrees of recommendation for an ASIL, the methods with the higher recommendation should be preferred. A rationale shall be given that the selected combination of methods complies with the corresponding requirement.
Note: a rationale based on the methods listed in the table is sufficient. However, this does not imply a bias for or against methods not listed in the table.
For each method, the degree of recommendation to use the corresponding method depends on the ASIL and is categorized as follows:
——“++” indicates that the method is highly recommended for the identified ASIL;
——“+” indicates that the method is recommended for the identified ASIL;
——“o” indicates that the method has no recommendation for or against its usage for the identified ASIL.
4.3 ASIL-dependent Requirements and Recommendations
The requirements or recommendations of each subclause shall be complied with for ASIL A, B, C and D, if not stated otherwise. These requirements and recommendations refer to the ASIL of the safety goal. If ASIL decomposition has been performed at an earlier stage of development, in accordance with GB/T 34590.9-2017, Chapter 5, the ASIL resulting from the decomposition shall be complied with.
If an ASIL is given in parentheses in GB/T 34590, the corresponding subclause shall be considered as a recommendation rather than a requirement for this ASIL. This has no link with the parenthesis notation related to ASIL decomposition.
5 Interfaces within Distributed Developments
5.1 Objectives
The objective of this chapter is to describe the procedures and to allocate associated responsibilities within distributed developments for items and elements.
5.2 General
The customer (e.g. vehicle manufacturer) and the suppliers for item developments jointly comply with the requirements specified in GB/T 34590-2017. Responsibilities are agreed between the customer and the suppliers. Subcontractor relationships are permitted. Just as with the customer's safety-related specifications concerning planning, execution and documentation for in-house item developments, comparable procedures are to be agreed for co-operation with the supplier on distributed item developments, or item developments where the supplier has the full responsibility for safety.
Note 1: this chapter is not relevant for the procurement of standard components and parts or development commissions which do not place any responsibility for safety on the supplier.
Note 2: Table A.1 in Annex A provides an overview on objectives, prerequisites and work products of the particular phases of production and operation.
5.3 Inputs to this Chapter
5.3.1 Prerequisites
See applicable prerequisites of the relevant phases of the safety lifecycle for which a distributed development is planned and carried out.
5.3.2 Further supporting information
The following information can be considered:
——the draft version of development interface agreement (DIA) (from external source);
——the supplier’s tender based on a request for quotation (RFQ) (from external source).
5.4 Requirements and Recommendations
5.4.1 Application of requirements
5.4.1.1 The requirements of Chapter 5 shall apply to each item and element developed according to GB/T 34590-2017, except for off-the-shelf hardware parts, if either of the following applies:
a) there are no specific hardware safety requirements allocated to the hardware parts, or
b) the off-the-shelf hardware parts are qualified according to well-established procedures based on worldwide quality standards (e.g. AEC standards for electronic components), and the qualification of the off-the-shelf hardware parts covers ranges of parameters with regard to the intended application.
5.4.1.2 Requirements on the customer-supplier relationship (interfaces and interactions) shall apply to each level of the customer-supplier relationship.
Note 1: this includes subcontracts taken out by the top level supplier, subcontracts taken out by those subcontractors, etc.
Note 2: internal suppliers can be managed in the same way as external suppliers.
Foreword i Introduction iii 1 Scope 2 Normative References 3 Terms, Definitions and Abbreviated Terms 4 Requirements 4.1 General Requirements 4.2 Interpretations of Tables 4.3 ASIL-dependent Requirements and Recommendations 5 Interfaces within Distributed Developments 5.1 Objectives 5.2 General 5.3 Inputs to this Chapter 5.4 Requirements and Recommendations 5.5 Work Products 6 Specification and Management of Safety Requirements 6.1 Objectives 6.2 General 6.3 Inputs to this Chapter 6.4 Requirements and Recommendations 6.5 Work Products 7 Configuration Management 7.1 Objectives 7.2 General 7.3 Inputs to this Chapter 7.4 Requirements and Recommendations 7.5 Work Products 8 Change Management 8.1 Objectives 8.2 General 8.3 Inputs to this Chapter 8.4 Requirements and Recommendations 8.5 Work Products 9 Verification 9.1 Objectives 9.2 General 9.3 Inputs to this Chapter 9.4 Requirements and Recommendations 9.5 Work Products 10 Documentation 10.1 Objectives 10.2 General 10.3 Inputs to this Chapter 10.4 Requirements and Recommendations 10.5 Work Products 11 Confidence in the Use of Software Tools 11.1 Objectives 11.2 General 11.3 Inputs to this Chapter 11.4 Requirements and Recommendations 11.5 Work Products 12 Qualification of Software Components 12.1 Objectives 12.2 General 12.3 Inputs to this Chapter 12.4 Requirements and Recommendations 12.5 Work Products 13 Qualification of Hardware Components 13.1 Objectives 13.2 General 13.3 Inputs to this Chapter 13.4 Requirements and Recommendations 13.5 Work Products 14 Proven in Use Argument 14.1 Objectives 14.2 General 14.3 Inputs to this Chapter 14.4 Requirements and Recommendations 14.5 Work Products Annex A (Informative) Overview on and Document Flow of Supporting Processes Annex B (informative) DIA Example Bibliography
Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
GB/T 34590 consists of the following parts under the general title Road Vehicles - Functional Safety:
——Part 1: Vocabulary;
——Part 2: Management of Functional Safety;
——Part 3: Concept Phase;
——Part 4: Product Development at the System Level;
——Part 5: Product Development at the Hardware Level;
——Part 6: Product Development at the Software Level;
——Part 7: Production and Operation;
——Part 8: Supporting Processes;
——Part 9: Automotive Safety Integrity Level (ASIL)-oriented and Safety-oriented Analyses;
——Part 10: Guideline.
This part is Part 8 of GB/T 34590.
This part is developed in accordance with the rules given in GB/T 1.1-2009.
This part has been redrafted and modified in relation to ISO 26262-8:2011 Road Vehicles - Functional Safety - Part 8: Supporting Processes.
There are technical deviations between this part and ISO 26262-8:2011. The technical deviations, together with their justifications, are as follows:
——the application scope of this part is modified from "ISO 26262 is intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars with a maximum gross vehicle mass up to 3 500kg" to "This standard is intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars.";
——in order to adapt to the technical conditions in China, adjustment on technical deviations has been made in "Normative References" of this part, which is mainly reflected in Chapter 2 "Normative References" and detailed as follows:
ISO 26262-1:2011 is replaced with GB/T 34590.1-2017 which is modified in relation to international standard;
ISO 26262-2:2011 is replaced with GB/T 34590.2-2017 which is modified in relation to international standard;
ISO 26262-3:2011 is replaced with GB/T 34590.3-2017 which is modified in relation to international standard;
ISO 26262-4:2011 is replaced with GB/T 34590.4-2017 which is modified in relation to international standard;
ISO 26262-5:2011 is replaced with GB/T 34590.5-2017 which is modified in relation to international standard;
ISO 26262-6:2011 is replaced with GB/T 34590.6-2017 which is modified in relation to international standard;
ISO 26262-7:2011 is replaced with GB/T 34590.7-2017 which is modified in relation to international standard;
ISO 26262-9:2011 is replaced with GB/T 34590.9-2017 which is modified in relation to international standard.
The following editorial changes present in this part:
——the introduction and its expression as well as Figure 1 of international standard are modified.
This part was proposed by and is under the jurisdiction of National Technical Committee on Automobiles of Standardization Administration of China (SAC/TC 114).
Introduction
ISO 26262 is prepared based on IEC 61508 to comply with needs specific to the application sector of electrical and/or electronic (E/E) systems within road vehicles.
GB/T 34590 is the adaptation of ISO 26262 and applies to all activities during the safety lifecycle of safety-related systems comprised of electrical, electronic and software components.
Safety is one of the key issues of future automobile development. New functionalities not only in areas such as driver assistance, propulsion, in vehicle dynamics control and active and passive safety systems increasingly touch the domain of system safety engineering. Development and integration of these functionalities will strengthen the need for safe system development processes and the need to provide evidence that all reasonable system safety objectives are satisfied.
With the trend of increasing technological complexity, software content and mechatronic implementation, there are increasing risks from systematic failures and random hardware failures. GB/T 34590 includes guidance to avoid these risks by providing appropriate requirements and processes.
System safety is achieved through a number of safety measures, which are implemented in a variety of technologies (e.g. mechanical, hydraulic, pneumatic, electrical, electronic, programmable electronic) and applied at the various levels of the development process. Although GB/T 34590 is concerned with functional safety of E/E systems, it provides a framework within which safety-related systems based on other technologies can be considered. GB/T 34590:
a) provides an automotive safety lifecycle (management, development, production, operation, service, decommissioning) and supports tailoring the necessary activities during these lifecycle phases;
b) provides an automotive-specific risk-based approach to determine integrity levels [Automotive Safety Integrity Levels (ASIL)];
c) uses ASILs to specify applicable requirements of GB/T 34590 so as to avoid unreasonable residual risk;
d) provides requirements for validation and confirmation measures to ensure a sufficient and acceptable level of safety being achieved;
e) provides requirements for relations with suppliers.
Functional safety is influenced by the development process (including such activities as requirements specification, design, implementation, integration, verification, validation and configuration), the production and service processes and by the management processes.
Safety issues are intertwined with common function-oriented and quality-oriented development activities and work products. GB/T 34590 addresses the safety-related aspects of development activities and work products.
Figure 1 shows the overall structure of this edition of GB/T 34590. GB/T 34590 is based upon a V-model as a reference process model for the different phases of product development. Within the figure:
——the shaded “V”s represent the interconnection between GB/T 34590.3-2017, GB/T 34590.4-2017, GB/T 34590.5-2017, GB/T 34590.6-2017 and GB/T 34590.7-2017;
——the specific clauses are indicated in the following manner: "m-n", where "m" represents the number of the particular part and "n" indicates the number of the chapter within that part.
Example: "2-6" represents Chapter 6 of GB/T 34590.2-2017.
Figure 1 Overview of GB/T 34590-2017
Road Vehicles - Functional Safety - Part 8: Supporting Processes
1 Scope
This part of GB/T 34590 specifies requirements for supporting processes, including the following:
——interfaces within distributed developments;
——overall management of safety requirements;
——configuration management;
——change management;
——verification;
——documentation;
——confidence in the use of software tools;
——qualification of software components;
——qualification of hardware components; and
——proven in use argument.
This standard is intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars.
It does not address unique E/E systems in special purpose vehicles such as vehicles designed for drivers with disabilities.
Systems and their components released for production, or systems and their components already under development prior to the publication date of this standard, are exempted from the scope. For further development or alterations based on systems and their components released for production prior to the publication of this standard, only the modifications will be developed in accordance with this standard.
This standard addresses possible hazards caused by malfunctioning behavior of E/E safety-related systems, including interaction of these systems. It does not address hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy and similar hazards, unless directly caused by malfunctioning behavior of E/E safety-related systems.
This standard does not address the nominal performance of E/E systems, even if dedicated functional performance standards exist for these systems (e.g. active and passive safety systems, brake systems, Adaptive Cruise Control).
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 34590.1-2017 Road Vehicles - Functional Safety - Part 1: Vocabulary (ISO 26262-1:2011, MOD)
GB/T 34590.2-2017 Road Vehicles - Functional Safety - Part 2: Management of Functional Safety (ISO 26262-2:2011, MOD)
GB/T 34590.3-2017 Road Vehicles - Functional Safety - Part 3: Concept Phase (ISO 26262-3:2011, MOD)
GB/T 34590.4-2017 Road Vehicles - Functional Safety - Part 4: Product Development at the System Level (ISO 26262-4:2011, MOD)
GB/T 34590.5-2017 Road Vehicles - Functional Safety - Part 5: Product Development at the Hardware Level (ISO 26262-5:2011, MOD)
GB/T 34590.6-2017 Road Vehicles - Functional Safety - Part 6: Product Development at the Software Level (ISO 26262-6:2011, MOD)
GB/T 34590.7-2017 Road Vehicles - Functional Safety - Part 7: Production and Operation (ISO 26262-7:2011, MOD)
GB/T 34590.9-2017 Road Vehicles - Functional Safety - Part 9: Automotive Safety Integrity Level(ASIL)-oriented and Safety-oriented Analyses (ISO 26262-9:2011, MOD)
ISO/IEC 12207 Systems and Software Engineering - Software Life Cycle Processes
3 Terms, Definitions and Abbreviated Terms
For the purposes of this document, the terms, definitions and abbreviated terms given in GB/T 34590.1-2017 apply.
4 Requirements
4.1 General Requirements
When claiming compliance with GB/T 34590-2017, each requirement shall be complied with, unless one of the following applies:
a) tailoring of the safety activities in accordance with GB/T 34590.2-2017 has been planned and shows that the requirement does not apply;
b) a rationale is available that the non-compliance is acceptable and the rationale has been assessed in accordance with GB/T 34590.2-2017.
Information marked as a “Note” or “Example” is only for guidance in understanding, or for clarification of the associated requirement, and shall not be interpreted as a requirement itself or as complete or exhaustive.
The results of safety activities are given as work products. “Prerequisites” are information which shall be available as work products of a previous phase. Given that certain requirements of a clause are ASIL-dependent or may be tailored, certain work products may not be needed as prerequisites.
"Further supporting information" is information that can be considered, but which in some cases is not required by GB/T 34590-2017 as a work product of a previous phase and which may be made available by external sources that are different from the persons or organizations responsible for the functional safety activities.
4.2 Interpretations of Tables
Tables are normative or informative depending on their context. The different methods listed in a table contribute to the level of confidence in achieving compliance with the corresponding requirement. Each method in a table is either
a) a consecutive entry (marked by a sequence number in the leftmost column, e.g. 1, 2, 3), or
b) an alternative entry (marked by a number followed by a letter in the leftmost column, e.g. 2a, 2b, 2c).
For consecutive entries, all methods shall be applied as recommended in accordance with the ASIL. If methods other than those listed are to be applied, a rationale shall be given that these fulfil the corresponding requirement.
For alternative entries, an appropriate combination of methods shall be applied in accordance with the ASIL indicated, independent of whether they are listed in the table or not. If methods are listed with different degrees of recommendation for an ASIL, the methods with the higher recommendation should be preferred. A rationale shall be given that the selected combination of methods complies with the corresponding requirement.
Note: a rationale based on the methods listed in the table is sufficient. However, this does not imply a bias for or against methods not listed in the table.
For each method, the degree of recommendation to use the corresponding method depends on the ASIL and is categorized as follows:
——“++” indicates that the method is highly recommended for the identified ASIL;
——“+” indicates that the method is recommended for the identified ASIL;
——“o” indicates that the method has no recommendation for or against its usage for the identified ASIL.
4.3 ASIL-dependent Requirements and Recommendations
The requirements or recommendations of each subclause shall be complied with for ASIL A, B, C and D, if not stated otherwise. These requirements and recommendations refer to the ASIL of the safety goal. If ASIL decomposition has been performed at an earlier stage of development, in accordance with GB/T 34590.9-2017, Chapter 5, the ASIL resulting from the decomposition shall be complied with.
If an ASIL is given in parentheses in GB/T 34590, the corresponding subclause shall be considered as a recommendation rather than a requirement for this ASIL. This has no link with the parenthesis notation related to ASIL decomposition.
5 Interfaces within Distributed Developments
5.1 Objectives
The objective of this chapter is to describe the procedures and to allocate associated responsibilities within distributed developments for items and elements.
5.2 General
The customer (e.g. vehicle manufacturer) and the suppliers for item developments jointly comply with the requirements specified in GB/T 34590-2017. Responsibilities are agreed between the customer and the suppliers. Subcontractor relationships are permitted. Just as with the customer's safety-related specifications concerning planning, execution and documentation for in-house item developments, comparable procedures are to be agreed for co-operation with the supplier on distributed item developments, or item developments where the supplier has the full responsibility for safety.
Note 1: this chapter is not relevant for the procurement of standard components and parts or development commissions which do not place any responsibility for safety on the supplier.
Note 2: Table A.1 in Annex A provides an overview on objectives, prerequisites and work products of the particular phases of production and operation.
5.3 Inputs to this Chapter
5.3.1 Prerequisites
See applicable prerequisites of the relevant phases of the safety lifecycle for which a distributed development is planned and carried out.
5.3.2 Further supporting information
The following information can be considered:
——the draft version of development interface agreement (DIA) (from external source);
——the supplier’s tender based on a request for quotation (RFQ) (from external source).
5.4 Requirements and Recommendations
5.4.1 Application of requirements
5.4.1.1 The requirements of Chapter 5 shall apply to each item and element developed according to GB/T 34590-2017, except for off-the-shelf hardware parts, if either of the following applies:
a) there are no specific hardware safety requirements allocated to the hardware parts, or
b) the off-the-shelf hardware parts are qualified according to well-established procedures based on worldwide quality standards (e.g. AEC standards for electronic components), and the qualification of the off-the-shelf hardware parts covers ranges of parameters with regard to the intended application.
5.4.1.2 Requirements on the customer-supplier relationship (interfaces and interactions) shall apply to each level of the customer-supplier relationship.
Note 1: this includes subcontracts taken out by the top level supplier, subcontracts taken out by those subcontractors, etc.
Note 2: internal suppliers can be managed in the same way as external suppliers.
Contents of GB/T 34590.8-2017
Foreword i
Introduction iii
1 Scope
2 Normative References
3 Terms, Definitions and Abbreviated Terms
4 Requirements
4.1 General Requirements
4.2 Interpretations of Tables
4.3 ASIL-dependent Requirements and Recommendations
5 Interfaces within Distributed Developments
5.1 Objectives
5.2 General
5.3 Inputs to this Chapter
5.4 Requirements and Recommendations
5.5 Work Products
6 Specification and Management of Safety Requirements
6.1 Objectives
6.2 General
6.3 Inputs to this Chapter
6.4 Requirements and Recommendations
6.5 Work Products
7 Configuration Management
7.1 Objectives
7.2 General
7.3 Inputs to this Chapter
7.4 Requirements and Recommendations
7.5 Work Products
8 Change Management
8.1 Objectives
8.2 General
8.3 Inputs to this Chapter
8.4 Requirements and Recommendations
8.5 Work Products
9 Verification
9.1 Objectives
9.2 General
9.3 Inputs to this Chapter
9.4 Requirements and Recommendations
9.5 Work Products
10 Documentation
10.1 Objectives
10.2 General
10.3 Inputs to this Chapter
10.4 Requirements and Recommendations
10.5 Work Products
11 Confidence in the Use of Software Tools
11.1 Objectives
11.2 General
11.3 Inputs to this Chapter
11.4 Requirements and Recommendations
11.5 Work Products
12 Qualification of Software Components
12.1 Objectives
12.2 General
12.3 Inputs to this Chapter
12.4 Requirements and Recommendations
12.5 Work Products
13 Qualification of Hardware Components
13.1 Objectives
13.2 General
13.3 Inputs to this Chapter
13.4 Requirements and Recommendations
13.5 Work Products
14 Proven in Use Argument
14.1 Objectives
14.2 General
14.3 Inputs to this Chapter
14.4 Requirements and Recommendations
14.5 Work Products
Annex A (Informative) Overview on and Document Flow of Supporting Processes
Annex B (informative) DIA Example
Bibliography
