Why Quality Management (QM) is required for easing ISO 26262:2018 activities?

In this blog post, we’ll explore the importance of quality management in achieving compliance with ISO 26262:2018, the state-of-the-art standard for designing safety-critical electrical and electronic systems in the automotive industry. To begin, let’s first clarify the difference between "quality" and "safety."

Quality refers to how well a product meets the requirements of its customers or end users. A high-quality product is one that is free from defects and performs as expected throughout its lifecycle. However, quality alone does not account for the potential risks associated with product malfunctions—this is where safety becomes critical.

Safety introduces an additional layer of requirements to ensure that the product functions correctly while also minimizing the risk of harm to the user, the environment, or the product itself, including potential substantial economic loss in the event of a failure. For automotive electrical and electronic (EE) systems, these safety requirements are outlined in ISO 26262:2018. This standard defines the safety and quality management practices that manufacturers must follow to claim their products are both reliable and safe.

How ISO 26262:2018 addresses Quality Management?

The ISO 26262:2018 series of standards emphasizes that "safety is intertwined with common function-oriented and quality-oriented activities and work products." This highlights the essential relationship between safety and quality in the development of automotive systems. It is common practice to begin all development activities with comprehensive management planning. While this process is iterative, it is vital for defining the necessary steps at the outset of development to ensure timely progress and incorporate adjustments based on new findings.

In Part 2 of ISO 26262:2018, Clause 5 (Overall Safety Management), the objective is clearly stated: “To institute and maintain a quality management system to support functional safety.” The standard acknowledges that safety management can draw from “existing evidence of compliance with standards that support quality management.” To facilitate this, it references commercially available standards like IATF 16949, which applies to quality management across the safety lifecycle, and ISO/IEC 33000 (Capability Maturity Model Integration, or CMMI), or the Automotive SPICE (ASPICE) series for product development.

Further elaborating on quality management, Clause 5.4.5 of Part 2 requires organizations to have a quality management system that supports functional safety. This system must comply with a quality management standard, such as IATF 16949 in conjunction with ISO 9001, or an equivalent standard. Evidence of quality management compliance is also necessary to proceed with Clauses 6 and 7, which cover Project Dependent Safety Management and Safety Management for production, operation, service, and decommissioning, respectively.

The key takeaway is that a well-defined quality management process is integral to supporting functional safety activities. One such process is Advanced Product Quality Planning (APQP), which helps manufacturers define the structure for planning and executing activities with established review gates at each development phase. It is a best practice to develop the safety plan alongside the APQP phases, ensuring that safety deliverables are incorporated into the review gates. This alignment streamlines product development activities and ensures that safety considerations are integrated throughout the process.

Next, we will explore how the development activities are defined in Part 3 of the ISO 26262:2018 standard. 

How Quality Managed (QM) product is derived at system development activities? 

In ISO 26262:2018, the safety classification of an electrical/electronic system is referred to as the Automotive Safety Integrity Level (ASIL). This concept was introduced in the first edition of ISO 26262, released in 2011, and can be compared to similar safety classifications used in other industries, such as Safety Integrity Level (SIL) in the rail industry and Design Assurance Level (DAL) in the aerospace industry. The ASIL provides a framework for determining the level of safety activities required based on the derived integrity level of the system.

ASIL levels are categorized as A, B, C, and D, with ASIL A representing the least stringent level and ASIL D indicating the most stringent and safety-critical systems. These levels are determined through Hazard Analysis and Risk Assessment (HARA), as outlined in Part 3 of ISO 26262:2018.

The HARA process combines three factors—severity, exposure, and controllability—to determine the appropriate ASIL level. For example, a failure in the Steering Control System could result in severe consequences, particularly when the vehicle is in motion. Such a failure poses a significant risk to human safety and may therefore be classified as ASIL D, based on the severity, exposure, and controllability factors. In contrast, a failure in the infotainment system would not pose any risk to human safety and could be classified as a Quality Managed (QM) system.

It is important to note that QM is not an ASIL level. Any system rated below ASIL A is classified as QM. Additionally, if any hazardous event is assigned a severity, exposure, or controllability factor of zero, it is automatically assigned a QM rating. A QM rating indicates that the quality management system in place is adequate to handle the identified risks of the item or component. Systems rated as QM are not required to comply with ISO 26262:2018, as the risks associated with them are minimal and do not meet the criteria for higher ASIL classifications.

What are the requirements for Quality Managed (QM) products at different levels?

Based on the discussions in the previous sections, a key question arises: Why are QM products used, and what benefits do they offer? The answer is straightforward: QM products help make system development cost-effective while preventing over-engineering of the system. These products are utilized at various levels within safety-critical systems.

Part 9 of ISO 26262:2018 defines ASIL decomposition techniques, wherein a higher ASIL level can be broken down into lower ASIL levels in combination with QM products. To illustrate, one method of decomposing an ASIL level C requirement, according to ISO 26262:2018, involves having one ASIL C requirement and one QM requirement, both of which must be integrated in compliance with the ASIL C requirement. This approach encourages the use of QM-rated hardware and software components in safety-critical systems.

For hardware components, Part 5, Clause 10.4.3 specifies that “the safety-related hardware parts shall be qualified according to well-established procedures based on worldwide quality standards or equivalent company standards.” The standard cites examples, such as qualification in accordance with ISO 16750 or AEC-Q100 or AEC-Q200 for electronic parts. Additionally, hardware components may also be validated through a proven-in-use argument, as long as they meet the necessary quality standards. The safety case report must clearly state the quality characteristics of the hardware components to be used in safety-critical systems.

For software components, Part 6, Clause 6.4.5 mandates that “If other functions in addition to those functions for which safety requirements are specified in are carried out by the embedded software, a specification of these functions and their properties in accordance with the applied quality management system shall be available.” During unit and integration testing, evidence of compliance with the QMS should be available, as it helps create a convincing safety case report with the necessary supporting arguments.

How Quality Management assists in ISO 26262:2018 Production, Operation, Service and Decommissioning activities? 

Having explored the role of Quality Management in product development, it is now essential to understand how it contributes to the production, operation, service, and decommissioning of safety-related products in alignment with ISO 26262:2018. As highlighted in the management section above, Quality Management is a foundational element for Safety Management, particularly in these stages.

In this context, we will define the safety requirements for production, operation, service, and decommissioning activities, emphasizing how these can be effectively met through a robust Quality Management System (QMS). Specifically, Part 7, Clause 5 of the standard outlines the objective of “to develop and maintain a production process for safety-related elements or items that are intended to be installed in road vehicles.” This objective can be achieved by organizations demonstrating compliance with IATF 16949 or an equivalent standard. Furthermore, the capability of the production process is significantly enhanced when aligned with a well-established QMS.

Anomalies often arise during and after product development. Therefore, having a defined and effective anomaly resolution process is critical for continuous improvement and proper documentation. ISO 26262 encourages the integration of safety anomaly resolution into the organization's broader anomaly management processes within the QMS. This ensures that safety-related issues are promptly addressed and systematically resolved.

In summary, understanding the role of Quality Management Systems (QMS) across different phases of the safety product lifecycle facilitates the implementation of ISO 26262:2018 functional safety activities. Organizations looking to implement ISO 26262:2018 should consider aligning QMS and functional safety activities as a best practice to streamline the product development process. A practical approach could involve integrating functional safety requirements with the safety-related product requirements outlined in IATF 16949, followed by the development of functional safety items/elements in accordance with ISO 26262:2018. By creating an integrated process flow that incorporates both IATF 16949 and ISO 26262:2018, and establishing a clear review gate mechanism, organizations can ensure compliance with both automotive standards effectively

Why choose QTSI?

We at QTSI have extensive hands-on experience in seamlessly integrating functional safety and quality management processes into automotive product development. Reach out to us today for a customized solution tailored to your unique business needs.