Functional safety training

Our workshop on reviewing the functional safety of mechanical components trains design engineers and quality and test engineers to inspect mechanical components, identify relevant failure mechanisms, and derive appropriate systematic counter measures. It combines theory with practical requirements to train participants about functional safety requirements for mechanical components and to extend your knowledge in this area. Participants will learn more about reasonable technical options that consider the specific behaviour of mechanical components in various applications.

Our workshop covers:

• How to identify possible systematic failures.
• How to identify dominant failure mechanisms.
• How to determine appropriate fault exclusion and avoidance measures.

EN 50128 training

The training targets developers, testers, project leaders, quality representatives and safety officers primarily focusing on the development of programmable electronic safety systems; users and integrators of safety devices and systems, etc. within the rail industry.

EN 50126, EN 50128, EN 50129, EN 50159 training

Our training course modules A to D introduce you to the processes necessary for your role in the safety life cycle. All training course modules adopt a situation-based approach to the role of supporting processes and the resulting deliverables. Explanations of the necessary work products and appropriate treatment of safety plans are naturally an integral part of all modules.

Module A: EN 50126 (IEC 62278) – RAMS

Module A “Functional Safety in the Rail Industry” is a one-day introduction to the individual CENELEC standards, designed to provide a general overview and outline the main planning activities in safety-related rail development. EN 50126 focuses on aspects of RAMS, influencing factors and risk assessment.

Module EN 50126 (IEC 62278) – RAMS includes the following topics:

• Overview of European directives and standards in the railway signaling technology and their definitions.
• Elements of RAMS and affecting factors
• Risk / Risk analysis.
• Safety integrity.
• Life cycle model.

Module B: EN 50129 (IEC 62425) – System safety – Hardware
Module B “System and Hardware Assessment” introduces the requirements of safety-related hardware development. You get insights into individual basic methods (FMEA, FTA, Markov models), processes and activities that are critical in hardware development.
Module EN 50129 (IEC 62425) – System safety includes the following topics:

• Definitions and scope of the standard EN 50129.
• Quality management requirements.
• Safety management requirements.
• Technical requirements.
• The safety demonstration and the safety case (reports).
• Evaluation methods (FMEA, FTA, Markov models).

Module C: EN 50128 (IEC 62279) – Development and testing of safety-relevant software

Module C “Development & Testing of Safety-Relevant Software” covers the processes and testing procedures in safety-relevant software development. Requirements are determined in a structured manner based on the software development cycle and underpinned with case studies as practical examples, enabling you to establish connections to hardware development quickly and easily.

Module C: EN 50128 (IEC 62279) – Software includes the following topics:

• Definitions of the standard EN 50128.
•  Software safety requirement levels (SSAS).
• Personnel and responsibilities.
• Life Cycle Model.
• Use of COTS software.
• Requirements of the lifecycle phases.
• Verification / Validation.
• Techniques / measures.

Module D: EN 50159 – Safety relevant data transfer

Module D “Safety Relevant Data Transfer” provides an overview of threats related to data transfer and counteractions to overcome them. Fundamental requirements must be in place to enable secure data transmission between signalling facilities connected to open transmission systems. After completing the course, you will be able to evaluate the hazard rate of the transmission channel.

Module D: EN 50159 – Safety Relevant Data Transfer includes the following topics:

• Safety transmission system reference architectures.
• Overview of the threats / defences.

We offer 6 modules that you can book individually or in combination:

Module 1: Overview of functional safety and functional safety management for ISO 26262 Sections 2, 8, 9

The new ISO 26262 Module 1 “Functional Safety Management” is a full-day introduction to functional safety for the automotive sector. Participants gain a general overview of ISO 26262 and the main planning activities for safety-relevant developments. Our trainers will provide detailed explanations of Sections 2, 8 and 9 of ISO 26262 and the resulting activities.

The course is ideal for executives, managers, project leaders, safety managers and all users of IEC 26262 seeking to gain an overview of the additional efforts involved over and above the standard development process. After completing the course, you will be familiar with all steps of the safety life cycle as per ISO 26262 and the safety activities which must be addressed.

Module 2: From risk analysis to system design for ISO 26262 Sections 3, 4, 8, 9

ISO 26262 Module 2 “From Risk Analysis to System Design” is a full-day course focusing on Section 3 – Concept Development, Section 4 – System Design, and parts of Sections 8 and 9. Module 2 is primarily aimed at those with responsibility for producing and processing functional, concept and system development projects and for all users of ISO 26262.

In the course and the practical exercises in small groups, the participants get familiar with the principles of drawing up hazard and risk analyses and deriving safety goals and parameters and using them as a basis for designing a functional safety concept. In addition, they receive an introduction to producing system requirement specifications and are taught how a technical safety concept is developed in the system phase. They learn about the special features of the various roles, such as OEM, Tier 1 and Tier 2, and about the practical relevance for the automotive industry in this system phase.

After completing this module, participants will be familiar with the main steps in concept and system development as per IEC 26262 and the preconditions that must be established for the phases of hardware and software development.

Module 3: Development and assessment of safety-relevant hardware for ISO 26262 Sections 5, 8, 9

Our ISO 26262 Module 3, “Development and Assessment of Safety-Relevant Hardware”, is a full-day workshop course providing an introduction to the requirements in Sections 5, 8 and 9 of the standard. The requirements for safety-related hardware development are presented and complemented with the help of an exercise on creating the FMEDA hardware fault tolerance metric. You learn the necessary individual processes and activities that are critical for hardware development.

Module 3 is aimed particularly at those with responsibility for producing and processing hardware and software development projects as well as all users of ISO 26262. After completing this course, participants are familiar with the key connections between system development, hardware development and software requirements from the perspective of the vendor responsible for hardware supply.

Module 4: Development and assessment of safety-relevant software for ISO 26262 Sections 6, 8, 9

The full-day course in ISO 26262 Module 4 “Development and Assessment of Safety-Relevant Software” provides participants with information about the necessary processes and testing activities for safety-related software development. The requirements set forth in Sections 6, 8 and 9 are examined in a structured manner based on the software development cycle and underpinned with practical examples. You will be familiar with HSI and be able to establish connections with hardware development.

Module 4 is aimed particularly at those with responsibility for producing and processing hardware and software development projects as well as all users of ISO 26262. After completing this course, participants are familiar with the key connections between system development, hardware development and software requirements from the perspective of the vendor responsible for hardware supply.

Module 5: Fault-Tree Analysis (FTA) and Failure Modes and Effects Analysis (FMEA)

Module 5 “The role and application of safety analysis”, is a full-day workshop course that focuses on the efficient usage of safety analysis tasks within a safety dependent development. Furthermore, the resulting activities for hardware development as well as planning of safety activities are explained. The background, ISO 26262 requirements for probabilistic and knowledge about necessary input data to execute system FMEA and fault-tree analysis FTA are explained by practical examples.

Module 5 is particularly for QM employees, managers, project leaders, safety managers as well as all users of ISO 26262 who would like to get an overview of the additional efforts in comparison to the standard development process. After completing this module, participants know the most important steps of the analysis “S-FMEA” and “FTA” and which roles safety lifecycles are detecting.

Module 6: Failure Modes, Effects, and Diagnostic Analysis (FMEDA)

Our ISO 26262 Module 6 “Hardware Safety Analysis – FMEDA” is a two-day session that will provide you with specialised knowledge about the requirements of ISO 26262 – Volume 5 for developing the FMEDA. For safety-related hardware development the necessary requirements are presented and supplemented by means of an exercise to develop the hardware circuit. You will learn processes and activities which are necessary for developing the metrics.

The module 6 is particularly intended for responsible persons of the hardware who are involved in the ISO 26262 safety lifecycle. At the end of the training day, you have the necessary detailed knowledge for developing the hardware metrics.

As one of the world’s leading experts on functional safety and a founding participant in the establishment of the ISO 26262 standard, TÜV SÜD offers the opportunity to verify your specialist expertise in functional safety. We offer three levels of certification that ensure that professionals are certified to the highest standards of quality. After you pass the examinations, we present you with a TÜV SÜD certificate confirming your knowledge status and title. All globally recognised examinations are held in English language.

Level 1: ISO 26262 Functional safety engineer
Candidates are assessed based on their foundational knowledge of the ISO 26262 standard.
Exam: 3 hours with multiple choice questions

Level 2: ISO 26262 Functional safety professional
Candidates are assessed based on their foundational knowledge and practical application of the ISO 26262 standard.
Prerequisites:

• Up to six years of relevant industry experience (dependent on academic qualifications: Bachelor’s degree counts for 2 years; Master’s degree for 3 years; Ph.D. for 4 years).
• Two references as evidence of participation in 2 functional safety projects.

Level 3: ISO 26262 Functional safety expert
Candidates are assessed based on their foundational knowledge and practical application of the ISO 26262 standard.
Prerequisites:

• Up to 10 years of relevant industry experience (dependent on academic qualifications: Bachelor’s degree counts for 2 years; Master’s degree for 3 years; Ph.D. for 4 years).
• Two case study submissions demonstrating in-depth knowledge and application of functional safety practices in a business environment.
• Competent in communications about functional safety.

This workshop is aimed mainly at project and safety managers, safety engineers, plus developers with a basic knowledge of functional safety and an interest in combining this with the agile development mentality and the key principles of safe development.

Our workshop provides an overview of the functional safety requirements in the phases of the software development life cycle and the required documentation and provides insights into potential issues with respect to agile development and possible countermeasures.

We will discuss these topics first from a functional safety point of view and then applied to a concrete example provided by the customer. We will also address specific challenges such as the handling of backlog, team organisation and responsibility, definition of done, and so on.

TÜV SÜD’s functional safety and cybersecurity workshop can help you achieve secure design and implementation that ensures data security and reliability throughout the entire lifecycle. Our training can help you pinpoint cybersecurity weaknesses and learn how to overcome potential challenges.

The target audience of the workshop are primarily project/security managers, cybersecurity experts and IT managers, as well as security engineers and developers with or without functional security experience. All these categories of professionals will find it valuable to know more about cybersecurity requirements for embedded components in the field of security applications.

We offer different levels of training depending on whether you are new to the topics, have some understanding but require more advanced knowledge, are experienced in cybersecurity but need more understanding of functional safety, or are experienced in functional safety but need more understanding of cybersecurity.
Here are some examples of workshops we provide.

Functional safety and cybersecurity workshop basics

Introduction to cybersecurity basics

• Workshop goals and expectations.
•  Introduction to information security.
• Basics of IT security.
• Laws and regulations you need to know.
• Overview of system and product design, defence in depth.

Automotive cybersecurity basics

• Introduction and overview of automotive cybersecurity.
•  Current developments in automotive cybersecurity norms and regulations (e.g.; United Nations Economic Commission for Europe (UNECE)).
• ISO/SAE 21434: Introduction and overview.
• Framework for organisational processes.
• Risk assessment methods.

Industrial cybersecurity basics

• Understanding IEC 62443 and how it relates to industrial cybersecurity.
•  Scope, terms and concepts, the life-cycle-approach.
• Defence in depth, zones and conduits.
• Maturity level, technical requirements.
• System security requirements (IEC 62443-3-3).
• Technical security requirements for IACS components (IEC 62443-4-2).
• Secure product development life cycle (IEC 62443-4-1).

Functional safety and cybersecurity basics

• Certification, workshop and feedback overview of the functional safety life cycle (software).
• Functional safety processes – Highlighting any gaps/synergies with security.
• IEC TR 63069:2019 – Framework for functional safety and security.
• Gap analysis based on a concrete customer example.

Advanced workshop in cybersecurity and functional safety

• Introduction to cybersecurity (Advanced)
• Workshop goals and expectations.
• Introduction to information security.
• Basics of IT security.
• Laws and regulations you need to know.
• Overview of system and product design, defence in depth.

Automotive cybersecurity (Advanced)

• Introduction and overview on automotive cybersecurity.
• Current developments in automotive cybersecurity norms and regulations (e.g.; United Nations Economic Commission for Europe (UNECE)).
• ISO/SAE 21434:
  - Introduction and overview
  - Framework for organisational processes
  - Framework for engineering processes
  - Continuous activities
  - Distributed activities

Industrial cybersecurity (Advanced)

• System security requirements (IEC 62443-3-3) and technical security requirements for IACS components (IEC 62443-4-2).
• Detailed presentation, Q&A.
• Distributed activities.
• Risk assessment methods.

Functional safety and cybersecurity workshop (Advanced)

• Certification, workshop, and feedback.
• Overview of functional safety lifecycle (software).
• Functional safety processes – Gaps/synergies with security.
• IEC TR 63069:2019 – Framework for functional safety and security.
• Gap analysis based on a concrete customer example.

The training program is based on the first three parts of IEC 61508. Case studies and practical examples are used to demonstrate the procedures for dealing with individual topics and explain the work results and documents which must be delivered. Key processes from the safety life cycle are introduced, and the tasks and responsibilities associated with them are explained.

The training targets developers, testers, project leads, quality representatives and safety officers primarily focusing on the development of programmable electronic safety systems and aiming to implement these developments based on the internationally recognised IEC 61508 standard.

IEC 61508 Functional safety training content and modules

The IEC 61508 training consists of several one-day modules which can be booked separately or in combination. The training modules below can be combined with the FSCP Functional Safety Certification Program to gain a TÜV SÜD certificate confirming your knowledge status.

Module 1: IEC 61508 training – Introduction, definition of functional safety management, system analysis

Part 1 of IEC 61508 requires implementation of an FSM (Functional Safety Management) system to provide an organisational framework for the development of safety-relevant electronic systems. After an introduction to functional safety and general overview of the sector, the program presents the tasks and methods involved in safety management together with conceptual aspects. The main design criteria of standards and approaches for designing a functional concept and the associated system analysis are explained. The day concludes with an introduction to the requirements which must be fulfilled by Requirements Engineering. This content is aimed at management executives, project managers, safety and QM managers and all staff involved in functional safety projects.

Module 2 – IEC 61508 training – Development and evaluation of safety-relevant hardware

Module 2 explains how mathematical and analytical methods can be applied to verify hardware designs fulfilling the requirements of IEC 61508 Part 2. A case study is used as the basis for a detailed explanation of the systematic approach to be used in analysis and the method of determining the necessary probabilistic safety parameters. This content is aimed particularly at responsible operators and users in the field of hardware and software development, heads of functional safety projects and safety managers.

Module 3 – IEC 61508 training – Development and evaluation of safety-relevant software

Part 3 of IEC 61508 presents methods, procedures, documentation and the software safety life cycle, which must all be taken into consideration in developing safety-relevant software. Practical examples are used to introduce the principles underlying the standard and the procedures for dealing with the requirements of this part of the standard. This content is aimed particularly at users and responsible operators in software and hardware development, heads of functional safety projects and safety managers.

FSCP Functional safety certification programme IEC 61508

With our FSCP Functional Safety Certification Program, you can become an expert in functional safety. After completing the test, attendees receive a certificate confirming their qualification according to their chosen FSCP level and are entered in the list of certification-holders on our website.

Level 1: FS Engineer IEC 61508
Level 2: FS Professional IEC 61508

Conditions: 6 years of professional experience in the field of functional safety (may be reduced to up to two years depending on educational qualifications – Bachelor’s, Master’s) and proof of collaboration in at least two FS projects.

Level 3: FS Expert IEC 61508

Conditions: On request.

The examination takes 3 hours and takes the form of a written test on Levels 1 and 2. Our certificates do not have an expiry date