Agile development and ISO 26262

Agility and safety
Agile development & ISO26262
State-of-Practice in Automotive
Stockholm, 25-March-2015
Horst Hientz, Dr. Erwin Petry
www.kuglermaag.com
© KUGLER MAAG CIE GmbH
Page 1
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Agenda
• Brief introduction
• Agile Automotive Framework / Survey
• ISO 26262 development
principles
• Agile & ISO 26262
Page 2
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Kugler Maag Cie
We are an independent
consulting company supporting
our customers world-wide
particularly in the field of lasting
performance improvements.
Our Focus
Analyze, assess, and improve our customers'
products and services value creation processes.
We take operative responsibility and provide
systematic and sustainable know-how transfer.
Customers’
expectations
Market
expectations
Management
Products & Services
LifeCycle
Support
Customers’
satisfaction
Market
position
Our customer
Our Mission
Support our customers in mastering risks
associated with developing, acquiring or
delivering software, systems, and services
while maintaining the speed of innovation.
“besser mit uns”
DAIMLER
Automotive extract
Page 3
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Agile
Automotive
Framework
based on input from [1]
©©KUGLER
MAAG
CIE GmbH
KUGLER
MAAG
CIE GmbH
[1] „Agile in Automotive – State-of-Practice 2014“, Kugler Maag Cie, 03/2014:
www.kuglermaag.de/agile2014
Page 4
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Automotive goes Agile
The Survey is initiated and conducted by Kugler Maag Cie.
The study is performed in the context of the major European
research project SCALARE. This ITEA project supports the automotive
industry in developing and expanding their ability to scale.
SCALARE assumes that software will continue to be the key to bring
about innovations and be able to provide holistic services.
http://scalare.org/about-scalare/
Page 5
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Rapid survey among participants
•
•
•
•
•
•
Page 6
Institutionalization of Agile in Automotive
Agile methods
Safety-related projects
Application types
Process areas supported by agile elements
Tools used
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Which phase of the Agile implementation is your organization
currently in?
Please indicate which phase the most mature agile project of your organization is in. A pilot is a small-scale
attempt in order to evaluate the applicability of Agile; roll-out means an official launch of Agile (on a bigger
scale). Stabilization is achieved when agile roles, ceremonies and artefacts are in place and Agile has
become part of the culture.
4
11
3
3
Page 7
No agile projects
Piloting agile
Roll-out
Stabilization
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Which Agile methods and practices do you use in your
organization?
In Scrumban, Scrum and Kanban are used in parallel. Here, Scrum is used for plannable development, while
Kanban is covering the event-driven topics. Extreme Programming is an agile method that emphasizes
business results first and takes an incremental, get-something-started approach to building the product.
Feature Driven Development is a short-iteration development process that delivers features in logical
incremental intervals. Test Driven Development is an agile practice in which a test is written before writing
the code. Continuous Integration is the process of building your application on every new source code
check-in.
17
4
1
0
2
1
10
0
Page 8
Scrum
Kanban
Scrumban
Extreme Programming (XP)
Feature Driven Development (FDD)
Test Driven Development (TDD)
Continuous Integration (CI)
Others
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Do you apply agile methods and practices in safety-related
projects?
Multiple answers possible if projects with agile methods and practices have different ASILs. If you do apply
another safety standard try to vote for the most appropriate ASIL.
4
6
6
3
0
Page 9
Agile methods and practices only (!) in non safety-related projects
ASIL A
ASIL B
ASIL C
ASIL D
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Which ECU/Application Types are covered in your Agile projects?
Please indicate all ECU/Application Types that are covered in your agile projects. If several teams or projects
cover different ECU/Application Types, please check every type that is covered.
3
Multimedia Applications
Location-based Services Applications, Telematics, Radio Navigation
2
Body Electronics
Body Controller, Sensors (Light, Battery, …), Instrument Cluster
4
Powertrain and Chassis Control
Braking Systems, Engine Management
3
Integrated Systems/Services
Intelligent Mirror, Active Safety, Driving Assistance/Automatic Driving
Page 10
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Which processes are covered within one sprint/cadence?
Please indicate all the processes that are covered within one sprint/cadence.
0
0
8
11
19
10
10
0
0
0
0
Page 11
System Requirements Analysis
System Design
Software Requirements Analysis
Software Design
Software Implementation
Software Integration and Integration Test
Software Test
System Integration and Integration Test
System Test
Hardware Development
Mechanical Engineering
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Which tools do you use in your agile projects? (1)
Please indicate tools you use in your organization. If you use other tools than those listed below, please
leave a comment with the tool group and tool name.
Project/CR/PR/Task Management
0
IBM Tool Suite (RTC)
6
Jira Agile (former Greenhopper)
0
MS Project
0
PTC Integrity
1
Redmine
1
Serena Dimensions
0
VersionOne
1
Others TFS
Page 12
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Which tools do you use in your agile projects? (2)
Configuration Management
Clear Case
0
2
Git
0
IBM Synergy
0
Mercurial
0
PTC Integrity
1
Serena Dimensions
5
Subversion
1
Others TFS
Page 13
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Which tools do you use in your agile projects? (3)
Build
Ant
1
Bitbake (Montavista, Mentor Graphics)
2
Cmake
1
Gmake
3
Jenkins
0
Maven
4
Visual Studio
0
Others
Continuous Integration
0
Bamboo
0
Hudson
3
Jenkins
0
Others
0
Page 14
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Which tools do you use in your agile projects? (4)
Test/Test automation
0
Google Test Framework
2
Jenkins
0
PTC Integrity TM
0
Quality Center
0
Xunit
3
Others TFS
Page 15
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Agile Automotive Framework
Kugler Maag Cie – 2015-02
Product R&D
Organization
Agile
Engineering
Adaptive
Planning
Agile
Evolution
Agile
Benefits
Product
Development
Process
Page 16
Development
Tool Chain
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Agile
Transformation
Agile Evolution is a team-centric choreography
Level 4 – Agile Enterprise
Level 3 – Agile R&D
Level 2 – Agile Project
Level 1 – Agile Team
What
• Agile Methods
(Test first/TDD,
Continuous integration,
Continuous delivery,
Architecture refactoring)
Bootstrap – Initial Core
• Agile Roles (Feature Owner*,
Scrum Master, Kanban Coach,
Agile T-Shape Team)
• Agile Ceremony (Daily
stand-ups, Retrospectives,
Sprint/Cadence )
• Agile Artifacts (Task-Boards,
Feature/ Team-Backlog,
Definition-of-Done/
Definition-of-Ready)
Page 18
Where
Whole Sub-Project /
Project
Where
Any Engineering
Discipline!
(SW, HW, EM, Mech.,…)
Benefits
• Quality artifacts (code,…)
• No technical debt build-up
• Self-organizing teams
• Work-in-Progress/
Bottleneck transparency
• Fast-feedback loops
What
• Agile Roles
(Product Owner ,
Quality PO, Safety PO,
+ FO*, SE Team)
• Agile Ceremony
(Release Planning &
Review, Release
Retrospectives)
• Agile Artifacts (Project
Backlog)
Benefits
• Responsiveness to
customer
• Continuous delivery
• Better integrated &
tested products
• Higher First-Pass-Yield
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Where
Whole R&D
Organization
What
• Agile Roles
(Servant Leader)
• Agile Methods
(Theory of
Constraints,
High Resolution
Management,…)
Benefits
• Shorter time to
market
• More innovations
Where
Whole Enterprise
What
• Agile Roles
(Enterprise
Transition
Community,
HR,
Sales,
Marketing,
Infrastructure)
Benefits
• Change
Responsiveness
(Adaptiveness)
• Learning
Organization
• Antifragility
Product R&D Organization, e.g. Tier-1
Customer (OEM)
new
EU CEE APAC NAFTA
Customer / Application Projects
Project Management
CR
Software
Systems Engineering
Mechanics
Hardware
Roles
Product Owner,
Feature Owner,
SE Team,
Sys Architect/Int/Test,
Quality Product Owner,
Safety Product Owner
Platform Projects
Project Management
CR
Software
Systems Engineering
Mechanics
Hardware
Product Owner,
Feature Owner,
SE Team,
Sys Architect/Int/Test
Software
Page 21
HMI
ECU
Hardware
Housing
OS
Display
CR
NAND
Technology Domains
ME
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Feature Owner,
Scrum Master,
Kanban Coach,
Agile T-Shape Team
Platform/
Application
Product Development Process, e.g. Tier-1
System
1. - RA & AD
2. - RA & AD
Continuous Integration / Continuous Delivery
SW
1.1- RA & AD
1.2 - RA & AD
1.1 - IT & ST
Team
HMI
OS
NAND
Techn. Domain
HW
ME
1. Sample
2.2 - RA & AD
2.1 - RA & AD
1.2 - IT & ST
2. Sample
1.3 - IT & ST
1.3 - Sprint
2.3 - RA & AD
2.1 - IT & ST
2.1 - Sprint
3.1 - RA & AD
2.2 - IT & ST
1.1 - Sprint
1.2 - Sprint
2.2 - Sprint
2.3 - Sprint
Common
Common
Common
Common
Common
Common
Repository
Repository
Repository
Repository
Repository
Repository
1.1 - Sprint
1.2 - Sprint
1.3 - Sprint
2.1 - Sprint
2.2 - Sprint
2.3 - Sprint
1.1 - Sprint
1.2 - Sprint
1.3 - Sprint
2.1 - Sprint
2.2 - Sprint
2.3 - Sprint
1.1 - Cadence
1.2 - Cadence
2.1 - Cadence
2.2 - Cadence
ECU
1.1 - Cadence
1.2 - Cadence
2.1 - Cadence
2.2 - Cadence
Display
1.1 - Cadence
1.2 - Cadence
2.1 - Cadence
2.2 - Cadence
Housing
1.1 - Cadence
1.2 - Cadence
2.1 - Cadence
2.2 - Cadence
1.1 - Cadence
1.2 - Cadence
2.1 - Cadence
2.2 - Cadence
Techn. Domain
Page 22
1.3 - RA & AD
3. - RA & AD
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Agile Engineering, e.g. SW Development Process
Requirement
Requirement
analysis
criteria
verifies
Architecture
development
Req. test
development
Common
Repository
Design
development
Integration test
development
Implementation
verifies
Page 26
Continuous
Deployment
Unit test
development
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
criteria
ISO 26262
development
principles
©©KUGLER
MAAG
CIE GmbH
KUGLER
MAAG
CIE GmbH
Page 28
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Work Products, specific for Functional Safety
1. Vocabulary
Functional
Functional Software 2. Management of functional safety
Safety
2-6 Safety management
during theSafety
concept Plan
phase
Safety
Tool
Confirmatio
2-5 Overall safety
management
Manageme
and the product development
Engineering Support
n Reports
nt
Procedure Procedure
Procedure
4. Product development at the system level
Safety
2-7 Safety management after the item’s release for
Case
production
3. Concept phase
3-5 Item definition
3-6
Initiation of the safety
Hazard
lifecycle
Analysis
and
Riskanalysis and risk
3-7 Hazard
Assessmen
assessment
t
3-8 Functional safety concept
Functional
Safety
Concept
4-5 Initiation of product
development
Technical at the system level
Technical
Safety
4-6 Specification
of the
Safety
Requireme
technical safety requirements
Concept
nts
4-7 System design
5. Product development at the
Hardware
hardware level
Safetyof product
5-5 Initiation
Requireme
development
at the hardware level
nts
5-6 Specification of hardware safety
requirements
7. Production and operation
Functional
4-11 Release for production
Safety
4-10 Functional safety assessment
Assessmen
Validation t Report
4-9 Safety validation
Report
4-8 Item integration and testing
7-5 Production
7-6 Operation, service
(maintenance and repair), and
decommissioning
6. Product development at the
Software
software level
Safety
6-5 Initiation of product
development at the software levelRequireme
nts
6-6 Spec. of SW safety requirem.
6-7 Software architectural design
5-7 Hardware design
6-8 SW unit design & implementation
5-8 Evaluation of the hardware
architectural metrics
FMEDAs
5-9 Evaluation of safety goal violations due to random HW failures
5-10 Hardware integration & testing
List of Work
Products not
complete
6-9 Software unit testing
6-10 Software integration & testing
6-11 Verification of software safety
requirements
8. Supporting processes
8-5 Interfaces within distributed
developments
8-7 Configuration management
8-8 Change management
8-6 Specification and management
of safety requirements
8-9 Verification
8-10 Documentation
Software
8-11Tool
Confidence in the use of
software tools
Qualificatio
n Report
9. ASIL-oriented and safety-oriented analyses
9-5 Requirements decomposition
with respect to ASIL tailoring
9-6 Criteria for coexistence of
elements
8-13 Qualification of HW components
8-14 Proven in use argument
FTA,
FMEA,9-8
…Safety analyses
9-7 Analysis of dependent failures
10. Guideline on ISO 26262 (informative)
Page 29
8-12 Qualification of SW components
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Some other important Work Products
1. Vocabulary
2. Management of functional
safety
Project
2-5 Overall safety management
Item
Definition
Production
2-7 Safety management after the item’s release for
Audit
production
Operation,
Reports
service,
decommissi
4. Product development at the system level
7. Production and operation
oning
4-5 Initiation of product
4-11 Release for production
System at the system level
Hardwaredevelopment
7-5 Production
Requireme
Software4-10 Functional safety assessment
System
4-6
Specification
of
the
nts
Interface
7-6 Operation, service
Design
technical safety
requirements
4-9 Safety validation
Specificatio
Specificatio
(maintenance and repair), and
decommissioning
4-7 System design
4-8 Item integration and testing
n
ns
Developme
nt Process
3. Concept phase
3-5 Item definition
3-6 Initiation of the safety
lifecycle
3-7 Hazard analysis and risk
assessment
3-8 Functional safety concept
Verification
Reports for
many
documents
2-6 Safety management during the concept
Planphase
and the product development
5. Product development at the
hardware level
5-5 Initiation of product
Hardware
development at the hardware level
Hardware
Requireme
Designs
5-6 Specification
of hardware safety
nts
requirements
5-7 Hardware design
8-6 Specification and management
of safety requirements
Software
Designs
6-6Requireme
Spec. of SW safety requirem.
nts
6-8 SW unit design & implementation
5-8 Evaluation of the hardware
architectural metrics
5-10 Hardware integration & testing
8-5 Interfaces within distributed
developments
6-5 Initiation of product
development
at the software level
Software
6-7 Software architectural design
5-9 Evaluation of safety goal violations due to random HW failures
DIAs
6. Product development at the
software level
6-9 Software unit testing
6-10 Software integration & testing
6-11 Verification of software safety
requirements
Configurati
8. Supporting processes
on
8-7 Configuration management
8-10 Documentation
Manageme
Change
nt8-8
Plan
Change management
Requests
8-11 Confidence in the use of
software tools
8-9 Verification
Test
Test
Specificatio
Reports
ns
8-12 Qualification of SW components
8-13 Qualification of HW components
8-14 Proven in use argument
9. ASIL-oriented and safety-oriented analyses
9-5 Requirements decomposition
with respect to ASIL tailoring
9-6 Criteria for coexistence of
elements
9-7 Analysis of dependent failures
10. Guideline on ISO 26262 (informative)
Page 30
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
9-8 Safety analyses
Agile &
ISO 26262
©©KUGLER
MAAG
CIE GmbH
KUGLER
MAAG
CIE GmbH
Page 32
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Product Owner – Safety
Expert, Coach and Monitor –
for the implementation of the requirements, processes and
methods needed for functional safety
• The Safety Product Owner focuses on functional safety and supports the Product Owner
(functional and business aspects) and Quality Product Owner (product and process quality) with
functional safety aspects
• Supports the interpretation, detailing and prioritisation of the requirements for functional safety
in the Product Backlog
• Responsible for safety planning and monitoring
• Defines and schedules the activities necessary for functional safety (e.g. reviews, audits, safety assessments)
• Checks the Definition-of-Done (DoD) and if necessary extends it to include full implementation of the
(standard) requirements for functional safety (e.g. application of methodology)
Checks that activities related to functional safety and the extended DoD are being implemented
Supports the team when presenting and carrying out safety analyses
Creates and maintains the safety case
Participates in the Sprint Review to accept the deliverables. May participate in the Retrospective in
order to provide an external perspective on where there is room for improvement
• Represents a key contextual bridge between the team’s local focus and the company’s global view
of functional safety
•
•
•
•
Page 33
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Typical State Machine for Functional Safety Work Products
To be implemented through Definition-of-Done mechanism
informal verification
draft
informal verification
under revision
informally released
for limited usage
next „cycle“ (SPRINT,
cadence, sample, …)
formal
verification
formal verification
next „cycle“ (SPRINT,
cadence, sample, …)
formally released
confirmation review
confirmed
Page 34
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
evidence in final safety case
Example: Quality Attributes of the Technical Safety Concept (TSC)
informal verification
When: A-Sample phase
Informally verified
(team: Definition-of-Done)
TSC
• table of contents
• scope
• collection of key
concepts
informal verification
When: B-Sample phase
Informally verified
(team: Definition-of-Done)
TSC
• safety goals stable
• ASILs known
• functional safety
requirements stable
• key technical safety
requirements stable
• key safety mechanisms
defined
Page 35
formal verification
When: C-Sample phase
Formally verified
(ISO 26262-8, clause 9)
TSC
• complies with ISO 26262-4, clause
6.4.6, requirements for the work
product technical safety
requirements specification
• complies with ISO 26262-4, clauses
6.5.1 and 7.5.1
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Key Work Products
Quality Attributes built-up over development cycles
(1) Preparation & planning
Item definition
Hazard analysis and risk assessment
FSC including FSR
Safety plan of the 1st tier
TSC including TSR
(1)
(1)
(1)
2) Implementation
Safety analyses
Concept FMEA
System FMEA
System FTA
FMEDA
SW-FMEA
Design & implementation
System level
Hardware level
Software level incl. unit test
development and unit testing
Test specification
System level
Hardware level
Software level
(2)
(2)
(2)
(2)
(2)
(2)
(2)
Test execution
System level
Hardware level
Software level
(3) Confirmation
Safety audit
Safety case
Safety assessment
Safety validation
Page 36
(3)
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
(3)
(3)
Some Conclusions
Complex Automotive
projects in a dynamic
environment can hardly
be implemented with the
traditional approach.
Agile in Automotive is applying customized
methods and practices. No verbatim
interpretation of the Agile Manifesto.
Compliance with ISO 26262 is achievable.
Manage safety requirements in
the backlog with high priority
Beginning to apply Agile in
safety-related projects
does not yet need
organizational changes.
Add a few roles: Product
Owner, Scrum Master,
Safety Product Owner
Page 37
Work on the Definition-ofDone for safety work
products. Define iterations
for completeness, quality
and ISO 26262 compliance
The use of appropriate tools is
key for Agile and important for
the safety case, e.g. Jira Agile,
Jenkins, PTC Integrity
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm
Thank you!
Questions?
KUGLER MAAG CIE GmbH
Leibnizstr. 11, 70806 Kornwestheim, Germany
Phone +49 7154 1796 100
[email protected]
www.kuglermaag.com
© KUGLER MAAG CIE GmbH
Page 38
Agility and Safety, Hientz, Petry, 25-March-2015
SCSSS Stockholm