COVID-19 UPDATE: We are operational with updates to our procedures. Click here to learn how we're ensuring the safety of our customers & employees.

PI INNOVO M560/M580 AND OpenECU-FS ACHIEVES TÜV SÜD CERTIFICATION TO ISO 26262 ASIL D

Pi Innovo M560/M580 and OpenECU-FS achieves TÜV SÜD certification to ISO 26262 ASIL D

ISO 26262 Certification (Functional Safety) for ECUThe M560/M580 has been certified by TÜV SÜD against ISO 26262-2018 as a safety element out of context up to ASIL D. The Electronic Control Units (ECU) are industry proven with features tailored for integrated Vehicle Control Unit (VCU) and Vehicle Charge Control Unit (VCCU) 12-volt and 24-volt applications, along with Pi Innovo’s OpenECU-FS platform software.

The certification process verified achievement of functional safety to ISO 26262 across all aspects of the development lifecycle including:

ISO 26262 development lifecycle

Overview of the ISO 26262 series of standards

Functional safety management, safety lifecycle, and supporting processes (ISO 26262 parts 2, 8)

  • Safety culture
    The certification included a review of the Pi Innovo culture, including staff qualifications and training records to verify our focus on functional safety and quality.
  • Quality management system
    The certification reviewed and verified the Pi Innovo commitment to maintain a world-class quality management system through its ISO 9001:2015 Business Management System. This includes documented and audited processes for project management, change management, documentation management, configuration management, and more.
  • Safety management
    The certification reviewed the safety plan for the M560/M580 ECU development.
  • Tool Qualification
    The certification covers the tool qualification of the tools used in the development of the M560/M580 and OpenECU-FS software as well as the guidance provided in the safety manual for application developers to stay within the qualification assumptions.

Product development at the system level (ISO 26262 parts 4, 10)

  • Element Definition
    Since the M560/M580 and OpenECU-FS software are safety elements out of context, the element definition including the assumed operating environment and the designated safety functions, including fault handling time intervals, were specified and approved.
  • Technical Safety Concept
    The certification verified the technical safety concept, including the overall module architecture and safety mechanism definition. The safety mechanisms provided by the platform and those required to be implemented by application software are all defined in the M560/M580 functional safety manual. This also covers the element-level FMEA and FTA safety analyses.
  • Element Integration Verification
    The certification reviewed the verification plan for the element against its defined safety functions and assumed the operating environment. This also covers the actual conducted DV/PV testing, as well as functional-safety, focused verification of the M560/M580 safety mechanisms with the hardware and OpenECU-FS platform software.

Hardware and software safety mechanisms (ISO 26262 parts 5, 8, 9)

  • Hardware Design
    The certification covers the hardware design, including both the 12-volt M560 and 24-volt M580 variants.
  • Safety Analyses (Hardware)
    The certification covered the hardware component-level DFMEA, FMEDA, and dependent failure analyses.
  • Verification
    The certification covers the DV and PV testing, evaluation of hardware components, functional testing, and fault insertion testing.

Product development at the Software Level (ISO 26262 parts 6, 8, 9)

  • Software Design
    The certification covers the design documentation for the OpenECU-FS platform software for both the primary and secondary microcontrollers, including traceability from software safety requirements to design and verification.
  • Safety Analyses (Software)
    The certification covers the safety analysis of the software architecture per ISO 26262-6:2018 annex E; using techniques such as FMEA and HAZOP applied to software.
  • Verification
    The certification covers the evaluation of all OpenECU-FS verification, including coverage metrics, unit testing, and on-target integration testing.

Quality assurance in production (parts 7)

    Certification includes an audit of our manufacturing partner and verification of processes for maintaining functional safety post-production.
Pi Innovo Vehicle Control Unit VCU and VCCU: M560

Pi Innovo M560

To see how the M560/M580 and OpenECU-FS platform software can enable your production development for safety-related vehicle control, charging control, or other applications, contact Pi Innovo for the detailed safety manual and technical specification documentation.
In addition to the certification for the specific out-of-context safety functions, Pi Innovo has the complete design information and rationale for design decisions for the M560/M580. This information and understanding of the design of all the functions of the module can be used to help you use the module in your specific application, even beyond the explicit assumptions of use.

Share via:

No Comments Yet.

Leave a reply

You must be Logged in to post a comment.