Integration of ISO 26262 & IATF 16949: Same same but different

Welcome to the second part of the blog series „Integration of IATF 16949 & ISO 26262„. In the last blog entry I tried to take away fears when dealing with ISO 26262 for the first time. Many requirements and topics of the two standards overlap and implementation is not as complicated as it seems at the first glance (See „Integration of ISO 26262 & IATF 16949: Like Pieces of a Puzzle„).  Today I want to discuss the overlaps more deeply and underline the similarities of both standards.

Product Development process

Let’s take first a look to the product development process. Development processes for system, hardware and software have to satisfy IATF 16949 & ISO 26262 standard (of course if the project/product is functional safety related). Chapter 8.3 in the IATF 16949 standard describes the requirements for the development of products and services, from planning to development results and modifications. Tools and approaches such as APQP, FMEA, PPAP, MSA and SPC deliver finally the results of a development process (-phase). The development is the core process in the ISO 26262. The requirements and guidelines for safety-relevant systems (part 4), hardware (part 5) and software (part 6) are described in detail at related part numbers of ISO 26262.

Part 3 in ISO 26262 covers the concept phase and is comparable to the Advanced Quality Planning (APQP) which is mentioned several times in the IATF 16949 as the recommended project management procedure.

Figure 1: APQP development process (advance quality planning IATF 16949)

Figure 2: Safety lifecycle (ISO 26262)

Supporting Process

Part 2 of ISO 26262 (Management of functional safety) specifies the project-independent requirements with regard to the organizations involved in the safety lifecycle (overall safety management), project-specific requirements with regard to the management activities in the safety lifecycle i.e. management during the concept phase and the product development phases (at the system, hardware and software level) and requirements related to production, operation, service and decommissioning. The scope of the overall safety management is amongst others, to ensure that organizations involved in the execution of the safety lifecycle, to institute and maintain a safety culture. This includes adequate organization-specific rules and processes for functional safety, an adequate resolution of identified safety anomalies, a competence management system to ensure that the competence of the involved persons is commensurate with their responsibilities, and to institute and maintain a quality management system (e.g. IATF 16949) to support functional safety. Annex A (of part 2) provides an overview on objectives, prerequisites and work products of the supporting processes.

In this context, a parallel can be drawn with the IATF 16949 standard and its clause 4.4 “Quality management system and its processes”, clause 5.3 which is talking about organizational roles and responsibilities, but also the chapter 7 about supporting processes in the IATF 16949.

Production & Operation

In addition to the project dependent safety management and the product development, which we have discussed above, there are also the management tasks that relate to safety management regarding production, operation, service and decommissioning (part 7 of ISO 26262). The objective of this clause is to define the responsibilities of the organizations to achieve and maintain functional safety regarding production, operation, service and decommissioning. This objective can be achieved by an organization’s compliance to IATF 16949 or equivalent, depending on the organization’s position in the safety supply chain and the complexity of the safety-related element being produced (note in part 7 of ISO 26262).

The part 7 “Production, operation, service and decommissioning” at ISO 26262 can be seen in relation with chapter 8 of IATF 16949 which is calling “Operation”. An important part of this is for instance the handling of the special characteristics. During the development of the control plan, according to ISO 26262 (Part 7) as well as according to IATF 16949 (Chapter 8) the special characteristics have to be considered and implemented in the process. IATF 16949 is talking about special characteristics and ISO 26262 about safety-related special characteristics, but the methods to implement the requirements are similar.

In the final part of the blog I will continue to explain more similarities between and especially change & document management of the two standards (See „Integration of ISO 26262 & IATF 16949: A Strategic Alliance„)

By Dijaz Maric, Quality Management & Reliability Engineering Consultant