The challenges of safety-related continuous delivery
In our previous blog we looked at the way the medical device sector is evolving. Specifically, we explored why this can lend itself to support the activities of continuous integration (CI) and continuous delivery (CD) for certain lower product classifications. This is particularly the case when looking at software without a dedicated hardware platform, for example Software as a Medical Device (SaMD). In this blog we are going to examine the situation in other, more stringent, safety relevant industries. How practical is CD in the automotive sector and under the guidance of ISO 26262?
ISO 26262 Software Target Environment
In the first part of this blog we looked at the processes defined in IEC 62304. ISO 26262 is similar in terms of process structure; however, one major difference is the consideration of target environment. Both at unit verification and integration levels, the code may well be verified in a different environment to the final system – or item – it is intended to operate. This may feature hardware-in-the-loop (HIL) or processor-in-the-loop (PIL). Hence the deltas between this platform and the actual release environment need to be clearly analysed and understood. This step is also an obstacle when considering a continuous delivery concept. Due to the organisational tiered structure, typically utilised in the automotive sector, tier 2 suppliers may never see the target platform, their output is entirely based on requirements from tier 1 suppliers of OEMs, hence again not aligning with the continuous delivery ideal.
In the medical device sector, the tiered structure plays far less of a role with manufacturers generally being responsible for integration of software on the target platform.
One key point that is essential for the CI automated testing environments, is the confidence that the tool meets the necessary integrity levels required by the project.
In the medical device sector, the industry flirts with the concept of tool validation or tool qualification, both in ISO 13485 and through FDA guidelines. However this gives no guidance on requirements or acceptance. The automotive sector has much more stringent guidance on this topic in part 8 of ISO 26262 – Confidence in the use of software tools.
Many HIL tools are certified to ASIL D, as are compilers and a variety of analysis tools, but what about CI software tools? Some suppliers offer ISO 26262 certified unit and integration testing tools but many of the widely available tools on the market are not certified. The issue with this is proving that the automated test tool has not malfunctioned i.e. you have the confidence in that tool. The certified tools come, not surprisingly, with a higher price tag which naturally plays a part in tool choice.
The Medical sector is better placed for CD
In summary the options for providing CI and CD are increasing. As many medical devices have a relatively low level of safety criticality, the ability to use commercially available and lower cost tools is the norm. In the automotive sector there are two challenges running CI on something other than the target environment and the need to purchase higher price CI tools.
If you would like to learn more about CI or CD in either medical or automotive domains please join one of our training courses, details below.
By Alastair Walker, Consultant
Do you want to learn more about the implementation of ISO 26262, IEC 62304, ISO 14971 or any other standard in the Automotive or Medical Device sector? We work remotely with you. Please contact us at firstname.lastname@example.org for bespoke consultancy or join one of our upcoming online courses.