See

discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/264860663

Integrating Functional Safety, Automotive

SPICE and Six Sigma - The AQUA Knowledge
Base and Integration Examples

Chapter in Communications in Computer and Information Science · June 2014

DOI: 10.1007/978-3-662-43896-1_26

CITATIONS READS

2 203

7 authors, including:

Andreas Riel Christian Kreiner

Grenoble Institute of Technology Institute of Electrical and Electronics Engineers
88 PUBLICATIONS 211 CITATIONS 186 PUBLICATIONS 446 CITATIONS

SEE PROFILE SEE PROFILE

Serge Tichkiewitch
European Manufacturing and Innovation Res…
134 PUBLICATIONS 844 CITATIONS

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Innovation Management and Strategic Technology Planning View project

Leadership in Sustainability (LeadSUS) View project

All content following this page was uploaded by Andreas Riel on 23 November 2015.

The user has requested enhancement of the downloaded file.

 Integrating Functional Safety, Automotive SPICE and
Six Sigma - The AQUA Knowledge Base and Integration
Examples

Richard MESSNARZ1, Christian Kreiner2, Andreas Riel3 , Serge Tichkiewitch3,

Damjan Ekert1, Michael Langgner4, Dick Theisens5
1ISCN LTD/GesmbH, Schieszstattgasse 4, A-8010 Graz, Ireland and Austria
Tel: +43 316 811198, Fax: + 43 316 811312, Email: rmess@iscn.com
2 Graz University of Technology, Austria
3EMIRAcle c/o Grenoble Institute of Technology GSCOP UMR5272, Grenoble, France,
4Automotive Cluster Austria, Austria

5Symbol BV, Netherlands

Abstract. This paper extends the EuroSPI 2013 publication [4] which discussed
(based on the EU project AQUA) how the core elements of three complementary
approaches and standards can be integrated into one compact skill set with training
and best practices to be applied. In this paper we describe the modular knowledge
base which was elaborated and highlight some aspects where the integrated use of all
three methods can be demonstrated. The results of the project are disseminated to
Autootive industry in partnership with a set of European Automotive associations.

Keywords: Automotive SPICE, Functional Safety, Lean Six Sigma, Integrated

Approach for Engineering, AQUA - Automotive Knowledge Alliance

1 The AQUA Modular Knowledge Base

AQUA [4] developed an architectural concept that allows focusing on specific core
areas (e.g. Product Development – Life Cycle) and to access an introduction and
proposed best practices from four different views (see Fig. 1):
1. Integrated View
2. Automotive SPICE [6]
3. Functional Safety [9]
4. Six Sigma [7]

This modular strategy (in German “Baukasten”) allows companies to select each
method separately or also to gain an advanced insight into how these methods in fact
are working together in advanced engineering companies.

While there are publications about how to integrate Automotive SPICE with
Functional safety [2],[3],[4], [5], there are no materials available so far about how to
integrate all three methods in an integrated engineering life cycle.
Figure 1: The AQUA Architectural Concept

In the year 2013 the modular structure and a first baseline of the modules have
been developed. Units (U1 to U4) represent main areas of knowledge and skills
elements (e.g. E1) form specific knowledge areas in which an integrated view can be
implemented.

UnitID Unit Name Element ID Element Name

AQUA.U1 Introduction AQUA.U1.E1 Integration view and general part
AQUA.U1.E2 Organisational readiness
AQUA.U2 Product Development AQUA.U2.E1 Lifecycle
AQUA.U2.E2 Requirements
AQUA.U2.E3 Design
AQUA.U2.E4 Integration and Testing
AQUA.U3 Quality and Safety AQUA.U3.E1 Capability
Management
AQUA.U3.E2 Hazard & Risk management
AQUA.U3.E3 Assessment and audit
AQUA.U4 Measure AQUA.U4.E1 Measurements
AQUA.U4.E2 Reliability
Figure 2: The AQUA Training Elements
 Not in all areas of the three methods a synergy can be achieved, and the Fig. 2
illustrates the areas where the AQUA team identified synergy potentials in
engineering.

For each element in Fig. 2 four types of modules exist:

1. From the integrated perspective
2. From the Automotive SPICE perspective
3. From the Functional Safety perspective
4. From the Six Sigma perspective

2 An Integrated Life Cycle Perspective at Start

AQUA decided to use the V-Model as a common known pattern to create a mapping
of the 3 methods on a high level. A V-model published in a book together with
Continental Automotive (Software Engineering nach Automotive SPICE) was used as
an underlying framework.

both trainers and trainees to capitalise on existing training programs in the three
expert areas while providing them convenient and understandable access to the core
vehicular knowledge that links them together. Figure 1 indicates the concept that the
project team has implemented: based on existing established programs in the areas
Automotive SPICE, Functional Safety, and Six Sigma, some specific “linking
elements” have been defined. For each of these elements (e.g. life cycle,
requirements, etc. in Figure 1), new training modules have been developed (“AQUA
Integrated View” in Figure 1), explaining the relevance of key terms related to the
respective element, and how they relate to the specific (vernacular) terms used in the
three expert areas. Thanks to this modular architecture, companies can compose
trainings that correspond to their specific needs in terms of building up capacities
fostering the integrated treatment of quality and risk aspects in their specific
organisations.

Reference: Software Engineering nach Automotive SPICE – Ein Continental

Projekt auf dem Weg zu Level 3

Figure 3: Automotive SPICE based Implementation of the V-Model on System Level

Starting from this V-Model it is straightforward to overlay the existing Automotive

SPICE processes with specific ISIO 26262 (Functional safety) related results (see Fig.
3). This was in fact discussed and published in safety management related papers at
EuroSPI 2012 and EuroSPI 2013 [2], [3], [5].
Figure 4: Functional Safety based Implementation of the V-Model on Systems Level

In project planning the safety life cycle must be planned as well. In system
requirements the safety goals from the hazard and risk analysis and the counter
measures from the FMEDA are considered and a Functional Safety Concept is
created. In systems design the functional safety concept is refined into a set of
technical safety requirements and a technical safety concept.
Usually in recent Automotive projects extra release levels 1 to 4 have been added,
with 1 meaning the release for bench test, 2 meaning the release for test driver on
inner circuit, 3 meaning test driver on road and 4 meaning the normal driver on the
road.
However, if you have already an Automotive SPICE based traceability of
requirements in place this only means additional filters for safety requirements and
level releases. The main concept of traceability stays the same.

Also we asked the Six Sigma experts to position them in this framework, and the
result is shown in Fig. 5. In Six Sigma the management of the improvement project
follows the DMAIC (Define – Measure – Analyze – Improve – Control) and
DMADV (Define - Measure - Analyze - Design – Verify) cycles. Six Sigma tools
like QFD (Quality Function Deployment) and VOC (Voice of the Customer) help in
identifying the customer requirements which have the highest impact on success. For
systems design the DFMEA (Design FMEA) helps to analyze potential malfunctions
and causes. It defines counter measures in turn that help to increase the product
reliability. A method like DOE (Design of Experiments) helps in system design to
analyze the dependency of design parameters and decide about optimized design
parameters which have an impact on e.g. reliability and quality.

Figure 5: Mapping of Selected Six Sigma Tools / Methods onto the V-Model on
Systems Level

This integrated V-Model view leads to the conclusion that it is possible to set up an
integrated engineering life cycle in which areas where the three methods overlap can
identified and a more integrated automotive quality engineering approach can be
used.

3 Integration Aspects on a Technical Level – Example Systems

Design

Systems Design (AQUA U2.E3) is only one core element where an integrated view
can be implemented. In total we created 11 such views in AQUA.
Experts from Automotive SPICE, functional safety and Six Sigma started from the
integrated V-Model view and elaborated a set of best practices to be represented in a
systems design which would satisfy all 3 methods.
Each of the three methods expects a specific life cycle in the design (see Fig. 6): 1 -
Blue (Automotive SPICE), 2 – Green (Six Sigma), and 3 – Red (Functional Safety).
Figure 6: Specific Life Cycle Understanding per Method

An integrated design approach then requires:

 A function-oriented design view in all three life cycle aspects
 A consideration of the complete system in terms of
o Software
o Hardware (E/EE/PE)
o ALL THE REST (mechanics, hydraulics, etc.)
 Embedded, integrated iterations of 1-blue (ASPICE) and 3-red (Functional
Safety) design cycles for safety critical functions
 Embedded, integrated iterations of 2-green (DfSS – Design for Six Sigma)
and 1-blue (ASPICE)/2-red (Functional Safety) design cycles on system
level

Fig. 7 explains this integrated approach using the example of an electronically

controlled damper system in cars.

An adaptive damping system is a safety-critical item consisting of several systems

and subsystems. Special design measures have to be taken to assure a certain defined
quality and reliability of the whole signal path that is related to the adaptive damping
function. E.g. an architectural design decision has been taken to use a redundant
analogue damping pressure signal in addition to the digital signal on the FlexRay bus
is a system-level design decision that has to be integrated in the whole system-level
design cycle ( 3-red cycle embedded in the 1-blue cycle).

The consistent and reliable choice of the pressure sensors requires DfSS methods
(failure rate/FIT determination and verification), as well as a DOE to analyse the
dependency of design parameters. That means, there is a 2-green cycle linked to the
3-red cycle, and therefore also influencing design decisions.
Both 1-blue (ASPICE) and 2-red (Functional Safety) cycles are integrated in a 2-
green (DfSS) cycle to assure the continuous improvement of the design parameters.
 Another typical example of a link between Six Sigma (2-green), Functional safety
(3-red), and Automotive SPICE (1-blue) cycles is that Six Sigma delivers FMEA
results which become requirements to be traced in ASPICE, and lead to implemented
counter measures to avoid hazards in functional safety.

Figure 7: Example Design Integrating Aspects of all 3 Methods

The conclusion is that in Automotive projects developing HW/SW/Mechanics it is

required to integrate aspects of all three methods to assure that all functions are
complete and tracked (Automotive SPICE), all functions and design measures to
avoid hazards and to achieve safety are implemented (Functional safety), and that the
dependency of design parameters is understood to assure a reliable product as well
(Six Sigma).

4 Influencing the Future PEPs – Product Engineering Process

AQUA did not only develop examples in technical areas where all three methods
are integrated. AQUA also analyzed the impact of the integrated view on the overall
product engineering process life cycle.
 Here we differentiate between different views again:
 Timeline View
 Components View
 Level of Detail View

Fig. 8 illustrates the timeline view and the typical scope of the methods.
Automotive SPICE and Functional safety are mainly used in the development till the
SPO. Six Sigma is mainly used in the production but offers many tools (DFSS, DOE,
QFD, etc.) which help in the engineering process (therefore an overlapping of the
phase is shown).

Figure 8: Integrated Product Engineering Process (PEP) – Timeline View

In Fig. 9 typical components of a steering system are illustrated and which method
directly influences the design of which type of component in such an integrated
Automotive engineering product.
Automotive SPICE focuses on system and software requirements and their
traceability. Functional safety focuses on the hardware and software components in
the system. And Six Sigma focuses on the whole product and mostly mechanical
parts.
Figure 9: Integrated Product Engineering Process (PEP) – Components View

Fig. 10 illustrates that in many parts Functional Safety uses the terminology and
traceability aspects of Automotive SPICE. However, functional safety also looks at
the methods used and reviews the product itself (not only the process). In Fig. 10, for
instance, we highlight that Automotive SPICE would expect a software architectural
design, while Functional Safety would also check the design methods used and if the
design itself fulfils specific criteria (e.g. freedom of interference of safety critical
functions/code).
Figure 10: Integrated Product Engineering Process (PEP) – Level of Detail View

5 Outlook: future Automotive Quality Manager Certifications

AQUA developed 41 knowledge modules for 11 elements of knowledge. In

particular, the integrated views introduced by AQUA are an innovative, practicable
input to future engineering strategies in Automotive.

In 2014 - in the course of the AQUA project1 - training and workshops are offered
to Automotive industry by partnering Automotive Clusters of Austria, Slovenia, and
the Czech Republic. This will lead to a further refinement of the knowledge modules.

Automotive Quality Managers will be offered an AQUA certificate which is

managed by the European Certification and Qualification association
(www.ecqa.org).

The certification is based on the AQUA skills set (developed in 2013) and a set of
exam questions managed by the exam systems of ECQA.

1http://automotive-knowledge-alliance.eu/
6 Acknowledgements for EU Project & SOQRATES Group

The AQUA project is financially supported by the European Commission in the

Leonardo da Vinci part of the Lifelong Learning Programme under the project
number EAC-2012-0635.
This publication reflects the views only of the authors, and the Commission cannot
be held responsible for any use which may be made of the information contained
therein.

We are grateful to the experts who have contributed to the SoQrates Design AK
and Safety AK: A. Kaufmann, W. Aschenberger, H. Zauchner (KTM Motorsport), O.
Bachmann (SIBAC), S. Habel, I. Sokic, R. Dreves (Continental Automotive), F.
König, H. Galle, P. Hagenmeyer (ZF), A. Much (Elektrobit), L. Borgmann (HELLA),
K. Dussa-Zieger, B. Sechser (Methodpark), P. Schmidt-Weber (EPCOS), A. Riel
(EMIRAcle), and D. Ekert, R. Messnarz (ISCN).

7 References

[1] Automotive Cluster Austria, AC Quarterly Magazine, 02-2012

[2] Andreas Riel, Ovi Bachmann, Klaudia Dussa-Zieger, Christian Kreiner,

Richard Messnarz, Risto Nevalainen, Bernhard Sechser, and Serge Tichkiewitch
(2012) EU Project SafEUr - Competence Requirements for Functional Safety
Managers, in Dietmar Winkler, Rory V. O'Connor, Richard Messnarz (eds), Systems,
Software and Services Process Improvement, Communications in Computer and
Information Science, CCIS 301, Springer, 2012.

[3] Richard Messnarz, Frank König, Ovi Bachmann (2012) Experiences with Trial
Assessments Combining Automotive SPICE and Functional Safety Standards, in
Dietmar Winkler, Rory V. O'Connor, Richard Messnarz (eds), Systems, Software and
Services Process Improvement, Communications in Computer and Information
Science, CCIS 301, Springer, 2012.

[4] Richard Messnarz, Christian Kreiner, Andreas Riel, Damjan Ekert, Michael
Langgner, Dick Theisens, Automotive Knowledge Alliance AQUA – Integrating
Automotive SPICE, Six Sigma, and Functional Safety, in Fergal Mc Caffery, Rory V.
O'Connor, Richard Messnarz (eds), Systems, Software and Services Process
Improvement, Communications in Computer and Information Science, CCIS 364,
Springer, 2013.

[5] SOQRATES Safety Team, Richard Messnarz, Hans-Leo Ross, Stephan

Habel, Frank König, Abdelhadi Koundoussi, Jürgen Unterrreitmayer, Damjan Ekert,
 Integrated Automotive SPICE and safety assessments (p 279-288), in Wiley SPIP,
Volume 14 Issue 5, September 2009

[6] Automotive SPICE, www.automotive-spice.com, an international standard

used in Automotive industry

[7] Dick Theisens, How Green is your Black Belt, in Andreas Riel, Rory V.
O'Connor, Serge Tichkiewitch, Richard Messnarz (eds), Systems, Software and
Services Process Improvement, Communications in Computer and Information
Science, CCIS 99, Springer, 2011.

[8] Richard Messnarz, Miguel Angel Sicilia, Michael Reiner, Europe wide
Industry Certification Using Standard Procedures based on ISO 17024, in:
Proceedings of the TAEE Conference in Vigo Spain, Publisher IEEE, June 2012

[9] ISO 26262, Road vehicles — Functional safety

[10] SOQRATES Initiative, www.soqrates.de

[11] HIS, www.his-automotive.de

View publication stats