The modern automobile is a rolling ecosystem of complex electronic and electrical systems. With great complexity comes great challenges, particularly for those whose job it is to guarantee that these systems will not fail on the road. For the safety manager or the executive overseeing functional safety in automotive software development, the cornerstone of this guarantee is the international standard ISO 26262.

If you are the person responsible for complying with this standard and ensuring that your software development tools comply with the industry, you know the feeling. You’re not just dealing with hundreds of pages packed with technical details, you’re also tasked with generating extensive compliance documentation, resulting in an overwhelming workload. The question that immediately arises is not if you need to comply, but "Where do I start?" and "How do I start?".

The adherence to a standard like ISO 26262, which addresses possible hazards caused by the malfunctioning behavior of vehicle electronic systems, is mandatory for anyone placing an automobile on the streets. Yet, the complexity of developing a safety-critical product requires a methodical, detailed approach that guarantees every single aspect of the standard is covered.

This is the first and critical step in the journey to functional safety compliance. At this stage, the Tool Readiness Check (TRC) functions as a pivotal pre-flight inspection for your toolchain, helping ensure your development process is complete, properly aligned, and fully prepared for compliance.

The Standard is Not the Destination, It’s the Map

The Standard is Not the Destination, It’s the Map

Think of ISO 26262 not as a final destination, but as the comprehensive flight plan for a long-haul intercontinental journey. The flight is mandatory. The route is predefined. Every checkpoint, altitude change, weather corridor, and emergency procedure is documented, but standing in front of that detailed flight plan can feel overwhelming.

Before the aircraft even leaves the gate, you need absolute clarity about the condition of your aircraft, your software development environment.

This is the fundamental problem that the industry faces: a gap between the mandatory, rigorous requirements of a functional safety standard and the practical, day-to-day reality of a software development toolchain.

In the world of safety-critical automotive development, compliance is not just about writing clean code; it’s about proving that the entire system used to create that code is trustworthy. The standard requires proof that your software development tools like compilers, static analyzers, and testing frameworks are reliable and will not introduce or leave undetected errors into the safety-critical system.

In aviation, no aircraft would be cleared for takeoff without validated navigation systems, verified instrumentation, and certified control software. The same principle applies here.

The consequence that the product includes an undetected error could lead to a fatal outcome, representing the worst-case scenario. However, the consequences of non-compliance can also lead to considerable financial impacts such as liability exposure, and failure to meet contractual obligations from OEMs and Tier 1 suppliers.

The most successful teams view ISO 26262 as a framework for delivering better products, not just a regulatory hurdle. But to achieve that success, you must have a logical starting point. Your Tool Readiness Check!

This assessment was developed to evaluate your development tools against the standard and outline the measures necessary for achieving compliance.

Dr. Oscar Slotosch
Co-Founder and Executive Board Member of Validas

Identifying the Gaps

Identifying the Gaps

The most efficient way to start any complex journey is to identify where you are right now relative to where you need to be. You need a reliable diagnostic.

Imagine you are a pilot preparing for a flight. You wouldn't skip the Pre-Flight Checklist just because the maintenance manual is thousands of pages long. The checklist is a simplified, structured, and mandatory process designed to catch critical failures before takeoff.

The Tool Readiness Check is precisely this kind of crucial, preliminary checklist for the safety manager. It is a simple method where experts guide you through a fast check of your toolchain to determine whether it is safe for developing safety-critical software according to ISO 26262. It serves as a necessary first entry point into the topic of tool qualification.

This process is about identifying the gaps, the areas where your current tools or their use cases fall short of ISO 26262 compliance requirements. Without this diagnostic, you are left to examine the standard page by page, trying to reverse-engineer your compliance strategy.

Learn more about the Tool Readiness Check.

Decoding the Alphabet Soup: ASIL, TCL, and the Toolchain

Decoding the Alphabet Soup: ASIL, TCL, and the Toolchain

To understand the core of the Tool Readiness Check, we must briefly review the two key concepts it addresses: the level of safety required and the level of trust you can have in each of your tools.

Automotive Safety Integrity Level (ASIL)

The ISO 26262 standard introduces the Automotive Safety Integrity Level (ASIL), a risk classification system from A (least stringent) to D (most stringent). This level is based on the severity of potential injury, the exposure to the hazard, and the controllability.

The level determines how rigorous safety requirements must be verified. A failure in a component classified as ASIL D such as a critical steering or braking system poses the highest risk of catastrophic failure and therefore requires the highest rigor in its development. The higher the ASIL, the more stringent the development process and tool requirements become.

Typical Automotive ASIL Classifications

Tool Confidence Level (TCL)

This is where your development tools come into play. If a tool malfunctions, it can potentially corrupt your safety-critical system, leading to the violation of a safety requirement. To manage this risk, ISO 26262 assigns a Tool Confidence Level (TCL) to each tool, ranging from TCL1 to TCL3.

  • TCL1: If a tool has no safety impact or its malfunctions can be mitigated, qualification isn’t required, though the documentation of the evidence (no safety impact or completeness of the mitigations) is still needed for TCL1 classification.

  • TCL2 & TCL3: The tool impacts product safety, and its potential malfunctions cannot be mitigated with high probability. Therefore, tool qualification is mandatory.

The goal of the safety manager is to ensure that, for a given ASIL, the tools used to support the required safety activities possess the required confidence (TCL) and that the necessary mitigations or tool qualifications have been applied. If you have a tool that is required to be TCL3, but no qualification evidence exists, you have a massive, undetected risk in your process. This is precisely the kind of gap the Tool Readiness Check is designed to find.

The Validas Tool Readiness Check: A Focused Diagnostic

The Validas Tool Readiness Check: A Focused Diagnostic

So, what does this essential first step actually look like?

The Validas Tool Readiness Check (TRC) is a focused, streamlined, and complimentary consultation with functional safety experts. It is designed specifically to cut through the complexity of the ISO 26262, Part 8, Clause 11 requirements, which specifically governs software tool qualification.

The process is built around three simple steps:

  1. Expert Consultation: You engage in a focused, 30-minute online session with a Validas expert. This is a guided conversation designed to understand your specific development environment and processes.

  2. Custom Spreadsheet Assessment: The expert guides you through a specially designed spreadsheet that serves as a baseline to understand your case. This spreadsheet maps your current tools as well as the processes you use to cover the specific requirements of the ISO 26262 standard. For every tool, you can classify its state whether it is certified, it is a TCL1 tool with a safety manual, or an unclassified tool. An example of this spreadsheet is shown below.

  3. Gap Identification: Based on the input, the check immediately helps you confirm readiness and pinpoint the crucial gaps in your process. If you have a tool provider that claims TCL1 trust but provides no safety manual, the TRC will flag this as a problem that needs to be judged and addressed.

The Tool Readiness Check is a swift, efficient diagnostic. It is neither a full classification nor a qualification, it is simply an offering to get an initial overview. It is designed to reveal where you may be missing required activities or the mandatory required confidence level in some of your tools.

This approach allows you to step away from the panic of the hundreds of pages of the standard and immediately gain an objective, expert-driven perspective on your compliance status.

Custom Spreadsheet Assessment

Ready to Find Your Starting Point for ISO 26262 Compliance?

Ready to Find Your Starting Point for ISO 26262 Compliance?

Check out dedicated podcast episode featuring Dr. Oscar Slotosch, where he introduces Validas' Tool Readiness Check (TRC).

Schedule your complimentary Tool Readiness Check today to get a clear map of your compliance status and actionable next steps. Best of all? It's available free of charge.