Functional Safety (ISO 26262)
Long-cycle design programs where IP, foundry, and ecosystem partnerships execute against tapeout and market windows.
Inside this journey
-
Pre-Discovery
Align the room on outcomes, decision process, and constraints before deeper discovery.
-
Stakeholder Alignment
Confirm decision roles, program timelines, ASIL targets, and what ‘qualified’ looks like for each stakeholder.
Alignment Questions
Getting Comfortable — Tell Us About Your Program
- What is the program name or vehicle project code we should reference?
- What is your role on this program and what decision authority do you hold for semiconductor selection?
- Which phase best describes where the ECU program currently sits?
- What ASIL target(s) are you aiming to meet on this ECU?
- What is your target qualification window for selecting and qualifying the silicon (months)?
If We Don’t Nail Safety, What Keeps You Up at Night?
- If the semiconductor we pick under-delivers on safety metrics, what is the worst outcome you’re trying to avoid?
- How often have past supplier safety gaps caused schedule slips or extra work on your projects?
- Which safety-related issues cause the most stress for your team (pick the top 3)?
- When qualification problems arise, how does it usually feel for you and your stakeholders—annoyance, panic, resigned acceptance?
- Tell us about a specific time a hardware safety gap forced redesign or rework—what happened and what was the impact?
Walk Me Through Your Current ECU Safety Story
- What is the current ECU architecture and where would our device sit (MCU domain, domain controller, zone controller, gateway, other)?
- Which onboard redundancy or monitoring schemes are already implemented or planned?
- What is the status of your FMEDA for this ECU today?
- Which failure modes or components in the current design worry you most (be specific: processor, memory, sensors, comms, power, etc.)?
- Do you have supplier or OEM constraints we must work within (approved toolchains, certified OS/libraries, preferred vendors, security/functional safety overlap)?
Assumptions We Rely On — Are They Real?
- We often assume vendor FMEDA numbers translate directly to system risk — how comfortable are you relying on vendor-provided safety metrics without customization?
- What single-point fault metric have you budgeted for at the system level (orders of magnitude)?
- What latent fault metric target are you expecting to achieve or demonstrate?
- What diagnostic coverage percentage is your safety case counting on from the MCU and associated SW?
- How much of the FMEDA customization do you expect your team to own versus the silicon vendor (pick the closest match)?
Where Supplier Evidence Falls Short
- When vendor packages miss the mark, what specific evidence gaps are most damaging to your safety case?
- Which delivered artifacts are non‑negotiable for your qualification process?
- Have you encountered vendor FMEDAs that you couldn't trust? If so, what specifically raised red flags?
- How important is vendor participation in OEM audits, lab witness tests, or joint validation sessions to your decision?
- What format or level of detail do you need in the safety manual (high-level guidance, line-by-line diagnostic assumptions, toolchain details)?
What Would Passing Qualification Actually Feel Like?
- Imagine the OEM signs off tomorrow — what evidence or outcome would make you confident it was a genuine success?
- Which specific OEM acceptance criteria matter most (FMEDA alignment, diagnostic coverage proof, field MTBF data, integration test results)?
- Who within the OEM/Tier‑1 organization will be the ultimate signatory on the safety case?
- What would immediate downstream benefits look like for your team after qualification (reduced rework, faster bring-up, fewer field issues)?
Tradeoffs You're Willing to Make
- If we could improve single‑point safety by an order of magnitude but it added 3 months to delivery, how would you react?
- Which of these tradeoffs would you prioritize to protect program schedule?
- Which elements are truly non‑negotiable for you (cannot be compromised regardless of time/cost)?
- How flexible is your budget if additional supplier-led testing or customization is required to close safety gaps?
How Would You Prefer We Work Together—Fast Start or Iterative Partnership?
- If we agreed to work together this month, what would be the fastest way to demonstrate meaningful progress in 30 days?
- Which engagement model do you prefer for closing safety evidence gaps?
- Who should be our technical point of contact and who is authorized to make commercial agreements?
- What kind of cadence do you want between our teams (weekly syncs, biweekly review, milestone checkpoints only)?
- When are you available for a 60‑minute kickoff workshop to map out the FMEDA customization and qualification plan?
Practical Inputs — Lab, Data, and Permissions We’ll Need from You
- What lab access or test facilities can you provide or grant for qualification activities (in‑house lab, OEM lab, third‑party lab)?
- Which sample quantities and lead times are acceptable for your schedule (prototype qty, pre‑qualification qty, production samples)?
- What file formats and tooling outputs do you require for evidence handover (PDF safety manual, FMEDA in Excel, tool export files, raw test logs)?
- Who will own the customization inputs for FMEDA (failure rates, environment, mission profile) and can you commit to delivering them within the first 30 days?
Final Commitment Signals — What Lets You Move Forward?
- What are the top three signals you need from a vendor to feel comfortable moving to a mutual commercial commit?
- How important are formal SLAs around safety support, artifact delivery, and lifetime change management to your procurement decision?
- Would a jointly agreed milestone plan tied to OEM qualification windows increase your confidence to select a vendor? If yes, what milestones matter most?
- Is there anything else—political, technical, or programmatic—we should know before proposing a scope and commercial terms?
-
Current State Mapping
Document existing ECU architecture, failure modes, FMEDA gaps, and supplier/OEM qualification constraints.
Current State
Getting Comfortable: Who's in the Room?
- Which role best describes your primary responsibility on this ECU program?
- Which ECU or product family are you evaluating right now? (part numbers, generation, or internal code names welcome)
- What ASIL target(s) are you working toward on this program?
- What is your target qualification window for selecting and qualifying the semiconductor (months to SOP)?
- Who outside your team will influence acceptance of the safety case (OEM, Tier-1, safety reviewers)? List groups and primary contacts if known.
What Would Be Devastating If We Missed It?
- If the ECU misses its ASIL acceptance late in the program, how would that change the program outcome?
- Tell us about a past program where qualification slipped — what specifically broke down and how long did recovery take?
- Which safety metrics, if unmet, create immediate escalation at your OEMs (pick the top two)?
- Who in your organization feels the political or financial pain first when qualification drags — and how do they express it?
- How long are you willing/able to compress the qualification timeline before you need to reprioritize the program?
If You Could Be Honest About Your ECU, What Would You Say?
- What about your current ECU architecture worries you more than you admit?
- Describe the key hardware elements right now: CPU cores (lockstep or single), ECC use, safety islands, power domains, and any safety monitor units.
- Which failure modes have you already identified in your system-level analysis?
- Where do you see the biggest FMEDA gaps today (assumptions, missing diagnostics, dependent failures, or traceability)?
- How long have these failure-mode or FMEDA gaps been present in your design history?
When the FMEDA Is Questioned, What Happens Next?
- If asked 'Is the FMEDA defensible to our OEM today?', which part of that sentence gives you pause?
- Which FMEDA deliverables are missing or require vendor customization for your safety case?
- What kinds of evidence have OEMs pushed back on most often in prior reviews?
- How long does it typically take to get OEM acceptance once you provide a revised FMEDA or additional evidence?
- When FMEDA questions come up, who in your team takes ownership and how does that feel (stress, overwhelm, neutral)?
Imagine the Safety Package That Actually Calms Everyone
- If you could guarantee one measurable safety metric to your OEM tomorrow, which would move the needle most for the program?
- Describe what an ideal supplier FMEDA + safety manual package looks like for you (format, depth, artifacts, and handover expectations).
- Which certified software and middleware bundles are must-haves for your integration?
- What SLA commitments would make you comfortable (evidence delivery times, technical response time, onsite support)?
- What trade-offs would you accept between time-to-qualification, cost, and level of delivered evidence?
Barriers Between Us — Where We Need to Push Harder
- What's the single supplier behavior that has derailed previous qualifications for you?
- Which contractual or procurement constraints limit how deeply a supplier can engage (choose all that apply)?
- How flexible do you need FMEDA assumptions to be so they map to your system-level safety case?
- Are there internal approval gates (legal, safety board, program review) that routinely require rework of supplier evidence? If yes, who and how often?
- How do you prefer negotiated deviations or assumption changes to be recorded and approved?
Deciding Together: What Would Make This Partnership Feel Confident?
- What's an absolute deal-breaker that would prevent a vendor from being selected for your BOM?
- What minimum set of artifacts must we hand over in the first 90 days to keep you moving toward internal approval?
- What milestones and dates would you want in a mutual commit to feel the program is protected (list target dates and acceptance gates)?
- Which stakeholders should be present for the next technical review or evidence walkthrough?
- Are there constraints (lab access, reference designs, NDA, export restrictions) we should resolve before hands-on qualification?
-
-
Outcome Discovery
Define measurable success signals: ASIL target, single-point and latent fault metrics, diagnostic coverage, and schedule constraints.
Discovery Questions
Start Here: The One Outcome That Changes Everything
- What single, measurable outcome would make this program a clear success for your team?
- Which ASIL target are you designing toward on this ECU?
- Why is that ASIL target the right one for this function? Tell us the program or vehicle consequence if you miss it.
- How will your organization quantitatively measure success (pick all that apply)?
If the ECU Isn’t Safe Enough, What Actually Breaks?
- Imagine the OEM review finds the hardware safety metrics insufficient — what program-level consequences would you expect?
- What single-point and latent fault thresholds does your OEM or integrator expect (give numbers or ranges)?
- Tell us about any historical failures, recalls, or near-misses that still influence how strict your safety bar is today.
- Who inside your organization feels the consequences most acutely when safety metrics miss the mark? (Roles)
How Far Is Your Current Design From Passing the Bar?
- Tell us the current, documented SPFM and LFM (or PFHd) for the ECU—what do your FMEDA numbers say today?
- Which parts of your current FMEDA feel incomplete or weakest?
- How confident are you in the current diagnostic coverage numbers—are they modeled, measured, or assumed?
- If you had to pick the top two technical gaps between today and the target metrics, what would they be?
What Would Make the OEM Say ‘Yes’—Really?
- What artifacts or demonstrable evidence does the OEM require for hardware acceptance (select all that apply)?
- Are there explicit numeric acceptance criteria from the OEM (for SPFM, LFM, PFHd, diagnostic coverage)? If yes, please state them.
- How much weight does the OEM put on vendor-provided evidence vs. in-house testing?
- What format and level of traceability do they insist on for FMEDA inputs (e.g., component-level fault rates tied to supplier datasheets)?
Timing — The Quiet Risk You Can’t Ignore
- What is your firm qualification window for this program (months until OEM sign-off or production freeze)?
- Which milestones have hard dates that cannot move (e.g., prototype ship, vehicle integration, supplier selection)?
- If safety evidence is late by one quarter, what is the most likely impact?
- How much calendar flexibility do you realistically have to iterate on FMEDA or run additional tests if initial numbers fall short?
Who Signs the Check and Who Carries the Risk?
- Who is the final decision-maker for component qualification (role/title)?
- Who on your team will be the day-to-day point of contact for FMEDA customization and evidence requests?
- Which internal teams must approve the safety metrics and documentation before the decision-maker signs off?
- How do internal politics or competing program priorities typically affect safety decisions on your projects?
The Trade-offs You’re Willing (or Not Willing) To Make
- If achieving your ideal SPFM/LFM requires a more expensive silicon variant, how would you evaluate that trade-off?
- Which compromises are non-negotiable for you (pick up to two)?
- Would you be open to phased acceptance (e.g., initial ASIL-C evidence with roadmap to ASIL-D) to meet schedule constraints?
- What are acceptable interim milestones that would keep your program moving if final metrics take longer?
Evidence, Support, and the Kind of Partnership That Changes Outcomes
- What specific supplier commitments would materially increase your confidence in the device (pick all that apply)?
- How important are pre-built certified software packages (e.g., AUTOSAR MCAL, safe runtimes) to compressing your timeline?
- What turnaround time do you expect for supplier responses to safety evidence requests during the qualification window?
- Describe the minimum handover artifact set that would allow your team to proceed with system-level safety case work.
Small Tests That Prove Big Things — What Would You Run First?
- If you could run one focused validation to validate a critical safety claim, what would it be (and why)?
- Which lab capabilities are essential for that test (select all that apply)?
- What numeric pass/fail thresholds would you apply to those tests (e.g., diagnostic detection percentage, error rates)?
- How willing are you to share test vectors, failure logs, or field data with a vendor under NDA to accelerate root-cause analysis?
Decision Mechanics — How This Actually Gets Approved
- After we provide targeted evidence, what are the next concrete steps your team follows to reach a final supplier decision?
- What are the top three acceptance criteria that must be explicit in the safety package for you to move to purchase or qualification?
- Who needs to see vendor evidence (internal or OEM reviewers) and in what order?
- What would accelerate your decision timeline (e.g., joint lab demo, reference integration, signed SLA)?
Final Check — Are We Aligned on What Success Looks Like?
- Summarize in one sentence the top three measurable signals you need to sign off on this device.
- What remaining unknowns or blockers would we need to clear in the next 30 days to keep you on track?
- Would you like us to propose a targeted pilot (artifact + test + timeline) based on the answers above?
- Preferred contact for the pilot scoping conversation (name, role, email/phone) or indicate if you prefer an NDA first.
-
Solution Experience
Walk through how the device, FMEDA, and supplier support address the customer’s safety gaps using a real ECU scenario.
Experience Meetings
- Experience Pre-Work & Current State Confirmation
- Real ECU Scenario: Device-to-System Safety Walkthrough
- FMEDA Customization & System FMEDA Integration
- Supplier Support, Evidence Handover & Qualification Readiness
- Decision & Next Steps: Validation, Owners & Commitment
Issues & Enhancements
- Align qualification milestones to the customer's program timeline and surface critical dependencies.
- Review Baseline FMEDA Assumptions
- Align on the FMEDA assumptions to be used for the customer's ECU and capture deviations from the baseline.
- Identify and prioritize FMEDA gaps that must be closed to meet the ASIL target.
- Agree the owner responsibilities and timeline for a customized FMEDA draft delivery.
- Customer to provide component-level failure rates, mission profiles, and any OEM constraint documents needed to customize the FMEDA.
- Seller to deliver a first-pass customized FMEDA and an assumptions matrix for review within the agreed timeline.
- Both parties to schedule an FMEDA review workshop to iterate to final acceptance.
- Review Safety Documentation Package
- Produce a mutually agreed artifact handover matrix with dates and owners.
- Define the supplier support level and SLAs that will be active during the qualification window.
- Introductions & Objectives
- Seller to provide a formal evidence handover matrix and sample artifact package (safety manual excerpt, FMEDA sample pages, certified SW list).
- Customer to confirm qualification window dates, lab access constraints, and OEM submission deadlines.
- Both parties to finalize SLA language for engineering support during qualification and publish contact/escalation list.
- Summary of Evidence & Outcomes
- Secure explicit customer validation that the Solution Experience demonstrates the needed future-state outcomes.
- Assign clear owners and dates for the remaining FMEDA customization, lab verification, and artifact handover.
- Define the sign-off triggers that move the engagement to the next commercial and qualification stages.
- Customer to provide formal validation note (email or slide) confirming that the demonstrated outcomes meet the defined future state.
- Seller to produce a consolidated delivery schedule (FMEDA draft, artifacts, lab dates) and circulate for confirmation.
- Both parties to sign and store a mutual commitment checklist that lists acceptance criteria, owners, and milestone dates.
- Produce and agree a single-sentence current state that will drive the Solution Experience.
- Surface and quantify the costs/risks of the current state to create urgency.
- Define a one-sentence future-state outcome against which proof will be measured.
- Agree the artifact list and owners so the scenario walkthrough can be evidence-based.
- Customer to provide ECU block diagrams, existing FMEDA, failure logs, and program milestones within 5 business days.
- Seller to prepare a draft 'one-sentence current state' and 'one-sentence future state' based on discovery notes and circulate for confirmation.
- Schedule the ECU Scenario Walkthrough and reserve 90 minutes for hands-on proof with listed artifacts available.
- Scenario Recap & Acceptance
- Demonstrate, with FMEDA numbers, how the device reduces single-point and latent metrics in the customer's ECU scenario.
- Agree a prioritized set of failure-injection tests and validation criteria for the scenario.
- Obtain explicit customer confirmation that the demonstrated outcomes match their definition of 'better'.
- Identify any remaining unknowns that require lab testing or additional FMEDA tailoring.
- Seller to deliver a scenario-to-FMEDA mapping document showing before/after metrics and assumptions within 3 business days.
- Customer to approve the failure-injection test vectors and nominate test owners and lab access dates.
- Schedule hands-on failure injection and diagnostics verification session in the lab (include timeline and resource owners).
- Evidence Handover Matrix
- Outstanding Risks & Mitigations
- One-sentence Current State
- Map Safety Gaps to Device Capabilities (Diagnosis)
- Map FMEDA Items to ECU Components
- Action Plan, Owners & Timeline
- Explicit Consequence Quantification
- Identify Dependent Failures & Gaps
- FMEDA Evidence Applied to Scenario (Proof)
- Support Model & SLAs for Qualification
- Qualification Milestones & Dependencies
- Agree FMEDA Inputs, Customization Plan & Timeline
- Diagnostics & Failure Injection Plan (Proof & Validation)
- Define One-sentence Future State
- Mutual Commitment & Sign-off Triggers
- Schedule Kickoff for Qualification Activities
- Tiebacks & Customer Validation
- Validation & Sign-off Criteria
- Pre-work & Artifact Checklist
- Validation & Acceptance Criteria
- Validation Checkpoint & Next Steps
-
Solution Scope
Specify hardware variants, safety documentation deliverables (safety manual, FMEDA, DFA), certified software packages, and engineering support levels.
Scope Configuration
- Ship Safety Manual and FMEDA Package
- Deliver Dependent Failure Analysis Report
- Provide ISO 26262 certified Runtime Libraries
- Supply AUTOSAR MCAL Board Support Package and Drivers
- Deliver Devices with Lockstep CPUs Enabled
- Provide ECC Memory Protection Documentation and Maps
- Ship Built-In Self-Test (BIST) Firmware Image
- Deliver Integrated Hardware Safety Monitoring Unit
- Provide Certified Secure Boot and Bootloader Images
- Supply Diagnostic Library and Fault API
- Deliver Silicon Test Vector Suite for Validation
- Provide Safety Argument Templates and Evidence Matrix
Scope Questions
Ship Safety Manual and FMEDA Package
- What ASIL target(s) must the safety manual and FMEDA explicitly support?
- Which FMEDA detail level do you require (element-level, system-level, or both)?
- What delivery formats are required for the manual and FMEDA (e.g., editable source, PDF, spreadsheet)?
- Do you require revision-controlled artifacts (e.g., Git tags, versioned PDFs) and a change log?
- Are there specific OEM or Tier‑1 FMEDA templates or column mappings we must follow?
- What is your target delivery date relative to your program qualification window (e.g., weeks before test start)?
Deliver Dependent Failure Analysis Report
- Which dependent-failure modes must be assessed (e.g., common-mode, common-cause, shared resources)?
- Do you require supplier-chain dependent failure coverage (supplier part cross-checks and dependent failures across tiers)?
- What level of quantitative modeling is required for dependent failures (qualitative narrative, semi-quantitative, probabilistic)?
- Should the report include mitigation recommendations and design changes to reduce dependent-failure risk?
- Do you need the dependent failure report integrated with the FMEDA tables (cross-referenced by item ID)?
- Are there specific OEM assessment forms or checklists that the DFTA output must satisfy?
Provide ISO 26262 certified Runtime Libraries
- Which runtime libraries do you require (e.g., safe math, memory management, diagnostic runtime)?
- What certification evidence must accompany the libraries (certification reports, module test vectors, certificate numbers)?
- Do you require source code access, object binaries, or both for integration and review?
- Which development environment and toolchain must the libraries be compatible with (compiler versions, RTOS, AUTOSAR)?
- What ASIL decomposition/qualification approach is expected for these libraries (ASIL-lift, safety element out of context, etc.)?
- Do you require maintenance and patch SLAs for certified runtime libraries (emergency fixes, periodic updates)?
Supply AUTOSAR MCAL Board Support Package and Drivers
- Which AUTOSAR release/version must the MCAL conform to?
- Which MCAL modules/drivers are required (e.g., ADC, CAN, SPI, I2C, PWM, DMA)?
- Do you require board-specific BSP customization (pin mappings, clock tree config, power domains)?
- What validation artifacts are required with the BSP (unit tests, integration tests, sample apps)?
- Do you need timing and performance characterization for drivers (latency, jitter, worst-case execution)?
- Will the MCAL be integrated into an AUTOSAR stack provided by you or by us (who owns integration)?
Deliver Devices with Lockstep CPUs Enabled
- Which device variants and package options are needed (part numbers or functional descriptions)?
- Do you need lockstep enabled by default (fused) or configurable in-field (e.g., via fuses/OTP)?
- How many prototype, validation, and production units do you require and on what schedule?
- Are there specific environmental or qualification grades required (AEC-Q100, temperature ranges, automotive grade)?
- Do you require device-level safety configurations and default fuse maps documented?
- Do you need vendor-run device bring-up or on-site support for lockstep verification?
Provide ECC Memory Protection Documentation and Maps
- Which memory regions require ECC coverage (flash, SRAM, RAM, registers, MMIO)?
- Do you require bit-level memory maps and ECC syndrome handling documentation?
- What scrubbing strategy and intervals are expected or acceptable for your system?
- Should memory fault reporting be mapped to specific diagnostic codes/APIs for FMEDA traceability?
- Do you require memory protection configuration examples for typical ECUs (maps and linker scripts)?
- Are there OEM memory map constraints or reserved regions we must align to?
Ship Built-In Self-Test (BIST) Firmware Image
- Which BIST modes do you require (power-on, periodic, on-demand, continuous background)?
- What test coverage and pass/fail criteria are expected for BIST (percent coverage, fault categories)?
- Do you require BIST logs and trace export formats (binary log, CSV, system event logs)?
- Is integration with the bootloader required so BIST runs prior to application handover?
- Do you require the BIST image as source code, signed binary, or both?
- Do you need an update/patch mechanism and SLA for BIST firmware updates?
Deliver Integrated Hardware Safety Monitoring Unit
- Which monitoring channels and domains must the safety monitor cover (CPU lockstep, clocks, voltage rails, memory ECC)?
- What thresholds and reaction profiles are required for each monitor (nmi, reset, safe-state, interrupt)?
- Do you require the monitor to provide telemetry and event counters for diagnostics and FMEDA evidence?
- Should the monitoring unit's configuration be editable at runtime or only at manufacture?
- Do you require calibration procedures and test vectors for validating the monitoring thresholds?
- Are interface specifications required to integrate monitor outputs with OEM system-level safety managers (signal names, timing)?
Provide Certified Secure Boot and Bootloader Images
- What secure boot chain model do you require (root of trust in HW, multi-stage signed boot, measured boot)?
- Which cryptographic algorithms and key sizes are mandated by your program or OEM?
- Do you require key-management artifacts and guidance (HW key provisioning, secure key storage process)?
- Are rollback protection and secure update mechanisms required (anti-rollback, signed OTA)?
- What evidence is required for certification of the bootloader (test reports, threat analysis, verification artifacts)?
- Do you require the bootloader as open source, vendor-signed binary, or both for auditability?
Supply Diagnostic Library and Fault API
- What diagnostic reporting model do you require (event-based, periodic health check, on-demand diagnostics)?
- Which API formats and languages are required for integration (C headers, AUTOSAR interfaces, REST/JSON for telematics)?
- Do you require mapping of diagnostic codes to FMEDA single-point and latent fault entries?
- What performance constraints exist for the diagnostic API (latency, max CPU load, memory footprint)?
- Do you require example integrations with common RTOSes or sample applications?
- Are there licensing preferences or restrictions for the diagnostic library (per-device, per-seat, perpetual)?
-
Mutual Commit
Agree commercial terms, evidence handover, SLAs for safety support, and program milestones tied to qualification windows.
Agreement Modules
- Statement of Work (SOW)
- Commercial Terms & Purchase Order
- Master Supply Agreement (MSA)
- Service Level Agreement (Safety Support SLA)
- Evidence Handover & Artifact Delivery Plan
- Qualification & Milestone Schedule
- Acceptance Criteria & Validation Checklist
- Change Order & Engineering Change Control
- Software Licensing & Certified Package Agreement
- Warranty & Defect Remediation
- Confidentiality & Data Protection Addendum
- Third-Party Supplier & Dependency Commitments
- Source Code Escrow & Continuity Plan
- Termination, Exit & Transition Plan
-
Qualification & Integration
Operationalize integration, FMEDA customization, validation, and qualification milestones.
-
Pre-Deployment Readiness
Confirm lab access, reference designs, FMEDA customization inputs, test vectors, and owners for qualification activities.
Readiness Questions
Quick Check: Where Are We Starting?
- Who on your team is leading qualification for this ECU program and what’s their preferred way to work with silicon vendors?
- What ASIL target(s) and scope have you locked for this program (e.g., brake ECU ASIL-D for primary channel only, peripheral sensors ASIL-B)?
- What is your current program timeline for qualification milestones and start-of-production (SOP)? Please include key windows (qualification, validation, SOP).
- Do you already have an assigned OEM qualification window or supplier readiness date that we must meet?
- How confident are you in the completeness of the safety documentation you currently have (safety manual, FMEDA, DFA)?
What’s Keeping Your Launch Awake at Night?
- If one thing went wrong during qualification, what single failure would cause the biggest program delay or budget overrun?
- How often have qualification delays on past programs been traced back to missing test vectors, lab access, or FMEDA disagreements?
- When those issues have occurred before, how long did they typically take to resolve and who owned the fix?
- Which part of the qualification process causes the most stress for your team—technical evidence, scheduling, coordinating suppliers, or OEM assessments?
- How would a week-by-week delay in lab access impact your upstream engineering or OEM commitments?
Who Holds the Keys? (Owners, Access, & Escalation)
- Who is the designated owner for each of these: lab bookings, FMEDA customization, test-vector creation, and OEM submission?
- If we need 24/7 access to a reference lab for a two-week run, who can authorize that and how quickly can they commit?
- Do you have existing NDAs, master services agreements, or supplier contracts that we should align to before sharing lab reference designs or test vectors?
- Who should be the primary escalation contact if a qualification blocker emerges within 48 hours?
- How do you prefer to track ownership and progress—shared ticketing, weekly touchpoints, or a single program owner report?
How Realistic Is Your Schedule? (Reframe the Timeline)
- If a supplier told you they could meet your qualification window but required a two-month buffer for FMEDA customization, would you reprioritize scope, shift dates, or seek parallel workstreams?
- Where do you expect the team will have to compress effort (e.g., test execution, evidence review, supplier integration) and how comfortable are you with those trade-offs?
- Have you built contingency time into vendor qualification phases to absorb unexpected FMEDA iterations or repeat lab runs?
- If a single OEM requirement is delayed until late in the cycle, how would you prefer we handle it—delay qualification, run a provisional test, or isolate scope to unaffected functions?
- On a scale from 1–10, how realistic do you feel the current timeline is given your available lab capacity and supplier responsiveness? Please explain the number.
Are Your FMEDA & Test Vectors Really Fit for Purpose?
- What parts of your FMEDA do you expect will need customization to match your system architecture (component failure rates, dependent failures, diagnostic models)?
- Have you already derived test vectors from functional safety requirements, or do you need assistance mapping FMEDA items to actionable tests?
- When you review vendor FMEDA reports, what are the top three missing or unclear items that usually trigger follow-up?
- How do you prefer traceability between FMEDA items and test vectors to be presented—matrix, ticket links, or executable test suites?
- What would be an acceptable threshold for rework—number of FMEDA comments or failed test cases—before you consider pushing qualification out of the current window?
Lab, Tools, and Access — Are They Really Ready?
- What labs (in-house or third-party) are you counting on for qualification runs and do those labs currently support the specific hardware and stimulus you need?
- Have you validated that your reference design(s) boot and execute the safety-critical scenarios required for qualification on first pass?
- Do you have the automated test harness, instrumentation, and logging standards in place to capture the evidence OEMs will demand?
- Who owns provisioning of test hardware, harnesses, and stimulus software—your team, us (vendor), or the third‑party lab?
- If lab time is constrained, would you be open to a split strategy (critical DUT runs in-house, bulk runs at a partner lab) to de-risk schedule?
How Will We Know We’ve Passed? (Acceptance & Evidence)
- What explicit acceptance criteria will the OEM use to approve this ECU’s safety case (e.g., FMEDA targets, DC/DU metrics, diagnostic coverage percentage)?
- Which artifacts do you consider mandatory for handover (safety manual, FMEDA, test logs, reproducible test scripts, calibration data)?
- How much post-qualification engineering support do you expect from a silicon vendor (hours/month, SLA response times, on-site visits)?
- Are there any OEM-specific checklist items or assessment templates we should map to now so evidence delivery aligns to their review process?
- How would you like acceptance evidence packaged—single archive, tiered deliverables, or incremental handovers after milestones?
Let’s Lock the First Steps (Commitments & Next Moves)
- What are the three highest‑priority actions we should complete in the next 14 days to keep qualification on track?
- Who will be the single point of contact on your side for day-to-day coordination, and what channels do they prefer (email, Slack/MS Teams, ticketing)?
- Would you prefer a kickoff workshop to align FMEDA assumptions, test vectors, and lab schedule—remote (web) or in-person?
- What are your non-negotiables for evidence or timelines that we must acknowledge before we begin work together?
- Finally, how would you describe your current emotional state about this qualification—confident, cautiously optimistic, squeezed, or urgent—and how can we make you feel more secure?
-
Deployment Enablement
Schedule integration tasks, coordinate application engineering support, and execute qualification and validation activities.
-
Validation Checklist
Verify acceptance criteria against FMEDA results, diagnostic coverage targets, and OEM safety assessment checklists.
Validation Questions
Starting Light: Tell Us About Your Program
- Which vehicle program or ECU project are we discussing today?
- What is your target ASIL for this ECU?
- Who on your team is responsible for signing the safety case and owning program timelines?
- What is the current SOP window for this program?
- How would you describe the maturity of your FMEDA and safety manual today?
Are You Comfortable Betting the Program on Your Current FMEDA?
- If an OEM reviewer pulled your FMEDA tomorrow, what single gap or ambiguity would most likely trigger a rejection?
- Which FMEDA areas do you feel are under-documented right now?
- How often have OEM reviewers returned FMEDA with substantive rework requests on recent programs?
- What kinds of reviewer comments tend to require design or supplier escalation (give a recent example if possible)?
- Would having a vendor-tailored FMEDA mapped to your exact ECU scenario reduce your expected rework cycles?
What's Getting in the Way of Certifying on Schedule?
- What’s the single biggest blocker between you and passing the OEM safety assessment on schedule?
- Which external dependencies worry you most for qualification timing?
- How confident are you that current schedules for qualification activities will hold?
- How often do supplier qualification gaps force you to add schedule contingency or scope changes?
- Tell us about a time supplier support (or lack of it) materially changed your qualification plan—what happened and how did you respond?
If You Could Wave a Wand Over the Safety Metrics, What Would You See?
- What numerical targets for single-point fault metric, latent fault metric, and diagnostic coverage would make the OEM review straightforward for you?
- Which ASIL target feels like a practical 'comfort zone' for minimizing system-level effort?
- Which documentation deliverables would make you stop worrying about evidence gaps (select all that apply)?
- How much of the FMEDA customization and evidence-gathering do you prefer the vendor to own versus your team?
- If those targets were met, how would budget, timeline, or headcount for your safety team change?
Who Else Needs to Be Convinced—and What Will Convince Them?
- Which stakeholder groups most reliably block progress if not satisfied (pick all that apply)?
- What specific evidence or artifacts does each approver demand to sign off (e.g., FMEDA numbers, lab traces, safety manual sections)?
- Do you have an OEM safety assessment checklist or template we should map to?
- When approvers evaluate vendor evidence, do they typically accept it or insist on independent verification?
- If we provided deliverables mapped directly to each approver's expectations, how much faster do you think approvals would move?
Where Would Practical Support Move Your Program Forward Fastest?
- Which immediate support items would create the biggest step-change for you (select up to three)?
- How valuable would a real-ECU walkthrough—applying our FMEDA to your failure modes—be for your internal reviewers?
- What constraints would affect sharing your ECU scenario or test benches with our team (NDAs, IT security, timing, other)?
- Do you prefer live workshops, recorded walkthroughs, or hybrid delivery for FMEDA customization work?
- What SLA for evidence delivery and technical responses would give you confidence (e.g., 24h, 3 business days, weekly)?
Hard Dates, Hard Gates: What's Non-Negotiable for Qualification?
- Which program gates or qualification windows are absolute—dates you cannot miss without major consequence?
- If a silicon safety issue appears within 6 months of PV, what contingency path do you expect to follow?
- What lead time do you require for FMEDA updates and re-test after a hardware revision to stay on your gate plan?
- If diagnostic coverage or single-point metrics fall short during qualification, how do you prioritize fixes (system redesign, software mitigations, supplier change, risk acceptance)?
- Who will act as the day-to-day owner on your side for qualification coordination and fast decisions?
Quick-Win Agreement: What Could We Deliver in 90 Days to De-Risk Your Path?
- If we committed to a 90-day sprint, what single deliverable would most reduce your program risk?
- Which 90-day deliverables would you prioritize (select up to two)?
- What acceptance criteria should we use to decide the 90-day effort was successful (specific metrics, artifacts, or stakeholder signoffs)?
- Who from your organization must be involved in the sprint to ensure success (names and roles)?
- How do you prefer to review sprint progress: weekly syncs, milestone demos, shared workspace updates, or another cadence?
-
-
Success
Confirm qualification outcomes, transfer safety-case artifacts, and maintain a shared channel for issues and enhancements.
Success Reviews
- Qualification Outcome Review
- Safety Artifacts Handover & Traceability
- Shared Support & Escalation Channel Setup
- Open Issues Remediation & Validation Plan
- Continuous Improvement & Enhancement Roadmap
Issues & Enhancements
- Understand and document schedule impacts and mitigation actions to protect program milestones.
- Review Support Needs & Use Cases
- Agree on a single primary shared channel for ongoing communication and evidence exchange.
- Define SLA commitments and escalation paths for different severities of issues.
- Ensure all named participants are onboarded and have access to tools and templates.
- Create the shared workspace and invite the agreed participant list with role-based permissions.
- Publish the SLA document and escalation matrix to the shared workspace.
- Provide issue and enhancement request templates and a short onboarding guide for users.
- Prioritized Issue Review
- Convert each open finding into a documented remediation and validation plan with owner and target date.
- Agree on concrete validation criteria and test vectors that will be used for retesting.
- Welcome & Objectives
- Record remediation plans in the issue tracker with owner, schedule, and validation checklist.
- Prepare and share required test vectors and lab booking requests for each revalidation activity.
- Update FMEDA or safety-document drafts to reflect planned changes and circulate for review.
- Lessons Learned Summary
- Create a prioritized backlog of enhancements tied to safety impact and program value.
- Agree on roadmap timing and which items require formal change control to the safety case.
- Establish a follow-up cadence for feasibility work and joint pilot activities.
- Publish the prioritized enhancement backlog with owners, rough effort estimates, and proposed delivery windows.
- Kick off feasibility studies for top-priority enhancements and schedule pilot engineering collaborations.
- Document which roadmap items trigger a formal safety-case revision and prepare change-control templates.
- Confirm pass/fail status for each documented acceptance criterion and obtain formal customer sign-off or documented rejection.
- Identify and prioritize any non-conformances and agree owners and target dates for remediation.
- Establish a clear timeline that aligns remediation and any requalification with customer program milestones.
- Publish the consolidated qualification results package (summary + supporting evidence) to the shared repository.
- Create issue entries for each non-conformance with owner, severity, and target resolution date.
- Schedule any required retest windows and reserve lab resources aligned to the program timeline.
- Artifact Inventory Walkthrough
- Complete secure transfer of the full safety-case artifact set and confirm customer receipt.
- Deliver a validated traceability matrix tying claims to evidence and ensure customer understands navigation.
- Agree an archival location, access rights, and revision control process for ongoing updates.
- Upload artifacts to the agreed secure repository and share access links and credentials with named stakeholders.
- Deliver the traceability matrix (CSV/Excel) that maps each safety claim to evidence and report sections.
- Record customer acceptance (signed checklist or email confirmation) and store alongside artifacts.
- Enhancement Proposals
- Root Cause & Remediation Proposals
- Recap of Acceptance Criteria
- Artifact Transfer Method & Access
- Select Primary Collaboration Channels
- Presentation of Qualification Results
- Prioritization Framework
- Define SLA Tiers & Response Targets
- Validation Criteria & Test Vectors
- Traceability Matrix Demonstration
- Gap & Residual Risk Review
- Acceptance Checklist & Sign-off Process
- Roadmap & Commitments
- Schedule & Risk Impact
- Escalation & Governance
- Follow-up Actions & Review Cadence
- Decision & Sign-off
- Onboarding & Tooling Checklist
- Post-handover Update Process
- Owner Commitments & Reporting
- Next Steps & Timeline Alignment