01 · Functional Safety practice

ISO 26262 from item definition through tool qualification.

ASIL-A through ASIL-D. HARA, FSC, TSC, FMEDA, DFA, hardware-software interface, safety case, confirmation review. Delivered by senior FuSa engineers in your tools (DOORS, Polarion, Jama, Vector, dSPACE, BTC EmbeddedPlatform, Matlab/Simulink).

Book a FuSa walkthrough See the scope

Standards baseline

ISO 26262:2018 (all 12 parts) ISO 26262-6 (software) ISO 26262-9 (ASIL-oriented analyses) ISO 26262-8 (supporting processes) ISO 21448 SOTIF

What we cover

The full V-model on the safety side, from concept phase to confirmation. We’re practitioners, not just auditors: the artefacts we produce are the ones your TÜV / SGS / customer assessor will read.

Concept phase (ISO 26262-3)

Item definition — boundary, function, environment, dependent items, malfunctioning behaviour catalogue.
HARA (Hazard Analysis & Risk Assessment) — operational situations, exposure / severity / controllability, ASIL determination, safety goals.
Functional Safety Concept (FSC) — safety requirements, safe states, fault-tolerant time intervals, allocation to elements.
ASIL decomposition — where it’s legitimate vs where it’s being abused. (See our Insights on the topic.)

System & hardware (ISO 26262-4, -5)

Technical Safety Concept (TSC) — safety mechanisms, diagnostic coverage targets, latent fault metrics.
FMEDA — quantitative analysis of single-point and latent faults, diagnostic coverage validation.
DFA (Dependent Failure Analysis) — cascading and common-cause failures across redundant elements.
FTA — for safety mechanism completeness arguments and high-ASIL hazard tracing.
HSI (Hardware-Software Interface) — the document that closes the gap between two teams who hate each other.

Software (ISO 26262-6)

Software safety requirements + architecture, MISRA C / C++ compliance, model-based design with TargetLink / Embedded Coder.
SWE.4 / SWE.5 / SWE.6 verification — unit, integration, qualification — using BTC EmbeddedTester / EmbeddedValidator, dSPACE TargetLink, Vector CANoe, Matlab / Simulink Test.
Back-to-back testing model ↔ code, model coverage, code coverage, structural coverage targets per ASIL.

Supporting processes (ISO 26262-8)

Tool qualification — TCL classification, qualification evidence per tool. We’ve done this for BTC, dSPACE, Vector, internal tooling.
Confirmation reviews — independent reviews per Table 1 confirmation matrix.
Safety case — the GSN-style argument that pulls every artefact into a single defensible structure.

SOTIF (ISO 21448) for ADAS / AEB

Safety of the intended functionality — performance limitations, sensor edge cases, ODD definition. We integrate SOTIF analyses with the ISO 26262 HARA rather than running them as a parallel track.

Where we’ve done this

Domains we know cold.

A focused practice. We’re not generalists — these are the powertrain and electronics domains where we have real, repeated delivery experience.

Domain · 01

Battery Management Systems (BMS)

12V / 48V / 800V. Cell balancing, IRD, Stromsensor / IBS, cell-voltage measurement, terminal loss diagnosis, charging-state safety logic. FEV MEL.BMS, Porsche Panamera PAG 12V, Marquardt NEVS, Audi PPE.

Domain · 02

Thermal & PTC heater control

Daimler MMA platform — PTC variants (48V, 800V, HEL, COMP, VANEA). Anchor delivery for Hanon Systems since November 2022; multi-PO cadence through 2026.

Domain · 03

ADAS & ADAS-adjacent

Functional safety + SOTIF for AEB / lane-keep / driver-state-monitoring features. Sensor performance limitations, ODD definition, intended-function failure modes.

Domain · 04

EV controllers & steering

Marquardt (NEVS BMC, BDU, ESCL), TRW B479. ASIL-D delivery on actuator safety, redundancy concepts, fault-tolerant timing.

Domain · 05

Diagnostic services (UDS)

Unified Diagnostic Services for safety-relevant ECUs. STS India + Amarakosha subcontract structure for sustained UDS capacity since 2023.

Domain · 06

Cross-cutting V&V

Hardware-in-the-Loop, Software-in-the-Loop, Model-in-the-Loop. BTC EmbeddedTester + Vector CANoe + dSPACE TargetLink + Matlab / Simulink Test as default toolchain.

Engagement

Two ways to use this practice.

Pick the shape that matches your timeline.

FuSa audit-prep (4-12 weeks, fixed)

Before a TÜV / SGS / OEM-customer assessment. Gap analysis against ISO 26262 parts 3-6, write the missing artefacts, brief your team for assessor interviews.

FuSa embedded retainer (3-9 months, T&M)

Senior STS FuSa engineer integrated into your project team. We draft HARA / FSC / TSC, run FMEDA, drive confirmation reviews. You retain customer interface; we drive the safety case toward submission-ready.