In automotive software development, the functional safety (FuSa) audit plays a crucial role in the safety assessment of the system before it can be approved. It ensures the system being developed meets the Automotive Safety Integrity Level (ASIL) required by the ISO 26262 standard. Audit processes are typically conducted independently using discrete tools that haven’t been integrated into the software development/release pipeline, while audit artifacts relevant to the software are often manually generated. This means they can be slow, and treated as a cumbersome exercise carried out at the end of a development lifecycle.
This can have consequences on engineering efficiency, resulting in:
Limited real-time feedback: Engineers receive feedback on safety compliance only at the end of the development cycle, limiting their ability to make immediate corrections.
Increased time-to-market: Manual generation of audit artifacts and independent audits contribute to a time-consuming process.
High costs associated with late-stage corrections: The cost of rectifying non-compliance increases exponentially when addressed during the later stages of development.
Reduced agility in development: Agile methodologies thrive on quick iterations and adaptability, but the disjointed audit approach can impede the responsiveness to changing requirements.
Beyond the challenges mentioned above, the complexity of the automotive supply chain is staggering. The effort and resource investments on being compliant being rolled up from smaller components is huge. Even non-compliance identified with smaller components could jeopardize the whole thing.
Also, given advancements in the automotive landscape, particularly with over-the-air (OTA) updates and the rapid advances in autonomous driving, the necessity for an agile, iterative and efficient compliance assessment process becomes paramount. Continuous compliance is a practice of integrating functional safety assessments seamlessly into the development pipeline, making automotive software compliance assessment an agile process.
What is continuous compliance?
Continuous compliance in the automotive industry is the process of continually assessing software components in an automotive application to ensure that it always meets regulatory requirements and industry best practices. The Practice also helps streamline the audit process by keeping the development team up-to-date on your compliance requirements throughout the development cycle. Also, it reduces mean-time-to-recovery whenever there is non-compliance identified.
Different automotive software houses may use several different tools for tracking requirements, from inception to release management. Despite the diversity in technology tools and implementation constraints, continuous compliance can be achieved by implementing the following essential pillars:
Automated Audit Artifact Generation: Implementing tools to automatically generate audit artifacts, minimizing manual effort and ensuring accuracy.
Code as Documentation: Where code is the primary source of documentation for understanding the system's functionality, design, and behavior. Instead of relying solely on external documentation files, such as manuals or specifications.
Requirements Close to Code: Link software requirements to the corresponding code implementation that reflects the intended functionality and behavior specified by the requirements, creating a clear and traceable connection between the two. The requirement documentation can be kept as close to the code as possible to enable traceability and transparency.
Continuous Monitoring and Feedback: Automated assessments to provide immediate feedback on safety compliance throughout the development process.
Continuous compliance in practice
In our continuous compliance reference implementation, we have showcased the implementation of all the important pillars of the practice using open source tools and software modules. C and C++ are the stack of choice since they are predominantly used in automotive applications, although we have also implemented a similar implementation using Rust. The documentation related to requirements, implementation and tests are written as comments in the code. To extract this information, Doxygen and Sphinx modules were used. By integrating them we are able to ensure comprehensive documentation is generated every time the application is built.
Leveraging Doxygen, we automatically extract detailed documentation from our C/C++ codebase. This will include function descriptions, the definitions of variables and code structures.The documentation is then seamlessly incorporated into Sphinx, where we leverage it to generate various documentation artifacts.
With Sphinx, we are able to create traceability matrices that link code components to specific requirements. This means we have full transparency and alignment between our codebase and project specifications. Additionally, Sphinx also helps us generate detailed listings of requirements, which provides a clear overview of how each requirement is met within our codebase. By automating this documentation process within our CircleCI pipeline, we not only ensure compliance with regulatory standards but also streamline our development workflow. This fosters greater efficiency and confidence in our software delivery.
Figure: Continuous compliance components overview
We can enhance the documentation process further with other open source Sphinx plugins by linking, reading or processing information in diverse formats such as PDFs, spreadsheets or Jira tickets. These documentation files that are auto-generated by Sphinx can also be created as HTML or PDF formats — whatever is most suitable for the audit. This integrated approach ensures documentation is always closely tied to the codebase, promoting transparency and compliance throughout the development lifecycle.
Why do we need continuous compliance?
Continuous compliance also offers the following benefits:
Traceability: With compliance integrated into the process from the beginning, software development will remain consistent and traceable, enabling easier troubleshooting, root-cause analysis and resolution.
Accountability: Continuous compliance ensures that development teams directly manage the processes around safety requirements at the point of change. This brings greater accountability for compliance to the engineering practice itself.
Accessible documentation: By leveraging tools that allow developers to add documentation directly in the code, continuous compliance helps keep knowledge close to the code.
Flexibility: Continuous compliance can use non-proprietary tools, which offer greater flexibility for customization based on business needs.
Audit readiness: By considering functional safety assessments from the start, continuous compliance ensures that automotive software is always audit-ready.
The compliance standards for automotive software, especially concerning safety requirements, are exceptionally high — as we’d expect them to be. Software development teams are expected to meet these stringent standards without compromising on the speed of delivery and performance of the application itself.
Fostering transparency and accountability
In conclusion, the adoption of continuous compliance is a transformative approach that ensures regulatory compliance and operational robustness. It’s ultimately a holistic approach which can foster a culture of transparency and accountability — compliance should come to be ingrained into every stage of the development lifecycle.
As the regulatory landscape evolves and industries navigate increasingly complex challenges, embracing continuous compliance methodologies is a strategic imperative. Through ongoing refinement and the optimization of such practices, organizations will only ensure they meet regulatory standards but can also gain a competitive edge, driving innovation and sustainable growth in a dynamic marketplace.
Disclaimer: The statements and opinions expressed in this article are those of the author(s) and do not necessarily reflect the positions of Thoughtworks.
