Announcing the launch of CHERI Alliance: A unified front against digital threats

Blog

Is safety and security certification important? 

by Dave Higham

Introduction 

Many suppliers in the automotive supply chain make claims about the functional safety and security of their products, often using certification as a means. The main aim, perhaps, is to provide confidence to their potential customers that their products, developed out-of-context (ooC), have the attributes necessary for cybersecurity or the achievement of functional safety. As we go lower down the supply chain, the more we see development out-of-context. An ooC development is based primarily on assumptions of parent requirements, use cases, etc. but crucially, it is the alignment of the assumptions to the actual system components integrated in the item at the vehicle level. These assumptions play a pivotal role in determining the component’s cybersecurity and safety integrity level (ASIL in the automotive domain) and must be aligned with the safety requirements of the integrated system. Any discrepancies or oversights can jeopardize the overall safety goal at the vehicle level, potentially leading to hazardous events and vulnerabilities. Integration of a set of components based on hope alone is bound to lead to some issues. Therefore, it is imperative to meticulously validate and, where necessary, adjust these assumptions to ensure safety, security and reliability of the system. Certification goes much deeper than providing a certificate on an A4 sheet of paper, rather, it can play an important role in assurance activities for both the integrator and the supplier. As ooC development does not follow the “waterfall” cascade of requirements from the top down. and products are developed for a range of applications, how can certification help in this scenario?  

In this blog we dig into the potential added value that independent certification can bring, and we share what Codasip has done so far in this direction. 

Safety and security assurance is essential, certification is optional 

With both safety and security, it is necessary for the OEM (vehicle manufacturer) to consider the whole life cycle of the product, the systems and their interactions, the components that the vehicle is composed of, and the suppliers in the supply chain. All these different layers of systems, hardware and software components and their recursive parts culminate in an “Item” providing functions at the vehicle level, and it is at the vehicle level where properties of functional safety and cybersecurity are manifest. What is essential for safety and security is “assurance”. Generally, assurance can be considered as providing confidence in an attribute, such as functional safety and cybersecurity as in ISO 26262 and ISO/SAE 21434. In these cases, typically each party in the supply chain performs activities, captures the results and communicates conclusions, where the results are appraised by customer and integrator. Fundamental to this, from an assurance perspective, are reviews, process audits and product assessments to evaluate the security of the product and if the safety integrity level has been achieved. 

It is typical in the supply of out-of-context components for vendors to provide safety and security “packs” documenting results of the supplier’s assurance activities, and communicating any constraints and assumption needed for the integrator. These packs enable integrators to verify and validate the out-of-context assumptions, ensuring alignment with requirements. Having high-quality safety and security deliverables is essential for safety and security assurance and successful integration. 

Safety and security certification adds value 

Before going further, it is important to say that neither ISO 26262 nor ISO/SAE 21434 standards require certification, and “certification” is not mentioned in either standard.  However, what is needed are independent reviews (in the case of ISO 26262), assessments and audits, hence it is possible to achieve safety and security assurance without the need for 3rd party certification. Nevertheless, a 3rd party certification adds value to a company’s safety and security assurance process by offering the following potential benefits: 

  • Credibility and trust via an independent external organization 

Additional confidence and credibility in safety and security claims made by the supplier  

Removal of confirmation bias or conflicts of interest, implied or inferred 

  • Objectivity 

Impartial and accurate to current best practices 

  • Global reputation and accreditation of certification body 

Independently assessed for competence and impartiality 

  • Market access 

3rd party certification can provide some additional confidence of supplier’s safety and security credentials 

Types of certification 

Note that the reference to certification here means: confirmation by an independent accredited company, that has been assessed for competence and impartiality by nominated national organizations, such as UKAS in the UK, DAKS in Germany etc. Typically, accredited companies, such as TÜV SÜD, that provide certification services have a completely separate certification division to their teams that provide the audits and assessments. 

In the world of ISO 26262 and ISO/SAE 21434, certification generally falls into two categories: 

  • Process certification 

This certification looks at the supplier’s product development process, supporting processes, project and product management, production processes and handling of customer issues with respect to applicable clauses of the functional safety and cybersecurity standards. Achieving process certification gives customers confidence that the supplier can deliver products suitable for integration. Additionally, it assures customers that the supplier’s development process meets high-quality standards, confirmed by an external independent evaluation. 

Note that there is a subtle difference between ISO 26262:2018 and ISO/SAE 21434:2021 in that the latter requires cybersecurity audit at the organization level, while ISO 26262 focuses on audits at the project level. (The third edition of ISO 26262 may converge to the ISO/SAE 21434 approach – watch this space.) 

Codasip has obtained certification for its product development processes from TÜV SÜD, demonstrating compliance with ISO 26262 (ASIL-D) and ISO/SAE 21434 standards. 

Certs\-together

 

  • Product certification 

Product certification involves a comprehensive third-party assessment of cybersecurity or the achievement of functional safety for a specific product. Customizations, such as modifying a processor IP core, have the potential to invalidate the assessment and associated certification, prompting further assessment and certification to ensure the safety and security integrity level of the product is attained. 

Although 3rd party certifications add value to a company’s safety and security assurance process, they may not be considered necessary. Well-established vendors may have a sufficient size and structure, providing a credible and trustworthy audit and assessment function without the need for external assessments and certifications. For smaller organizations, this may not always be possible.  In all cases, especially in the scope of ISO 26262 and ISO/SAE 21434, certification doesn’t absolve the vendor and integrator of their responsibilities – this always lies squarely on our shoulders. 

Codasip has successfully completed external independent functional safety assessment by TÜV SÜD and has received its first ISO 26262 ASIL B Certification for our L31AS product.

TUV SUD

Conclusion  

Functional safety and cybersecurity are attributes that have the potential to impact all automotive suppliers of electronic and electrical systems, components and parts. Furthermore, the technical and organizational interfaces in the supply change present their own challenges that have to be considered throughout a vehicle’s life cycle.  Any organization in the supply chain must have a robust safety and security assurance, where independent audit, assessment and certification have a role to play. 

Safety and security certifications by 3rd parties are well-established in the automotive industry. While these are not essential, the 3rd part accreditation, independence and objectivity can provide added value. An organization that has had its product development processes certified demonstrates confidence to deliver “repeatable” safe and secure components. Combining this with certification of products can validate the process execution and can instill a greater confidence level than those that are solely internally assured. However, certification is not an alternative to the rigor required by integrators and suppliers to ensure all necessary steps for safety and security have been taken. 

At Codasip we have achieved both HW development process certification and product certification for L31AS.  

Other blog posts