Testing – Safety of Tests

A key aspect for the testing of ADF is to try to prevent any risk of material damage or personal harm (e.g. UNECE R155 Annex 5 provides potential threats). It is also clear that there is no absolute guarantee that material damages or personal harm can be prevented at all times. However, individuals involved in testing should take all necessary precautions to ensure the testing process is completed as safe as possible.

It shall also be assessed whether the ADF is mature enough in terms of SOTIF (ISO 21448, 2022) and FuSA (ISO 26262-1-12, 2018) to be tested in the target environment. Depending on the test environment this could have different meanings. For tests in a real environment this means the function must be capable of operating at a technical maturity level, which allows safe testing of the function. For tests in a virtual environment this means that an adequate model of the ADF must be available.

Safety and security must be ensured while performing the tests. In the past the security concerns mainly arose from keeping development information confidential. This does not change with ADFs. Security aspects (ISO/SAE 21434, 2021) need to be thought through in a wider sense since new cyber security risks have arisen, especially now communications such as V2X and remote vehicle control are being developed. Examples of the cyber security threats which must be avoided at all costs include signal jamming and hacking. These risks should be taken into account for testing.

Additional Input to the question is provided by the SaFAD white paper (Wood, M., et al, 2019). 

Main Question

Is the testing activity safe? (Test planning)

Alternative Questions:

1. Is a risk assessment conducted before the test?
2. Does the risk assessment consider individuals who are not directly involved (e.g., surrounding traffic)?
3. If V&V is carried out on public roads, are potential effects to other traffic participants considered and safety measures defined?
4. Are safety measures for the testing process taken?
5. Is it been defined how test engineers should respond in case of a failure during the testing process?
6. Is the staff (e.g., test and safety driver, V2X-operator) involved in the test been properly trained?
7. Is it been ensured that vehicle operators are allowed to operate a vehicle (following company internal and legal requirements) and have received appropriate training?

References

• ISO (2018) 26262-1-12: Road vehicles — Functional safety part 1-12, Part 1 availabe at: https://www.iso.org/standard/68383.html (Accessed: 18 October 2023)
• ISO (2022) 21448: Road vehicles — Safety of the intended functionality. Available at: https://www.iso.org/standard/77490.html (Accessed: 18 October 2023) 
• ISO (2018) 26262-1-12: Road vehicles — Functional safety part 1-12, Part 1 availabe at: https://www.iso.org/standard/68383.html (Accessed: 18 October 2023)
• UNECE Addendum 154 – UN Regulation No. 155 Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system. Available at: https://unece.org/sites/default/files/2023-01/R155am1e.pdf (Accessed: 01 February 2024).
• Wood, M., Knobel, C., Garbacik, N., et al. (2019). “Safety first for automated driving”,Safety First Automated Driving. Available at: https://www.connectedautomateddriving.eu/wp-content/uploads/2019/09/Safety_First_for_Automated_Driving.pdf (Accessed: 31 October 2023).