Functional Safety (FuSa)

Your Partner for FuSa and Regulatory Compliance


The aim of Functional safety is to arrange products in a way that they are verifiably free of unacceptable risks. Products in this context are safety-relevant electronic systems. Non-tolerable, safety critical functional statuses with possible severe consequences, such as personal injury, can be avoided by applying the standards ISO 26262 and IEC 61508 including controls like confirmation reviews early in the development process.

FuSa is the part of the overall safety of a system or piece of equipment that depends on the system or equipment operating correctly in response to its inputs, including the safe management of likely operator errors, hardware failure and environmental changes.



  • Prevention of critical malfunctions and functional deficiencies
  • Proof of argumentation in case of product liability


Due to the huge number of ways to realize functions via electronic systems, the number of mechatronic systems is still growing at high speed. This is also true for systems and functions intended to provide safety, thus creating the need for functionally safe systems (ISO 26262). A system is functionally safe if it is able to switch to a safe mode or respectively stay in a safe mode if errors occur, that are either:

  • system-inherent or
  • random.


The norm (e.g. ISO 26262) concerns all stages of product development and creation. Efficient and goal-oriented communication accompanying the product development chain is essential for achieving Functional Safety.

GPG support the realization of Functional Safety for our clients through

  • frequent FuSa forums
  • modular FuSa training modules
  • risk management and analyses of potential hazards
  • project work


Confirmation review

This term from the field of functional safety refers to the formality check of a ISO 26262 work product against compliance to the norm’s requirements.

According to ISO 26262, the confirmation review belongs to the group of confirmation measures (consisting of confirmation review, audit, assessment), which together with the verification measures (consisting of verification review, test, analysis) cover all types of measures regarding “proof” of the ISO 26262.

According to ISO 26262-2 for confirmation measures there is a level of independency that has to be demonstrated depending on the highest ASIL classification of the safety goals or safety requirements of the item. For ASIL D classifications it is normally required that confirmation measures are to be carried out by a different department or organisation as the ones creating the work product. The independence refers to the line organisation (management), resource and release responsibility.

In many cases companies are not able to ensure this independency or the independent organisational unit of the company may not be able to perform the confirmation measures out of technical reasons (qualification). In such cases we are able to fulfill these tasks as independent service providers and support you in the implementation of the safety life cycle for your project. Our service includes for instance confirmation reviews for safety analyses (FMEA, FTA, FMEDA) or confirmation reviews as proof of completeness of the safety case.