Production, Operation, Service & Decommissioning
10 chapters Master ISO 26262-7, the forgotten half of the safety lifecycle, from start of production through field monitoring to safe end-of-life. Build production control plans, run process FMEAs, close the field-monitoring loop, and write decommissioning instructions for high-voltage and pyrotechnic systems.
How You Learn
Video and text stay in sync. As you scroll through the chapter, the video jumps to the matching explanation automatically.
Learning Objectives
Build a production control plan
Author a safety-grade production control plan that links every special characteristic to a process step, a measurement method, a frequency, and a reaction plan.
Trace special characteristics to ASIL
Classify safety-related special characteristics and maintain single-source traceability from the FMEA entry to the ASIL safety goal and the end-of-line test.
Run a safety-focused process FMEA
Connect manufacturing failure modes to product failures and safety goal violations, rating severity by safety classification rather than generic quality impact.
Operate a field-monitoring loop
Plan data collection, escalation thresholds, and a response process so field safety anomalies are detected and turned into containment and corrective action.
Chapters
The Forgotten Half
Why ISO 26262-7 matters: safety integrity is preserved or quietly eroded across production, operation, service, and decommissioning, not just at design release.
Part 7 Structure
The scope and clause map of ISO 26262-7:2018, the design work products it consumes, and the documented outputs it requires as audit evidence.
Production Planning
Designing the production plan and production control plan so every safety-related special characteristic of the validated design is reproduced and verified on every unit.
Process FMEA & Special Characteristics
Using process FMEA to trace each manufacturing failure mode through the product failure to the safety goal, then anchoring it to a quantified process control.
Operation & Service
Ensuring user instructions, maintenance, repair, and over-the-air updates do not silently defeat the safety mechanisms that were validated at design time.
Field Monitoring
A planned, safety-driven process that collects field data, analyses it to detect functional safety issues, and triggers containment and corrective action.
Repair & Diagnostics
In-service diagnostic strategy, spare-part integrity, safe workshop re-flashing, and the safety risks introduced by counterfeit or aftermarket components.
Decommissioning & EOL
Safely disabling safety functions at end of life: high-voltage traction battery discharge, pyrotechnic device handling, and the documentation regulators expect.
Records & Audits
Production records, per-unit traceability, confirmation measures during the production phase, and evidence retention aligned to the vehicle operational life.
Pitfalls & Best Practices
The most common production and service phase functional safety failures, paired with the concrete practices that reliably prevent them.
Diagrams & Visuals
Post-SOP Lifecycle Timeline
The full post start-of-production timeline across production runs, 10 to 20 years of operation and service, and end-of-life, showing where each Part 7 obligation applies.
Production Control Plan Flow
How each safety-related special characteristic maps to the process step that creates it, the measurement method, the frequency, and the reaction plan.
Cpk / Ppk Process Capability
Process capability and drift against tolerance limits, illustrating why ASIL C and D characteristics need capability indices well above the minimum.
IATF 16949 to ISO 26262 Mapping
Where the automotive quality management system already covers Part 7 obligations and where ISO 26262 adds safety-specific rigour on top.
Decommissioning Checklist Tree
A branching end-of-life procedure for disabling safety functions, discharging high-voltage energy, and handling pyrotechnic devices in the correct order.
Audit Independence Matrix
Required levels of independence for confirmation measures and audits in the production phase, mapped against ASIL.
An ASIL B AEB Radar Module Across the Post-Release Lifecycle
Follow a single forward-radar module from the production line, through a workshop windscreen repair, into a field-monitoring signal that triggers a contained corrective action.
- Production: boresight verified to within plus or minus 0.25 degrees azimuth on an alignment jig, and the ECU software CRC logged to the manufacturing execution system against the VIN.
- Special characteristic: mounting angle controlled by an asymmetric bracket key (poka-yoke) backed by 100% end-of-line verification, with traceability to the FMEA item.
- Service: after a windscreen replacement, the camera and radar pair must be recalibrated on the dynamic alignment target, a mandatory step called out in the repair procedure.
- Field monitoring: telematics DTC snapshots reveal a cluster of unexpected AEB activations confined to one production batch.
- Corrective action: affected units are contained through VIN-linked build records, root cause traced to a shunt-solder process drift, and a targeted service campaign is issued.
- Records: per-unit end-of-line results are retained for the 15 year operational life rather than purged at warranty end.
Lifecycle Trace Card
Master the Forgotten Half of ISO 26262
Carry the safety case from start of production through field monitoring to safe end-of-life with concrete plans, controls, and records.
Start Learning Now