Model-based Development of Embedded Software in Compliance with ISO 26262 - Challenges and Effective Solutions


Date Language Location
Feb 10–11, 2020 English Berlin, Germany
Mar 17–18, 2020 German Stuttgart, Germany
Sep 3–4, 2020 German Berlin, Germany
Oct 13–14, 2020 English Stuttgart, Germany

This 2-day training class describes how to develop and safeguard safety-critical embedded software in serial projects with Simulink® in compliance with ISO 26262 (part 6). Beginning with a general overview of the ISO standard, we proceed by focusing on those requirements of the ISO 26262 that are specifically relevant to model-based development. We address the impact the standard has had on model-based development with Simulink®, as well as the requirements for model and software architecture in safety-critical software. We also look at modeling guidelines and testing before wrapping up the class by assessing ISO 26262 readiness of controller functions. All theoretical knowledge is illustrated by means of many practical examples, which you can take straight back to your desk.

Also available as an in-house training class worldwide on request.
In this case, our instructors can tailor the curriculum to meet your specific needs.

Nicholas Broyles,
Bendix Commercial Vehicle Systems LLC

"The training class provided exactly the overview I wanted for my team on the ISO 26262 process and the best practices for integrating model-based development into that process. The focus on model-based SW development allowed my engineers to remain engaged, while the functional safety discussions provided the context for the additional rigor required. The hands-on tools and analysis sessions demonstrated state-of-the-art quality assurance tools that help create efficient models to meet safety validation requirements.”

Sebastian Tillenburg,

"Sets all the key points of model-based development straight.”

Harish Mathiazhagan,

"Developers and system engineers developing ISO 26262-compliant software must take this training. May not be suitable for beginners.”


Target audience

This training class is designed for developers, testers, project managers, and quality managers, whose focus is model-based development of safety-critical embedded software using MATLAB®/Simulink®.

Updated for revision ISO 26262:2019

Conditions of Participation and Cost

The price for the training class includes training materials, refreshments, and lunch.
Cost: € 1,350.00 plus VAT (where applicable)

SAE Certificate of Competency

An SAE Certificate of Competency can be achieved in this class by passing the evaluation exercise as part of the training class.
The costs for the SAE Certificate of Competency is € 400 plus VAT (where applicable).

Early bird discount: 10% off participation cost
We offer an early bird discount of 10% for registrations received 35 days prior to the event.

Multi-person discount: 25% off participation cost
An additional 25% discount on the booking is available for companies registering more than one participant or more than one training class at the same time.

Training class (cost/registration) by dSPACE, Inc.:
Fees, terms and conditions of dSPACE, Inc. apply.

Please find all further conditions of participation and cost at MES Terms and Conditions - Training classes in Germany .


  • Developing safety-critical software in compliance with ISO 26262
  • Impact of ISO 26262 on development of embedded software with Simulink®
  • Model architectures for safety-critical software
  • Safeguarding ISO 26262-compliant models with modeling guidelines and complexity metrics
  • ISO 26262-compliant testing for model-based SW development
  • Tool qualification
  • Prioritization of ISO 26262 requirements for process adaptation

Learning objectives

By completing this course, the participants will achieve the following:

  • An understanding of the characteristics and benefits of model-based development
  • Know-how to apply model-based methods to develop safety-related systems in compliance with ISO 26262
  • An understanding of the model-based development process as outlined by ISO 26262
  • Ability to assess elements of effective software architecture according to ISO 26262
  • An understanding of how to implement software architecture in models
  • The skills to analyze and evaluate model structures
  • An understanding of how to ensure model quality with effective modeling guidelines
  • Ability to recall the approach to tool qualification that aligns with ISO 26262
  • Knowledge of how to apply methods to ensure model quality with model testing
  • An understanding of approaches to detailed design in model-based development
  • An understanding of the priorities for process adaptation towards ISO 26262 compliance


10 a.m. Welcome and introduction round
10:30 a.m. Overview: Model-based software development with Simulink®
  • Foundations of model-based development
  • Overview of development and quality assurance activities
  • Characteristics of ISO 26262-compliant development
  • 11 a.m. Safety-related software development in compliance with ISO 26262
  • Impact on the development process
  • Hazard analysis and risk assessment, ASIL determination
  • Strategies for safety concepts – deriving software safety requirements
  • ASIL decomposition
  • 12:30 p.m. Lunch break and open dialog
    1:30 p.m. ISO 26262-compliant development process
  • Reference workflow
  • Process phases and work products
  • Process manuals and developer guides
  • 2:15 p.m. Software architecture according to ISO 26262
  • Basics of software architecture
  • Expected properties of an ISO 26262-compliant software architecture
  • Principles for software unit design
  • 3:15 p.m.Short break
    3:30 p.m.Implementing software architectures in models
  • Software architecture in models
  • Principles for layered models
  • Interface handling in models
  • Simulink® design patterns for safety-critical software
  • 4:30 p.m. Analysis and evaluation of model architecture
  • Model structure analysis
  • Introduction to complexity metrics
  • Calculation of model complexity
  • Measures to reduce model complexity
  • Identifying ineffective interfaces and model clones

  • Hands-on: Analysis and evaluation of model architecture
    5 p.m. End of day

    AGENDA - DAY 2

    9 a.m. Ensuring model quality with modeling guidelines
  • Overview of modeling guidelines
  • General modeling guidelines for MISRA®- and ISO 26262-compliant modeling
  • Specific guideline on improving code generator application
  • Automatic checking of modeling guidelines with the MES Model Examiner® (MXAM)

  • Hands-on: Ensuring model quality with modeling guidelines
    10:30 a.m. Tool qualification in compliance with ISO 26262
  • Foundations of tool qualification
  • Determination the tool confidence level
  • Qualification methods
  • 11:30 p.m. Lunch break and open dialog
    12:30 p.m. Ensuring model quality with model testing
  • ISO 26262 requirements in the testing process
  • Test goals on different testing levels
  • Regression testing and back-to-back testing, MiL – SiL – PiL
  • Model and code coverage
  • Automatic test evaluation with test assessments
  • 2 p.m. Detailed design in model-based development in accordance with ASPICE 3.0
  • Relevance of ASPICE for automotive software development
  • Requirements for compliance with ASPICE v3.0
  • Demonstration of base practices of detailed design in model-based development
  • 3 p.m. Priorities for process adaptation to comply with ISO 26262
  • Prioritizing ISO 26262 requirements for model-based development
  • Assessing costs and benefits of ISO 26262 requirements
  • Available methods and tools for process tailoring
  • 3:45 p.m. Short break
    4 p.m. Evaluation exercise to qualify for the SAE Certificate of Competency (optional)
    4:30 p.m. Concluding words and feedback
    5 p.m. End of training class