Thomas Kupfer - Consultant/Coach ISO/SAE 21434 / UNECE R-155

Bad Kissingen, Germany

Experience

Jan 2023 - Present

3 years 1 month

Consultant/Coach ISO/SAE 21434 / UNECE R-155

Tier 1

Support in setting up and expanding the cyber security process landscape according to ISO 21434 and UNECE R-155
Coaching the cybersecurity engineers
Combining requirements from ISO 21434 and TISAX into an integrated management system
Support in conducting the TARA
Support in developing the security concept
Support in developing the production process
Highest cybersecurity assurance level: CAL1
Project is carried out almost entirely from home office

Jun 2022 - Present

3 years 8 months

Auditor

DQS GmbH

Conducting audits according to ISO 9001 (quality management)
Conducting audits according to ISO 27001 (information security)
Conducting audits according to TISAX (information security)
Conducting audits according to IT security catalogue §11 paragraph 1a EnWG

Jun 2022 - Present

3 years 8 months

Auditor

datenschutz cert GmbH

Conducting audits according to ISO 27001 (information security)
Conducting audits according to IT security catalogue §11 paragraph 1a EnWG

Jan 2022 - Dec 2023

2 years

Consultant/Coach A-SPiCE – SQIL (Software Quality Improvement Leader)

Tier 1 (Sweden / China)

Conducting coaching to achieve SPiCE Level 1 for software development processes SWE.1–SWE.3, Quality Assurance SUP.1 and SUP.8 Configuration Management
Training an employee to take on the role of quality assurance engineer
Creating templates for project management, quality assurance, and software development
Defining requirements for documents to be created under A-SPiCE
Highest A-SPiCE level: 1–2
Project is carried out entirely from home office

Jan 2020 - Dec 2021

2 years

Consultant/Coach A-SPiCE – SQIL (Software Quality Improvement Leader)

Tier 1

Conducting coaching to achieve SPiCE Levels 1 and 2 for software development processes SWE.1–SWE.6 and Quality Assurance SUP.1
Co-Assessor for VDA scope processes and SYS.1 (Requirements Elicitation)
Highest A-SPiCE level: 1–2
Project was carried out entirely from home office

Jan 2020 - Dec 2021

2 years

Consultant/Coach A-SPICE – SQIL (Software Quality Improvement Leader)

Tier 1 (England / Poland / Germany)

Scope of activities within Automotive SPICE
Conducting internal A-SPICE Level 1 assessments based on the VDA scope for gap analysis in various projects and comparison with the VDA guidelines
Developing measures to achieve Level 1 for all processes within the VDA scope in the projects
Conducting incremental internal assessments
Coaching project teams through continuous re-assessments
Training a software quality engineer on the role of SQA, conducting assessments and requirements for individual processes
Reporting to the Quality Manager Europe
Highest safety integrity level in the project: ASIL QM(B)
Highest A-SPICE level: 1
Project was carried out entirely from home office

Jan 2020 - Dec 2020

1 year

Consultant for Cybersecurity

Tier 1

Analyzing customer requirements to determine needs
Introduction to cybersecurity based on ISO 27001 and ISO/SAE DIS 21434 standards
Training on automotive cybersecurity basics, contrasted with functional safety/cybersecurity, and on performing the Threat and Risk Analysis (TARA)
Highest cybersecurity assurance level: not defined

Jan 2020 - Dec 2020

1 year

Consultant for Functional Safety and Cybersecurity

Tier 1

Developing documentation for safety culture and suggestions for practical implementation
Creating a guideline for drafting the item definition for ISO 26262 and ISO/SAE DIS 21434, as well as providing further support in document preparation
Supporting the development of the security case for cybersecurity
Highest safety integrity level in the project: ASIL QM(B)
Highest cybersecurity assurance level: not defined
Project was conducted almost entirely from home office

Jan 2019 - Dec 2020

2 years

Consultant Functional Safety ISO 26262

Tier 1

Reviewing functional safety work results for completeness, correctness and consistency, and developing improvement suggestions
Assessing the organizational structure for the overall system's functional safety and proposing improvements
Contributing to gathering and deriving safety goals and requirements from the higher-level system safety analysis
Translating architectures into functional and timing diagrams
Developing safety paths and identifying ISO 26262 classification levels within the system software architecture
Developing a decomposition strategy for functional safety
Evaluating and aligning the SOTIF concept applied to the overall system (ISO PAS 21448 / ISO WD 21448 – SOTIF)
Building a sensor data catalog to assess environmental impacts on object detection and possible countermeasures
Matching the sensor data catalog with driving scenarios and operational design domains (SOTIF) to clarify the impact of SOTIF safety requirements on implementing safety goals
Highest safety integrity level in the project: ASIL D
Autonomous driving SAE level 4

Jan 2019 - Dec 2019

1 year

Consultant Functional Safety ISO 26262

Tier 1

Requirement-based personalized training for the safety manager regarding the OEM's requirements
Explaining the structure of the hazard and risk analysis
Clarifying the content requirements for the functional safety concept and ways to implement them
Showing the "red thread" from the safety goal to the component-level requirements
Describing component requirements in the context of each safety function
Deriving test requirements
Transferring the test requirements into the safety plan
Reviewing a hazard and risk analysis
Highest safety integrity level in the project: ASIL D
Coaching via Microsoft Teams

Jan 2019 - Dec 2019

1 year

Consultant for Cybersecurity and Functional Safety

Tier 1

Definition of requirements for designing a process to implement cybersecurity in the overall V-model based on ISO/SAE 21434, including detailed descriptions of each process step at the project level
Creation of a guideline for the cybersecurity process
Development of the necessary requirements for a TARA and proposal for implementation
Support in defining requirements for describing assumptions for a cybersecurity/safety element out of context
Support in defining methods to be applied for Cybersecurity Assurance Levels (CAL) (ISO 15408 / IEC 62443-3)
Mapping of checkpoints for documentation between the cybersecurity process and the functional safety process according to ISO 26262
Safety Integrity Level in the project: ASIL B
Cybersecurity Assurance Level: not defined

Jan 2018 - Dec 2018

1 year

Senior Process Consultant

OEM

Optimization of the type approval process for various divisions of a corporation with the objectives:
The process must be demonstrably implemented
Compliance requirements must be met
Handling the cross-cutting topic “Special Characteristics” (safety/approval relevance)
Advisory role on “Functional Safety” in other processes

Jan 2018 - Dec 2018

1 year

Functional Safety Manager ISO 26262

Tier 1

Development of a self-assessment for system, hardware, and software to identify gaps in the documentation of the functional safety process
Conducting document reviews
Training on how to conduct the self-assessment
Support in improving the process maturity of documents
Support in enhancing the content of technical safety concepts
Highest Safety Integrity Level in the project: ASIL D

Jul 2017 - Jul 2019

2 years 1 month

Technical Auditor

DQS GmbH

Reviewing completed audits for completeness, consistency, and correct execution
Reviewing audits for ISO 9001, ISO 27001, and combined ISO 9001 and ISO 27001 audits

Jan 2017 - Dec 2017

1 year

Release Manager for Functional Safety ISO 26262

Tier 1

Coaching the Safety Manager
Developing and integrating methods to improve system overview, system boundaries, and system workflows in the development process
Supporting the definition of subsystem boundaries for FMEA evaluation based on their interfaces for hazard and risk analysis
Reviewing documents for content completeness according to ISO 26262 requirements
Reviewing system FMEAs
Reporting
Highest Safety Integrity Level in the project: ASIL D
Distributed product development OEM/OES without defined system boundaries

Jan 2017 - Dec 2017

1 year

Functional Safety Manager ISO 26262

Tier 1

System analysis in the area of safety-related vehicle functions
Review of supplier documentation for safety verification and making the release decision
Optimization of compliance documentation according to ISO 26262
Highest Safety Integrity Level in the project: ASIL D
SOP: 07.2017

Jan 2015 - Dec 2016

2 years

Safety Manager / Functional Safety Engineer ISO 26262

Tier 1

Evaluation of a workflow from system development in the electronics area regarding its transferability to the design department
Advisory support in developing the item definition and the system requirements analysis, considering ISO 26262 and ISO 15504 (SPiCE) standards for a new product development
Preparation of planning documents (safety plan and related documents) for this new product development
Creation of impact analyses
Derivation of safety-related requirements for system, hardware, and software
Qualification of hardware components
Preparation of project documentation (hazard & risk analysis, functional safety concept, etc.)
Ad-hoc training of project participants
Coordination of relevant functional safety tasks within the team and with the project
Reporting
Highest Safety Integrity Level in the project: ASIL D

Jan 2013 - Dec 2014

2 years

Functional Safety Engineer ISO 26262

OEM

Review of functional safety documentation of various projects to ensure complete compliance with standard requirements, completeness, and consistency
Conducting functional safety assessments

Nov 2012 - Jul 2019

6 years 9 months

Auditor

DQS GmbH / DQS Bit GmbH

Conducting audits according to ISO 9001 (quality management)
Conducting audits according to ISO 27001 (information security)
Conducting audits according to ISO 27001 including the IT security catalog §11 para. 1a EnWG

Jan 2010 - Dec 2014

5 years

Functional Safety Engineer ISO 26262

OEM

Defining the system boundaries of subsystems to derive the necessary work packages for functional safety in collaboration with the involved departments
Consolidation and reconciliation of existing FMEAs as well as hazard and risk analyses to identify open issues
Conducting hazard assessments
Conducting hazard and risk analyses
Creation of the safety plan
Development of the functional and technical safety concept
Preparation of other required documentation
Determining test requirements for verification and validation of safety requirements
Checking test requirements for correct description in test catalogs
Reviewing test results for deviations and assessing them regarding safety relevance
Preparation of the safety case
Highest Safety Integrity Level in the project: ASIL C

Jan 2008 - Dec 2010

3 years

Functional Safety Engineer ISO 26262 / IEC 61508

Tier 1

Worked on the safety concept for an electric motor
Created project documents for the functional safety process
Derived safety-relevant requirements for the system, hardware, and software
Highest Safety Integrity Level in the project: ASIL C

Jan 2008 - Dec 2008

1 year

Functional Safety Engineer ISO 26262 / IEC 61508

Tier 1

Introduced the team to functional safety and trained them on the process flow and resulting requirements
Created a system and operations analysis
Analyzed the system FMEA to perform the hazard and risk analysis
Implemented the gathered data into the safety concept, which was approved after the final FSM assessment
Conducted according to IEC 61508

Jan 2005 - Dec 2005

1 year

Quality Management Representative

Tier 1

Established a quality management system according to ISO 9001
Integrated development processes based on the SPICE process maturity model (16 main software development processes) into the core processes
Achieved successful initial certification with no deviations
Provided ongoing successful support for the QMS over a total period of three years
Permanent employment