My suggestion is that we (you, somebody) should develop a straw man UL 4600 audit schedule. There is currently a lot of uncertainty as to the schedule and resources needed to complete a review. Such a schedule in my experience promotes industry acceptance, allowing industry to plan and apply resources as needed. For example, assuming that the first day is day zero, such a schedule might include:
Day -14: one day on site meeting to introduce audit team leaders, audit team membership and qualifications, discuss logistics (meeting room, needed computer and network resources, parking, passes, lunch payment and preferences,, etc.) refresher on pass/fail criteria, expectations for developer expert participation, process for closing liens on open items at conclusion of on-site meeting if any, process for appeal of adverse audit team decisions, allowable audit team expenses, etc.
Day -0: Audit team arrival on site, confirmation of logistics arrangements.
Day 1 0900 - 1030:Introductions, orientation by audit team, orientation by developer leadership
1030 - 1300 section A-B
1330 - 1600 Section C-D
1600 - 1630 Internal audit team summary preparation
1630 - 1730 Review results with developer, enumeration of closed items, liens on open items.
Day 2-9, 0800 - 0815: Opening remarks by Audit lead
0815 - 0830: Opening remarks by Developer Lead
0830 - 1630: Safety Case presentations
1630 - 1700: Status review and open item/lien identification
Day 10 0800
1300 - 1645: Presentation of results to developer team, identification of open items and liens, developer appeal of adverse determinations, residual process to delivery of compliance certification
1645-1700 Final remarks and adjournment.
This is only a brief sketch, and there is clearly more to be done, but there has got to be a way for developers seeking UL4600 certification, and companies desiring certification as UL 4600 auditors, to bound the scope and marshal necessary resources for a successful audit outcome. UL4600 audit process definition might be a prerequisite for industry acceptance, but in any case couldn't hurt. The process sketched above would be familiar to companies that have already had, for example, an ISO 9000 audit. It seems to me that the UL 4600 document alone is a fantastic framework for structuring the AV developer safety case, but absent widespread history of audits (there aren't any yet by companies documenting their competence) and we need to start somewhere) its (especially early)implementation may benefit from better definition of the corollary expected audit process and closure requirements.
I think that such a plan would alleviate apprehension about developer resources and schedule and their reluctance to engage with UL on UL4600 certification.
Day 9 0800-1200 Audit team review and synopsis, identification of open items and liens
This post suggests that the regulatory compliance audit is so simple it can be done in an afternoon by a single person visiting the site if the company has their homework done. Or even just by e-mailing a spreadsheet to NHTSA for NHTSA to check using ordinary spreadsheet software.
It is also highly desirable to also do the conformance audit you are talking about. But I am not proposing that as the baseline regulatory requirement at this time.
Thanks, Phil.
My suggestion is that we (you, somebody) should develop a straw man UL 4600 audit schedule. There is currently a lot of uncertainty as to the schedule and resources needed to complete a review. Such a schedule in my experience promotes industry acceptance, allowing industry to plan and apply resources as needed. For example, assuming that the first day is day zero, such a schedule might include:
Day -14: one day on site meeting to introduce audit team leaders, audit team membership and qualifications, discuss logistics (meeting room, needed computer and network resources, parking, passes, lunch payment and preferences,, etc.) refresher on pass/fail criteria, expectations for developer expert participation, process for closing liens on open items at conclusion of on-site meeting if any, process for appeal of adverse audit team decisions, allowable audit team expenses, etc.
Day -0: Audit team arrival on site, confirmation of logistics arrangements.
Day 1 0900 - 1030:Introductions, orientation by audit team, orientation by developer leadership
1030 - 1300 section A-B
1330 - 1600 Section C-D
1600 - 1630 Internal audit team summary preparation
1630 - 1730 Review results with developer, enumeration of closed items, liens on open items.
Day 2-9, 0800 - 0815: Opening remarks by Audit lead
0815 - 0830: Opening remarks by Developer Lead
0830 - 1630: Safety Case presentations
1630 - 1700: Status review and open item/lien identification
Day 10 0800
1300 - 1645: Presentation of results to developer team, identification of open items and liens, developer appeal of adverse determinations, residual process to delivery of compliance certification
1645-1700 Final remarks and adjournment.
This is only a brief sketch, and there is clearly more to be done, but there has got to be a way for developers seeking UL4600 certification, and companies desiring certification as UL 4600 auditors, to bound the scope and marshal necessary resources for a successful audit outcome. UL4600 audit process definition might be a prerequisite for industry acceptance, but in any case couldn't hurt. The process sketched above would be familiar to companies that have already had, for example, an ISO 9000 audit. It seems to me that the UL 4600 document alone is a fantastic framework for structuring the AV developer safety case, but absent widespread history of audits (there aren't any yet by companies documenting their competence) and we need to start somewhere) its (especially early)implementation may benefit from better definition of the corollary expected audit process and closure requirements.
I think that such a plan would alleviate apprehension about developer resources and schedule and their reluctance to engage with UL on UL4600 certification.
Day 9 0800-1200 Audit team review and synopsis, identification of open items and liens
Thanks for the start to this Fred.
To be clear, there are two types of audits:
-> An independent audit for UL 4600 conformance.
-> A regulatory compliance audit.
This post suggests that the regulatory compliance audit is so simple it can be done in an afternoon by a single person visiting the site if the company has their homework done. Or even just by e-mailing a spreadsheet to NHTSA for NHTSA to check using ordinary spreadsheet software.
It is also highly desirable to also do the conformance audit you are talking about. But I am not proposing that as the baseline regulatory requirement at this time.