Veteran engineers and AI agents, together — across functional safety, cybersecurity, systems engineering, software safety, quality management, AI assurance, and autonomy.
AFSPs on every engagement with AI agents shifting your project left.
Every Tomco program runs on a hybrid bench: an Approved Functional Safety Professional leading the work, plus a fleet of agents handling the defensible drudgery — citations, traceability, evidence chains, and the first 80% of every artifact.
Every Tomco engagement draws from the same hybrid bench — six standard disciplines and one flagship — so your safety case, security case, and autonomy case all share evidence, vocabulary, and accountability.
Hazard analysis, ASIL/DAL/SIL decomposition, FMEDA, PMHF, safety cases — built once, defensible forever.
TARA, secure development lifecycle, penetration informed reviews, and post-production monitoring strategies.
MBSE, requirements decomposition, interface control, and verification planning that survives audit.
Tool qualification, MISRA enforcement, structural coverage, and safety-of-the-intended-function gap analysis.
ASPICE assessments, IATF readiness, configuration management, and supplier audits that stick.
Dataset governance, model risk frameworks, runtime monitors, and regulatory mapping for ML in safety contexts.
End-to-end safety assurance for L4 driving, humanoid robotics, drones, and robotaxi fleets — SOTIF, ODD, fallback design, scenario coverage, and the safety case to defend it all.
From L4 robotaxis to humanoid manipulation, autonomy is where every discipline collides — perception, planning, ML assurance, cybersecurity, and runtime monitoring. Tomco runs the full stack as a single safety case, not seven disconnected workstreams.
Tomco programs span the regulated industries where safety is non-negotiable. We bring the same hybrid bench, the same evidence model, and the same AFSP accountability into each.
Map your program to the right standards on day one — no toolchain swap, no second vendor.
One project room. Live conversation, signed artifacts, agents you can audit, a cryptographic evidence chain, and embedded Academy modules — everything an assessor needs, in the same browser tab.
4.2e-9 /h. Assessor pushed back on the diagnostic coverage assumption. Can the agent re-run with DC@90% and pull the part-quality citation?DC=90%. Citing ISO 26262-5:2018 Annex D §D.2.4.3 for the DC claim. ETA 38s · 9 rows affected · PMHF delta will be flagged.Every Tomco Academy course is taught by an active AFSP — the same engineers signing off real programs. Cohorts are small, the labs use your standards profile, and graduates ship into your projects ready to defend their work to an assessor.
PMHF, SPFM, LFM derivation. Common-cause analysis. Tool-supported workflows.
Threat modelling, CSMS evidence, type-approval narrative for OEMs and Tier-1s.
Dataset governance, drift monitors, runtime assurance patterns for safety AI.
Triggering conditions, ODD framing, residual-risk argumentation, scenario coverage.
Process maturity, evidence packaging, audit choreography for capability level 2/3.
Requirements decomposition, interface control, verification planning that survives audit.
For program managers and clients. Lifecycle, ASIL, work products, assessor expectations.
Risk management system, technical documentation, conformity assessment routes.
From driverless delivery to humanoid manipulation to surgical robotics — and when no standard exists yet, we write the one that does.
We didn't just build the assurance tooling for Project Saphira — we then deployed it ourselves across their downstream robotics customers' safety programs. The result is a portfolio of signed evidence chains running on a shared spine.
Working notes from active programs — what we're seeing in assessor rooms, what agents are getting right, and where the standards are catching up to physical AI.
Tell us about the standards profile, the deadline, and the gap. We'll come back with a hybrid bench plan — humans in the lead, agents in the loop — within two business days.
Tomco Service Group was founded in 2016 by safety engineers tired of watching good programs stall in evidence formatting. We started with functional safety; today we run a hybrid bench across seven disciplines and seven regulated industries.
We have been investing in AI and agent tooling since 2021 — long before the current cycle — because we needed it to keep up with the pace of physical AI. Every agent on the bench was built by an engineer who had to defend a safety case to an assessor.
Every release on every program is co-signed by an AFSP — an Authorised Functional Safety Practitioner — holding one or more of these credentials. Acronyms below; the point is independent third-party certification, not internal job titles.
Issued by TÜV SÜD (Germany). Independent certification that the holder can lead safety lifecycle work to IEC 61508 and its sector derivatives (ISO 26262, IEC 61511, IEC 62061). The benchmark mark in European functional safety.
Issued by exida (US). The senior tier of the CFSE programme — requires documented project leadership plus a written exam. Recognised across automotive (ISO 26262), industrial (IEC 61508 / 61511), and machinery (ISO 13849).
Issued by INCOSE (International Council on Systems Engineering). Mid-senior certification covering the full systems lifecycle per the INCOSE SE Handbook / ISO/IEC 15288. The credential of record for systems leads on aerospace, defence, and complex programs.
Recognised lead role under IEC 62304 (medical device software lifecycle) and ISO 14971 (medical device risk management). What a notified body or FDA reviewer expects to see signing Class B / Class C software releases on a regulated medical device.
Plus domain-specific credentials per program: ISO/SAE 21434 cybersecurity engineer, UL 4600 assessor, ISO/IEC 42001 lead implementer, NIST AI RMF practitioner, FAA Part 107.