Tomco USA
Client sign-inBook a discovery call
Safety & Systems
Functional SafetyISO 26262 · DO-178C · IEC 62304 · IEC 61508Systems EngineeringARP 4754A · INCOSE · MBSE · V&VSoftware Safety & QualityDO-178C SW · MISRA · AUTOSARQuality ManagementISO 9001 · IATF 16949 · AS9100 · ASPICE
Emerging & Cross-Cutting
CybersecurityISO 21434 · UN R155/R156 · IEC 62443 · DO-326AAI Safety & AssuranceUL 4600 · ISO 21448 · ISO/PAS 8800 · EU AI ActAutonomy & Robotics SafetyR15.08 · ISO 10218 · ISO 13482 · OSS stack
Learning Tracks
Functional Safety TrackFoundations → Practitioner → AdvancedCybersecurity TrackTARA · SecOC · UN R155 · DO-326AAI Safety TrackSOTIF · UL 4600 · ISO/PAS 8800Systems & Software TrackMBSE · MISRA · AUTOSAR · ASPICE
For Teams
Enterprise L&DCohort enrollment · SCIM · progress dashboardsOn-Site CohortsTomco AFSPs at your facilityVerifiable CredentialsChain-verified Tomco certificatesAcademy in Tomco BenchLearning inside your workspace
Content
Field notesWorking notes from active programsCase StudiesNamed programs, outcomes, metricsWhitepapersResearch deep-dives · long-form
Company
AboutFounded 2016 · AI R&D since 2021TeamNamed AFSPs on every engagementCareersJoin the benchContactBook a discovery call
Flagship practice · Internal R&D portfolio

Autonomy, built and assured — across every domain.

Tomco's autonomy practice combines functional safety, SOTIF, cybersecurity, and AI assurance into a single scenario-driven program — proven on internal builds across ground vehicles, fixed-wing aircraft, surface vessels, drones, humanoids, and heavy off-road platforms.

/ Six internal programs. One assurance pattern. Every artifact pressure-tested in-house.

UL 4600ISO 21448 SOTIFISO/PAS 8800ISO 26262ISO/SAE 21434SAE J3016ARP4754A / 4761ADO-178C / DO-254IEC 61508IMO MASS
Internal R&D portfolio

We build autonomy systems — and the evidence chain that lets them ship.

Each program below was designed, built, and assured end-to-end inside Tomco. We use them as living references for client work — every artifact, scenario, and runtime monitor pattern has been pressure-tested on real platforms before it shows up in your program.

Programs · Six domains

Six internal programs. One assurance pattern.

Codenames are internal — every program is Tomco-owned R&D, designed to prove out the full safety, security, and AI-assurance evidence chain on a real platform.

NorthStarGround · L4 reference stack

Open autonomy reference stack

Tomco built a complete L4-capable ground-vehicle autonomy stack end-to-end as an internal R&D program — perception, prediction, planning, control, and a safety-rated runtime monitor — and shipped the full assessor-ready evidence chain alongside it.

What we built
  • UL 4600 safety case with structured arguments and evidence index
  • ISO 21448 SOTIF hazard analysis and triggering-condition library
  • ISO/PAS 8800 AI assurance dossier for learned components
  • ISO 26262 HARA, FSC, TSC, and item-level safety analyses
  • ISO/SAE 21434 TARA and cybersecurity case
  • ODD specification and ~1,400-scenario verification library
  • Closed-loop V&V harness (sim, replay, on-vehicle) and field monitoring playbook
UL 4600ISO 21448ISO/PAS 8800ISO 26262ISO/SAE 21434SAE J3016
Shipped — full evidence chain, assessor-ready
SkylarkAviation · Cessna-class demonstrator

Autonomous fixed-wing demonstrator

An internal Tomco program retrofitted a Cessna-class general-aviation airframe with a full autonomy stack — detect-and-avoid, autoland, and contingency management — and produced the certification artifact set required to fly it.

What we built
  • ARP4754A system development and ARP4761A safety assessment (FHA, PSSA, SSA, CCA)
  • DO-178C DAL-B software lifecycle data for flight-critical components
  • DO-254 hardware lifecycle data for the autonomy compute stack
  • DO-365 / ACAS-Xu detect-and-avoid performance evidence
  • ASTM F3269 run-time assurance bounds and monitor design
  • Contingency management playbooks and forced-landing scenario library
  • Alignment with the EASA / FAA AI roadmap for learned subsystems
ARP4754AARP4761ADO-178CDO-254DO-365ASTM F3269
Flight-tested — full certification artifact set
AtelierPhysical AI · humanoid + bimanual

Humanoid manipulation R&D

Tomco's physical-AI lab applies scenario-driven assurance to humanoid and bimanual manipulation platforms — bridging personal-care, industrial, and mobile-robot standards with emerging obligations for learned controllers.

What we built
  • Task-level ODD definition for contact-rich manipulation
  • Contact and human-proximity scenario library
  • Learned-policy assurance argument with bounded behavior envelope
  • Safety-rated motion envelope and force/torque limiting strategy
  • Human-robot interaction risk model and HRI test protocol
  • Sim-to-real V&V harness and runtime intent monitor
ISO 13482ISO 10218-1/2ANSI/RIA R15.08ISO/PAS 8800EU AI Act
Active R&D — internally funded
TidelineMaritime · autonomous surface vessel

Harbor & coastal USV autonomy

An autonomous surface vessel program built in-house to prove out the Tomco assurance pattern in the maritime domain — from harbor maneuvering and COLREGs compliance to coastal transits and remote supervision.

What we built
  • IMO MASS-aligned concept of operations and degree-of-autonomy mapping
  • IEC 61508 functional-safety lifecycle for the safety controller
  • ABS Autonomous Vessel guidance gap analysis and evidence map
  • COLREGs-driven scenario library with give-way and stand-on cases
  • Remote-operations human-factors design and handover protocol
  • Sea-trial V&V package with replay and shore-side monitoring
IMO MASSIEC 61508ABS AVCOLREGsISO/PAS 8800
Sea trials complete — assurance case shipped
DriftAerial unmanned · sUAS / delivery

Small UAS delivery autonomy

A small-UAS autonomy stack engineered for beyond-visual-line-of-sight delivery operations — built internally to demonstrate a complete BVLOS evidence package on commodity airframes.

What we built
  • SORA-based operational risk model with mitigations and OSO evidence
  • ASTM F3442 detect-and-avoid performance characterization
  • DO-178C DAL-C software lifecycle data for autonomy components
  • Containment, geofencing, and lost-link contingency design
  • Part 135 / 137 operational envelope and crew procedures
  • Continuous flight-data monitoring and incident replay pipeline
SORAASTM F3442DO-178CPart 135/137ISO/PAS 8800
BVLOS-ready evidence package
QuarryOff-road · heavy haul autonomy

Mining & earth-moving haul autonomy

A heavy off-road autonomy program targeting open-pit haul and earth-moving operations — engineered to the autonomy-specific industrial standards and validated through full pit trials.

What we built
  • ISO 17757 levels-of-automation mapping and site interaction model
  • ISO 26262 functional safety for vehicle-level controllers
  • UL 4600 site-scoped safety case with traffic-management arguments
  • EMESRT control-framework alignment and operator-interaction design
  • Mixed-fleet (manned + unmanned) scenario library and right-of-way logic
  • Pit-trial V&V package with health monitoring and incident replay
ISO 17757ISO 26262UL 4600EMESRTISO 21448
Pit-trial validated — full safety case
The playbook

How we run autonomy programs.

The same four-step pattern runs through every program above — calibrated to the domain, the standards, and the platform.

01
ODD specification

Define the operational design domain in machine-checkable form — environment, actors, behaviors, and the boundary conditions that trigger fallback.

02
Scenario library

Build a domain-calibrated scenario library — nominal, edge, and triggering conditions — wired to coverage metrics and traceable to hazards.

03
Closed-loop V&V

Run the same scenarios through simulation, log replay, and on-vehicle / on-platform test, with a runtime monitor enforcing the safety envelope.

04
Field monitoring

Close the loop after deployment with telemetry, triage, incident replay, and a regression pipeline that feeds new scenarios back into the library.

Start a program

Bring an autonomy program to Tomco — or build one with us.

Every program is led by AFSPs with field experience on production autonomous platforms. We can plug into an existing program or stand one up from a clean sheet.

Book a discovery call Autonomy & robotics discipline