Tomco USA
Client sign-inBook a discovery call
Safety & Systems
Functional SafetyISO 26262 · DO-178C · IEC 62304 · IEC 61508Systems EngineeringARP 4754A · INCOSE · MBSE · V&VSoftware Safety & QualityDO-178C SW · MISRA · AUTOSARQuality ManagementISO 9001 · IATF 16949 · AS9100 · ASPICE
Emerging & Cross-Cutting
CybersecurityISO 21434 · UN R155/R156 · IEC 62443 · DO-326AAI Safety & AssuranceUL 4600 · ISO 21448 · ISO/PAS 8800 · EU AI ActAutonomy & Robotics SafetyR15.08 · ISO 10218 · ISO 13482 · OSS stack
Learning Tracks
Functional Safety TrackFoundations → Practitioner → AdvancedCybersecurity TrackTARA · SecOC · UN R155 · DO-326AAI Safety TrackSOTIF · UL 4600 · ISO/PAS 8800Systems & Software TrackMBSE · MISRA · AUTOSAR · ASPICE
For Teams
Enterprise L&DCohort enrollment · SCIM · progress dashboardsOn-Site CohortsTomco AFSPs at your facilityVerifiable CredentialsChain-verified Tomco certificatesAcademy in Tomco BenchLearning inside your workspace
Content
Field notesWorking notes from active programsCase StudiesNamed programs, outcomes, metricsWhitepapersResearch deep-dives · long-form
Company
AboutFounded 2016 · AI R&D since 2021TeamNamed AFSPs on every engagementCareersJoin the benchContactBook a discovery call
Back to reference engagements
Autonomous L4 delivery vehicle on a misty urban road with blue lidar sensor sweeps
Reference engagement · Project Atlas🔒 Client name on request · under NDA

L4 driverless delivery, signed and shipped.

Tomco led functional safety, SOTIF, and UL 4600 evidence for an L4 autonomous delivery program — the full hybrid bench across perception, planning, and the cross-layer safety monitor.

L4
Driverless delivery on public roads
3+ yrs
Continuous safety case ownership
6-layer
Sensors → safety monitor, one signed chain
0 recalls
Across the program lifetime to date
Program narrative

How the engagement ran.

The client builds purpose-built, occupant-less delivery vehicles operating on public roads at SAE Level 4. The program required a defensible safety case spanning sensor calibration, perception ML, planning, prediction, and a cross-layer runtime monitor — all signed off as one continuous evidence chain.

Tomco embedded as the safety partner in 2022 and has owned the safety case ever since. AFSPs (Authorised Functional Safety Practitioners) co-signed every release; agents kept the trace matrix, hazard log, and SOTIF argument current to the minute as the perception stack iterated weekly.

The result: three-plus years of continuous L4 driverless operation on public roads, zero recalls across the program lifetime, and a UL 4600 case structure now used as the internal template for new vehicle variants.

AFSP team

Who signed it.

Lead AFSP · Autonomy
TÜV SÜD-certified Functional Safety Engineer (FSE) · UL 4600 assessor
14 yrs ISO 26262 · 6 yrs L4 driverless programs

Names withheld by policy. Credentials and program references verifiable on request under NDA.

FuSa (ISO 26262)SOTIF (ISO 21448)UL 4600ML Safety (ISO/PAS 8800)Cyber (ISO/SAE 21434)Runtime Monitor
Standards mapped

The regime, line by line.

ISO 26262
Road vehicles — Functional safety
Tomco role: Conformance
ISO 21448
Safety of the intended functionality (SOTIF)
Tomco role: Conformance
UL 4600
Standard for safety for the evaluation of autonomous products
Tomco role: Author
ISO/PAS 8800
Road vehicles — Safety and AI
Tomco role: Contributor
ISO/SAE 21434
Road vehicles — Cybersecurity engineering
Tomco role: Conformance
Evidence chain

One signed thread, end to end.

  1. 01Sensors (lidar/camera/radar) — calibration & FuSa item definition
  2. 02Perception ML — SOTIF triggering conditions, dataset coverage
  3. 03Prediction & planning — hazard analysis, decision-time monitor
  4. 04Cross-layer safety monitor — runtime guard, fail-operational reasoning
  5. 05Vehicle platform — hardware FMEDA, brake/steer redundancy
  6. 06Signed release — AFSP co-signature, evidence chain dehydrated to immutable store

Want this for your program?

We embed AFSPs and agents into your safety case the same way we did on this engagement. Client references available under mutual NDA.

Talk to the Project Atlas lead See the autonomy stack