Skip to main content

What safety analysis documents does the Aerospace Safety Solution support?

The Aerospace Safety Solution provides five ARP 4761-aligned safety assessment document types: Functional Hazard Assessment (FHA), Preliminary System Safety Assessment (PSSA), System Safety Assessment (SSA), Fault Tree Analysis (FTA), and Common Cause Analysis (CCA). Each is implemented as a Risksheet with a pre-configured column layout tailored to that analysis method. For a complete list with column structures, see Reference.

What is the difference between FHA, PSSA, and SSA?

These three documents represent the ARP 4761 safety assessment lifecycle in sequence:
DocumentPurposePrimary Work Item
FHAIdentify failure conditions and assign classification + DALfailureCondition
PSSAAllocate safety requirements from failure conditionssafetyRequirement
SSAVerify compliance and confirm evidence closurefailureCondition
The FHA classifies failure conditions by severity, the PSSA derives and allocates requirements from those classifications, and the SSA confirms that evidence has been gathered to close each safety objective.

How does DAL allocation work in the FHA?

DAL (Design Assurance Level) is automatically computed from the classification field of each failure condition. The mapping follows ARP 4754A: diagram Safety requirements created in the PSSA inherit the DAL classification from their parent failure condition via the allocatesTo link role.

What failure condition classification levels are available?

The classification field uses a 5-level enumeration aligned with ARP 4761:
  • Catastrophic — Loss of life or aircraft; probability target < 10⁻⁹ per flight hour
  • Hazardous — Severe injuries or fatal to small number; DAL B
  • Major — Significant reduction in safety margins; DAL C
  • Minor — Slight reduction in safety margins; DAL D
  • No Safety Effect (NSE) — No effect on safety; DAL E
Each row in the FHA Risksheet is color-coded by classification level (red for Catastrophic through grey for NSE) for fast visual scanning.
Exact probability target thresholds and any project-specific overrides should be confirmed in the running Polarion instance, as source coverage was limited to code features.

How does the traceability chain connect functions to safety requirements?

The full ARP 4761 traceability chain uses three link roles working in sequence: diagram The assesses link connects a function to the failure conditions that affect it. The causeOf link propagates failure modes up to the failure condition they cause. The allocatesTo link bridges FHA findings into PSSA safety requirements, which are then traced to system elements via allocatedTo.

What is the verification status progression for failure conditions?

Each failure condition in the SSA tracks a 4-state verification progression:
  1. Open — Identified but not yet analyzed
  2. In Progress — Analysis underway; evidence being gathered
  3. Completed — Analysis complete; evidence attached
  4. Verified — Independent review confirmed closure
Rows are color-coded by status, enabling rapid identification of open items during certification reviews.

What does Common Cause Analysis (CCA) cover?

The CCA Risksheet implements the three ARP 4761 common cause analysis types: Zonal Safety Analysis (ZSA), Particular Risk Analysis (PRA), and Common Mode Analysis (CMA). Each entry groups common cause events by analysis type and links to affected functions and risk controls. CCA is unique to the aerospace solution configuration and is not present in other solution variants.
Common Cause Analysis is a mandatory deliverable for DAL A and DAL B systems under ARP 4761. The CCA document should be started early in the PSSA phase when system architecture alternatives are still being evaluated.

What FMEA types are supported and how do they differ?

Two FMEA types are available, differing in their level of system decomposition:
TypeScopeTypical Column Count
SFMEA (System FMEA)System and subsystem level; focuses on functional failure modes10 columns
DFMEA (Design FMEA)Component level; includes RPN scoring with occurrence, severity, detection12 columns
DFMEA rows include post-mitigation RPN scoring — a value above 30 is flagged red, 11–30 orange, and 1–10 green. In the example Aero1 project, the solution contains 4 SFMEA documents and 8 DFMEA documents covering the full FCC component hierarchy.

How does the Aerospace Safety Solution support MIL-STD-882E alongside ARP 4761?

The solution includes a dedicated Hazard Tracking document type aligned with MIL-STD-882E for programs that operate under both military and civil airworthiness frameworks. Hazards are tracked separately from failure conditions and can be linked to risk controls via the mitigates role. The Certification Readiness Scorecard tracks MIL-STD-882E compliance alongside ARP 4761 and DO-178C in a unified view. For related questions about certification evidence and compliance tracking, see Certification and Compliance Questions.
Code: .polarion/pages/spaces/_default/Safety Assessment Summary/page.xml, Common Cause Analysis Report/page.xml, Security Threat Assessment/page.xml, Hara Risk Matrix Report/page.xml (0.57) · .polarion/tracker/fields/workitem-link-role-enum.xml (0.55) · .polarion/nextedy/models/rtm.yaml (0.54) · .polarion/nextedy/sheet-configurations/ARP 4761 Safety Assessment Traceability.yaml (0.54) · modules/RiskTemplates/SSATemplate/attachments/risksheet.json (0.53) · .polarion/pages/spaces/_default/Program Manager Dashboard/page.xml, Safety Engineer Dashboard/page.xml, Design Engineer Dashboard/page.xml, VandV Engineer Dashboard/page.xml, Config Manager Dashboard/page.xml (0.50) · modules/RiskTemplates/PSSATemplate/attachments/risksheet.json (0.50) · .polarion/tracker/fields/designRequirement-subType-enum.xml, environmentalCategory-enum.xml, fta-gateType-enum.xml, cca-analysisType-enum.xml, controlType-enum.xml, riskControlType-enum.xml, verificationMethod-enum.xml, testLevel-enum.xml (0.49) · modules/RiskTemplates/FHATemplate/attachments/risksheet.json (0.48) · .polarion/tracker/fields/classification-enum.xml (0.47)