Skip to main content

Before You Start

Ensure a Risk Control Plan module exists in the Risks space — common cause events link their mitigations there. You should also have completed your FHA and SFMEA analyses, as CCA builds on the failure conditions and failure modes already documented.

Step 1: Open or Create a CCA Document

Navigate to the Risks space in the sidebar and locate the existing CCA document, or create a new one from the CCA Template.
To create a new CCA document: go to RisksNew Document → select CCA Template. The template pre-populates the 8-column risksheet structure with the three analysis-type groupings.
The FCC project includes a single CCA document: FCC System - Common Cause Analysis.

Step 2: Understand the Three-Type Structure

The CCA risksheet organizes entries into a 3-level hierarchy:
LevelPurpose
Zone / AreaPhysical or functional grouping container
Analysis TypeZSA, PRA, or CMA sub-analysis
Common Cause EventIndividual work item with full details
ARP 4761 requires all three sub-analysis types for a complete safety assessment: diagram

Step 3: Add a Common Cause Event

Within the appropriate Zone / Area row, add a new commonCauseEvent work item under the relevant analysis-type grouping. Set the two mandatory fields:
  • analysisType — Select ZSA, PRA, or CMA. This field has no default; it must be set explicitly. The row header color updates automatically: indigo for ZSA, red for PRA, teal for CMA.
  • affectedFunctions — Enter a free-text description of all functions impacted by this common cause event (e.g., “Fuel pumping, landing gear extension, flight surface actuation”).
The affectedFunctions field stores plain text only. It does not create bidirectional links to Function work items and cannot be queried as a list of work item references. Use it for human-readable documentation of scope. Formal traceability to functions is established separately through the RTM.
Fill in the remaining columns — event description, zone, affected system elements, and any notes on failure mechanism — to complete the entry.

Step 4: Use the Four Risksheet Views

Switch between views using the view selector at the top of the risksheet:
ViewUse When
Full AnalysisReviewing the complete CCA across all zones and types
By ZoneAuditing coverage for a specific physical area
By Analysis TypeComparing all ZSA entries, or all PRA entries, in isolation
Actions ViewReviewing linked risk controls and corrective actions
For each common cause event, link one or more riskControl work items from the Risk Control Plan using the mitigates link role. Switch to Actions View to confirm that every identified common cause has at least one linked control. Unmitigated events appear without associated actions in this view.
Certification auditors typically request a filtered view showing all common cause events alongside their mitigations. The Actions View provides exactly this — export it directly for review packages.

Step 6: Complete All Three Sub-Analyses

ARP 4761 requires ZSA, PRA, and CMA to be addressed. Use the By Analysis Type view to confirm entries exist under all three types. It is valid for a type to contain a documented assessment that no events were identified, but the analysis must be present.
The risksheet.json file in each CCA document instance is a static copy of the template at creation time. If the CCA template is later updated (new columns, revised view definitions), existing CCA documents are not updated automatically. You must manually copy the updated template configuration into each instance’s attachments/risksheet.json.

Verification

You should now see:
  • Common cause events listed under their respective Zone / Area and analysis-type groupings
  • Row headers colored indigo (ZSA), red (PRA), or teal (CMA)
  • Each event linked to at least one risk control in the Actions View
  • All three analysis types (ZSA, PRA, CMA) present in the By Analysis Type view

See Also

Code: modules/RiskTemplates/CCATemplate/attachments/risksheet.json (0.72) · .polarion/pages/spaces/_default/Safety Assessment Summary/page.xml, Common Cause Analysis Report/page.xml, Security Threat Assessment/page.xml, Hara Risk Matrix Report/page.xml (0.71) · .polarion/nextedy/models/rtm.yaml (0.64) · .polarion/tracker/fields/testCase-custom-fields.xml, desReq-custom-fields.xml, processStep-custom-fields.xml, characteristic-custom-fields.xml, systemElement-custom-fields.xml, commonCauseEvent-custom-fields.xml, riskControl-custom-fields.xml, task-custom-fields.xml, custom-fields.xml (0.55) · .polarion/tracker/fields/classification-enum.xml (0.54) · .polarion/tracker/fields/designRequirement-subType-enum.xml, environmentalCategory-enum.xml, fta-gateType-enum.xml, cca-analysisType-enum.xml, controlType-enum.xml, riskControlType-enum.xml, verificationMethod-enum.xml, testLevel-enum.xml (0.54) · .polarion/tracker/fields/workitem-link-role-enum.xml (0.53) · modules/Risks/COMPLIANCE-001/module.xml, modules/Risks/MIL-STD-882E-HTS-001/module.xml, modules/Risks/SEC-THREAT-001/module.xml, modules/Risks/SFMEA-SUB-001/module.xml, modules/Risks/SFMEA-SUB-002/module.xml, modules/Risks/SFMEA-SUB-003/module.xml (0.49) · modules/RiskTemplates/PSSATemplate/attachments/risksheet.json (0.49) · modules/RiskTemplates/ComplianceTemplate/attachments/risksheet.json (0.48)