Skip to main content

Document Lifecycle Overview

Risk specification documents follow a four-state lifecycle with electronic signature support for approval tracking and baseline management: diagram The workflow ensures that all risk assessment documents (FHA, SFMEA, DFMEA, PSSA, SSA, FTA, CCA, Hazard Tracking, Security Threat Assessment, Compliance Matrix, PFMEA, and Risk Control Plan) follow the same governance model, supporting DO-178C and ARP 4754A baseline approval requirements.

Document States and Transitions

StatePurposeEntry PointActions AvailableNext States
DraftInitial document creation and editingDocument creationEdit content, add work items, submit for reviewIn Review
In ReviewSubmitted for stakeholder review and feedbackSend for Review actionView reviewer comments, request changes, approve/rejectApproved, Rework
ApprovedSigned off by required approversApprove action (requires signatures)Publish document as baselinePublished, Rework
PublishedFormal baseline version locked for traceabilityPublish actionReference as baseline for downstream analysisRework
From any non-draft state, a Rework action returns the document to Draft state. This action marks all electronic signatures as obsolete and resets approval verdicts, enabling re-submission after modifications.

Electronic Signature and Approval Requirements

The risk specification workflow implements electronic signature tracking for safety-critical approval chains, per DO-178C and ARP 4754A requirements.

Signature Policy: At Least One Signature

The Approve action requires:
  1. At least one project approver signature on the document
  2. No disapprovals from any approver
  3. Auto-signature support for the project_approver role
When Send for Review is triggered, the system automatically adds all project approvers as signers with the Approver role. Approvers may then electronically sign the document before it advances to Approved state.
Signer RoleAuto-AddedRequiredCan Override
project_approverYes (Send for Review)At least oneYes (via signature)
project_assigneeNoConditionalYes

Signature Lifecycle

EventEffect
Document createdNo signatures
Send for ReviewAuto-add project_approver signers
Approve (Mark Approved)Signatures must satisfy AtLeastOneApprovedAndNooneDisapproved condition
ReworkAll signatures marked obsolete, verdicts reset
Reopen from ApprovedSignatures marked obsolete, verdicts reset
PublishSignatures locked as part of baseline
Rework and Reopen actions mark all signatures as obsolete to ensure that any document modifications trigger new approvals. This prevents unapproved changes from being published.

Risk Specification Document Types

All risk specification documents in the Aerospace Safety Solution use the same workflow, but may have different content structures and risksheet configurations:
Document TypeTemplateScopeRisksheet TypeWork Item Focus
FHA (Functional Hazard Assessment)FHATemplateSystem-levelFailure ConditionFunctional hazards and failure conditions
SFMEA (System FMEA)System-FMEATemplate or SubSystem-FMEATemplateSystem or subsystemFailure ModeSystem failure modes and effects
DFMEA (Design FMEA)DFMEATemplateComponent-levelFailure ModeComponent failure modes, characteristics, causes
PSSA (Preliminary System Safety Assessment)PSSATemplateSystem-levelSafety RequirementSafety requirements allocated from failure conditions
SSA (System Safety Assessment)SSATemplateSystem-levelFailure ConditionFinal verification of failure condition evidence
FTA (Fault Tree Analysis)FTATemplateSystem-levelFault (logic gates)Top-level failures and contributing factors
CCA (Common Cause Analysis)CCATemplateSystem-levelCommon Cause EventShared failure mechanisms across components
Hazard TrackingHazardTrackingTemplateSystem-levelHazardMIL-STD-882E hazard inventory and closure status
Security Threat AssessmentSecurityThreatTemplateSystem-levelSecurity ThreatDO-326A STRIDE threat inventory
Compliance MatrixComplianceTemplateProject-wideCompliance ObjectiveStandards compliance objectives and evidence
PFMEA (Process FMEA)PFMEATemplateProcess-levelFailure Mode (Process)Process step failure modes with Action Priority
Risk Control PlanRiskControlPlanTemplateSystem-levelRisk ControlRisk mitigation actions and implementation status
Exact template naming and availability may vary by Aerospace Safety Solution version. Refer to the RiskTemplates folder in your project to confirm available templates.

Document Status Enumeration

Risk specification documents use a four-value status enumeration that mirrors the workflow states:
StatusColorMeaningWorkflow State
DraftBlueDocument under creation or revisionDraft
In ReviewLight YellowAwaiting approver review and feedbackIn Review
ApprovedGreenSigned off by required approversApproved
PublishedBold GreenFormal baseline version lockedPublished
The status field is automatically updated as the document transitions through workflow states. Manual status changes are not allowed — only workflow actions update the status.

Risksheet Integration Pattern

Each risk specification document contains a Risksheet link panel that connects the document to its associated analysis data: diagram The risksheet contains the actual analysis data — failure modes, effects, causes, risk rankings, mitigations, and verification status. The document workflow governs approval of the entire risksheet analysis.
The document manages approval workflow and baseline versions. The risksheet manages analysis content and formulas. Together, they provide a complete risk assessment lifecycle: analysis → review → approval → publication.

System Element Binding (Scope)

Most risk specification documents are scoped to a specific system element in the project hierarchy:
Document TypeSystem Element BindingScope
FHASystemEntire system
SFMEA (system-level)SystemEntire system
SFMEA (subsystem-level)SubsystemSingle subsystem only
DFMEA (component-level)ComponentSingle component only
PSSASystemEntire system
SSASystemEntire system
FTASystemEntire system
CCASystemEntire system
Hazard TrackingNone (project-wide)All system elements
Security Threat AssessmentNone (project-wide)All system elements
Compliance MatrixNone (project-wide)All system elements
The systemElementId field in the document XML binds the document to its scope. Project-wide documents (Hazard Tracking, Security Threat Assessment, Compliance Matrix) have no systemElementId, meaning they apply across the entire project.
In hierarchical systems, a separate SFMEA document is created for each subsystem level, each bound to its respective subsystem via systemElementId. This allows detailed analysis at each decomposition level while maintaining traceability from system to subsystem to component.

Workflow Example: DFMEA Approval Chain

A typical Design FMEA approval workflow follows these steps:
  1. Create — Design engineer creates DFMEA document (Draft state)
  2. Analyze — Team identifies failure modes, effects, causes, and initial risk rankings in the risksheet
  3. Define Mitigations — Risk control tasks are created and linked to failure modes
  4. Send for Review — Design engineer clicks “Send for Review”
    • Document state → In Review
    • Project approvers automatically added as signers
    • Review comments solicited from safety team
  5. Incorporate Feedback — If changes needed, click “Rework”
    • Document state → Draft
    • Signatures marked obsolete
    • Team incorporates feedback into risksheet
    • Steps 3–4 repeated
  6. Approve — Once review complete and feedback incorporated, click “Mark Approved”
    • All project approvers sign electronically
    • Document state → Approved
    • Signatures locked
  7. Publish — Click “Publish”
    • Document state → Published
    • Document becomes formal baseline
    • DFMEA results feed into PSSA and downstream safety assessment
Once Published, a risk specification document should not be directly edited. Instead, create a new version (increment version number) and route it through the approval workflow again. This preserves audit trail and baseline traceability.

Workflow State Machine (XML Configuration)

The risk specification workflow is defined in .polarion/documents/workflow/riskSpecification-workflow.xml. Key workflow transitions include:
TransitionFromToConditionAction
Send for ReviewDraftIn ReviewNoneAddDefaultSigners (project_approver role)
ApproveIn ReviewApprovedAtLeastOneApprovedAndNooneDisapprovedLock signatures
PublishApprovedPublishedNoneCreate baseline snapshot
ReworkIn Review, Approved, PublishedDraftNoneMarkSignaturesObsolete, reset verdicts
RejectIn ReviewDraftNoneAdd rejection comment
Exact workflow transitions and conditions are configured in the Polarion project XML. For detailed transition rules, review the riskSpecification-workflow.xml file in your project’s .polarion/documents/workflow/ folder.
This reference covers the standard risk specification document workflow as implemented in the Aerospace Safety Solution. Actual workflow behavior, available actions, and signature policies may vary based on your project’s Polarion configuration and user roles. Always verify specific workflow rules in your live project.
Code: .polarion/documents/workflow/riskSpecification-workflow.xml (0.73) · .polarion/tracker/fields/severity-enum.xml, status-enum.xml, priority-enum.xml, implementationStatus-enum.xml, riskSpecification-document-status-enum.xml (0.62) · .polarion/tracker/workflow/workflow.xml (0.55) · modules/Risks/COMPLIANCE-001/module.xml, modules/Risks/MIL-STD-882E-HTS-001/module.xml, modules/Risks/SEC-THREAT-001/module.xml, modules/Risks/SFMEA-SUB-001/module.xml, modules/Risks/SFMEA-SUB-002/module.xml, modules/Risks/SFMEA-SUB-003/module.xml (0.49) · modules/RiskTemplates/PSSATemplate/attachments/risksheet.json (0.48) · modules/RiskTemplates/SSATemplate/attachments/risksheet.json (0.48) · modules/RiskTemplates/ComplianceTemplate/attachments/risksheet.json (0.47) · modules/RiskTemplates/DFMEATemplate/attachments/risksheet.json (0.46) · modules/RiskTemplates/PFMEATemplate/attachments/risksheet.json (0.46) · .polarion/polarion-project.xml, .polarion/context.properties, .polarion/security/user-roles.xml, .claude/PROJECT.md, TODO.md (0.46)