Skip to main content

Overview

The DFMEA Risksheet implements a three-level item hierarchy—characteristic (Item) → failure mode → cause—with integrated upstream and downstream risk traceability. The risksheet automatically calculates Risk Priority Numbers (RPN) using severity, occurrence, and detection ratings, applies color-coded visual indicators, and guides engineers through a structured seven-step mitigation workflow via progressive views. Key characteristics:
  • 17 columns organized into 4 logical header groups
  • 9 workflow views implementing a guided DFMEA methodology
  • Automatic RPN calculation with 3-tier color coding (green/yellow/red)
  • Upstream risk linking to System FMEA failure modes via the causes role
  • Mitigation task management with linked risk controls, requirements, and verification
  • SC/CC classification badges for safety-critical and critical characteristics

Column Structure

The DFMEA Risksheet contains 17 data columns organized into 4 header groups:

Group 1: Component Characteristics (Item level)

ColumnTypePurposeNotes
itemText (control column)Characteristic identifier and titleLinks to characteristic work item type. SC/CC classification badge rendered via cellRenderer. Zoom column for detail navigation.
SC/CC ClassificationBadge (text)Safety-critical or critical characteristic designationDisplays “SC” (orange) or “CC” (red) pill-format badge. Both client-side JavaScript and server-side Velocity rendering for print/export compatibility.

Group 2: Potential Failure (Failure mode and cause levels)

ColumnTypePurposeNotes
failureModeText (control column)Description of how the characteristic could failZoom column for failure mode detail. Item-level nesting: all failure modes for a characteristic roll up to that characteristic row.
failureEffectsTextThe consequence of the failure mode on system or customerWhat happens if this failure mode occurs? Links to downstream system effects.
potentialCausesTextRoot causes contributing to the failure modeEngineering analysis of why the failure mode could happen.
upstreamRisksmultiItemLink with causes roleLinks to System FMEA failure modes causing this characteristic failureEnables vertical traceability from system to component level. Displays linked item title + parent module name (e.g., “Power Loss → System SFMEA: FCC-SFMEA”).

Group 3: Set Ranking (Pre-mitigation RPN)

ColumnTypePurposeDefaultNotes
severityEnum (1–5)Failure mode severity rating1 = No Effect, 5 = Catastrophic. Per ARP 4761 / DO-254 classification scales.
occurrenceEnum (1–5)Likelihood of failure mode happening1 = Extremely Remote, 5 = Extremely Probable.
detectionEnum (1–5)Ability to detect the failure before reaching customer1 = Certain to Detect, 5 = Certain Not to Detect.
commonRpnFormulaPre-mitigation Risk Priority Numberseverity × occurrence × detectionCalculated value (no user input). Range 1–125. Color-coded cell decorator applied.

Group 4: Mitigations (Task management level)

ColumnTypePurposeNotes
riskControlIdTextIdentifier of the risk control (mitigation task)Linked to riskControl work item type. Multiple controls can address the same failure mode.
riskControlTitleTextTitle/description of the mitigation actionDisplays linked risk control title for human reference.
riskControlStatusEnumWorkflow status of the mitigation taskValues: Open, In Progress, Review, Closed, Deferred.
linkedRequirementsserverRender (Velocity)Requirements allocated by this risk controlServer-side rendering traverses task’s back-links to sysReq and desReq. Rendered as bulleted list.
requirementVerificationserverRender (Velocity)Test cases verifying the linked requirementsServer-side rendering traverses from requirements to linked testCase work items. Shows verification status.

Group 5: Final Ranking (Post-mitigation RPN)

ColumnTypePurposeDefaultNotes
occurrenceNewEnum (1–5)Post-mitigation occurrence ratingApplied after risk controls implemented. Typically lower than pre-mitigation occurrence.
detectionNewEnum (1–5)Post-mitigation detection ratingApplied after design changes or additional controls.
commonRpnNewFormulaPost-mitigation Risk Priority Numberseverity × occurrenceNew × detectionNewCalculated value. Color-coded cell decorator applied (same 3-tier scale as pre-mitigation). Row header colored by post-mitigation RPN.

Formulas

RPN Auto-Calculation (Pre-mitigation)

commonRpn = severity × occurrence × detection
Cell Decorator: 3-tier color coding:
  • Green (≤10): Low risk, acceptable without mitigation
  • Yellow (11–30): Medium risk, mitigation required
  • Red (>30): High risk, immediate action required
Also renders numeric value with text label below: “Low”, “Medium”, or “High”.

RPN Auto-Calculation (Post-mitigation)

commonRpnNew = severity × occurrenceNew × detectionNew
Same 3-tier color coding as commonRpn. Used for row header background color via rowHeaderRpnNew renderer.

Auto-Generated Risk Description

riskDescription = 'ON CHARACTERISTICS: ' + item_title + ' FAILURE MODE: ' + failureMode + ' CAUSE: ' + potentialCauses
Background cell styling: whitesmoke. Used in reports and risk summaries for narrative context.

Views (Workflow Guidance)

The DFMEA Risksheet provides 9 progressive views guiding the seven-step DFMEA methodology:
View NamePurposeVisible ColumnsUse Case
DefaultOverview and navigationitem, failureMode, severity, occurrence, detection, commonRpn, riskControlTitle, riskControlStatusGeneral browsing and status review
No Up/Down RisksSimplified view excluding traceabilityAll except upstreamRisksWhen component-level analysis is independent
1. Identify Failure ModesDiscover potential failure modesitem, failureMode, failureEffects, potentialCausesInitial FMEA brainstorming phase
2. Initial Risk RankingAssign pre-mitigation RPNitem, failureMode, severity, occurrence, detection, commonRpnRisk assessment phase
3. Link Upstream SFMEAConnect to system-level failure modesitem, failureMode, upstreamRisks, commonRpnEstablish traceability chain
4. Define MitigationsCreate risk control tasksitem, failureMode, riskControlId, riskControlTitle, riskControlStatusMitigation planning
5. Verify ControlsCheck requirements and test coverageriskControlId, linkedRequirements, requirementVerificationVerification planning
6. Final Risk EvaluationAssign post-mitigation RPNfailureMode, occurrenceNew, detectionNew, commonRpnNewResidual risk assessment
7. Risk SummaryHigh-level overview of risk postureitem, failureMode, commonRpn, commonRpnNew, riskControlStatusExecutive reporting
Full ViewAll columns (@all)Every columnComplete analysis review

Cell Decorators and Styling

RPN Cell Decorator

Applied to both commonRpn and commonRpnNew columns. Renders:
  1. Numeric RPN value
  2. Colored background: green (≤10), yellow (11–30), or red (>30)
  3. Text label below value: “Low”, “Medium”, or “High”
  4. CSS classes: rpn1 (low), rpn2 (medium), rpn3 (high)
Example output: diagram

SC/CC Classification Badge

Applied to SC/CC Classification column at Item (characteristic) level. Renders:
  1. Pill-format badge with rounded corners
  2. Orange background + white text for “SC” (Safety-Critical)
  3. Red background + white text for “CC” (Critical Characteristic)
  4. Both JavaScript (DOM) and Velocity (server) rendering for print/export
Example outputs: 
[SC]   (orange pill)    or    [CC]   (red pill)

Row Header RPN Coloring

The row header (leftmost column) is colored by post-mitigation RPN value using rowHeaderRpnNew renderer:
  • Green row header: post-mitigation RPN ≤10
  • Yellow row header: post-mitigation RPN 11–30
  • Red row header: post-mitigation RPN >30
Provides instant visual scan of risk status across all failure modes in the sheet.

Item Hierarchy and Nesting

The DFMEA Risksheet implements a 3-level hierarchy for organized risk analysis: diagram Navigation:
  • Control Column (item and failureMode): Click to expand/collapse hierarchy levels
  • Zoom Column: Click to navigate to linked work item detail page
  • Upstream Risks: Click to navigate to parent-level SFMEA failure mode

Example Structure

diagram

Upstream Risk Linking

The upstreamRisks column implements vertical traceability from System FMEA to Design FMEA:
PropertyValue
Column TypemultiItemLink
Link Rolecauses (forward direction)
Target TypefailureMode (from System FMEA)
RenderingItem title + parent module name
User InteractionClick to navigate to upstream failure mode in System FMEA risksheet
Example data:
  • System FMEA: “Power Bus Lost” ↓ causes
  • Design FMEA: “Voltage Below Minimum”
Displayed as: “Power Bus Lost (System SFMEA: FCC-SFMEA)”
The link cardinality and whether multiple upstream risks are supported per failure mode should be verified in the live Aerospace Safety Solution risksheet interface.

Mitigation Task Management

Risk Control Linking

The mitigation section (riskControlId, riskControlTitle, riskControlStatus) links Design FMEA entries to risk control tasks:
PropertyValueNotes
Link TypeImplicit via task IDRisk control is a separate riskControl work item type
CardinalityMultipleA failure mode can have multiple mitigations
Status TrackingWorkflow enumOpen → In Progress → Review → Closed (or Deferred)
Requirement AllocationBack-links to sysReq / desReqRisk control task allocates requirements to implement the mitigation
VerificationLinked test casesRequirements linked to risk control are verified by test cases

Mitigation Chain (Velocity Traversal)

The linkedRequirements and requirementVerification columns use server-side Velocity templates to automatically traverse the mitigation chain: Risk Control Task ↓ back-link (allocatesTo) System/Design Requirement ↓ forward-link (verifiedBy) Test Case Example traversal: diagram

Data Model Integration

Work Item Type Relationships

Work Item TypeRole in DFMEALink RoleCardinality
characteristicItem (row)1 per row
failureModePotential failure1..* per characteristic
riskControlMitigation task(implicit)1..* per failure mode
sysReq / desReqRequirement allocated by risk controlallocatesTo (back-link)1..* per risk control
testCaseVerification of requirementverifiedBy1..* per requirement
failureMode (System FMEA)Upstream risk via traceabilitycauses1..* per DFMEA failure mode

Custom Fields

The DFMEA document itself contains minimal custom fields:
FieldTypePurposeExample Value
systemElementIdReferenceLinks risksheet to specific component”ADCI” (Air Data Computer Interface)
(Other fields)Inherited from Document typestatus, version, owner, team
The complete set of document-level custom fields should be verified in the Aerospace Safety Solution project configuration.

Instance vs. Template

The DFMEA Risksheet uses a template-instance pattern:
  • Template: modules/RiskTemplates/DFMEATemplate/attachments/risksheet.json
    • Serves as the master configuration for all Design FMEA risksheets
    • Located in the RiskTemplates folder (not part of any project space)
    • Registered in context.properties for template discovery
  • Instances: modules/Risks/DFMEA-<COMPONENT>/attachments/risksheet.json
    • Created per component (e.g., DFMEA-CMP-PSU for Power Supply Unit)
    • Byte-identical copies of the template at creation time
    • Not inherited or linked — changes to template do NOT auto-propagate to instances
    • Can be customized independently after creation
If the DFMEA template configuration is updated, existing instances must be manually updated to incorporate changes. There is no automatic propagation mechanism. Use version control or change notifications to track template updates across instances.

Configuration Files

The DFMEA Risksheet configuration is stored in a single JSON file: diagram For instances: diagram File format: JSON with the following root-level sections:
  • columns[] — Column definitions (17 items)
  • headerGroups[] — Logical grouping for column headers (4 groups)
  • views[] — Workflow views (9 items)
  • formulas{} — Formula definitions (3 formulas)
  • cellDecorators[] — Visual rendering rules (2 decorators)
  • rowHeader.renderer — Row header styling rule (1 renderer)
See reference/risksheet-sfmea.md for the System FMEA risksheet configuration reference. See reference/risksheet-fha.md for the Functional Hazard Assessment risksheet reference. For complete risksheet.json schema documentation, consult the Nextedy Risksheet product documentation.

Visual Element: DFMEA Information Flow

diagram

Key Workflow Patterns

Pattern 1: Finding Upstream Risks

When analyzing a Design FMEA failure mode:
  1. Check the upstreamRisks column for linked System FMEA failure modes
  2. Click the upstream link to view the parent failure mode in the System SFMEA risksheet
  3. Review the upstream risk’s severity and occurrence to inform component-level strategy

Pattern 2: Planning Mitigations

When defining risk controls for a failure mode:
  1. Create or link a riskControl work item
  2. Populate riskControlId, riskControlTitle, and riskControlStatus
  3. The risk control task should allocate design requirements to implement the fix
  4. The system automatically traverses to linked test cases for verification planning

Pattern 3: Post-Mitigation Evaluation

After risk controls are implemented:
  1. Update occurrenceNew and detectionNew based on design changes and new testing
  2. commonRpnNew recalculates automatically
  3. If post-mitigation RPN remains high, escalate or loop back to step 2
  4. Row header turns green when residual risk is acceptable (≤10)
Code: modules/RiskTemplates/DFMEATemplate/attachments/risksheet.json (0.70) · modules/Risks/DFMEA-CMP-PSU/attachments/risksheet.json (0.66) · datasets/sol-aero-ui-walkthrough/summary.md, navigation.md, dashboards/home-dashboard.md, dashboards/role-dashboards.md, dashboards/standards-compliance.md, risksheet-views/risksheet-views.md, work-item-types/data-model.md (0.63) · modules/RiskTemplates/SubSystem-FMEATemplate/attachments/risksheet.json (0.62) · .polarion/polarion-project.xml, .polarion/context.properties, .polarion/security/user-roles.xml, .claude/PROJECT.md, TODO.md (0.60) · modules/RiskTemplates/DFMEATemplate/attachments/risksheetTopPanel.vm, SubSystem-FMEATemplate/attachments/risksheetTopPanel.vm, System-FMEATemplate/attachments/risksheetTopPanel.vm, PFMEATemplate/attachments/risksheetTopPanel.vm, HazardTrackingTemplate/attachments/risksheetTopPanel.vm, DFMEATemplate/attachments/risksheetPdfExport.vm, SubSystem-FMEATemplate/attachments/risksheetPdfExport.vm, System-FMEATemplate/attachments/risksheetPdfExport.vm, PFMEATemplate/attachments/risksheetPdfExport.vm (0.59) · modules/RiskTemplates/DFMEATemplate/module.xml, modules/Risks/DFMEA-CMP-PSU/module.xml, modules/_default/WholeRTMSheet/module.xml, modules/Requirements/CUSTOMER-REQS/module.xml (representative of ~50 module.xml files across all spaces and templates) (0.58) · modules/Risks/COMPLIANCE-001/module.xml, modules/Risks/MIL-STD-882E-HTS-001/module.xml, modules/Risks/SEC-THREAT-001/module.xml, modules/Risks/SFMEA-SUB-001/module.xml, modules/Risks/SFMEA-SUB-002/module.xml, modules/Risks/SFMEA-SUB-003/module.xml (0.58) · modules/RiskTemplates/System-FMEATemplate/attachments/risksheet.json (0.58) · modules/RiskTemplates/PSSATemplate/attachments/risksheet.json (0.58)