Skip to main content

Overview

FTA Risksheet documents support the systematic decomposition of failure conditions and hazards into their contributing causes. The FTA configuration integrates with ARP 4761 safety assessment workflows, allowing engineers to:
  • Link failure conditions from the Functional Hazard Assessment (FHA) to contributing fault events
  • Trace failures through intermediate events to primary (root cause) events
  • Document mitigation strategies and risk controls addressing identified root causes
  • Track verification status and alignment with safety requirements
FTA Risksheet configuration details in the Aerospace Safety Solution are available in the live Polarion instance. Complete configuration validation is recommended in your project environment.

Document Type and Template

PropertyValue
Document TyperiskSpecification
Template NameRiskTemplates / FTATemplate
System Element ScopingSystem-level (no systemElementId)
Work Item TypefaultEvent (primary), linked to failureCondition
Primary PanelRisksheet with dedicated FTA views
The FTA template is registered in the project configuration and can be used to create new FTA analysis documents. Unlike component-level DFMEA documents, FTA documents are system-scoped and analyze failure conditions at the system level.

FTA Analysis Structure

Hierarchy Levels

FTA documents organize fault events in a hierarchical structure:
LevelEntity TypeDefinitionTypical Examples
Top EventfailureConditionUndesirable system-level event from FHALoss of roll control, Loss of altitude hold
Intermediate EventsfaultEventContributing failures and conditionsLoss of sensor input, Processor failure, Communication loss
Primary EventsfaultEventRoot causes and failure modesComponent failure, Environmental stress, Software defect
Undeveloped EventsfaultEvent (marked)Events requiring further analysisTBD analysis, supplier analysis pending

Linking Relationships

diagram FTA documents use the following link roles to establish cause-effect relationships:
  • analyzedBy — Links a failure condition to its fault tree (top-level entry point)
  • causes — Links an intermediate or primary fault event to its contributing causes
  • mitigatedBy — Links a fault event to risk controls addressing the root cause

Risksheet Columns and Properties

Core Fault Event Properties

Column NamePropertyTypeDescription
Item IDidStringSystem-assigned work item identifier (e.g., TA-50001)
TitletitleStringFault event name or brief description
Event TypeeventTypeEnumClassification: intermediate, primary, undeveloped, or externalEvent
Failure ModefailureMode (link)LinkAssociated failure mode from SFMEA/DFMEA if known
Root CauserootCauseTextDescription of the fundamental cause (for primary events)
Contributing FactorscontributingFactorsTextEnvironmental, design, or operational factors enabling the failure

Analysis and Classification

Column NamePropertyTypeDescription
ClassificationclassificationEnumSeverity or hazard category related to top event
ProbabilityprobabilityEnumEstimated likelihood (Extremely Improbable, Remote, Reasonably Probable)
DAL AffecteddalLevelEnumDesign Assurance Level of affected safety requirement
Decomposition StatusstatusEnumAnalysis progress: draft, in_analysis, complete, verified

Mitigation and Controls

Column NamePropertyTypeDescription
Risk ControlsriskControl (link)Link to riskControlMitigation strategies or design measures addressing this fault path
Safety RequirementsafetyRequirement (link)Link to safetyRequirementDerived requirement preventing or mitigating the failure
Verification MethodverificationMethodEnumAnalysis, inspection, test, or demonstration
Verification StatusverificationStatusEnumpending, in_progress, verified, or not_applicable

Risksheet Views

FTA documents typically provide multiple views for different analysis activities: FTA Analysis Views:
  • Full Fault Tree View
  • Columns: Item | Event Type | Root Cause | Classification | Status | Risk Controls
  • By Event Type View
  • Filters: Intermediate | Primary | Undeveloped | External
  • Decomposition Progress View
  • Sorted: Draft → In Analysis → Complete → Verified
  • Risk Control Mapping View
  • Columns: Fault Event | Risk Controls | Verification Status
  • Top Event Traceability View
  • Trace: Failure Condition → Fault Tree → Root Causes → Controls

Top Panel Configuration

The FTA Risksheet top panel displays:
ElementContent
Title Banner”Fault Tree Analysis” with document title and system element (if applicable)
Metadata RowDocument status, version, analysis date, responsible team
Failure Condition LinkClickable link to the top-event failure condition from FHA
Related DocumentsLinks to FHA, SFMEA, and safety requirement documents
Risk MatrixOptional: Summary matrix showing fault event distribution by severity and probability

Fault Tree Logic Gates

While FTA events are stored as individual work items in the risksheet, the logical relationships between intermediate and primary events can be documented through:
Gate TypeRepresentationDescription
AND GateMultiple causes links from single intermediate eventAll contributing causes must occur for the event
OR GateSingle intermediate event with one causes link from multiple primariesAny single cause can result in the intermediate event
CombinedMixed linksComplex fault paths with both AND and OR logic
Documentation of gate type is recorded in the contributingFactors or rootCause field for reference during analysis.
The work-item-based FTA representation does not enforce strict Boolean logic validation. Engineers should document gate logic clearly in event descriptions and verify complex fault paths outside the risksheet as needed.

Workflow and Verification

FTA Development Stages

StatusMeaningActions
DraftInitial fault event identifiedDecompose into causes, document preliminary logic
In AnalysisCauses being analyzedReview with subject matter experts, refine structure
CompleteAnalysis finishedAll primary events identified, risk controls assigned
VerifiedVerified and approvedLinked to safety requirements, V&V status confirmed

Verification Evidence

Each fault event should be linked to:
  1. Risk Control — Mitigation design or operational procedure
  2. Safety Requirement — Formal requirement derived from the failure path
  3. Verification Record — Test, analysis, or inspection confirming control effectiveness

Integration with Other Analysis Documents

Upstream — Functional Hazard Assessment (FHA)

FHA Failure Condition ↓ [analyzedBy] FTA Top Event ↓ [causes / AND-OR logic] Root Causes (Primary Fault Events) The FTA top event is always linked to a specific failureCondition from the FHA using the analyzedBy role.

Downstream — Risk Control Plan and Verification

FTA Fault Event ↓ [mitigatedBy] Risk Control (design/operational) ↓ [verifiedBy] Verification Activity (test, analysis, inspection) Each primary fault event should have one or more risk controls assigned, and each control’s verification method and status should be tracked.

Cross-Reference — Safety Requirements

Fault events at all levels can link to safety requirements that were derived from the fault tree analysis: Fault Event (any level) ↓ [addresses / allocatesTo] Safety Requirement ↓ [decomposesInto] Design Requirement or Test Case

Configuration Example

Below is a representative FTA risksheet structure for a failure condition: diagram

Data Exchange and Export

FTA risksheet data can be exported for:
  • PDF Report — Fault tree diagram (manual), event listing, control mapping, verification summary
  • Excel/CSV — Work item data for further analysis or external tool import
  • DOORS Next / ALM Integrations — Cross-tool traceability and compliance reporting
Export and report generation capabilities depend on your Aerospace Safety Solution configuration and Polarion plugins. Consult your system administrator or documentation for available export formats.

Best Practices

  1. Start from FHA — Begin FTA with failure conditions already analyzed in the FHA. Use the analyzedBy link to establish traceability.
  2. Decompose to Primary Events — Continue decomposing intermediate events until reaching primary (root cause) events that can be directly mitigated.
  3. Limit Depth — Avoid excessive nesting. Typical FTA depth is 3–5 levels (Top Event → Intermediate → Primary → Contributing Factors).
  4. Document Logic — Clearly indicate AND/OR gate logic in event descriptions or supporting documentation.
  5. Link to Controls Early — Once primary events are identified, assign risk controls and create corresponding safety requirements.
  6. Track Verification — Update verification status for each control as analysis, testing, and inspection results become available.
  7. Review and Approve — FTA documents should be reviewed by safety and design teams before marking as verified.
For more information on the Aerospace Safety Solution safety assessment workflows, see:
Code: modules/Risks/COMPLIANCE-001/module.xml, modules/Risks/MIL-STD-882E-HTS-001/module.xml, modules/Risks/SEC-THREAT-001/module.xml, modules/Risks/SFMEA-SUB-001/module.xml, modules/Risks/SFMEA-SUB-002/module.xml, modules/Risks/SFMEA-SUB-003/module.xml (0.63) · datasets/sol-aero-ui-walkthrough/summary.md, navigation.md, dashboards/home-dashboard.md, dashboards/role-dashboards.md, dashboards/standards-compliance.md, risksheet-views/risksheet-views.md, work-item-types/data-model.md (0.61) · modules/RiskTemplates/System-FMEATemplate/attachments/risksheet.json (0.61) · modules/RiskTemplates/SSATemplate/attachments/risksheet.json (0.60) · modules/RiskTemplates/CCATemplate/attachments/risksheet.json (0.60) · .polarion/polarion-project.xml, .polarion/context.properties, .polarion/security/user-roles.xml, .claude/PROJECT.md, TODO.md (0.59) · modules/RiskTemplates/DFMEATemplate/attachments/risksheetTopPanel.vm, SubSystem-FMEATemplate/attachments/risksheetTopPanel.vm, System-FMEATemplate/attachments/risksheetTopPanel.vm, PFMEATemplate/attachments/risksheetTopPanel.vm, HazardTrackingTemplate/attachments/risksheetTopPanel.vm, DFMEATemplate/attachments/risksheetPdfExport.vm, SubSystem-FMEATemplate/attachments/risksheetPdfExport.vm, System-FMEATemplate/attachments/risksheetPdfExport.vm, PFMEATemplate/attachments/risksheetPdfExport.vm (0.58) · modules/RiskTemplates/PSSATemplate/attachments/risksheet.json (0.58) · modules/RiskTemplates/RiskControlPlanTemplate/attachments/risksheet.json (0.58) · modules/RiskTemplates/FHATemplate/attachments/risksheet.json (0.58)