SFMEA Risksheet Configuration Reference

Overview

Property	Value
Document Type	`riskSpecification`
Template	`RiskTemplates / System-FMEATemplate`
Scope	System-level (applies to all system functions)
Risk Item Type	`failureMode`
Item Link Type	`customerRequirement`
Traceability Direction	Downstream only (links to subsystem SFMEA/DFMEA)
Risk Hierarchy Level	1 of 3 (System → Subsystem → Component)
Column Count	18 columns across 4 header groups

This risksheet implements the first-level FMEA per ARP 4761 Section 5.2.3. Failure modes analyzed at the system level represent functional failures visible to external systems or mission accomplishment. System-level controls link to safety requirements allocated in the Preliminary System Safety Assessment (PSSA).

Column Structure and Header Groups

The SFMEA risksheet organizes 18 columns into four functional groups:

Group 1: Item / Requirement (2 columns)

Column	Type	Purpose
`item`	itemLink	Primary key: Links to `customerRequirement` work item. Non-creatable (analysts do not create new requirements in Risksheet). Displays requirement ID and title.
`classification`	Cell formatter	SC/CC Badge: Renders orange pill for “Safety-Critical (SC)” or red pill for “Critical Characteristic (CC)”. Value inherited from linked customerRequirement. Enables instant visual identification of safety-critical requirements.

Group 2: Failure Analysis (6 columns)

Column	Type	Purpose
`failureMode`	multiItemLink	Failure Mode Description: Multi-select link to `failureMode` work items. Analyzer creates failure modes during SFMEA execution. Displays failure mode ID and title. Multiple modes per requirement allowed (e.g., “Loss of Power Supply” + “Signal Degradation” for a power req).
`effectDescription`	serverRender	Effect on System: Narrative describing the effect on aircraft operation or mission. Typically begins with “Result in…” or “Prevents…”. Calculated by Velocity formula concatenating failure mode effects.
`causes`	multiItemLink	Root Cause Chain: Lists contributing factors leading to the failure mode (e.g., “Sensor Malfunction”, “Circuit Fault”, “Software Bug”). Multi-select allows multiple independent causes per failure mode.
`downstreamRisks`	multiItemLink (backLink)	Downstream DFMEA Links: Shows failure modes from child-level DFMEA/Subsystem SFMEA documents that are caused by this system-level failure. Uses `causes` role in reverse (backLink=true). Implements vertical risk cascade. Typically populated during DFMEA linking phase.
`riskControl`	multiItemLink	Mitigation Task Reference: Links to `riskControl` work items (safety requirements) allocated to mitigate this failure mode. Each risk control shows ID, title, and approval status. Populated during PSSA allocation phase.
`verificationStatus`	enum	Verification Progress: Tracks completion status — `Not Started`, `In Progress`, `Complete`, `Waived`. Updated as mitigations are implemented and verified.

Group 3: Risk Ranking — Pre-Mitigation (4 columns)

Column	Type	Default	Purpose
`fmSeverity`	enum (1–5)	Unset	Failure Mode Severity: 5-level scale per ARP 4761 Section 5.2.3.1. `1` = No Effect, `2` = Minor, `3` = Major, `4` = Hazardous, `5` = Catastrophic. Severity is independent of occurrence likelihood.
`fmOccurrence`	enum (1–5)	Unset	Probability of Occurrence: 5-level scale per ARP 4761 guidance. `1` = Extremely Improbable (<10⁻⁹/flight hour), `2` = Extremely Remote (<10⁻⁷), `3` = Remote (<10⁻⁵), `4` = Reasonably Probable, `5` = Frequent. Domain-specific (airframe: longer life = lower probability for same root cause).
`fmDetection`	enum (1–5)	Unset	Detection Likelihood: Probability that the failure is detected before reaching the customer. `1` = Almost Certain, `2` = High, `3` = Medium, `4` = Low, `5` = Very Low/Undetectable. Often set to `5` for latent faults. Not used for RPN calculation at system level (see ARP 4761 guidance).
`commonRpn`	formula	Calculated	Pre-Mitigation RPN: `Severity × Occurrence × Detection`. Ranges 1–125. Color-coded: Green (≤10), Yellow (11–30), Red (>30). Threshold for safety requirement allocation: typically RPN > 30 triggers mandatory mitigation. Formula: `fmSeverity * fmOccurrence * fmDetection`.

Group 4: Risk Ranking — Post-Mitigation (4 columns)

Column	Type	Default	Purpose
`fmOccurrenceNew`	enum (1–5)	Unset	Post-Control Occurrence: Severity of failure mode after risk controls are implemented. Allows separation of inherent risk (severity/occurrence) from controlled risk. Typically set during PSSA allocation based on selected control effectiveness.
`fmDetectionNew`	enum (1–5)	Unset	Post-Control Detection: Detection likelihood after verification controls (monitoring, testing, redundancy) are added. Often improves from latent (5) to detected (1–3).
`commonRpnNew`	formula	Calculated	Post-Mitigation RPN: `SeverityNew × OccurrenceNew × DetectionNew` (if all three set). Calculated only when post-mitigation values are provided. Enables risk control effectiveness tracking. Formula: `fmSeverity * fmOccurrenceNew * fmDetectionNew`.
`actionPriority`	enum	Auto-set	Risk Control Priority: Automatically assigned based on post-mitigation RPN. `AP-1` (RPN > 30, Red), `AP-2` (11–30, Yellow), `AP-3` (≤10, Green). Auto-formula: `if(commonRpnNew > 30, 'AP-1', if(commonRpnNew > 10, 'AP-2', 'AP-3'))`. Drives task prioritization in Risk Control Plan.

Group 5: Verification / Additional Fields (2 columns)

Column	Type	Purpose
`safetyRequirement`	multiItemLink	Allocated Safety Requirement: Links this failure mode to the safety requirement(s) allocated in PSSA to mitigate it. Enables traceability from failure → safety req → design req → test. Populated during PSSA phase.
`rowDescription`	formula (auto-generated)	Summary Narrative: Auto-generated description concatenating requirement, failure mode, and cause into a single sentence. Used for report generation and audit trails. Formula: `"ON REQUIREMENT: " + item_title + " FAILURE MODE: " + failureMode_title + " CAUSED BY: " + causes_titles`.

Data Entry Workflow

SFMEA analysis follows a structured workflow across four risksheet views:

View 1: Identify Failure Modes

Columns visible: Item, SC/CC Classification, Failure Mode, Effect Description, Causes Analyst task: For each customer requirement, brainstorm all possible failure modes (loss of function, degradation, erroneous output, unintended output). Enter failure modes as new items or link to existing failureMode work items. Enter root causes for each failure mode. Validation: Every failure mode must have ≥1 cause and an effect description.

View 2: Initial Risk Ranking (Pre-Mitigation)

Columns visible: Failure Mode, Effects, Severity, Occurrence, Detection, Pre-Mitigation RPN, Action Priority Analyst task: Assign severity, occurrence, and detection scores based on:

Severity: ARP 4761 classification (Catastrophic→DAL A, Hazardous→DAL B, Major→DAL C, Minor→DAL D, No Effect→DAL E)
Occurrence: Historical failure data, engineering judgment, domain knowledge
Detection: Depends on existing system monitoring and diagnostic capabilities

Validation: All high-RPN failures (>30) must have mitigation planned in PSSA phase.

View 3: Link Downstream DFMEA

Columns visible: Failure Mode, Causes, Downstream Risks, Item, Effect Analyst task: After subsystem SFMEA and DFMEA documents are created, link system-level failure modes to subsystem-level failure modes via the “Downstream Risks” column. This establishes vertical traceability: System FM → Subsystem FM → Component FM. Validation: Critical failure modes (RPN > 30) should have documented decomposition into subsystem/component-level failure modes.

View 4: Risk Control Plan & Verification

Columns visible: Failure Mode, Risk Control (links), Verification Status, Post-Mitigation RPN, Action Priority Analyst task: Reference risk controls allocated in PSSA. Update post-mitigation severity/occurrence/detection when controls are implemented. Update verification status as testing and analysis confirm control effectiveness. Final RPN triggers action priority. Validation: Post-mitigation RPN should reduce high-risk items to acceptable levels (typically AP-3, RPN ≤ 10).

Row Styling and Visual Elements

RPN Cell Coloring

The RPN cell automatically applies background color and text label based on value:

RPN Range	Color	Label	Meaning
1–10	Green (#43a047)	`rpn3` / Low	Acceptable without control
11–30	Yellow (#fb8c00)	`rpn2` / Medium	Requires mitigation
31–125	Red (#e53935)	`rpn1` / High	Mandatory control required

Row header also colored by RPN for instant visual scanning across 66 rows.

SC/CC Classification Badge

Safety-critical and critical characteristics are highlighted with pill badges:

Formulas and Calculations

RPN Calculation (Pre-Mitigation)

commonRpn = fmSeverity × fmOccurrence × fmDetection

Example:

Severity = 4 (Hazardous)
Occurrence = 3 (Remote)
Detection = 2 (High)
RPN = 4 × 3 × 2 = 24 (Yellow / Medium)

RPN Calculation (Post-Mitigation)

commonRpnNew = fmSeverity × fmOccurrenceNew × fmDetectionNew

Example (after implementing a detection system):

Severity = 4 (Hazardous — unchanged)
OccurrenceNew = 2 (Extremely Remote — reduced by preventive control)
DetectionNew = 1 (Almost Certain — added monitoring)
RPN = 4 × 2 × 1 = 8 (Green / Low — acceptable)

Action Priority Auto-Assignment

if (commonRpnNew > 30) {
  actionPriority = "AP-1"  // Red / High
} else if (commonRpnNew > 10) {
  actionPriority = "AP-2"  // Yellow / Medium  
} else {
  actionPriority = "AP-3"  // Green / Low
}

Description Auto-Generation

rowDescription = "ON REQUIREMENT: " 
  + item.title 
  + " FAILURE MODE: " 
  + failureMode.title 
  + " CAUSED BY: " 
  + causes[*].title

Example:

ON REQUIREMENT: Flight Control Command Input from Pilot
FAILURE MODE: Loss of Control Signal
CAUSED BY: Electrical Short, Software Timeout, Sensor Failure

Traceability and Integration Points

Upstream Traceability (from FHA)

System-level failure modes inherit classification from their source Failure Conditions in the Functional Hazard Assessment (FHA):

Downstream Traceability (to Subsystem SFMEA/DFMEA)

System failure modes cascade to subsystem analysis:

The “Downstream Risks” column uses the causes relationship in reverse (backLink=true) to show all failure modes from child documents that contribute to this system-level failure. This enables rapid navigation and impact assessment when system-level changes are proposed.

Risk Control Integration

Risk controls (mitigation measures) are allocated during the PSSA phase and referenced in SFMEA:

Phase	Risk Control Type	Risksheet	Purpose
PSSA	safetyRequirement	PSSA Risksheet	Allocated safety requirements derived from failure conditions
SFMEA	riskControl	SFMEA Risksheet (column)	Links to specific safety requirements mitigating each failure mode
Risk Control Plan	riskControl task	Risk Control Plan Risksheet	Full risk control tracking: title, status, verification method, requirement verification tests

When a risk control is linked in SFMEA, its title and approval status display in the “Risk Control” column. Approval status values:

Status	Meaning
`Draft`	Control proposed, not yet approved
`Approved`	Safety review approved the control
`Verified`	Control implementation verified via testing/analysis
`Closed`	Control fully implemented and approved for certification

Typical Configuration Issues

Missing Downstream Links

Problem: SFMEA shows failure modes with blank “Downstream Risks” column after subsystem DFMEA documents are created. Cause: Subsystem analysts created DFMEA failure modes but did not establish causes links back to system-level modes. Resolution: In each DFMEA, use “View 3: Link Upstream SFMEA” to create causes links from DFMEA failure modes back to SFMEA failure modes. The system SFMEA will auto-populate downstream links via backLink.

Post-Mitigation RPN Not Calculating

Problem: commonRpnNew column shows blank or zero. Cause: Post-mitigation values (fmOccurrenceNew, fmDetectionNew) are not set. Resolution: After risk controls are implemented, populate fmOccurrenceNew and fmDetectionNew based on the effectiveness of controls (e.g., a diagnostic system improves detection from 5 to 2). Formula will auto-calculate commonRpnNew.

SC/CC Badge Not Displaying

Problem: Requirement rows don’t show SC/CC classification badge. Cause: The linked customerRequirement work item doesn’t have the classification field set. Resolution: Navigate to the Requirements space and set the classification field on each customer requirement. Allowed values: “Safety-Critical” (SC), “Critical Characteristic” (CC), or leave blank for non-critical. SFMEA will inherit and display automatically.

Detailed configuration of SFMEA risksheet.json (column formulas, view definitions, cell decorators) is stored in the RiskTemplates module and managed through the Risksheet configuration UI. Thin source coverage exists for schema details; verify specific settings in your project’s RiskTemplates/System-FMEATemplate/attachments/risksheet.json.

Functional Hazard Assessment (FHA) Risksheet — Entry-level safety assessment
Subsystem FMEA (Subsystem SFMEA) Risksheet — Next level of decomposition
Preliminary System Safety Assessment (PSSA) Risksheet — Safety requirement allocation
SFMEA Analysis How-To Guide — Step-by-step SFMEA workflow
Failure Mode Reference — failureMode work item schema
Risk Control Reference — riskControl work item schema

Source References (dev)

Code:

modules/Risks/COMPLIANCE-001/module.xml, modules/Risks/MIL-STD-882E-HTS-001/module.xml, modules/Risks/SEC-THREAT-001/module.xml, modules/Risks/SFMEA-SUB-001/module.xml, modules/Risks/SFMEA-SUB-002/module.xml, modules/Risks/SFMEA-SUB-003/module.xml

(0.73) ·

datasets/sol-aero-ui-walkthrough/summary.md, navigation.md, dashboards/home-dashboard.md, dashboards/role-dashboards.md, dashboards/standards-compliance.md, risksheet-views/risksheet-views.md, work-item-types/data-model.md

(0.71) · modules/RiskTemplates/System-FMEATemplate/attachments/risksheet.json (0.65) · modules/RiskTemplates/SubSystem-FMEATemplate/attachments/risksheet.json (0.61) · modules/RiskTemplates/PSSATemplate/attachments/risksheet.json (0.61) · modules/RiskTemplates/DFMEATemplate/attachments/risksheet.json (0.60) · modules/RiskTemplates/CCATemplate/attachments/risksheet.json (0.60) ·

.polarion/polarion-project.xml, .polarion/context.properties, .polarion/security/user-roles.xml, .claude/PROJECT.md, TODO.md

(0.59) ·

modules/RiskTemplates/DFMEATemplate/attachments/risksheetTopPanel.vm, SubSystem-FMEATemplate/attachments/risksheetTopPanel.vm, System-FMEATemplate/attachments/risksheetTopPanel.vm, PFMEATemplate/attachments/risksheetTopPanel.vm, HazardTrackingTemplate/attachments/risksheetTopPanel.vm, DFMEATemplate/attachments/risksheetPdfExport.vm, SubSystem-FMEATemplate/attachments/risksheetPdfExport.vm, System-FMEATemplate/attachments/risksheetPdfExport.vm, PFMEATemplate/attachments/risksheetPdfExport.vm

(0.58) · modules/RiskTemplates/SSATemplate/attachments/risksheet.json (0.58)

Getting Started

Concepts

How-To Guides

Reference

FAQ

SFMEA Risksheet Configuration Reference

Overview

Column Structure and Header Groups

Group 1: Item / Requirement (2 columns)

Group 2: Failure Analysis (6 columns)

Group 3: Risk Ranking — Pre-Mitigation (4 columns)

Group 4: Risk Ranking — Post-Mitigation (4 columns)

Group 5: Verification / Additional Fields (2 columns)

Data Entry Workflow

View 1: Identify Failure Modes

View 2: Initial Risk Ranking (Pre-Mitigation)

View 3: Link Downstream DFMEA

View 4: Risk Control Plan & Verification

Row Styling and Visual Elements

RPN Cell Coloring

SC/CC Classification Badge

Formulas and Calculations

RPN Calculation (Pre-Mitigation)

RPN Calculation (Post-Mitigation)

Action Priority Auto-Assignment

Description Auto-Generation

Traceability and Integration Points

Upstream Traceability (from FHA)

Downstream Traceability (to Subsystem SFMEA/DFMEA)

Risk Control Integration

Typical Configuration Issues

Missing Downstream Links

Post-Mitigation RPN Not Calculating

SC/CC Badge Not Displaying

Getting Started

Concepts

How-To Guides

Reference

FAQ

​Overview

​Column Structure and Header Groups

​Group 1: Item / Requirement (2 columns)

​Group 2: Failure Analysis (6 columns)

​Group 3: Risk Ranking — Pre-Mitigation (4 columns)

​Group 4: Risk Ranking — Post-Mitigation (4 columns)

​Group 5: Verification / Additional Fields (2 columns)

​Data Entry Workflow

​View 1: Identify Failure Modes

​View 2: Initial Risk Ranking (Pre-Mitigation)

​View 3: Link Downstream DFMEA

​View 4: Risk Control Plan & Verification

​Row Styling and Visual Elements

​RPN Cell Coloring

​SC/CC Classification Badge

​Formulas and Calculations

​RPN Calculation (Pre-Mitigation)

​RPN Calculation (Post-Mitigation)

​Action Priority Auto-Assignment

​Description Auto-Generation

​Traceability and Integration Points

​Upstream Traceability (from FHA)

​Downstream Traceability (to Subsystem SFMEA/DFMEA)

​Risk Control Integration

​Typical Configuration Issues

​Missing Downstream Links

​Post-Mitigation RPN Not Calculating

​SC/CC Badge Not Displaying

​Related Pages

Overview

Column Structure and Header Groups

Group 1: Item / Requirement (2 columns)

Group 2: Failure Analysis (6 columns)

Group 3: Risk Ranking — Pre-Mitigation (4 columns)

Group 4: Risk Ranking — Post-Mitigation (4 columns)

Group 5: Verification / Additional Fields (2 columns)

Data Entry Workflow

View 1: Identify Failure Modes

View 2: Initial Risk Ranking (Pre-Mitigation)

View 3: Link Downstream DFMEA

View 4: Risk Control Plan & Verification

Row Styling and Visual Elements

RPN Cell Coloring

SC/CC Classification Badge

Formulas and Calculations

RPN Calculation (Pre-Mitigation)

RPN Calculation (Post-Mitigation)

Action Priority Auto-Assignment

Description Auto-Generation

Traceability and Integration Points

Upstream Traceability (from FHA)

Downstream Traceability (to Subsystem SFMEA/DFMEA)

Risk Control Integration

Typical Configuration Issues

Missing Downstream Links

Post-Mitigation RPN Not Calculating

SC/CC Badge Not Displaying

Related Pages