Skip to main content
A failure condition describes what can go wrong at the system or subsystem level, its severity classification per aerospace standards, the flight phase(s) in which it can occur, allocated design assurance levels (DAL), and probability targets. Unlike failure modes (which describe component-level “how it fails”), failure conditions answer “what failure states must be managed?”

Overview and Role in Safety Assessment

Failure conditions serve as the primary work item in four interconnected risksheet templates:
  • FHA (Functional Hazard Assessment): Initial identification of failure conditions with severity classification and DAL allocation
  • PSSA (Preliminary System Safety Assessment): Allocation of safety objectives and probability targets to failure conditions
  • SSA (System Safety Assessment): Final verification and evidence collection against those safety objectives
  • FTA (Fault Tree Analysis): Hierarchical decomposition of failure conditions using AND/OR gate logic
The work item type failureCondition unifies these four analysis contexts through reusable custom fields. Each risksheet template uses a subset of these fields appropriate to its stage in the V-model. diagram

Custom Fields

Field NameTypeDefaultDescription
classificationEnum: failureCondition-classificationrequiredARP 4761 severity classification: Catastrophic (cat), Hazardous (haz), Major (maj), Minor (min), No Safety Effect (nse). Drives DAL allocation in FHA risksheet.
flightPhaseEnum: failureCondition-phaserequiredFlight phase(s) in which failure condition can occur: ground operations, takeoff, climb, cruise, descent, approach, landing. Multiple phases may apply.
safetyObjectiveString (free text)Free-form safety objective statement allocated to this failure condition during PSSA. Example: “System shall prevent uncommanded roll during cruise flight.”
probabilityTargetEnum: safetyObjective-probabilityProbability/quantitative target for this failure condition per PSSA allocation: Catastrophic (< 1×10⁻⁹/hour), Hazardous (< 1×10⁻⁷/hour), Major (< 1×10⁻⁵/hour), Minor (< 10⁻³/hour). See application for exact scale values.
dalAllocationEnum: dalDesign Assurance Level (DAL) allocated to this failure condition during FHA: A (catastrophic risk), B (hazardous risk), C (major risk), D (minor risk), E (no safety effect). Maps from classification in FHA.
effectDescriptionText (plain)Detailed description of the failure condition’s effect on aircraft and occupants. Used in FHA and PSSA for context and traceability documentation.
verificationStatusEnum: statusEvidence verification state during SSA: Draft, In Review, Approved, Published. Tracks whether safety objective has sufficient evidence (test results, analysis, inspection records).
gateTypeEnum: fta-gateTypeFault tree gate logic (used in FTA only): AND (all inputs required), OR (any input sufficient), Inhibit (conditional), K-of-N (k-out-of-n voting). Defines how lower-level failure events combine to produce this failure condition.

Field Dependencies and Constraints

FHA Context (Identification):
  • classification and flightPhase are populated during hazard identification
  • dalAllocation is auto-calculated or manually set based on classification per ARP 4761 rules
  • effectDescription captures the hazard scenario
PSSA Context (Allocation):
  • safetyObjective and probabilityTarget are set during requirements allocation
  • verificationStatus begins at Draft
SSA Context (Verification):
  • verificationStatus evolves from Draft → In Review → Approved → Published as evidence is collected
  • Linked riskControl work items (safety requirements or design specifications) provide traceability to implementation
FTA Context (Decomposition):
  • gateType defines the boolean logic combining failure events
  • Hierarchical structure: Top Event (this failure condition) → Intermediate Events → Basic Events
  • classification and probabilityTarget propagate down the tree
The exact enumeration values for safetyObjective-probability and fta-gateType should be verified in your Polarion project’s enum definitions. Some gates (e.g., K-of-N) may be project-specific extensions.

Traceability Relationships

Failure conditions connect to multiple entity types through formal link roles:
Link RoleFrom/ToPurposeUsage
causeOfFailureMode → FailureConditionFMEA-to-FHA linkage: failure modes in SFMEA/DFMEA are potential causes of this failure conditionQuery in FHA risksheet: which failure modes could lead to this hazard?
allocatedToFailureCondition → SafetyRequirementPSSA allocation: failure condition is managed by one or more safety requirementsTrace from hazard to requirement implementation
verifiesFailureCondition → SafetyRequirementSSA verification: this failure condition’s safety objective is verified/validated by linked requirements and test evidenceUsed in SSA risksheet task column to show evidence
supersedesFailureCondition → FailureCondition (optional)Version control: newer version of same hazard replaces older one in baselineMaintain hazard genealogy across document versions

Risksheet Column Mapping

FHA (Functional Hazard Assessment) Risksheet

{
  "riskType": "failureCondition",
  "columns": [
    {
      "level": 0,
      "title": "ID",
      "binding": "workitemId"
    },
    {
      "level": 0,
      "title": "Failure Condition",
      "binding": "title"
    },
    {
      "level": 1,
      "title": "Classification",
      "binding": "classification",
      "formatter": {
        "type": "colorMap",
        "values": {
          "cat": "#e53935",
          "haz": "#fb8c00",
          "maj": "#fbc02d",
          "min": "#1976d2",
          "nse": "#78909c"
        }
      }
    },
    {
      "level": 1,
      "title": "Flight Phase",
      "binding": "flightPhase"
    },
    {
      "level": 1,
      "title": "DAL",
      "binding": "dalAllocation",
      "formula": "mapToDAL(classification)"
    },
    {
      "level": 2,
      "title": "Effect Description",
      "binding": "effectDescription"
    }
  ]
}
Row header is colored by classification severity. Three views:
  1. Full Assessment — All columns visible
  2. Summary — ID, title, classification, DAL only
  3. By Flight Phase — Grouped by flightPhase enum

PSSA (Preliminary System Safety Assessment) Risksheet

{
  "riskType": "failureCondition",
  "columns": [
    {
      "level": 0,
      "title": "ID",
      "binding": "workitemId"
    },
    {
      "level": 0,
      "title": "Failure Condition",
      "binding": "title"
    },
    {
      "level": 1,
      "title": "Classification",
      "binding": "classification"
    },
    {
      "level": 1,
      "title": "Safety Objective",
      "binding": "safetyObjective"
    },
    {
      "level": 2,
      "title": "Probability Target",
      "binding": "probabilityTarget"
    },
    {
      "level": 2,
      "title": "DAL",
      "binding": "dalAllocation"
    }
  ]
}

SSA (System Safety Assessment) Risksheet

{
  "riskType": "failureCondition",
  "columns": [
    {
      "level": 0,
      "title": "ID",
      "binding": "workitemId"
    },
    {
      "level": 0,
      "title": "Failure Condition",
      "binding": "title"
    },
    {
      "level": 1,
      "title": "Classification",
      "binding": "classification"
    },
    {
      "level": 1,
      "title": "Probability Target",
      "binding": "probabilityTarget"
    },
    {
      "level": 1,
      "title": "Verification Status",
      "binding": "verificationStatus",
      "formatter": {
        "type": "statusDot",
        "values": {
          "Draft": "#ff9800",
          "InReview": "#2196f3",
          "Approved": "#4caf50",
          "Published": "#1b5e20"
        }
      }
    },
    {
      "taskType": "riskControl",
      "title": "Evidence Records",
      "binding": "verifies",
      "role": "verifies"
    }
  ]
}

FTA (Fault Tree Analysis) Risksheet

{
  "riskType": "failureCondition",
  "columns": [
    {
      "level": 0,
      "title": "ID",
      "binding": "workitemId"
    },
    {
      "level": 0,
      "title": "Event",
      "binding": "title"
    },
    {
      "level": 1,
      "title": "Gate Type",
      "binding": "gateType",
      "formatter": {
        "type": "colorMap",
        "values": {
          "AND": "#1976d2",
          "OR": "#e53935",
          "Inhibit": "#fb8c00",
          "KofN": "#7e57c2"
        }
      }
    },
    {
      "level": 1,
      "title": "Classification",
      "binding": "classification"
    },
    {
      "level": 1,
      "title": "Probability Target",
      "binding": "probabilityTarget"
    }
  ],
  "hierarchy": {
    "parent": "failureCondition",
    "level": 3
  }
}
Structured as hierarchical tree: Top Event (level 0) → Intermediate Events (level 1–2) → Basic Events (leaf). Gate type determines tree semantics.

ARP 4761 Classification Severity Scale

Failure condition classification directly maps to Design Assurance Level (DAL) under ARP 4761: 
Catastrophic (cat)  → DAL A
│ No hazard mitigations acceptable. Catastrophic failure with no safety barrier.
│ Probability Target: < 1×10⁻⁹ per flight hour
│ Example: Total loss of primary flight control surface

Hazardous (haz)     → DAL B
│ Severe but controllable. Single-point failure or reduced safety margins.
│ Probability Target: < 1×10⁻⁷ per flight hour
│ Example: Loss of secondary flight control with reversion to manual

Major (maj)         → DAL C
│ Significant degradation in aircraft safety with crew compensation.
│ Probability Target: < 1×10⁻⁵ per flight hour
│ Example: Loss of flight director or autopilot

Minor (min)         → DAL D
│ Minor impact on safety. Crew easily manages with normal procedures.
│ Probability Target: < 10⁻³ per flight hour
│ Example: Incorrect flight plan load or minor display anomaly

No Safety Effect (nse) → DAL E
│ Inoperative condition with no safety impact.
│ No probability target. No safety requirement.
│ Example: Loss of landing light or non-essential display feature

Creating and Linking Failure Conditions

In FHA Risksheet

  1. Insert a new row in the FHA risksheet (Risks/FCC System FHA document)
  2. Enter failure condition title (what goes wrong): e.g., “Uncommanded pitch control input”
  3. Select classification from dropdown: Catastrophic, Hazardous, Major, Minor, or No Safety Effect
  4. Select flight phase or multiple phases where hazard is relevant
  5. Enter effect description (what happens to aircraft and crew): e.g., “Aircraft pitches nose-down uncontrollably during cruise, potential loss of control”
  6. DAL allocation auto-calculates or is manually set based on classification
  7. Save the work item — system auto-generates ID

Linking Failure Modes (SFMEA/DFMEA → FHA)

In SFMEA or DFMEA risksheet, link failure modes to failure conditions via causeOf role:
  • Failure Mode (System/Design): “Sensor output fails high” ↓ [causeOf link]
  • Failure Condition (FHA): “Erroneous altitude data transmitted to flight control”
This establishes the FMEA-to-FHA chain: does this failure mode contribute to any identified hazard?

From FHA to PSSA

After FHA is baselined:
  1. Copy or reference failure conditions into PSSA risksheet
  2. Allocate safety objective per failure condition (what requirement/design feature prevents this hazard?)
  3. Set probability target based on classification
  4. Create SafetyRequirement work items linked via allocatedTo role
  5. Assign to subsystems and design teams

From PSSA to SSA

After PSSA requirements are implemented:
  1. Copy/reference into SSA risksheet
  2. Collect evidence: test results, analysis records, inspection reports
  3. Create riskControl work items (one per safety requirement) with evidence artifacts linked via verifies role
  4. Update verification status from Draft → In Review → Approved → Published
  5. Baseline SSA document for certification

Hierarchy and Decomposition

Failure conditions can have parent-child relationships for decomposition: diagram In FTA, this hierarchy is mandatory: each failure condition is decomposed into lower-level events (intermediate or basic) via AND/OR gate logic. The gateType field determines how child events combine:
  • AND gate: All child events must occur to trigger parent failure condition
  • OR gate: Any one child event triggers parent failure condition
  • Inhibit gate: Child event triggers parent only under specified condition
  • K-of-N gate: K out of N child events must occur (voting logic)
Use AND gates for fault tolerance analysis (redundancy check). Use OR gates for path independence analysis (single-point failure). Document gate selection rationale in effect description.

Example: Full Lifecycle

FHA Phase (Identification):
IDFailure ConditionClassificationFlight PhaseEffect DescriptionDAL
FC-001Uncommanded pitch controlHazardousCruise, DescentAircraft pitches nose-down uncontrollably; potential structural damage; loss of controlB
PSSA Phase (Allocation):
IDFailure ConditionSafety ObjectiveProbability TargetDAL
FC-001Uncommanded pitch controlSystem shall not provide uncommanded pitch control inputs exceeding ±2° per second< 1×10⁻⁷/hourB
Linked Safety Requirement: SR-FCC-022: “Flight control processor shall validate pitch command against stored pilot input within 50 ms” SSA Phase (Verification):
IDFailure ConditionProbability TargetVerification StatusEvidence Records
FC-001Uncommanded pitch control< 1×10⁻⁷/hourApprovedTest-FCC-115 (pitch command validation), Design Review DR-FCC-005, Analysis-FCC-pitch-range-check

Enumeration Values Reference

For detailed enumeration definitions, refer to: See Also:
Code: .polarion/nextedy/models/rtm.yaml (0.61) · .polarion/tracker/fields/failureMode-custom-fields.xml (0.60) · .polarion/tracker/fields/failureCondition-custom-fields.xml (0.60) · .polarion/nextedy/sheet-configurations/DO-160G Environmental Qualification.yaml, Component RTM.yaml, Configuration Index.yaml, Design Verification Sheet.yaml, Interface Control Matrix.yaml, Problem Report Tracker.yaml, Process Steps.yaml, Review Action Item Tracker.yaml, SOI Stage Gate Dashboard.yaml, Use Steps Specification.yaml, User Need Validation Sheet.yaml, characteristics.yaml, component-characteristics.yaml, customer-requirements.yaml, design-requirements.yaml, subsystem-functions.yaml, subsystem-verification.yaml, system-elements.yaml, test-verification.yaml (0.60) · modules/RiskTemplates/SSATemplate/attachments/risksheet.json (0.54) · .polarion/tracker/fields/workitem-type-enum.xml (0.53) · modules/RiskTemplates/PFMEATemplate/attachments/risksheet.json (0.52) · modules/RiskTemplates/FTATemplate/attachments/risksheet.json (0.49) · .polarion/tracker/fields/failureCondition-classification-enum.xml (0.49) · modules/RiskTemplates/RiskControlPlanTemplate/attachments/risksheet.json (0.47)