Two Parallel Workflows
TestAuto2 implements two distinct but parallel workflow systems:- Work Item Workflow — Controls individual safety artifacts (hazards, failure modes, requirements, test cases)
- Document Workflow — Controls Polarion LiveDoc modules that contain collections of work items (HARA documents, FMEA documents, requirements specifications)
Work Item Lifecycle States
Work items in TestAuto2 follow a seven-state lifecycle that mirrors typical automotive engineering maturity gates:
State Descriptions
| State | Meaning | Typical Use |
|---|---|---|
| draft | Initial creation; work not started | New hazards identified but not analyzed; requirements drafted but not refined |
| inProgress | Active engineering work underway | Safety engineer analyzing ASIL ratings; design engineer writing verification test procedures |
| inReview | Peer review phase | Technical review of FMEA failure modes; cross-functional review of safety requirements |
| pendingApproval | Awaiting formal signature-based approval | Completed HARA awaiting safety manager sign-off; design requirement awaiting architecture lead approval |
| approved | Formally approved and baselined | Approved safety goals ready for refinement; verified test cases ready for execution |
| rejected | Not accepted; requires rework or cancellation | Requirement rejected due to infeasibility; test case rejected due to insufficient coverage |
| obsolete | No longer valid; superseded or out of scope | Hazard obsoleted by design change; requirement removed due to scope reduction |
Why Assignee Matters
The workflow enforces assignee requirements for all forward transitions from draft. You cannot start progress, send to review, or request approval without assigning the work item to a specific person. This isn’t bureaucracy — it’s accountability. ISO 26262 auditors will ask “who analyzed this hazard?” and “who verified this requirement?” The assignee field provides that answer.Document Lifecycle States
Risk specification documents (HARA, FMEA) and requirements specifications follow a four-state lifecycle optimized for formal release management:
State Descriptions
| State | Meaning | Typical Use |
|---|---|---|
| draft | Document under development | FMEA being populated with failure modes; HARA in initial hazard identification phase |
| inReview | Formal review cycle with required signatures | Cross-functional FMEA review; safety committee review of HARA |
| approved | All approvers have signed; ready for publication | FMEA approved by engineering team; HARA approved by functional safety manager |
| published | Final release; baselined for downstream use | Published HARA used to derive safety requirements; published DFMEA referenced in verification plans |
The Role of Signatures
When a document transitions to inReview, TestAuto2 automatically adds all users with theproject_approver role as required signers. The document cannot transition to approved until:
- At least one approver signs with “approved” verdict
- No approver signs with “disapproved” verdict
The Approval Cascade Problem
A common misconception: “If I approve a document, all the work items inside it are automatically approved.” This is false. Document approval and work item approval are independent. A published HARA document can contain draft hazards. An approved FMEA can contain unapproved failure modes awaiting post-mitigation analysis. This independence is intentional. It allows:- Incremental approval: Approve high-confidence items early while lower-confidence items remain in review
- Parallel workflows: Design engineers refine requirements while safety engineers finalize hazard analysis in the same document
- Change control: Lock down document structure (approved document) while allowing iterative refinement of specific items
Reopening vs. Rework
TestAuto2 distinguishes between two types of backward transitions:Reopen (Work Items)
- What it does: Returns work item to draft from any state (inReview, approved, rejected)
- Signature behavior: Marks all workflow signatures as obsolete, clears approvals and resolution
- Cascade behavior: Can automatically reopen linked items (parent, depends_on relationships)
- Use case: Material changes requiring fresh review cycle (e.g., ASIL downgrade after hazard re-analysis)
Rework (Documents)
- What it does: Returns document to draft from inReview, approved, or published
- Signature behavior: Marks all signatures obsolete, resets signature verdict
- Cascade behavior: Does not cascade to contained work items
- Use case: Approval rejected due to incomplete analysis; substantial content changes after publication
Stop Progress (work items only) returns inProgress or inReview items to draft without clearing approvals or signatures. Use it for simple workflow backtracking when no approval history exists yet. Reopen is the destructive option that clears approval state.
When to Use Each State Transition
Understanding when to transition is as important as understanding how. Here’s practical guidance:Draft → In Progress
When: You begin active analysis or engineering work.Before transition: Assign the work item to yourself or a team member.
Example: Safety engineer starts ASIL classification for a newly identified hazard.
In Progress → In Review
When: Work is complete enough for peer feedback.Before transition: Fill in all mandatory fields; ensure analysis is coherent (even if preliminary).
Example: FMEA failure modes have severity/occurrence/detection ratings and you want cross-functional review of the risk controls.
In Review → Pending Approval
When: Peer review comments are addressed; item is ready for formal sign-off.Before transition: Resolve all review feedback; confirm analysis meets standards requirements.
Example: All FMEA review comments incorporated; ready for engineering manager approval.
Pending Approval → Approved
When: Required approvers have signed.Automated by: Signature policy enforcement — you cannot manually force this transition.
Example: Safety manager signs off on HARA; work item automatically transitions to approved once signature policy is satisfied.
Any State → Obsolete
When: Work item is no longer valid due to design changes, scope reduction, or superseding items.Before transition: Fill in resolution field explaining why (for audit trail).
Example: Hazard obsoleted because system design change eliminates the exposure scenario.
Document Workflow Example: FMEA Approval
Here’s how a typical Design FMEA document progresses through the workflow:- Draft: Safety engineer creates DFMEA document, populates failure modes, assigns severity/occurrence ratings, links to characteristics. Document status: draft.
- Send for Review: Engineer completes initial analysis, clicks “Send for Review”. Document transitions to inReview. System auto-adds engineering managers as required signers.
- Review Cycle: Cross-functional team reviews in risksheet, adds comments via Polarion discussions. Some failure modes are in inReview (work item level), others still draft.
- Rework Iteration: Reviewers identify missing failure modes. Engineer uses rework action to return document to draft, adds missing modes, re-sends for review.
- Approval: All review comments addressed. Engineering manager signs with “approved” verdict. Document transitions to approved.
- Publication: DFMEA baselined for use in verification planning. Engineer clicks “Publish”. Document transitions to published.
- Post-Publication Change: Design change requires adding new failure mode. Engineer uses rework to return to draft, adds failure mode, repeats review cycle.
Workflow and Traceability
Workflow states affect traceability queries and coverage metrics:- PowerSheet traceability matrices show all linked items regardless of workflow state, but often include status columns to highlight draft/unapproved items.
- Coverage reports (Safety Readiness Scorecard, FMEA Coverage Report) may exclude obsolete items from denominators but include all other states.
- nxLinkCoverage macro filters can exclude draft or obsolete items to show “approved coverage” vs. “total coverage”.
Relationship to Standards Compliance
ISO 26262 Part 2 requires documented approval for safety work products at defined lifecycle phases. The workflow lifecycle provides this documentation automatically:- Signatures = Approval records for ISO 26262 Part 8 (audit trail)
- Workflow states = Work product maturity for ISO 26262 Part 2 (lifecycle phase gates)
- Resolution field = Change justification for ISO 26262 Part 8 Clause 9 (configuration management)
Related Concepts:
Document Types and Modules • Traceability Model • Standards Compliance Model Related Guides:
Submit Document for Review • Approve Document • Request Rework