What is the difference between HAZID and HARA?
HAZID (Hazard Identification) is the preliminary step where you systematically discover and catalog potential hazards. HARA (Hazard Analysis and Risk Assessment) is the full ISO 26262-3 analysis that takes each identified hazard, analyzes it in specific operational situations, and determines ASIL classification using the S×E×C matrix. HAZID feeds into HARA—you can start with HAZID’s simpler risk matrix, then transition to formal HARA for safety-critical hazards. See HARA workflow guide for the complete process.
How do I determine the correct ASIL level?
ASIL is calculated from three parameters: Severity (S0-S3), Exposure (E0-E4), and Controllability (C0-C3) using the ISO 26262-3 Table 4 matrix. First assess severity based on potential injury (S3 = life-threatening), then exposure based on operational situation frequency (E4 = high probability), finally controllability based on driver’s ability to prevent harm (C3 = uncontrollable). The risksheet auto-computes ASIL from your S/E/C ratings. For detailed rating criteria, see Determine ASIL guide and reference tables for Severity, Exposure, and Controllability.
When do I need to create a Safety Goal?
Every hazard classified as ASIL A, B, C, or D requires at least one safety goal. QM (Quality Management) hazards do not require safety goals but should still be tracked. Safety goals define the top-level safe state requirement to prevent or mitigate the hazardous event—they inherit the ASIL from their parent hazard and decompose into Functional Safety Requirements during the next phase. Use the Derive Safety Goals guide to create properly structured safety goals with FTTI and safe state definitions.
What operational phases should I consider?
Operational phases represent distinct vehicle operating modes where hazards may manifest differently. Common automotive phases include: Ignition (startup/shutdown), Normal Driving (highway, urban, rural), Low-Speed Maneuvering (parking, reversing), Maintenance Mode, and Towing/Transport. The operational phase directly affects your Exposure (E) rating—hazards during “Normal Driving” typically get E3-E4, while “Maintenance Mode” hazards may only warrant E1-E2. Document your project’s operational phases in the HARA risksheet configuration.
How do I handle hazards with multiple operational situations?
Create separate hazard rows for each distinct operational situation if the S/E/C ratings differ significantly. For example, “Loss of braking” during highway driving (high speed, high exposure) warrants different analysis than the same hazard during parking (low speed, low exposure). The HARA risksheet supports multiple rows per hazard source—each combination of hazard + operational situation becomes a unique “hazardous event” with its own ASIL determination. See Identify Hazards guide for situational analysis techniques.
Can I import existing hazard data from Excel?
Yes, use the Excel import workflow to migrate HAZID or HARA data from spreadsheets. The system maps Excel columns to work item fields (Hazard Description, Severity, Exposure, Controllability, ASIL, Safety Goal). You’ll need to prepare your Excel file with proper column headers matching the field IDs, then use Polarion’s import wizard or the Import Hazards from Excel guide. After import, review each hazard to ensure S/E/C ratings align with ISO 26262 definitions and that safety goals are properly linked.
Check three common issues: (1) Ensure your risksheet configuration includes the ASIL formula column with proper S/E/C field references—see HARA Risksheet Configuration for the correct formula syntax. (2) Verify that Severity, Exposure, and Controllability fields use the standard enum values (S0-S3, E0-E4, C0-C3) defined in HARA custom fields. (3) Clear your browser cache and reload—risksheet formulas execute client-side and can be affected by cached JavaScript. If issues persist, see Formula Calculation Errors troubleshooting.
How do I link Safety Goals to System Requirements?
Safety goals decompose into Functional Safety Requirements (FSRs) during the Functional Safety Concept phase (ISO 26262-3 Clause 8). Use the refines link role to connect each Safety Goal work item to its derived System Requirements. The traceability model supports both direct links and multi-level decomposition—one ASIL D safety goal may refine into 3-5 system requirements, each inheriting or decomposing the parent ASIL. Track this traceability in the Requirements PowerSheet or Whole RTM Sheet.
ASIL Determination Matrix
This matrix shows how Severity, Exposure, and Controllability combine to determine ASIL per ISO 26262-3 Table 4:
C0 (Controllable) C1 (Simple) C2 (Normal) C3 (Difficult/Uncontrollable)
─────────────────────────────────────────────────────────────────────────────
S3/E4 │ A A B D
S3/E3 │ QM A A C
S3/E2 │ QM QM A B
S3/E1 │ QM QM QM A
│
S2/E4 │ QM A A C
S2/E3 │ QM QM A B
S2/E2 │ QM QM QM A
S2/E1 │ QM QM QM QM
│
S1/E4 │ QM QM A B
S1/E3 │ QM QM QM A
S1/E2 │ QM QM QM QM
S1/E1 │ QM QM QM QM
Only one combination yields ASIL D: S3 (life-threatening injury) + E4 (high probability) + C3 (difficult/uncontrollable). This represents the worst-case scenario where severe harm is likely and the driver cannot prevent it. Common examples: sudden unintended acceleration at highway speed, complete brake system failure during normal driving.
When uncertain between two ratings, choose the more conservative (higher) value. For example, if controllability could be C2 or C3, select C3 to ensure adequate safety measures. ISO 26262 emphasizes that classification rationale must be documented in the HARA Rationale field for audit trail—see Assess S/E/C guide. See Also
