Skip to main content

What You Will Achieve

By the end of this tutorial, you will have conducted a complete Hazard Analysis and Risk Assessment (HARA) session following ISO 26262 Part 3. You will identify hazards, assess their severity, exposure, and controllability, determine ASIL classifications, and derive safety goals—all within the TestAuto2 — Automotive Safety Solution’s integrated Risksheet environment. Time to complete: 30-45 minutes End result: A populated HARA document with at least 3 hazards, complete ASIL classifications, and derived safety goals ready for review.

Prerequisites

Before starting this tutorial, ensure you have:
  • Completed installation: TestAuto2 solution installed and verified (Installation and Setup)
  • Project access: User account with Safety Engineer or Project Lead role
  • Basic knowledge: Familiarity with ISO 26262 HARA concepts (ISO 26262 Functional Safety)
  • System understanding: Knowledge of the automotive system you’re analyzing (e.g., braking system, steering system, powertrain)
The HARA risksheet includes an interactive tour that highlights key features. Click the ❓ icon in the top-right corner to launch it.

Step 1: Navigate to the HARA Document

  1. Log into Polarion and open your TestAuto2 project
  2. In the left sidebar, expand Risks space
  3. Click on HAZID - [Your System Name] document
What you should see: The HARA risksheet loads, displaying a table with column groups: Situation Analysis, Hazard Identification, HARA Classification, and Safety Goal. If this is a new project, the table will be empty except for column headers.
Column GroupContents
Situation AnalysisSystem Element, Category
Hazard IdentificationHazard Description, Cause/Effect
HARA ClassificationSeverity (S), Exposure (E), Controllability (C), ASIL
Safety GoalSG ID, Title

Step 2: Create Your First Hazard

  1. Click the + Add Row button at the bottom of the risksheet
  2. A new hazard work item is created automatically
What you should see: A new row appears with editable cells. The work item ID (e.g., HAZ-001) is assigned automatically.
Risksheet creates Polarion work items in real-time. Each row is a hazard work item type with custom fields for HARA analysis.

Step 3: Define the Operational Situation

Fill in the Situation Analysis columns from left to right:
  1. System Element: Select the system component being analyzed (e.g., “Brake Control Module”)
  2. Category: Choose from ISO 26262 categories (e.g., “Functional Failure”)
  3. Operational Phase: Select relevant phase (e.g., “Normal Driving”, “Parking”)
  4. Operational Situation: Describe the driving scenario (e.g., “Highway driving at 120 km/h”)
Example entry:
  • System Element: Electronic Brake Control Unit
  • Category: Functional Failure
  • Operational Phase: Normal Driving
  • Operational Situation: Urban traffic, speeds 30-50 km/h, frequent braking required
What you should see: The situation context fields are populated. These fields feed into the ASIL determination logic.

Step 4: Identify the Hazard

Move to the Hazard Identification columns:
  1. Hazard (Title): Enter a concise hazard name (e.g., “Unintended brake release during active braking”)
  2. Description: Provide detailed explanation of the hazardous behavior
  3. Cause(s): List potential root causes (e.g., “Software fault in brake control logic”)
  4. Consequence(s): Describe potential harm (e.g., “Rear-end collision due to unexpected deceleration loss”)
Example entry:
  • Hazard: Unintended brake release during active braking
  • Description: Electronic brake system releases brake pressure while driver is actively braking, resulting in unexpected loss of deceleration capability
  • Cause: Sensor signal dropout, ECU software fault, power supply interruption to brake actuator
  • Consequence: Extended stopping distance, potential rear-end collision, driver loss of control

Step 5: Assess Severity, Exposure, and Controllability

Now perform the HARA classification following ISO 26262-3 Table 2, Table 3, and Table 4:

Severity (S)

Click the S (Severity) dropdown and select based on potential injury:
  • S0: No injuries
  • S1: Light/moderate injuries
  • S2: Severe/life-threatening injuries (survival probable)
  • S3: Life-threatening/fatal injuries (survival uncertain)
For the example hazard: Select S3 (rear-end collision at urban speeds can be fatal)

Exposure (E)

Click the E (Exposure) dropdown and select based on probability of operational situation:
  • E0: Incredibly unlikely
  • E1: Very low probability
  • E2: Low probability
  • E3: Medium probability
  • E4: High probability
For the example hazard: Select E4 (urban braking occurs frequently)

Controllability (C)

Click the C (Controllability) dropdown and select based on driver’s ability to control:
  • C0: Controllable in general
  • C1: Simply controllable
  • C2: Normally controllable
  • C3: Difficult to control or uncontrollable
For the example hazard: Select C3 (sudden brake loss is difficult to control) What you should see: The ASIL column auto-calculates based on the S-E-C combination.
TestAuto2 implements the ISO 26262-3 ASIL determination table as a formula. Do not manually override the ASIL value—adjust the S, E, or C ratings instead.
S + E + CASIL Level
S3 + E4 + C3ASIL D (highest safety integrity)
S2 + E3 + C2ASIL C
S1 + E2 + C1ASIL A
S0 + anyQM (Quality Management, no ASIL)

Step 6: Derive a Safety Goal

For hazards with ASIL A-D, you must derive a safety goal:
  1. In the SG ID column, enter a unique identifier (e.g., “SG-001”)
  2. In the Safety Goal Title column, describe the top-level safety requirement that prevents or mitigates this hazard
Example safety goal:
  • SG ID: SG-001
  • Title: Ensure brake system maintains sufficient deceleration capability during active braking under all operational conditions
  • Must be stated at vehicle level (not component level)
  • Must be verifiable and testable
  • Should inherit the ASIL from the hazard
  • Forms the basis for functional safety requirements in ISO 26262 Part 4
What you should see: The safety goal is linked to the hazard. This relationship will appear in traceability reports.

Step 7: Add Two More Hazards

Repeat Steps 2-6 to add at least two more hazards covering different scenarios: Suggested hazard 2:
  • Hazard: Delayed brake response time exceeding 200ms
  • S: S2, E: E3, C: C2 → ASIL B
  • Safety Goal: SG-002: Ensure brake actuation time remains within 150ms from driver input
Suggested hazard 3:
  • Hazard: Brake force insufficient for vehicle deceleration requirements
  • S: S2, E: E2, C: C2 → ASIL A
  • Safety Goal: SG-003: Maintain minimum brake force capacity of 1.2g deceleration across all load conditions
What you should see: Three hazards with varying ASIL levels (A, B, D), each with derived safety goals.

Step 8: Save and Review Your Work

  1. Click the Save button in the risksheet toolbar (or press Ctrl+S)
  2. Review your entries for completeness
  3. Use the Views dropdown to switch between different perspectives:
    • ASIL D Only: Filter to show only highest-priority hazards
    • By System Element: Group hazards by system component
    • Pending Safety Goals: Show hazards missing safety goal assignment
What you should see: All changes are saved to Polarion. Each hazard is a traceable work item that can be referenced in requirements, FMEA documents, and compliance reports.
Risksheet auto-saves every 30 seconds by default. The save indicator (bottom-right) shows sync status. For more on session management, see Workflow Lifecycle.

Next Steps

You’ve completed your first HARA session! Here’s what to do next:
  1. Review HARA document: Submit for team review using the workflow (Review HARA Document)
  2. Generate HARA report: Create ISO 26262-compliant HARA documentation (Generate HARA Report)
  3. Create FMEA document: Analyze failure modes at system level (Create Your First FMEA Document)
  4. Establish traceability: Link safety goals to system requirements (Establish Traceability Links)

Workflow Overview

diagram For a comprehensive understanding of the HARA workflow, see HARA Workflow.