Skip to main content

Steps

1. Open the HARA Risksheet

Navigate to your HARA document (e.g., “HAZID - AEB System”) and switch to the Safety Goals workflow view. diagram This view shows hazards that already have ASIL ratings assigned.

2. Review Hazards Requiring Safety Goals

Focus on hazards with ASIL A-D ratings. According to ISO 26262-3, only hazards with assigned ASIL require safety goals (QM-rated hazards do not require safety goals but may have quality measures).
ASIL B, C, and D hazards must have at least one safety goal. ASIL A hazards typically have safety goals but may be addressed through existing quality processes depending on organizational policy.

3. Create Safety Goal Work Items

For each ASIL-rated hazard:
  1. Right-click the hazard row in the Risksheet
  2. Select Create Work ItemSafety Goal
  3. The safety goal form opens with the hazard pre-linked via the hasHazard relationship

4. Define the Safety Goal

Fill in the Safety Goal fields:
FieldGuidance
TitleStart with “SG-XX:” followed by the safety objective (e.g., “SG-02: Ensure obstacle detection reliability”)
DescriptionState what the system must do to prevent the hazard from causing harm. Use measurable, verifiable language.
ASILInherit from the hazard’s ASIL rating. The safety goal must satisfy the same ASIL as the hazard.
Safe StateDefine the system state to be achieved when the hazard occurs (e.g., “AEB system disabled with driver warning” or “Controlled deceleration to standstill”)
The safety goal’s ASIL must match the hazard’s ASIL. Decomposing ASIL across multiple safety goals requires explicit justification per ISO 26262-9.
Example Safety Goal: 
Title: SG-03: Maintain timely braking response
Description: The AEB system shall activate emergency braking 
within 200ms of obstacle detection to prevent collision with 
stationary or moving objects.
ASIL: B
Safe State: Controlled emergency braking with driver notification
If one safety goal addresses multiple related hazards, link all applicable hazards:
  1. Open the Safety Goal work item
  2. Navigate to the Links tab
  3. Add hasHazard links to all relevant hazard work items
One safety goal can mitigate multiple hazards (e.g., “Ensure sensor fusion availability” may address radar failure, camera failure, and data fusion errors).

6. Verify in the Risksheet

Return to the HARA Risksheet Safety Goals view. You should see:
  • The Safety Goal ID and Title columns populated for each hazard
  • Color-coded ASIL values matching between hazard and safety goal
  • No empty Safety Goal cells for ASIL A-D hazards
HazardASILSG IDSafety Goal Title
Power failureBSG-01Ensure backup power supply
Delayed brakeBSG-03Maintain timely braking response
No detectionDSG-02Ensure obstacle detection

7. Check Coverage in Safety Readiness Scorecard

Navigate to HomeSafety Readiness Scorecard and verify:
  • ISO 26262 Part 3 Traceability % shows 100% (all hazards linked to safety goals)
  • Hazards count matches Safety Goals count (or fewer goals if multiple hazards share one goal)

What Makes a Good Safety Goal?

Specific — Defines a clear safety objective, not a design solution
Measurable — Can be verified through testing or analysis
ASIL-appropriate — Inherits ASIL from the hazard
Safe state defined — Describes the system behavior when the goal is violated ❌ Avoid design details (“Use redundant sensors”) — that belongs in System Requirements
❌ Avoid vague goals (“System shall be safe”) — be specific about what must be prevented

Verification

You should now see:
  • Safety Goal work items linked to ASIL-rated hazards
  • ASIL values matching between hazards and safety goals
  • Safety Goal columns populated in the HARA Risksheet
  • ISO 26262 Part 3 traceability coverage at 100%

See Also