Dashboard Overview
The Safety Engineer Dashboard implements a role-specific interface optimized for safety-critical decision-making. It provides live statistics on hazard identification completeness, ASIL distribution, failure mode coverage, and risk control effectiveness — all critical indicators for demonstrating functional safety compliance to regulatory auditors and program leadership.
Dashboard Components
Artifact Statistics Bar
| Widget | Description | Data Source | Updates |
|---|
| Hazards Count | Total count of hazard work items (type: hazard) in the project, typically 15–25 in automotive projects. Hazards feed ISO 26262-3 HARA (Hazard Analysis and Risk Assessment). | Lucene query: type:hazard | Real-time via Transaction API |
| Safety Goals Count | Total count of safety goal work items (type: safetyGoal) linked to hazards via ‘allocated-to’ or ‘mitigates’ relationship. Every ASIL A/B/C/D hazard must have at least one safety goal. | Lucene query: type:safetyGoal | Real-time |
| Risk Controls Count | Total count of risk control work items (type: riskControl) and mitigation actions linked to failure modes via ‘mitigates’ relationship. Tracks both prevention and detection controls per FMEA methodology. | Lucene query: type:riskControl | Real-time |
| Safety Documents Count | Total count of LiveDoc modules (documents) in safety-related spaces (Risks, Requirements, Design, Testing). Includes HAZID, HARA, FMEA, Control Plan, Process Flow Risksheets. | Lucene query: space:(Risks Requirements Design Testing) | Real-time |
ASIL Distribution Metrics
The Safety Engineer Dashboard displays ASIL classification completeness using real-time aggregation of all hazard work items. The dashboard computes ASIL counts via Velocity script iteration over allHazards work item collection:
| ASIL Level | Color | Count Formula | Semantic Meaning | ISO 26262 Requirement |
|---|
| QM | Gray | Sum of hazards with asil.KEY = “qm” | No ASIL requirement — hazard either mitigated by design or not applicable to functional safety | Excluded from safety integrity level allocation |
| A | Green | Sum of hazards with asil.KEY = “a” | Lowest ASIL level. Safety mechanisms optional; basic analysis and documentation sufficient. | ASIL A: single-channel architecture permitted |
| B | Orange | Sum of hazards with asil.KEY = “b” | Medium ASIL level. Requires safety mechanisms (redundancy, diagnostics) and verification of diagnostic coverage. | ASIL B: dual-channel architecture recommended |
| C | Red | Sum of hazards with asil.KEY = “c” | High ASIL level. Requires advanced safety mechanisms, formal verification, and strict module interaction constraints. | ASIL C: formal methods for critical components |
| D | Purple | Sum of hazards with asil.KEY = “d” | Highest ASIL level. Requires architectural fault tolerance, multiple independent safety mechanisms, comprehensive verification, and functional safety processes. | ASIL D: full safety lifecycle compliance required |
A balanced ASIL distribution (many QM/A, fewer D) indicates a well-designed system with hazards mitigated at architecture or component level. Heavy concentration in ASIL C/D signals high complexity, increased verification burden, and potential design rework opportunities.
Hazard Analysis Risksheet Access
The dashboard provides direct links to the HAZID Risksheet — the primary tool for conducting ISO 26262-3 Hazard Identification and Risk Assessment. This Risksheet implements the hazard identification matrix with severity (S), exposure (E), and controllability (C) factors to derive ASIL classification per the normative matrix in ISO 26262-3 Table 4.
HAZID Risksheet Column Structure:
| Column Group | Columns | Purpose |
|---|
| Situation Analysis | Operational Phase, Operational Situation, System Element, Category | Contextualizes when and where the hazard can occur |
| Hazard Identification | Hazard Name, Description, Cause(s), Effect(s) | Documents the hazard scenario and root causes |
| HARA Classification | Severity (S), Exposure (E), Controllability (C) | Inputs for ASIL determination per ISO 26262 methodology |
| ASIL Determination | ASIL (auto-calculated formula) | Matrix lookup result: ASIL = f(S, E, C) or QM if S0/E0/C0 |
| Safety Goal Allocation | Safety Goal ID, Safety Goal Title | Traces from hazard to derived safety goal |
Safety Goal Specification Dashboard
Safety goals cascade from HARA hazards. The dashboard links to the Safety Goal Specification document, which defines functional and technical safety requirements derived from hazards classified as ASIL A, B, C, or D.
Safety Goal Properties Tracked:
| Property | Type | Description | Linked to |
|---|
| Safety Goal ID | String (e.g., SG-01) | Unique identifier assigned per hazard | HAZID Risksheet |
| Goal Description | Text | Functional safety requirement (e.g., “Ensure AEB activation within 100 ms”) | Safety goal work item type |
| ASIL | Enumeration (QM/A/B/C/D) | Inherited from parent hazard; determines verification rigor | Hazard via allocation link |
| Linked Hazard | Work item link | Bidirectional traceability to source hazard | ISO 26262 Clause 6.2 (concept phase) |
| Traced to Requirements | Work item link (refines) | Safety goal refined into system requirements, design requirements, or architectural decisions | V-model traceability |
| Verification Method | Enumeration (analysis/inspection/test) | How the safety goal will be demonstrated (analysis = theory, inspection = code review, test = functional) | V&V engineering team |
FMEA Coverage Metrics
The Safety Engineer Dashboard displays real-time FMEA coverage statistics across the complete FMEA hierarchy:
- System FMEA (SFMEA) — 36 system-level failure modes
- Subsystem FMEA (SFMEA)
- ECU Processing: 42 failure modes
- Sensor Housing: 36 failure modes
- Vehicle Interface: 28 failure modes
- Component DFMEA (DFMEA)
- System-on-Chip: 22 failure modes
- Camera Module: 24 failure modes
- Radar Module: 18 failure modes
- CAN Transceivers: 19 failure modes
- Safety Co-Processor: 7 failure modes
- Sensor Housing Assembly: 19 failure modes
- Memory Module: TBD
FMEA Completeness Indicators:
| Metric | Calculation | Target | Status |
|---|
| Severity Assigned | (Failure modes with severity ≥ 1) / Total failure modes | 100% | Green if ≥95% |
| Occurrence Rated | (Failure modes with occurrence ≥ 0) / Total failure modes | 100% | Green if ≥95% |
| Detection Rated | (Failure modes with detection ≥ 0) / Total failure modes | 100% | Green if ≥95% |
| Action Priority (AP) Calculated | (Failure modes with AP-Initial or postmitigationAP) / Total failure modes | 100% | Green if ≥95% |
| Risk Controls Assigned | (Failure modes with linked risk controls) / Total failure modes | ≥90% | Orange if 70–89%, Red if <70% |
| Post-Mitigation AP Assigned | (Failure modes with AP-Post) / (Failure modes with initial AP ≥ Medium) | 100% | Critical for compliance |
Risk Control Effectiveness Tracking
The dashboard provides live visibility into risk control implementation status. Controls are categorized per ISO 26262 hierarchy:
| Control Type | ISO 26262 Priority | FMEA Category | Expected Impact |
|---|
| Inherent Safety Design | 1 (Highest) | Prevention | Eliminates hazard source; reduces Occurrence rating |
| Protective Measure | 2 (Medium) | Prevention/Detection | Mitigates consequences via watchdog, plausibility check, error detection code (EDC) |
| Information for Safety | 3 (Lowest) | Detection (Weak) | Provides warning/training; relies on driver response; only acceptable for low-severity hazards |
| Status | Meaning | Action Required |
|---|
| Planned | Control identified but not yet designed/implemented | Design phase; enter DFMEA workflow |
| In Development | Control under design; verification approach defined | Implement control; link to design/code artifacts |
| Implemented | Control deployed in design or process; ready for verification | Execute verification tests; update AP-Post |
| Verified | Control verified to reduce risk; AP-Post < AP-Initial | Close control action; document evidence; link to test results |
| Closed | Control action completed; traceability chain established; regulatory evidence ready | Archive for audit trail |
Safety Readiness Scorecard (Real-Time)
The dashboard integrates the Safety Readiness Scorecard, which computes live compliance metrics across multiple automotive standards:
| Standard | Phase | Requirements % | Traceability % | Verification % | FMEA Coverage % | Overall Readiness |
|---|
| ISO 26262 Part 3 (Concept) | Concept | 0% | 100% | 48% | N/A | 49% |
| ISO 26262 Part 4 (System Design) | System Design | 87.1% | 100% | 83.9% | 100% | 92% ✓ |
| ISO 26262 Part 5 (Hardware Design) | Hardware Design | 91.7% | 100% | 100% | 100% | 97% ✓ |
| ISO 26262 Part 6 (Software Dev) | Software Dev | 100% | 100% | 100% | N/A | 100% ✓ |
| AIAG-VDA FMEA | All | N/A | N/A | N/A | 94.2% | 94% ✓ |
| IATF 16949/APQP | Production | 60% | 73 chars | 60% | N/A | 60% ⚠️ |
Concept phase shows 49% readiness because Part 3 concept specifications are typically written in parallel with system design work, not ahead. Increase Part 3 readiness by reviewing hazard identification with OEM stakeholders and documenting architectural principles (fault tolerance, redundancy, diagnostics strategy).
Critical Links and Navigation
| Report / Link | Purpose | Access Method |
|---|
| ISO 26262 HARA Report | Compliance-ready ASIL matrix and hazard register | Direct link from dashboard |
| HAZID Risk Matrix Report | Visual 3×3 risk matrix (Severity × Exposure × Controllability) | Quick link; drill-down to hazards |
| FMEA Reports | Multi-level FMEA summaries (SFMEA, DFMEA, PFMEA) with AP rankings | Navigation hub for all FMEA evidence |
| FMEA Coverage Report | Gap analysis: requirements/functions/characteristics not yet in FMEA | Identifies incomplete safety analysis |
| Risk Control Effectiveness Report | Pre/post-mitigation AP comparison; control closure status | Tracks mitigation progress |
| Requirements Traceability Report | Bidirectional V-model traceability matrix | Links safety goals → requirements → tests |
| System Structure Navigator | Interactive system hierarchy with failure modes and controls | Visual drill-down by component |
| Control Plans Report | Manufacturing control plan coverage; process failure modes; inspection methods | Links to PFMEA and Process Flow |
Velocity Macro Library Integration
The Safety Engineer Dashboard uses the Nextedy Solutions macro library to render dashboard components dynamically:
## Import macro library
#parse("nextedy_solutions.vm")
## Initialize dashboard
#nxInit()
#nxCommonStyles()
## Render safety statistics
#set($hazards = $page.allWorkItems("type:hazard"))
#set($safetyGoals = $page.allWorkItems("type:safetyGoal"))
#set($controls = $page.allWorkItems("type:riskControl"))
#nxSummaryCardsGrid()
#nxSummaryCard("Hazards", $hazards.size(), "#c62828", "hazard-icon")
#nxSummaryCard("Safety Goals", $safetyGoals.size(), "#6a1b9a", "target-icon")
#nxSummaryCard("Risk Controls", $controls.size(), "#0277bd", "shield-icon")
#end
## Render ASIL distribution
#nxAsiltributionChart($hazards)
Configuration Properties
| Property | Type | Default | Scope | Description |
|---|
SAFETY_DASHBOARD_ENABLED | Boolean | true | Project | Enables/disables Safety Engineer Dashboard rendering. Set false to hide from role dashboard navigation. |
ASIL_DISTRIBUTION_REFRESH_INTERVAL | Integer (seconds) | 300 | Project | Polling interval for real-time ASIL count updates. Lower values = fresher data; higher values = better performance. |
HAZARD_MIN_ASIL_FOR_ALERT | Enumeration (QM/A/B/C/D) | B | Project | Minimum ASIL threshold for displaying “high-risk alert” banner. Hazards ≥ this level trigger safety action reminder. |
FMEA_COVERAGE_TARGET | Integer (%) | 95 | Project | Target FMEA completeness percentage. Dashboard shows red/yellow/green status based on deviation from target. |
RISK_CONTROL_STATUS_COLORS | Map | Planned=gray, In Dev=yellow, Verified=green | Dashboard | Color scheme for risk control status indicators. Customize to match project governance (e.g., Approved=blue). |
SAFETY_READINESS_STANDARD_FILTER | List (strings) | ["ISO 26262", "AIAG-VDA", "IATF"] | Dashboard | Which standards to include in Safety Readiness Scorecard. Exclude SOTIF/14971 if not applicable. |
SHOW_ESTIMATED_RESIDUAL_RISK | Boolean | false | Project | If true, displays post-mitigation AP-equivalent residual risk score on dashboard. Requires AP-Post values on all failure modes. |
User Workflows
Workflow 1: Safety Engineer — Complete HARA Assessment
- Open Safety Engineer Dashboard → View Hazards count (target: 15–25 per system)
- Click HAZID Risksheet → Navigate to HAZID/HARA Risksheet view
- Identify hazards → Enter operational situations, hazard scenarios, causes, effects
- Assign S/E/C ratings → Use drop-down enumerations; ASIL auto-calculates via formula
- Review ASIL Distribution bar → Ensure no hazards left in “Pending” state
- Derive Safety Goals → For each ASIL A/B/C/D hazard, create safetyGoal work item
- Trace to Requirements → Link safety goals to system requirements via ‘refines’ role
- Generate ISO 26262 HARA Report → Export for regulatory submission
Workflow 2: Safety Engineer — Track FMEA Risk Controls
- Open Safety Engineer Dashboard → View FMEA Coverage % and Risk Control count
- Click FMEA Coverage Report → Identify unmitigated high-severity failure modes
- Assign Risk Controls → Link riskControl work items to failure modes via ‘mitigates’ relationship
- Classify Control Type → Select Inherent/Protective/Informative per ISO 26262 hierarchy
- Update Status → Set risk control status to “Implemented” after design phase
- Set Post-Mitigation AP → Enter AP-Post after implementing control; verify AP-Post < AP-Initial
- Close Control Action → When verified, set status to “Verified” and link verification evidence
Workflow 3: Program Manager — Review Safety Readiness Scorecard
- Open Safety Engineer Dashboard → View real-time Safety Readiness % by standard
- Identify low-scoring standards → E.g., IATF 16949 at 60% indicates incomplete characteristics or control plans
- Drill down to specific metrics → Click % cell to view failing requirements/characteristics
- Schedule completion tasks → Assign to design/safety engineers with target dates
- Monitor weekly trending → Dashboard updates automatically as work items are completed
- Sign off when ready → Confirm ≥90% overall readiness before production launch
Related Pages
