Skip to main content

Overview

The HARA severity enumeration implements the four-level severity classification from ISO 26262-3:2018 Table 5, establishing a standardized scale for assessing potential harm to vehicle occupants and other road users. Severity is purely outcome-focused: it classifies what injury could result from a hazardous event, independent of how often the event occurs or whether it can be controlled.
Severity LevelInjury OutcomeASIL ImpactUse Case
S0No injuriesQM (no safety requirement)Hazards causing no harm; quality management only
S1Light/moderate injuriesTypically ASIL A or BRecoverable injuries; minor safety concern
S2Severe injuries (survival probable)Typically ASIL B or CSerious injuries requiring robust safety mechanisms
S3Life-threatening or fatal injuriesTypically ASIL C or DMaximum safety concern; highest integrity required
Severity is one dimension of the three-dimensional ASIL matrix (Severity × Exposure × Controllability). While severity describes the worst-case harm, exposure and controllability determine how likely the hazard is to occur and whether drivers can prevent it. Together, all three determine the ASIL classification.

Severity Levels Reference

S0 – No Injuries

Definition: Hazardous events that result in no injuries to vehicle occupants or other road users.
PropertyValue
LabelS0
Numeric Value0
ISO 26262 ReferenceISO 26262-3:2018 Table 5
Injury OutcomeNo harm to any person
ASIL ClassificationQM (Quality Management)
Typical ExamplesMinor cosmetic damage, non-functional component failure with no safety impact
Use in HARA: S0 is assigned to hazardous events where the worst-case outcome poses no injury risk. Even if such an event occurs frequently (high Exposure) and cannot be controlled (high Controllability), the ASIL remains QM because there is no potential harm. S0 hazards do not require functional safety mechanisms but may require quality management measures. Note: S0 combined with any Exposure (E0–E4) and Controllability (C0–C3) value always results in QM ASIL classification per the ISO 26262 matrix.

S1 – Light/Moderate Injuries

Definition: Hazardous events that may cause light to moderate injuries, typically recoverable without permanent disability.
PropertyValue
LabelS1
Numeric Value1
ISO 26262 ReferenceISO 26262-3:2018 Table 5
Injury OutcomeLight to moderate injuries; full recovery expected
ASIL ClassificationTypically ASIL A or B (depending on E and C)
Typical ExamplesMinor lacerations, temporary loss of consciousness, minor whiplash injuries
Use in HARA: S1 represents the threshold above QM where at least minimal safety measures are warranted. Examples include sensor degradation that causes minor false positives (unnecessary braking) or slight braking delays that cause low-speed collisions. S1 hazards typically yield ASIL A or ASIL B when combined with moderate to high Exposure and medium Controllability. ASIL Outcomes:
  • S1 + E1–E2 + C0–C1 → ASIL A
  • S1 + E3–E4 + C1–C2 → ASIL B
  • S1 + E0 + any C → QM

S2 – Severe Injuries (Survival Probable)

Definition: Hazardous events that may cause severe injuries where survival is probable but permanent disability or long-term medical treatment is likely.
PropertyValue
LabelS2
Numeric Value2
ISO 26262 ReferenceISO 26262-3:2018 Table 5
Injury OutcomeSevere injuries; survival likely but permanent effects possible
ASIL ClassificationTypically ASIL B or C (depending on E and C)
Typical ExamplesBroken bones, head trauma with recovery, severe burns, permanent partial disability
Use in HARA: S2 marks the transition to serious safety concerns requiring robust safety mechanisms. In an AEB (Automatic Emergency Braking) system, S2 might represent failure to detect a pedestrian that results in a high-speed collision causing serious injury. S2 hazards typically require ASIL B or ASIL C mitigation depending on Exposure and Controllability. ASIL Outcomes:
  • S2 + E1–E2 + C0–C1 → ASIL B
  • S2 + E3–E4 + C1–C2 → ASIL C
  • S2 + E0 or low E/high C → ASIL A or B

S3 – Life-Threatening or Fatal Injuries

Definition: Hazardous events with the potential to cause life-threatening or fatal injuries to vehicle occupants or other road users.
PropertyValue
LabelS3
Numeric Value3
ISO 26262 ReferenceISO 26262-3:2018 Table 5
Injury OutcomeLife-threatening or fatal; multiple fatalities possible
ASIL ClassificationTypically ASIL C or D (almost always D for high E/C)
Typical ExamplesHead-on collision at highway speed, complete brake failure, total loss of steering control
Use in HARA: S3 represents the maximum severity classification and almost always mandates ASIL D (highest safety integrity level) unless Exposure or Controllability is exceptionally low. In functional safety for AEB systems, S3 examples include complete failure to brake when an obstacle is detected, resulting in unavoidable collision at high speed, or sensor fusion failure that causes the vehicle to accelerate into an obstacle. ASIL Outcomes:
  • S3 + E3–E4 + C1–C3 → ASIL D
  • S3 + E1–E2 + any C → ASIL C or D
  • S3 + E0 → ASIL A, B, or C (very rare scenario)
Critical Note: S3 hazards require the highest level of safety design effort, including:
  • Comprehensive safety mechanisms and redundancy
  • Extensive verification and validation
  • Failure Mode and Effects Analysis (FMEA) decomposition
  • Risk control measures with pre- and post-mitigation ratings
  • Complete traceability from safety goals through implementation

ASIL Severity Impact

The following table shows how Severity combines with representative Exposure and Controllability values to determine ASIL:
Severity \ ProbabilityP1 (Incredible)P2 (Very Low)P3 (Low)P4 (Medium)P5 (High)
S1 (Minor)QMQMQMASIL AASIL A
S2 (Moderate)QMQMASIL AASIL BASIL B
S3 (Severe)QMASIL AASIL BASIL CASIL C
S4 (Life-Threatening)ASIL AASIL BASIL CASIL DASIL D

Severity Assessment Guidelines

When conducting HARA, use the following criteria to assign severity:

Injury Classification Criteria

S0 (No Injuries):
  • No harm to any person
  • Only property damage or functional degradation
  • Quality issues, not safety issues
S1 (Light/Moderate):
  • Injuries from which recovery is expected
  • Temporary incapacity (hours to days)
  • Minor permanent effects
  • Examples: whiplash, minor lacerations, temporary unconsciousness
S2 (Severe, Survival Probable):
  • Serious injuries with significant disability or long-term medical treatment
  • Permanent partial disability possible
  • Long-term incapacity (weeks to months of treatment)
  • Examples: fractured limbs, head trauma with recovery, severe burns
S3 (Life-Threatening/Fatal):
  • Immediate threat to life
  • Fatality possible
  • Multiple fatalities in mass-casualty scenarios
  • Permanent total disability or immediate death
  • Examples: head trauma without recovery, high-speed collision, asphyxiation

Context Considerations

Severity assessment should account for:
  1. Occupant Type: Distinguish between vehicle occupants (driver, passengers) and vulnerable road users (pedestrians, cyclists)
  2. Impact Zone: Head/thorax injuries typically higher severity than limb injuries
  3. Impact Speed: Higher speed impacts correlate to higher severity potential
  4. Age Factor: Pediatric and elderly occupants may experience greater injury severity from same impact
  5. Pre-existing Conditions: Consider whether underlying health factors increase severity (not typically part of HARA but noted in risk context)
Severity is outcome-focused and independent of how often the hazardous event occurs. A rare but catastrophic event (S3, E1) may be assigned higher ASIL than a frequent minor event (S1, E4, C0) depending on Controllability. Do not conflate severity with exposure or likelihood.

Risksheet Integration

Column Binding

In the TestAuto2 solution, severity is exposed in Risksheet configurations through a dropdown column bound to the haraServerity custom field on Hazard work items: 
# HARA Risksheet Column Definition
- name: severity
  label: Severity (S)
  type: enum
  field: haraServerity
  width: 80px
  level: 4  # Hazard level
  alignment: center

Formula Usage

Severity values are consumed by the ASIL determination formula in Risksheet to automatically compute the final ASIL classification: 
// Pseudocode: ASIL Calculation Formula
function calcASIL(severity, exposure, controllability) {
  const sevNum = extractNumeric(severity);  // S0→0, S1→1, S2→2, S3→3
  const expNum = extractNumeric(exposure);  // E0→0, E1→1, ..., E4→4
  const conNum = extractNumeric(controllability); // C0→0, C1→1, ..., C3→3
  
  if (sevNum === 0 || expNum === 0 || conNum === 0) {
    return "QM";  // S0, E0, or C0 always yields QM
  }
  
  return lookupASILMatrix(sevNum, expNum, conNum);  // 1-3 → A-D
}

Cell Styling

Severity cells in Risksheet are styled with conditional formatting to highlight high-risk classifications:
SeverityCSS ClassBackground ColorPurpose
S0severity-s0Light grayLow severity; QM only
S1severity-s1Light greenMinor safety concern
S2severity-s2OrangeSignificant safety concern
S3severity-s3Red/Dark redCritical safety concern
S2 and S3 hazards are visually emphasized in Risksheet to help teams prioritize risk mitigation efforts. Color-coded cells support rapid identification of high-severity hazards requiring immediate attention.

Severity Inheritance and Traceability

Safety Goal Propagation

When a Hazard work item with assigned Severity is linked to a Safety Goal via the derivedFrom relationship, the Safety Goal inherits the Severity classification: diagram This traceability chain ensures that functional safety requirements derived from high-severity hazards are appropriately scoped and prioritized.

FMEA Cross-Reference

Severity is also correlated with FMEA Severity ratings (1–10) used in Failure Mode and Effects Analysis. While HARA Severity (S0–S3) is qualitative and automotive-focused, FMEA Severity (1–10) is quantitative and process-focused. The correlation helps ensure consistency across risk management disciplines:
  • HARA S0FMEA Severity 1–2 (minimal/no impact)
  • HARA S1FMEA Severity 3–5 (moderate impact)
  • HARA S2FMEA Severity 6–8 (severe impact)
  • HARA S3FMEA Severity 9–10 (catastrophic impact)
See reference/enumerations/fmea-severity.md for FMEA severity details.

Standards Compliance

This enumeration directly implements:
  • ISO 26262-3:2018, Table 5 — Severity classification for Hazard Analysis and Risk Assessment
  • ISO 26262-3:2018, Clause 7.4.3 — Hazard classification methodology
  • ISO 26262 Part 3, Annex B — Guidance on severity assessment
The four-level scale (S0–S3) is mandatory for ISO 26262 HARA compliance and forms the normative basis for ASIL determination across all Functional Safety products.