Skip to main content

Overview

Form layouts in Polarion control which custom fields, standard fields, and linked item sections appear when editing a work item, as well as their visual organization into logical groups. The Hazard form layout is tailored to support both ISO 26262 HARA (Hazard Analysis and Risk Assessment) and ISO 14971 risk management workflows. The layout is role-based — different user roles (Safety Engineer, Design Engineer, Configuration Manager) may see different field visibility or grouping based on their assigned HATS (Hateful Attributes Targeting System, Polarion’s role-based UI configuration). diagram

Field Groupings and Sections

The Hazard form supports both ISO 26262 HARA (automotive functional safety) and ISO 14971 HAZID (general risk management) workflows. HARA fields focus on ASIL calculation and safety integrity levels. HAZID fields capture risk matrices and preliminary hazard analysis.

Section 1: Hazard Identity

Core identification fields that uniquely identify and describe the hazard.
Field NameTypeDefaultDescription
hazardIdStringAuto-generatedUnique identifier for hazard tracking (e.g., HAZ-001). Auto-populated or manually entered following project naming convention. Used in PowerSheet expansion paths and RTM model queries.
titleStringRequiredBrief title of the hazard (max 100 chars). Example: “Loss of Brake Pressure During Emergency Braking”.
descriptionTextRequiredFull hazard description capturing the hazardous event or condition. Should be specific and measurable, describing what could go wrong (not the harm). Example: “Unintended acceleration during low-speed maneuvering due to throttle sensor malfunction.”

Section 2: HARA Analysis (ISO 26262)

Fields supporting ISO 26262 Part 3 HARA methodology, including the critical Severity × Exposure × Controllability → ASIL determination matrix.
Field NameTypeDefaultDescription
hazardCategoryEnumClassifies hazard by type: functional-safety, cybersecurity, environmental, human-factors. Drives workflow routing and review requirements.
operationalSituationTextDescribes the operational context or scenario in which hazard could occur. Examples: “Highway driving at 120 km/h”, “Parking maneuver”, “Urban traffic with pedestrians”. Relationship to Exposure rating—more common operational situations increase E classification.
hazardDescription (HARA)TextDetailed description of the hazardous event specific to HARA context. Combines hazard source, mechanism, and condition into a single scenario statement for ISO 26262 compliance documentation.
severityEnumISO 26262 severity rating (S0–S3) based on potential harm severity to occupants or other road users. Values: s0 = No injury, s1 = Light injury, s2 = Serious injury, s3 = Fatality or multiple serious injuries. Used in ASIL determination matrix.
exposureEnumISO 26262 exposure rating (E0–E4) based on probability/frequency of operational situation occurrence. Values: e0 = Incredible, e1 = Very low, e2 = Low, e3 = Medium, e4 = High. Combined with Severity and Controllability to determine ASIL.
controllabilityEnumISO 26262 controllability rating (C0–C3) based on driver’s ability to prevent harm when hazardous event occurs. Values: c0 = Controllable, c1 = Likely controllable, c2 = Scarcely controllable, c3 = Uncontrollable. Factors include reaction time, required skill level, and physical effort.
asilEnumCalculatedAutomotive Safety Integrity Level (ASIL) determined from Severity × Exposure × Controllability matrix per ISO 26262 Table 4. Values: qm = No safety requirement, asil-a = Low integrity, asil-b = Medium integrity, asil-c = High integrity, asil-d = Highest integrity. Manually overridable when calculated ASIL is not appropriate.
haraRationaleTextDocuments reasoning behind Severity, Exposure, Controllability classifications and assumptions made during assessment. Critical for audit trail and ISO 26262 compliance. Should reference analysis data, standards citations, expert judgment, or historical incidents. Example: “S3 assigned per industry precedent (similar brake-related incidents classified as fatal). E4 justified by high frequency of highway driving in target market. C2 reflects 200ms brake response latency and requirement for driver skill to recover.”
The asil field may be auto-calculated by a Risksheet formula using the ISO 26262 matrix lookup, or manually overridden when business logic requires deviation. Always document overrides in haraRationale.

Section 3: HAZID Analysis (ISO 14971)

Fields supporting ISO 14971 preliminary hazard identification and risk matrix analysis (separate from ISO 26262 HARA).
Field NameTypeDefaultDescription
hazardSourceTextDescribes the origin or source of the hazard. Examples: “Component failure (brake fluid leak)”, “Environmental condition (extreme temperature)”, “Human error (incorrect installation)”, “Software malfunction (sensor timeout)”. Part of systematic hazard discovery process.
hazardMechanismTextExplains how the hazard source leads to the hazardous event or condition. Documents the failure chain: Source → Mechanism → Hazardous Event. Example: “Brake fluid leak → Loss of hydraulic pressure → Brake failure during emergency stop.”
initialSeverityEnumPre-mitigation severity rating for HAZID risk matrix (typically S1–S5 scale, separate from ISO 26262 S0–S3). Used in preliminary risk assessment before formal ASIL determination.
initialLikelihoodEnumPre-mitigation likelihood rating for HAZID risk matrix (typically L1–L5 scale). Note: This is probability-based (likelihood of occurrence per unit time) rather than ISO 26262 Exposure (frequency of operational situation). Used to compute preliminary risk level.
cause (HAZID)TextIdentifies root causes or contributing factors that could trigger the hazard in HAZID context. Free-text field for preliminary analysis. Transition path: HAZID text cause → formal FMEA Cause work items with links.
consequence (HAZID)TextDescribes potential consequences or harms resulting from the hazard in HAZID context. Free-text field documenting what harm could result. Relationship to Harm work item type—text consequences transition to linked Harm items with severity ratings.

Section 4: Mitigation & Traceability

Fields linking the hazard to safety goals and risk controls that mitigate it.
Field NameTypeDefaultDescription
safetyGoalReferenceStringID or identifier of the formal Safety Goal work item created from this hazard. Alternative to using Polarion link roles—stores work item ID as string. Traceability mechanism between HARA and functional safety concept phase. Note: PowerSheet RTM typically uses derivedFrom link role instead for bidirectional navigation.
safetyGoalTextTextFree-text definition of the top-level safety goal derived from this hazard—the safe state requirement to prevent or mitigate the hazardous event. Example: “The system shall not exceed 5 km/h during an unintended acceleration scenario.” Output of HARA process that feeds into functional safety concept. Each ASIL B-D hazard requires at least one safety goal.
Polarion link sections connecting the Hazard to related work items.
Link RoleTarget TypeCardinalityDescription
causesHarm1..*Links to Harm work items that represent potential consequences. ISO 14971 traceability: Hazard → Harm → Risk Control.
mitigatedByRiskControl0..*Links to Risk Control work items (inherent-safety-design, protective-measure, information-for-safety) that address this hazard.
derivesIntoSafetyGoal0..*Links to Safety Goal work items derived from this hazard. Bidirectional relationship—Safety Goal inherits ASIL from parent Hazard. ISO 26262 traceability: Hazard → Safety Goal → Functional Safety Requirement.
tracedFromSystemElement0..*References System Element or Function work items being assessed by this hazard. Establishes architectural context—what system component does this hazard relate to?
analysisBasisDocument, Module0..*Links to reference documents, standards, or historical incident records that informed the hazard analysis.

Field Properties and Rendering

Text Fields (Hazard Description, Operational Situation, etc.)

<field id="hazardDescription" type="text">
  <name>Hazard Description</name>
  <description>Hazardous event or scenario—what could go wrong</description>
  <width>600px</width>
  <height>4 lines</height>
  <required>true</required>
  <multiline>true</multiline>
</field>
  • Width: 600–800px to accommodate longer scenario descriptions
  • Height: 3–5 lines default, expandable
  • Required: Yes for HARA workflow; optional for HAZID preliminary analysis
  • Validation: No length limit enforced, but writing guidelines suggest 50–200 words for clarity

Enum Fields (Severity, Exposure, Controllability, ASIL)

<field id="severity" type="enum">
  <name>Severity (ISO 26262)</name>
  <description>Potential harm severity to occupants or road users</description>
  <enumType>haraSeverity</enumType>
  <required>true</required>
  <displayAs>dropdown</displayAs>
  <cellDecorator>
    <!-- Applies color based on enum value: S0=gray, S1=yellow, S2=orange, S3=red -->
    <toggleClass>
      <condition>$value == 's0'</condition><class>severity-s0</class>
      <condition>$value == 's1'</condition><class>severity-s1</class>
      <condition>$value == 's2'</condition><class>severity-s2</class>
      <condition>$value == 's3'</condition><class>severity-s3</class>
    </toggleClass>
  </cellDecorator>
</field>
  • Display: Dropdown with enum descriptions visible on hover
  • Cell Decorator: Color-coded badges (S0=gray, S1=yellow, S2=orange, S3=red) for visual scanning
  • Mandatory Sequencing: Severity must be set before Exposure and Controllability (required in HARA workflow)
  • Validation: Form prevents ASIL calculation until all three (S, E, C) are populated

Calculated Field: ASIL

<field id="asil" type="calculated">
  <name>ASIL</name>
  <description>Automotive Safety Integrity Level (ISO 26262 Table 4)</description>
  <formula>
    <!-- Pseudocode: Map (S, E, C) tuple to ASIL per ISO 26262-3:2018 Table 4 -->
    <!-- S0/E0/C0 → QM; S1/E4/C3 → ASIL-A; S2/E3/C2 → ASIL-B; etc. -->
  </formula>
  <readOnly>false</readOnly>  <!-- Allow manual override -->
  <cellDecorator>
    <!-- Color-coded: QM=gray, A=green, B=yellow, C=orange, D=red -->
  </cellDecorator>
</field>
  • Calculation Logic: Extracts numeric values from enum IDs (s0→0, s1→1, e0→0, e4→4, c0→0, c3→3), applies ISO 26262 matrix lookup
  • Manual Override: Users can override calculated ASIL if business logic requires deviation (document in haraRationale)
  • Visibility: Always visible; read-only until S, E, C values are set (grayed out or disabled in form)

Conditional Field Visibility

The Hazard form may display different field sets based on:
  1. Selected Workflow (HARA vs HAZID):
    • HARA workflow: Emphasize S/E/C/ASIL fields, hide initialSeverity/initialLikelihood
    • HAZID workflow: Show cause/consequence, hide ASIL fields
  2. User Role:
    • Safety Engineer: Full visibility of all HARA fields
    • Design Engineer: Read-only view of ASIL and Safety Goals; editable Design Notes
    • Configuration Manager: Read-only view of entire form
  3. ASIL Level (post-calculation):
    • ASIL QM hazards: May hide Safety Goal requirement fields
    • ASIL A-D hazards: Require Safety Goal reference and HARA Rationale

Form Actions and Buttons

ActionTriggerBehavior
Calculate ASILUser clicks; or auto on S/E/C changeExecutes ISO 26262 matrix lookup, populates asil field, triggers validation
Create Safety Goal”New Safety Goal” buttonOpens SafetyGoal creation form with hazard link pre-populated; inherits ASIL from parent
Link Risk Control”Add Control” buttonOpens work item picker filtered to RiskControl type; auto-links with mitigatedBy role
Generate HARA Report”Export Report” buttonTriggers Velocity script to render ISO 26262-3 compliant document with S/E/C matrix, hazard register, safety goal traceability
Validate TraceabilityForm submit validationChecks: ASIL A-D hazards have ≥1 Safety Goal; Safety Goals reference correct ASIL; all HARA Rationale ≥50 chars

Integration with Risksheet

The Hazard form is closely integrated with the HARA Risksheet configuration:
  • Risksheet View: Hazards appear as rows in 4-level hierarchy (System Element → Category → Phase → Hazard)
  • Column Binding: Risksheet columns map directly to form fields (e.g., Severity column ↔ severity field)
  • Progressive Views: Risksheet offers staged views (Situation Analysis, Hazard Identification, Classification, Safety Goals) that show/hide form fields progressively through HARA workflow
  • Cell Decorators: Color-coded ASIL badges in Risksheet match form field decorators for visual consistency

Version and Standards Compliance

StandardVersionCompliance Notes
ISO 262622018 (Part 3, Concept Phase)HARA fields (S/E/C/ASIL) fully compliant with Part 3 clauses 5.3–5.4. ASIL matrix per Table 4.
ISO 149712019HAZID fields (cause/consequence/initial risk) support preliminary risk assessment; full risk management via Risk Control traceability.
IATF 169492016Supports APQP Phase 0 risk assessment and FMEA integration for safety goals.
AIAG-VDA FMEA4th EditionHazard-to-FMEA traceability: Hazards → Failure Modes in System/Design/Process FMEA documents.

Common Field Population Workflow

diagram

Customization Considerations

  • Custom Fields: Additional project-specific fields (e.g., regulatoryRef, industryStandard) can be added to Sections 1–3 without breaking ISO 26262 compliance
  • Validation Rules: Form-level validation can enforce mandatory fields per workflow stage or user role
  • Link Role Expansion: New link roles (e.g., relatedHazard for cross-project hazard grouping) can be added without altering core HARA fields
  • Rendered Output: Fields rendering on PowerSheet and Risksheet inherit form layout structure—wide text fields should be 600px+ to prevent truncation in sheet views
Organize fields into logical workflow stages: (1) Identify, (2) Analyze, (3) Classify, (4) Mitigate. Each stage should be visually distinct with section headers and optional field collapsing to reduce cognitive load during large-scale hazard analysis sessions.