Overview
HARA is the systematic process of identifying hazards, analyzing their severity and exposure, assessing controllability, and determining Automotive Safety Integrity Levels (ASIL) for safety-critical systems. The HARA risksheet provides an interactive interface for conducting this analysis in compliance with ISO 26262 Part 3 (Concept Phase).
Key Artifacts:
- Hazard work items: Identified system-level hazards with potential for harm
- Harm work items: Consequences of hazards to occupants or environment
- Safety Goal work items: High-level safety objectives derived from hazards
- Risk Record work items: Post-mitigation risk assessment and closure
Configuration Properties
Core Risksheet Settings
| Property | Type | Default | Description |
|---|
document_title | String | ”HAZID - AEB System” | Display title of the HARA analysis document |
description | String | "" | Document description for context |
work_item_type | Enum | hazard | Primary work item type for level 1 (see Hazard Work Item Type) |
parent_link_role | String | analyzedIn | Link role connecting hazards to risksheet document |
risksheet_version | String | ”3.0” | Risksheet configuration schema version |
standards_profile | Enum | iso26262 | Regulatory framework (ISO 26262, ISO 14971, custom) |
Multi-Level Hierarchy Configuration
| Property | Type | Default | Description |
|---|
level_definitions | Array | See below | Hierarchical structure with 4 levels |
level_1_type | String | hazard | Work item type at Level 1 (Hazard) |
level_2_type | String | harm | Work item type at Level 2 (Harm/Consequence) |
level_3_type | String | safetyGoal | Work item type at Level 3 (Safety Goal) |
level_4_type | String | riskRecord | Work item type at Level 4 (Risk Record/Control) |
hierarchy_depth | Integer | 4 | Number of nesting levels in analysis |
{
"levels": [
{
"level": 1,
"name": "Hazard",
"work_item_type": "hazard",
"link_role": "causes",
"expansion_enabled": true,
"columns": ["hazardId", "hazardName", "description", "operationalPhase"]
},
{
"level": 2,
"name": "Harm",
"work_item_type": "harm",
"link_role": "causedBy",
"expansion_enabled": true,
"columns": ["harmId", "harmDescription", "severity"]
},
{
"level": 3,
"name": "Safety Goal",
"work_item_type": "safetyGoal",
"link_role": "refines",
"expansion_enabled": true,
"columns": ["sgId", "sgTitle", "sgDescription"]
},
{
"level": 4,
"name": "Risk Record",
"work_item_type": "riskRecord",
"link_role": "mitigates",
"expansion_enabled": false,
"columns": ["rrId", "rrTitle", "rrStatus"]
}
]
}
Column Groups and Layout
The HARA risksheet organizes columns into five functional groups with color-coded headers:
| Column ID | Display Name | Data Type | Source | Formula | Required |
|---|
systemElement | System Element | BackLink | hazard.analyzedElement | — | Yes |
category | Category | Enum | hazard.category | — | Yes |
operationalPhase | Operational Phase | Enum | hazard.operationalPhase | — | Yes |
operationalSituation | Operational Situation | String | hazard.operationalSituation | — | No |
- System Element renders as clickable link to system architecture
- Category enum values:
SensorFailure, ComputationFailure, ActuatorFailure, InterfaceFailure, ExternalEvent
- Operational Phase enum values:
Initialization, Normal, Degraded, Shutdown, Emergency
| Column ID | Display Name | Data Type | Source | Formula | Required |
|---|
hazardId | Hazard ID | String | hazard.id | — | Auto |
hazardName | Hazard Name | String | hazard.title | — | Yes |
hazardDescription | Description | Text | hazard.description | — | Yes |
hazardCause | Cause(s) | Text | hazard.cause | — | Yes |
hazardConsequence | Consequence(s) | Text | hazard.consequence | — | Yes |
Hazard ID: H-001
Name: Loss of obstacle detection
Description: AEB system fails to detect vehicle or pedestrian ahead
Cause(s): Camera module malfunction, radar interference, processing delay
Consequence(s): No braking command issued, collision with obstacle
| Column ID | Display Name | Data Type | Source | Formula | Required |
|---|
severity | Severity (S) | Enum(S0-S3) | hazard.severity | — | Yes |
exposure | Exposure (E) | Enum(E0-E4) | hazard.exposure | — | Yes |
controllability | Controllability (C) | Enum(C0-C3) | hazard.controllability | — | Yes |
asil | ASIL | Enum(QM,A,B,C,D) | hazard.asil | ASIL_MATRIX(severity, exposure, controllability) | Calculated |
function ASIL_MATRIX(S, E, C) {
// ISO 26262-3 Table A.1 ASIL Matrix
const matrix = {
'S0': 'QM', // Severity 0 → QM (no safety requirement)
'S1': (E,C) => E=='E0' || C=='C3' ? 'QM' : 'A',
'S2': (E,C) => {
if (E=='E0' || E=='E1' || C=='C3') return 'QM';
if (E=='E2' && C=='C0') return 'B';
if (E=='E3' && C=='C0') return 'C';
if (E=='E4' && C=='C0') return 'D';
return 'A';
},
'S3': (E,C) => {
if (E=='E0') return 'QM';
if (E=='E1' && C=='C3') return 'QM';
if (E=='E2' && C=='C2') return 'A';
if (E=='E3' && C=='C2') return 'B';
if (E=='E4' && C=='C2') return 'C';
return 'D';
}
};
return matrix[S](/automotive/reference/risksheet-configs/E, C);
}
- QM (Quality Managed): Light gray background (#f5f5f5)
- ASIL A: Light green (#c8e6c9)
- ASIL B: Light yellow (#fff9c4)
- ASIL C: Light orange (#ffe0b2)
- ASIL D: Light red (#ffcdd2)
| Column ID | Display Name | Data Type | Source | Formula | Required |
|---|
safetyGoalId | SG ID | String | safetyGoal.id | — | Auto |
safetyGoalTitle | Safety Goal | String | safetyGoal.title | — | Yes |
safetyGoalDescription | SG Description | Text | safetyGoal.description | — | No |
sgAsil | SG ASIL | Enum | safetyGoal.asil | MIN(all_hazards_asil) | Calculated |
- “Ensure [system capability] is maintained”
- “Prevent [failure mode] from occurring”
- “Provide [failsafe action] on [failure condition]”
Example mapping:
Hazard H-001 (Loss of obstacle detection, ASIL D)
↓ derives
Safety Goal SG-02: Ensure obstacle detection reliability with ASIL D coverage
Hazard H-002 (Delayed braking, ASIL B)
↓ derives
Safety Goal SG-03: Ensure timely braking response (<200ms) with ASIL B coverage
5. Risk Control and Closure Group (Orange Header, #fb8c00)
| Column ID | Display Name | Data Type | Source | Formula | Required |
|---|
riskControlId | RC ID | String | riskRecord.id | — | Auto |
riskControlTitle | Risk Control | String | riskRecord.title | — | Yes |
riskControlType | RC Type | Enum | riskRecord.controlType | — | Yes |
evaluationStatus | Status | Enum | riskRecord.status | — | Yes |
- ARCHITECTURAL: System-level design choice that prevents hazard
- DESIGN: Design feature or component that detects/prevents failure
- PROCESS: Manufacturing or operational control that mitigates risk
- VERIFICATION: Test or analysis that confirms effectiveness
- OPERATIONAL: Training, procedure, or maintenance requirement
Expand/Collapse Controls
Each row includes expansion controls for navigating the hierarchy:
| Control | Level | Purpose | Effect |
|---|
+/- icon Level 1 | Hazard | Show/hide child harms | Expands/collapses all harms linked to hazard |
+/- icon Level 2 | Harm | Show/hide child safety goals | Expands/collapses all safety goals derived from harm |
+/- icon Level 3 | Safety Goal | Show/hide child risk controls | Expands/collapses all risk records linked to SG |
| Zoom icon Level 4 | Risk Control | Navigate to detail record | Opens related Risk Record work item in full form |
Predefined Views
The HARA risksheet includes six workflow-optimized views:
View 1: Identify Risks (Hazard Identification Phase)
Visible Columns: systemElement, hazardName, hazardDescription, hazardCause, hazardConsequence
Purpose: Focus on hazard discovery and documentation before assessment
Typical Users: Safety analyst, system architect
System Element | Hazard Name | Description | Cause(s) | Consequence(s)
Sensor Unit | Power loss | ... | ... | ...
ECU | Computation | ... | ... | ...
View 2: Initial Assessment (HARA Classification Phase)
Visible Columns: hazardName, severity, exposure, controllability, asil, safetyGoalTitle
Purpose: Document S/E/C assessment and confirm ASIL calculation
Typical Users: Safety engineer, systems engineer
View 3: Risk Control Planning (Mitigation Phase)
Visible Columns: hazardName, asil, safetyGoalTitle, riskControlId, riskControlTitle, riskControlType
Purpose: Link risk controls to safety goals and define mitigation strategy
Typical Users: Design lead, safety engineer
View 4: All Columns
Visible Columns: All columns in all groups
Purpose: Complete analysis view for detailed review
Typical Users: Auditor, quality engineer
View 5: Dashboard Summary (QM Filtering)
Visible Columns: All, filtered to exclude QM hazards
Purpose: Executive view showing only ASIL A/B/C/D items requiring safety processes
Typical Users: Project manager, safety lead
View 6: Export Ready
Visible Columns: All safety-critical fields + formatting for PDF export
Purpose: Prepare data for compliance reporting
Typical Users: Document manager, compliance officer
ASIL Determination
Implemented as server-side formula in hazard work item custom field:
#set($severity = $item.getCustomFieldValue('severity'))
#set($exposure = $item.getCustomFieldValue('exposure'))
#set($controllability = $item.getCustomFieldValue('controllability'))
#set($matrix = {
'S0': 'QM',
'S1_E0': 'QM', 'S1_E1': 'QM', 'S1_E2': 'A', 'S1_E3': 'A', 'S1_E4': 'A',
'S2_E0': 'QM', 'S2_E1': 'QM', 'S2_E2': 'A', 'S2_E3': 'B', 'S2_E4': 'C',
'S3_E0': 'QM', 'S3_E1': 'A', 'S3_E2': 'B', 'S3_E3': 'C', 'S3_E4': 'D'
})
$matrix.get("${severity}_${exposure}")
Safety Goal ASIL (Minimum of Linked Hazards)
function safetyGoalASIL(safetyGoalId) {
const linkedHazards = getLinkedWorkItems(safetyGoalId, 'derivedFrom');
const asilValues = linkedHazards.map(h => h.asil);
return minimumASIL(asilValues); // Returns worst-case ASIL
}
Traceability Coverage Percentage
function haraTraceabilityPercent() {
const hazardsTotal = queryWorkItems("type:hazard").length;
const hazardsWithSG = queryWorkItems("type:hazard AND exists:linkedSafetyGoals").length;
return Math.round(hazardsWithSG / hazardsTotal * 100);
}
Integration Points
Link to Failure Mode Analysis
Each Safety Goal derived in HARA flows downstream to System FMEA analysis. Failure modes in SFMEA should link back to Safety Goals using the implements link role.
Link to Risk Control Plan
HARA-derived Safety Goals are tracked in the Risk Control Plan risksheet, which documents how each goal is achieved through design controls, verification tests, and manufacturing controls.
See Risk Control Plan Risksheet Configuration.
Link to Traceability Matrix
System Requirements are traced back to Safety Goals in the Whole RTM PowerSheet using the implements link role. This establishes the complete chain:
Zoom Columns (Detail Navigation)
Each hierarchical level includes a zoom column for opening the linked work item in detail form:
| Level | Zoom Column | Opens |
|---|
| 1 | Hazard detail | Full Hazard Work Item form |
| 2 | Harm detail | Full Harm Work Item form |
| 3 | Safety Goal detail | Full Safety Goal Work Item form |
| 4 | Risk Control detail | Full Risk Record Work Item form |
Row Control and Filtering
Each row at Level 1, 2, and 3 shows a + or - icon controlling visibility of child rows:
+ (collapsed): Click to expand and show children- (expanded): Click to collapse and hide children- (blank): No children, cannot expand
Column-Based Filtering
Filter rows by column value using the filter icon in each column header:
Example Filters:
| Filter | Effect |
|---|
ASIL = D | Show only ASIL D hazards |
Severity = S3 | Show only severity S3 items |
Category = SensorFailure | Show only sensor-related hazards |
Status = Proposed | Show risk controls still in proposal phase |
Global Search
Type in the global search box to filter all visible rows containing the search term.
Custom Field Mappings
| Work Item Field | Risksheet Column | Editable | Default |
|---|
| hazard.severity | Severity (S) | Yes | S1 |
| hazard.exposure | Exposure (E) | Yes | E1 |
| hazard.controllability | Controllability (C) | Yes | C1 |
| hazard.asil | ASIL | No | (calculated) |
| hazard.operationalPhase | Operational Phase | Yes | Normal |
| hazard.operationalSituation | Operational Situation | Yes | (empty) |
| safetyGoal.title | Safety Goal | Yes | (empty) |
| safetyGoal.asil | SG ASIL | No | (calculated) |
| riskRecord.controlType | Risk Control Type | Yes | (empty) |
| riskRecord.status | Evaluation Status | Yes | Proposed |
Data Persistence and Sync
Write-Back Behavior
When a user edits a cell in the risksheet:
- Immediate: Cell value updated in browser (optimistic UI)
- Background: Change saved to Polarion work item custom field
- Sync: Related calculated fields (e.g., ASIL, SG ASIL) recalculated server-side
- Propagation: Dashboard statistics and reports updated within 30 seconds
Validation Rules
Mandatory Field Validation:
- Severity, Exposure, Controllability must be set before ASIL is valid
- Each Hazard must have at least one linked Safety Goal
- Each Safety Goal must have at least one linked Risk Control
Warnings (non-blocking):
⚠ Hazard H-001 has ASIL D but no verification test case linked
⚠ Safety Goal SG-02 not linked to any System Requirement (traceability gap)
⚠ Risk Control RC-05 status is 'Proposed' but implementation due date has passed
Large Document Handling
For HARA documents with >100 hazards:
- Use progressive views (Identify Risks, Initial Assessment) instead of All Columns
- Apply filters to reduce rendered row count (e.g., filter to ASIL D only)
- Collapse all top-level rows initially, then expand only needed subsections
- Consider splitting into multiple documents by subsystem (one HARA per major component)
- Rows per view: 20-50 (configurable)
- Load strategy: Lazy-load children on expand
- Cache timeout: 60 seconds (reload if upstream FMEA changes)
Related Configuration Pages
Version History
| Version | Date | Changes |
|---|
| 3.0 | 2026-02-15 | Current: Four-level hierarchy (Hazard/Harm/SafetyGoal/RiskRecord), ASIL matrix formula, six predefined views |
| 2.5 | 2025-10-01 | Added Safety Goal ASIL calculation, improved zoom column navigation |
| 2.0 | 2025-06-15 | Three-level hierarchy (Hazard/SafetyGoal/RiskControl), basic S/E/C assessment |
