Skip to main content

Core Properties

NameTypeDefaultDescription
IDStringAuto-generatedUnique identifier for the hazard (e.g., HAZ-001). Used in traceability matrices and reports.
TitleStringConcise hazard name or event description (e.g., “Power Supply Failure to AEB System”).
DescriptionTextDetailed hazard description defining the hazardous event or condition. Should be specific and measurable.
StatusEnumDraftCurrent lifecycle state: Draft, Under Review, Approved, Superseded.
AssigneeUserTeam member responsible for hazard analysis and documentation.
PriorityEnumNormalRisk priority for workflow triage: Critical, High, Normal, Low.
CreatedDateAutoTimestamp when hazard was created.
ModifiedDateAutoLast modification timestamp.

HAZID Properties (Hazard Identification)

Hazards support dual ISO 26262 HARA and ISO 14971 HAZID workflows. These properties capture hazard source, mechanism, and preliminary risk assessment.
NameTypeDefaultDescription
hazardSourceTextOrigin or source of the hazard (e.g., component failure, environmental condition, human error, design defect). Documents how hazard originates.
hazardMechanismTextExplanation of how the hazard source leads to the hazardous event. Describes the causal chain: Source → Mechanism → Hazard. Example: “Brake fluid leak → loss of hydraulic pressure → brake failure”.
hazardCategoryEnumClassification of hazard type. Values: Functional Safety, Cybersecurity, Environmental, Human Factors, Hardware Failure, Software Defect.
operationalPhaseEnumVehicle operational mode or phase when hazard occurs. Values: Ignition, Normal Driving, Parking, Maintenance, Cold Start, High-Speed, Urban Driving. Maps to ISO 26262 Exposure parameter context.
operationalSituationTextDetailed driving scenario or operational context in which the hazard could occur (e.g., “Highway driving with heavy traffic and wet road conditions”). Affects Exposure (E) classification.
hazidCauseTextRoot causes or contributing factors that could trigger the hazard. For HAZID, free-text cause description. For ISO 26262, may link to formal Failure Mode work items.
hazidConsequenceTextPotential consequences or harms resulting from the hazard. For HAZID, free-text consequence description. Transitions to linked Harm work items with severity ratings.
initialSeverityEnumPre-mitigation severity rating for HAZID risk matrix. Scale: S1 (minimal injury) through S5 (fatality). Used in HAZID risk level computation.
initialLikelihoodEnumPre-mitigation likelihood rating for HAZID risk matrix. Scale: L1 (rare) through L5 (frequent). Distinct from ISO 26262 Exposure (frequency-based vs. probability-based).

ISO 26262 HARA Properties

These properties implement the ISO 26262-3 Hazard Analysis and Risk Assessment classification scheme. They determine the Automotive Safety Integrity Level (ASIL) that drives safety goal decomposition and requirements allocation.
NameTypeDefaultDescription
haraSeverityEnumISO 26262 severity classification based on potential harm severity to occupants or other road users. Values: S0 (no injury), S1 (light injury), S2 (serious injury), S3 (fatality).
haraExposureEnumISO 26262 exposure classification based on probability or frequency of the operational situation. Values: E0 (incredible), E1 (very low), E2 (low), E3 (medium), E4 (high). Reflects how often the hazardous situation occurs during vehicle operation.
haraControllabilityEnumISO 26262 controllability classification based on driver’s ability to prevent harm when the hazardous event occurs. Values: C0 (easily controllable), C1 (normally controllable), C2 (difficult to control), C3 (hardly controllable). Considers reaction time, skill level, and physical effort required.
asilClassificationEnumComputed or manually assigned Automotive Safety Integrity Level derived from Severity × Exposure × Controllability matrix. Values: QM (Quality Managed, no ASIL requirement), ASIL A, ASIL B, ASIL C, ASIL D. This is the output of HARA classification and drives functional safety concept phase.
ASIL is computed using the ISO 26262 3D matrix lookup:
  • S0, E0, or C0 → QM (Quality Managed)
  • S1 with E1-E4 and C1-C3 → ASIL A
  • S2 with E1+ and C2+ → ASIL B/C/D (varies by E/C combination)
  • S3 with E3+ and C2+ → ASIL C/D (highest severity)
The matrix is deterministic; risksheet configurations typically include a calcASIL formula that automatically computes ASIL from S/E/C selections.
NameTypeDefaultDescription
haraRationaleTextDocumentation of reasoning behind Severity, Exposure, and Controllability classifications. Required for audit trail and ISO 26262 compliance. Should reference analysis data, standards, expert judgment, or vehicle specifications used for S/E/C ratings.
safetyGoalDescriptionTextHigh-level safety goal derived from the hazard—the safe state requirement to prevent or mitigate the hazardous event. Example: “Ensure obstacle detection reliability to enable timely braking response”.
safetyGoalIdStringReference ID or link to the formal Safety Goal work item created from this hazard. Alternative to using Polarion link roles; stores work item ID as string. PowerSheet RTM typically uses the derivedFrom link role for bidirectional navigation.

Relationship Properties

Hazards participate in bidirectional traceability across the ISO 26262 safety lifecycle. These properties define how hazards connect to upstream analysis and downstream requirements.
NameTypeLink RoleCardinalityDescription
Safety GoalsLinks to Safety GoalderivedFrom (backward)1..*One or more safety goals derived from this hazard. Each ASIL B-D hazard requires at least one safety goal. Safety goal inherits ASIL classification from parent hazard.
System ElementsLinks to System Elementassesses (backward)1..*System element(s) or functions being assessed by this hazard. Establishes architectural context and scoping for the hazard analysis.
CharacteristicsLinks to Characteristicassesses (backward)0..*SC/CC (Safety-Critical / Cybersecurity-Critical) characteristics linked to this hazard for special characteristics analysis.
Failure ModesLinks to Failure Modecontributes-to (backward)0..*Failure modes that could trigger or contribute to this hazard in system FMEA analysis.
HarmsLinks to Harmresults-in (backward)0..*Potential harms or injuries that could result from this hazard. Each consequence in HAZID maps to one or more Harm work items.
Process StepsLinks to Process Step0..*Manufacturing or operational process steps where this hazard could be triggered. Used in process risk analysis workflows.

Custom Fields

Field NameTypeConstraintNotes
hazardIdStringUniqueAlphanumeric identifier (e.g., HAZ-001). Often auto-populated from sequence or manual entry per project convention. Used in RTM expansion paths and cross-references.
isSOTIFHazardBooleanFlag indicating whether this hazard falls under ISO 21448 SOTIF (Safety of the Intended Functionality) scope—hazards beyond malfunction scenarios. Enables filtering for SOTIF compliance gap analysis.
requiresTraceabilityBooleantrue (if ASIL ≥ B)Automation flag: if true, hazard requires backward traceability to at least one safety goal and forward traceability to verification evidence. Used in coverage checks.
riskMatrixEnumClassification of which risk assessment framework applies: HARA (ISO 26262 S/E/C matrix), HAZID (initial/likelihood matrix), ISO14971 (probability/severity). Determines which column group appears in risksheet.

Workflow States

Hazards transition through a document-level workflow that gates safety analysis progression: diagram
StatePermissionsValidationNext State
DraftAuthor can edit all fieldsMinimal (title + description)Submit for review
Under ReviewAuthor read-only; reviewer can edit classification fieldsS/E/C filled, ASIL computed, rationale providedApprove or Request Rework
ApprovedRead-only for all usersAll required fields present and linkedSupersede (if hazard obsolete)
SupersededRead-only archive stateHistorical reference only(terminal)

Risksheet Integration

Hazards are the primary work item in HARA and HAZID risksheets. The risksheet presents a four-level hierarchy optimized for rapid classification: diagram Each level supports drill-down analysis and collapsing for different views: Column Groups (by workflow phase):
  • Situation Analysis: System Element, Category, Phase, Operational Situation
  • Hazard Identification: Hazard Name, Description, Source, Mechanism, Consequence(s)
  • HARA Classification: Severity (S), Exposure (E), Controllability (C), ASIL, Rationale
  • Safety Goals: Safety Goal Creation (taskLink), Safety Goal ASIL (inherited), Status
Progressive Workflow Views:
  1. Situation Analysis View — Focuses on operational context and hazard triggering scenarios
  2. Hazard Identification View — Captures causes, mechanisms, and consequences
  3. HARA Classification View — Performs S/E/C/ASIL rating with color-coded urgency indicators
  4. Safety Goals View — Links to derived safety goals and verifies ASIL inheritance
  5. Full View — All columns for comprehensive audit and traceability
Risksheet applies conditional cell styling to ASIL assignments:
  • QM → Gray (no functional safety requirement)
  • ASIL A → Green (low integrity)
  • ASIL B → Orange (moderate integrity)
  • ASIL C → Red (high integrity)
  • ASIL D → Purple (highest integrity)
Color coding provides at-a-glance risk assessment and guides prioritization of safety goal decomposition and control strategy development.

PowerSheet Columns

Hazard properties may appear in PowerSheet configurations for cross-document traceability:
PowerSheetHazard Column(s)Purpose
Whole RTM SheetHazard Category, ASIL, Safety Goal LinksUpstream traceability from requirements through hazard analysis to safety goals
Safety Goal SheetParent Hazard (backlink), Hazard ASILConfirms safety goal ASIL inheritance and maintains bidirectional hazard ↔ safety goal navigation
Characteristic SheetLinked Hazards (via assesses), SC/CC ClassificationShows which hazards drive SC/CC characteristic definitions for components
Failure Mode SheetContributing Hazards (backlinks)Downstream FMEA traceability showing how failure modes contribute to system-level hazards

Form Layout

The Hazard form is organized by role and workflow phase. Critical fields appear prominently: Top Section (Always Visible):
  • Title, Status, Assignee, Priority
  • Hazard Source, Hazard Mechanism, Hazard Description
Situation Analysis Tab:
  • System Element (itemLink), Hazard Category, Operational Phase
  • Operational Situation (longer text for scenario detail)
HARA Classification Tab:
  • Severity (S0–S3), Exposure (E0–E4), Controllability (C0–C3)
  • ASIL (computed field, read-only unless manual override required)
  • HARA Rationale (justification for S/E/C selections)
Safety Goals Tab:
  • Safety Goal Description
  • Safety Goal taskLink (create / link to derived safety goal)
  • Safety Goal ASIL (inherited from parent hazard)
Links Tab:
  • Back-linked Harms (consequences)
  • Back-linked Safety Goals (derived from this hazard)
  • Back-linked Failure Modes (contributing in FMEA)
  • System Element / Function links (assesses relationship)

HAZID vs. HARA Classification

Hazards support two analysis methodologies with overlapping but distinct properties:
AspectHAZID (Preliminary Risk)HARA (ISO 26262 Functional Safety)
Risk MatrixInitial/Residual Likelihood × SeverityS × E × C → ASIL
Severity ScaleS1–S5 (injury-based)S0–S3 (ISO 26262 defined)
Likelihood ScaleL1–L5 (frequency qualitative)E0–E4 (operational scenario probability)
OutputRisk level (Low/Med/High/Critical)ASIL (QM/A/B/C/D) → Safety goal
Consequence ModelHazidconsequence text fieldLinks to Harm work items
Primary UseEarly concept risk screeningFunctional safety compliance deliverable
You may run both workflows on the same Hazard work item. For example:
  1. Initially assess with HAZID (quick preliminary risk screening)
  2. Then perform formal HARA classification for ISO 26262 compliance
  3. Both results coexist; risksheet view can filter by riskMatrix field value

Example: Power Supply Failure Hazard

ID: HAZ-003
Title: Power Supply Failure to AEB System
Status: Approved
Assignee: Safety Engineer
Priority: Critical

# Identification
hazardSource: Electrical short circuit in main power regulator
hazardMechanism: |
  Overvoltage surge → regulator shutdown → 
  AEB system loses 12V power rail
hazardCategory: Hardware Failure
operationalPhase: Normal Driving
operationalSituation: |
  Highway driving with active cruise control enabled;
  sudden electrical transient from vehicle wiring harness
  triggers protective shutdown

# HAZID (Preliminary)
initialSeverity: S4 (critical injury)
initialLikelihood: L2 (low probability; requires fault + specific scenario)

# HARA (ISO 26262)
haraSeverity: S3 (potential fatality; loss of AEB braking)
haraExposure: E3 (highway driving is medium-frequency operational phase)
haraControllability: C2 (difficult to control; driver has ~500ms to respond)
asilClassification: ASIL B (S3 × E3 × C2)
haraRationale: |
  Severity: S3 because AEB failure during highway driving
  can result in unmitigated collision (fatality risk).
  Exposure: E3 because highway driving represents
  significant operational scenario duration.
  Controllability: C2 because driver has limited time
  to detect power loss and manual brake application;
  no obvious warning until AEB needed.
  ASIL B required; mitigation via dual-supply architecture.

# Safety Goals
safetyGoalDescription: |
  Ensure AEB power supply remains available during normal
  operation through redundancy or fault tolerance mechanisms.
safetyGoalId: SG-001

# Traceability
derivedFrom: [SG-001]          # Back-linked safety goals
assesses: [SE-AEB-001]         # System element assessed
resultsIn: [HARM-007]          # Potential harms (fatality)
contributedToBy: []            # (not yet linked to specific failure modes)

Special Considerations

Hazards linked to Safety-Critical (SC) or Cybersecurity-Critical (CC) characteristics require special treatment in downstream FMEA and control planning. Mark such hazards with isSOTIFHazard: true if they involve intentional functionality limitations (SOTIF scope).
All ASIL B-D hazards must have:
  • At least one derived Safety Goal (via derivedFrom link)
  • At least one linked System Element (via assesses link)
  • HARA Rationale documented for audit trail
Coverage checks flag hazards lacking these links as traceability gaps requiring corrective action.
Projects often start with HAZID (quick risk screening) and refine to HARA (formal functional safety analysis). Both can coexist on the same Hazard work item. Use the riskMatrix field to indicate which assessment(s) apply. The risksheet configuration filters columns based on this field value.
  • Safety Goal — Mitigation requirements derived from hazards; inherit ASIL classification
  • Harm — Specific injuries or damage resulting from hazard consequence
  • System Element — Component or subsystem being assessed by this hazard
  • Failure Mode — Downstream FMEA failure modes that contribute to this hazard
  • Characteristic — SC/CC design characteristics linked to hazard assessment
  • Risk Control — Control measures that mitigate this hazard

See Also