The Hazard Analysis and Risk Assessment (HARA) solution supports users with hazard identification and safety goal creation using the Coverage Matrix and Safety Analysis views. The views do not rely on any hard-coded SystemWeaver IDs (SIDs). Those used in this article are from our HARA example, but any SIDs that fit your meta model will work fine. The advantage of using our SIDs is that you can then reuse our configurations without the need to change the SID. This article describes how to configure the views.


Prerequisites

  • An installation of the SystemWeaver Explorer client (swExplorer)
  • Knowledge of XML
  • Assignment of the SW Architect role in the server
  • The SWExtension.HazardIdentification extension file is located in the Client's swExplorerExtensions directory


The configuration is done in the Configure the explorer dialog, accessible from the File tab. The extension views to be configured are Coverage Matrix and Safety Analysis



Coverage Matrix

This view can be used to track hazards and identify hazardous events. With the R37 release, It provides support for multiple mapping item types, including not-applicable types, and also an easy way to define constraints between mapping items. 


Optional Attribute Types

The view does not require any hard-coded attributes, however, the following example attributes might be of interest.


Hazards (TSHA)

NameSIDTypeDimensionRange
Hazard ID
Identifier used for Hazards
I2HIDIdentitySingle
Annotation
An optional rationale
ABANStringSingle


Hazardous Events (TSHE)

NameSIDTypeDimensionRange
Hazardous Events ID
Identifier used for Hazardous Events
HEIDIntegerSingle
Severity
Definition according to ISO 26262
2BSE
EnumerationSingleS0;S1;S2;S3;N/A
Severity argumentation
Argumentation or rationale for the used Severity value
SEVARG
StringSingle
Exposure
Definition according to ISO 26262
2BEC
EnumerationStringE0;E1;E2;E3;E4;N/A
Exposure argumentation
Argumentation or rationale for the used Exposure value
EXPARG
StingSingle
Controllability
Definition according to ISO 26262
2BCY
EnumerationSingleC0;C1;C2;C3;N/A
Controllability argumentation
Argumentation or rationale for the used Controllability value
CONARG
StringSingle
ASIL rationale
Argumentation or rationale for why an ASIL level was chosen. This attribute is often used when a different ASIL than the inherited one is set on an item.
26AR
StringSingle
ASIL (computed)
This attribute is computed automatically for Hazardous events according to the Severity (2BSE), Exposure (2BEC), and Controllability (2BCY) attributes of the current item. For all other Item types, the attribute is used to show the maximum ASIL of the items that the current item points to
26CASComputedSingleExample Path: 

if SID='TSHE' then (if @2BCY='C1' and @2BEC='E3' and (@2BSE='S3' or @2BSE='N/A') then 'A' else (if @2BCY='C1' and (@2BEC='E4' or @2BEC='N/A') and @2BSE='S2' then 'A' else (if @2BCY='C1' and (@2BEC='E4' or @2BEC='N/A') and (@2BSE='S3' or @2BSE='N/A') then 'B' else (if @2BCY='C2' and  @2BEC='E2' and (@2BSE='S3' or @2BSE='N/A') then 'A' else (if @2BCY='C2' and  @2BEC='E3' and @2BSE='S2' then 'A' else (if @2BCY='C2' and  @2BEC='E3' and (@2BSE='S3' or @2BSE='N/A') then 'B' else (if @2BCY='C2' and  (@2BEC='E4' or @2BEC='N/A') and @2BSE='S1' then 'A' else (if @2BCY='C2' and  (@2BEC='E4' or @2BEC='N/A') and @2BSE='S2' then 'B' else (if @2BCY='C2' and (@2BEC='E4' or @2BEC='N/A') and (@2BSE='S3' or @2BSE='N/A') then 'C' else (if (@2BCY='C3' or @2BCY='N/A') and  @2BEC='E1' and (@2BSE='S3' or @2BSE='N/A') then 'A' else (if (@2BCY='C3' or @2BCY='N/A') and  @2BEC='E2' and @2BSE='S2' then 'A' else (if (@2BCY='C3' or @2BCY='N/A') and  @2BEC='E2' and (@2BSE='S3' or @2BSE='N/A') then 'B' else (if (@2BCY='C3' or @2BCY='N/A') and  @2BEC='E3' and @2BSE='S1' then 'A' else (if (@2BCY='C3' or @2BCY='N/A') and  @2BEC='E3' and @2BSE='S2' then 'B' else (if (@2BCY='C3' or @2BCY='N/A') and  @2BEC='E3' and (@2BSE='S3' or @2BSE='N/A') then 'C' else (if (@2BCY='C3' or @2BCY='N/A') and (@2BEC='E4' or @2BEC='N/A') and @2BSE='S1' then 'B' else (if (@2BCY='C3' or @2BCY='N/A') and (@2BEC='E4' or @2BEC='N/A') and @2BSE='S2' then 'C' else (if (@2BCY='C3' or @2BCY='N/A') and  (@2BEC='E4' or @2BEC='N/A') and (@2BSE='S3' or @2BSE='N/A') then 'D' else (if @2BCY=''  or  @2BEC='' or @2BSE='' then 'Unclassified' else'QM')))))))))))))))))))


else (if SID='EASG' then (f:=/SGDF.Select(@26CAS); if f= [] then '' else (if 'D' in f then 'D' else (if 'C' in f then 'C' else (if 'B' in f then 'B' else (if 'A' in f then 'A' else (if 'QM' in f then 'QM' else '<missing ASIL>')))))) 


else 

  (f:=((/I2SR) union (/IDFF/I2SR) union (/IDRE/IDFF/I2SR) union (/ITSR/I2SR)).Select(@26AS); 

  highest:= if f= [] then '' else (if 'D' in f then 'D' else (if 'C' in f then 'C' else (if 'B' in f then 'B' else (if 'A' in f then 'A' else (if 'QM' in f then 'QM' else '<missing ASIL>'))))); 


  u:=(/I2SR union /IDFF union /ITFC union /5IRR/5IDS*/IDRE union /5IRS/5ISS*/ITSR).Select(@26AS);

  UpperLevel:= if u= [] then '' else (if 'D' in u then 'D' else (if 'C' in u then 'C' else (if 'B' in u then 'B' else (if 'A' in u then 'A' else (if 'QM' in u then 'QM' else '')))));


  if highest != '' then 

    (if highest !=UpperLevel then UpperLevel + '(' + highest + ')' else UpperLevel) else UpperLevel))

ASIL (automatic)

This attribute is computed automatically according to the Severity (2BSE), Exposure (2BEC), and Controllability (2BCY) attributes of the current item

EAA1CustomSingle


Example Configuration

<CoverageMatrixConfigs> 
<!--Hazards view: a view to elicit and overview hazards -->
    <CoverageMatrixConfig id="11">
        <MainItem itemType="CNDE"/>
        <ViewSettings>
            <Caption>Hazards</Caption>
            <RibbonGroup>HARA</RibbonGroup>
            <Description>A view to elicit and overview hazards</Description>
            <Image typeImage="206"/>
        </ViewSettings> 
        <Parameters>                                
            <Parameter caption="HARA Analysis Area" name="p" hintContextPath="I2AHA"  > 
                <Values>
                    <ForEachPathReference path="I2AHA">
                        <AddValue/>
                    </ForEachPathReference>   
                </Values>
            </Parameter>                
        </Parameters> 
        <CoverageMatrixParameter select="$p"/>		
        <MappingItem itemType="TSHA">
            <UIName>HazardWithConstraintMapping</UIName>
            <PartFromMainToMapping partType="DEHA" />  
            <ConstraintItems>26NH</ConstraintItems>
            <Attributes>ABAN;XANO;APPV;AAAA;IDGO;DTNV;2AP2;ATDD;STD;XAFD</Attributes>
            <DefaultMappingName>#{?$Row@SA0009}</DefaultMappingName>
        </MappingItem>
        <MappingItem itemType ="26NH" notApplicable="true" quickAddMapping="true">
            <UIName>Custom N/A</UIName>
            <PartFromMainToMapping partType="I2NHZDS" />
            <ConstraintItems>TSHA;26NH</ConstraintItems>
            <Attributes>ABAN;XABD</Attributes>
            <DefaultMappingName>#{Column} of #{Row}</DefaultMappingName>
        </MappingItem>
        <ColumnItems>
            <UIName>Guideword</UIName>
            <PathFromMain>$p/I2GWCT/I2GL</PathFromMain>
            <PartFromMappings>
                <PartFromMapping partType="I2GW" defItemType="26GW" />
            </PartFromMappings >
        </ColumnItems>
        <RowItems>
            <UIName>Item detail</UIName>
            <PathFromMain>/DEIT/I2SID union /DEIT/I2IRQ</PathFromMain>
            <PartFromMappings>
                <PartFromMapping partType ="I2HO" defItemType="2SE90" />
                <PartFromMapping partType="I2HARQ" defItemType="CONTRACT" />
                <PartFromMapping partType="I2HO" defItemType="2SE91" />
            </PartFromMappings>
        </RowItems>
    </CoverageMatrixConfig>
    <!--Hazardous events view: a view to elicit and overview hazardous events-->

    <CoverageMatrixConfig id="22">
        <MainItem itemType="CNDE"/>
        <ViewSettings>
            <Caption>Hazardous events</Caption>
            <RibbonGroup>HARA</RibbonGroup>
            <Description>A view to elicit and overview hazardous events</Description>
            <Image typeImage="204"/>
        </ViewSettings>
        <Parameters>                                
            <Parameter caption="HARA Analysis Area" name="p" hintContextPath="I2AHA"  > 
                <Values>
                    <ForEachPathReference path="I2AHA">
                        <AddValue/>
                    </ForEachPathReference>   
                </Values>
            </Parameter>     
        </Parameters>
		<CoverageMatrixParameter select="$p"/>	
        <MappingItem itemType="TSHE">
            <UIName>Hazardous event</UIName>
            <PartFromMainToMapping partType="DEHE" />
            <Attributes>HEID;2BSE;SEVARG;2BEC;EXPARG;2BCY;CONARG;26AR</Attributes> 
            <DefaultMappingName>#{Column} of #{Row}</DefaultMappingName> 
        </MappingItem>
		<MappingItem itemType="TSHE">
            <UIName>Hazardous event with Constraint</UIName>
            <PartFromMainToMapping partType="DEHE" />  
            <ConstraintItems>NHZEV</ConstraintItems>
            <Attributes>ABAN</Attributes>
            <DefaultMappingName>#{?$Column/I2CSIT}</DefaultMappingName>
        </MappingItem>
		<MappingItem itemType ="NHZEV" notApplicable="true" quickAddMapping="true">
            <UIName>Custom N/A</UIName>
            <PartFromMainToMapping partType="I2NHZDS" />
            <ConstraintItems>TSHE;NHZEV</ConstraintItems>
            <Attributes>ABAN;XABD</Attributes>
            <DefaultMappingName>#{Column} of #{Row}</DefaultMappingName>
        </MappingItem>
        <ColumnItems>
            <UIName>Situation</UIName>
            <PathFromMain>$p/I2STCN/I2CMPSIT</PathFromMain>
            <PartFromMappings>
                <PartFromMapping partType ="HEH" defItemType="TSHA" />
                <PartFromMapping partType="I2CMPST" defItemType="I2COMSIT" />
                <PartFromMapping partType="I2GH" defItemType="26GH" />
                <PartFromMapping partType="TRASIT" defItemType="I2LA" />
            </PartFromMappings >
        </ColumnItems>
        <RowItems>
            <UIName>Hazard</UIName>
            <PathFromMain>/DEHA</PathFromMain>
            <PartFromMappings>
                <PartFromMapping partType ="HEH" defItemType="TSHA" />
                <PartFromMapping partType="I2CMPST" defItemType="I2COMSIT" />
                <PartFromMapping partType="I2GH" defItemType="26GH" />
                <PartFromMapping partType="TRASIT" defItemType="I2LA" />
            </PartFromMappings>
        </RowItems>
    </CoverageMatrixConfig>
</CoverageMatrixConfigs>

Explanation of the Configuration Elements

The <CoverageMatrixConfigs> and <CoverageMatrixConfig> elements build the structure of the configuration and the individual configurations. 

  • The id attribute in <CoverageMatrixConfig> is required, identifies the specific configuration, and should be a unique string value when multiple configurations exist in CoverageMatrixConfigs.


<MainItemType> identifies the item type for which the configuration is valid. 

  • The itemType attribute is required, and is the SID of the main item type.


<ViewSettings> enables you to set a custom view menu label, menu group, hover-tip, icon, for the view. See How to Configure Item View Menu Button Settings. 


The optional <Parameters> offers parameterization, allowing the user to select which item to include in the view. The value of the parameters can be used further down in <PathFromMain> for both <CoulmnItems>, <RowItems> and in the <CoverageMatrixParameter>.


The optional <CoverageMatrixParameter> is required when working with custom attributes which requires contextual input.


The <MappingItem> defines the mapping item properties, which are SID, UIName, PartFromMainToMapping item, attributes, and default name. 

  • The attribute itemType is required and is the SID of the mapping item type.  

Version R37 and later: The MappingItem can include two optional attributes notApplicable="true" and quickAddMapping="true". 

  • The notApplicable attribute will grey out the cell that has a mapping of this type. 
  • The quickAddMapping option will bypass the attribute editing window and create the mapping directly. Attributes can still be edited after creation.
  • <UIName> specifies the user interface label for the mapping item.
  • <PartFromMainToMapping> specifies the part type from the main item type to mapping item type.
    • The attribute partType is the part SID from the main item type to mapping item type.
  • The optional <ConstraintItems> tag specifies the mapping itemtypes which cannot co-exist with the current <MappingItem itemType>. When used, users will not be able to add additional mappings of the types found in <ConstraintItems> to any cell which contains the mapping item type defined in <MappingItem itemType>.
  • <Attributes> is for the attribute SIDs for the mapping item type, which will result in including them in both the view and Create New window. The following Attribute types and occurrences are supported: 
    • Boolean: Single
    • Date: Single
    • Enumeration: Single
    • Float: Single
    • Integer: Single
    • String: Single
    • Text: Single
      Versions R37 and later also supports the following types:
    • Computed: Single 
    • Identity: Single
    • User: Single
    • Custom Identity: Single
    • Custom Computed: Single
  • <DefaultMappingName> defines the default name for the mapping item, which can be a combination between ColumnValue, StringValue, and RowValue (in any order). With Versions R37 and later, a Path Language query can also be used.


The <NotApplicableItem>, similar to the <MappingItem>, defines the not-applicable Item properties, which are UIName, SID, PartFromMainToMapping item, attributes, and default name. 

  • The attribute itemType is the SID of the not-applicable mapping item type. Note: This tag was replaced in version R37 by the use of the notApplicable="true" attribute on <MappingItem>.


The <ColumnItems> includes options that control the appearance in the UI, collecting column items and defining part(s) from mapping to column item.  

  • <UIName> specifies the user interface label for the column item type.
  • <PathFromMain> is a path expression (see SystemWeaver Path Query Language) to find all column items. This path can include parameter(s), allowing users to select which item to include in a column list.
  • <PartFromMappings> is a grouping for PartFromMapping to ColumnItems. This tag can include one or more <PartFromMapping partType="" defItemType=""/>.
  • <PartFromMapping>specifies the part type from the mapping item to the column item. 
    • The partType attribute is the SID of the PartFromMapping item to column item
    • The defItem attribute is the SID of the defobj item (column item).

 

The <RowItems>, similar to<ColumnItems>, includes options that control the appearance in the UI, collecting row items and defining part(s) from mapping to row item.  

  • <UIName> specifies the user interface label for the row item type.
  • <PathFromMain> is a path expression (see SystemWeaver Path Query Language) to find all row items. This path can include parameter(s), allowing users to select which item to include in a row list.
  • <PartFromMappings> is a grouping for PartFromMapping to RowItems. This tag can include one or more <PartFromMapping partType="" defItemType=""/>.
  • <PartFromMapping>specifies the part type from the mapping item to the row item. 
    • The partType attribute is the SID of the part from mapping item to row item.
    • The defItem attribute is the SID of the defobj item (row item).


Example Result

Hazards

Hazardous Events


Safety Analysis

This view can be used to identify safety goals that will mitigate hazardous events that have been identified. It supports a single mapping item type. 


Abstract Data Pattern

Optional Attribute Types

The view does not require any hard-coded attributes, however, the following example attributes might be of interest.


Safety Goal (EASG)

NameSIDTypeDimensionRange
Safety Goal ID
Identifier used for Safety Goals
REIDStringSingle

ASIL (automatic)

This attribute is computed automatically according to the Severity (2BSE), Exposure (2BEC), and Controllability (2BCY) attributes of the current item

EAA1
CustomSingle


Example Configuration

<SafetyAnalysisConfigs> 
<SafetyAnalysisConfig id="33">
        <MainItem itemType="CNDE"/>                           
        <ViewSettings>
            <Caption>Safety goals</Caption>
            <RibbonGroup>HARA</RibbonGroup>
            <Description>A view to elicit and overview safety goal</Description>
            <Image typeImage="125"/>
        </ViewSettings>

        <MappingItem itemType="EASG"> 
            <UIName>Safety goal</UIName>
            <PartFromMainToMappingItem partType="DESG"/>
            <Attributes>REID;EAA1</Attributes>
            <DefaultMappingName> XYZ of #{Row}</DefaultMappingName> 
        </MappingItem>

        <RowItems>
            <UIName>Hazardous event</UIName>
            <PathFromMain>/DEHE[@26CAS != 'QM']</PathFromMain>
            <PartFromMappingItem partType="SGDF"/>
            <Attributes>26SG;26AS</Attributes>              
        </RowItems>
    </SafetyAnalysisConfig> 
</SafetyAnalysisConfigs>

Explanation of the Configuration Elements

The <SafetyAnalysisConfigs> and <SafetyAnalysisConfig> elements build the structure of the configuration and the individual configurations. 

  • The id attribute in <SafetyAnalysisConfig > identifies the specific configuration, and should be a unique string value when multiple configurations exist in SafetyAnalysisConfigs.


 <MainItem>  identifies the item type for which the configuration is valid. 

  • The itemType attribute is the SID of the main item type.
<ViewSettings> See the view setting description for the CoverageMatrixConfigs above.

The <MappingItem> defines the mapping item properties, which are SID, UIName, PartFromMainToMappingItem , attributes, and default name. The attribute itemType is the SID of the mapping item type.

  • <UIName> specifies the user interface label for the mapping item.
  • <PartFromMainToMappingItem> specifies the part type from the main item type to mapping item type. 
    • The attribute partType is the part SID from the main item type to mapping item type.
  • <Attributes> is for the attribute SIDs for the mapping item type, which will result in including them in both the view and Create New window. The following Attribute types and occurrences are supported: 
    • Boolean: Single
    • Date: Single
    • Enumeration: Single
    • Float: Single
    • Integer: Single
    • String: Single
    • Text: Single
  • <DefaultMappingName> defines the default name for the mapping item, which can be a combination between  StringValue and RowValue (in any order).

The <RowItems> includes options that control the appearance in the UI, collecting row items and defining part from mapping to row item.  

  • <UIName> specifies the user interface label for the row item type.
  • <PathFromMain> is a path expression (see SystemWeaver Path Query Language) to find all row items. 
  • <PartFromMappingItem> specifies the part type from the mapping item to the row item. 
  • The partType attribute is the SID of the part from mapping item to row item.
  • <Attributes> is for the attribute SIDs for the mapping item type, which will result in including them in the view. The following Attribute types and occurrences are supported: 
    • Boolean: Single
    • Date: Single
    • Enumeration: Single
    • Float: Single
    • Integer: Single
    • String: Single
    • Text: Single



Example Result


What's Next?

Check out examples of configured safety grids, graphs and charts