The Hazard Analysis and Risk Assessment (HARA) solution supports users with hazard identification and safety goal creation using the Coverage Matrix and Safety Analysis views. The views do not rely on any hard-coded SystemWeaver IDs (SIDs). Those used in this article are from our HARA example, but any SIDs that fit your meta model will work fine. The advantage of using our SIDs is that you can then reuse our configurations without the need to change the SID. This article describes how to configure the views.
Prerequisites
- An installation of the SystemWeaver Explorer client (swExplorer)
- Knowledge of XML
- Assignment of the SW Architect role in the server
- The SWExtension.HazardIdentification extension file is located in the Client's swExplorerExtensions directory
The configuration is done in the Configure the explorer dialog, accessible from the File tab. The extension views to be configured are Coverage Matrix and Safety Analysis:
Coverage Matrix
This view can be used to track hazards and identify hazardous events. With the R37 release, It provides support for multiple mapping item types, including not-applicable types, and also an easy way to define constraints between mapping items.
Optional Attribute Types
The view does not require any hard-coded attributes, however, the following example attributes might be of interest.
Hazards (TSHA)
| Name | SID | Type | Dimension | Range |
| Hazard ID Identifier used for Hazards | I2HID | Identity | Single | |
| Annotation An optional rationale | ABAN | String | Single |
Hazardous Events (TSHE)
| Name | SID | Type | Dimension | Range |
| Hazardous Events ID Identifier used for Hazardous Events | HEID | Integer | Single | |
| Severity Definition according to ISO 26262 | 2BSE | Enumeration | Single | S0;S1;S2;S3;N/A |
| Severity argumentation Argumentation or rationale for the used Severity value | SEVARG | String | Single | |
| Exposure Definition according to ISO 26262 | 2BEC | Enumeration | String | E0;E1;E2;E3;E4;N/A |
| Exposure argumentation Argumentation or rationale for the used Exposure value | EXPARG | Sting | Single | |
| Controllability Definition according to ISO 26262 | 2BCY | Enumeration | Single | C0;C1;C2;C3;N/A |
| Controllability argumentation Argumentation or rationale for the used Controllability value | CONARG | String | Single | |
| ASIL rationale Argumentation or rationale for why an ASIL level was chosen. This attribute is often used when a different ASIL than the inherited one is set on an item. | 26AR | String | Single | |
| ASIL (computed) This attribute is computed automatically for Hazardous events according to the Severity (2BSE), Exposure (2BEC), and Controllability (2BCY) attributes of the current item. For all other Item types, the attribute is used to show the maximum ASIL of the items that the current item points to | 26CAS | Computed | Single | Example Path: if SID='TSHE' then (if @2BCY='C1' and @2BEC='E3' and (@2BSE='S3' or @2BSE='N/A') then 'A' else (if @2BCY='C1' and (@2BEC='E4' or @2BEC='N/A') and @2BSE='S2' then 'A' else (if @2BCY='C1' and (@2BEC='E4' or @2BEC='N/A') and (@2BSE='S3' or @2BSE='N/A') then 'B' else (if @2BCY='C2' and @2BEC='E2' and (@2BSE='S3' or @2BSE='N/A') then 'A' else (if @2BCY='C2' and @2BEC='E3' and @2BSE='S2' then 'A' else (if @2BCY='C2' and @2BEC='E3' and (@2BSE='S3' or @2BSE='N/A') then 'B' else (if @2BCY='C2' and (@2BEC='E4' or @2BEC='N/A') and @2BSE='S1' then 'A' else (if @2BCY='C2' and (@2BEC='E4' or @2BEC='N/A') and @2BSE='S2' then 'B' else (if @2BCY='C2' and (@2BEC='E4' or @2BEC='N/A') and (@2BSE='S3' or @2BSE='N/A') then 'C' else (if (@2BCY='C3' or @2BCY='N/A') and @2BEC='E1' and (@2BSE='S3' or @2BSE='N/A') then 'A' else (if (@2BCY='C3' or @2BCY='N/A') and @2BEC='E2' and @2BSE='S2' then 'A' else (if (@2BCY='C3' or @2BCY='N/A') and @2BEC='E2' and (@2BSE='S3' or @2BSE='N/A') then 'B' else (if (@2BCY='C3' or @2BCY='N/A') and @2BEC='E3' and @2BSE='S1' then 'A' else (if (@2BCY='C3' or @2BCY='N/A') and @2BEC='E3' and @2BSE='S2' then 'B' else (if (@2BCY='C3' or @2BCY='N/A') and @2BEC='E3' and (@2BSE='S3' or @2BSE='N/A') then 'C' else (if (@2BCY='C3' or @2BCY='N/A') and (@2BEC='E4' or @2BEC='N/A') and @2BSE='S1' then 'B' else (if (@2BCY='C3' or @2BCY='N/A') and (@2BEC='E4' or @2BEC='N/A') and @2BSE='S2' then 'C' else (if (@2BCY='C3' or @2BCY='N/A') and (@2BEC='E4' or @2BEC='N/A') and (@2BSE='S3' or @2BSE='N/A') then 'D' else (if @2BCY='' or @2BEC='' or @2BSE='' then 'Unclassified' else'QM'))))))))))))))))))) else (if SID='EASG' then (f:=/SGDF.Select(@26CAS); if f= [] then '' else (if 'D' in f then 'D' else (if 'C' in f then 'C' else (if 'B' in f then 'B' else (if 'A' in f then 'A' else (if 'QM' in f then 'QM' else '<missing ASIL>')))))) else (f:=((/I2SR) union (/IDFF/I2SR) union (/IDRE/IDFF/I2SR) union (/ITSR/I2SR)).Select(@26AS); highest:= if f= [] then '' else (if 'D' in f then 'D' else (if 'C' in f then 'C' else (if 'B' in f then 'B' else (if 'A' in f then 'A' else (if 'QM' in f then 'QM' else '<missing ASIL>'))))); u:=(/I2SR union /IDFF union /ITFC union /5IRR/5IDS*/IDRE union /5IRS/5ISS*/ITSR).Select(@26AS); UpperLevel:= if u= [] then '' else (if 'D' in u then 'D' else (if 'C' in u then 'C' else (if 'B' in u then 'B' else (if 'A' in u then 'A' else (if 'QM' in u then 'QM' else ''))))); if highest != '' then (if highest !=UpperLevel then UpperLevel + '(' + highest + ')' else UpperLevel) else UpperLevel)) |
ASIL (automatic) This attribute is computed automatically according to the Severity (2BSE), Exposure (2BEC), and Controllability (2BCY) attributes of the current item | EAA1 | Custom | Single |
Example Configuration
<CoverageMatrixConfigs>
<!--Hazards view: a view to elicit and overview hazards -->
<CoverageMatrixConfig id="11">
<MainItem itemType="CNDE"/>
<ViewSettings>
<Caption>Hazards</Caption>
<RibbonGroup>HARA</RibbonGroup>
<Description>A view to elicit and overview hazards</Description>
<Image typeImage="206"/>
</ViewSettings>
<Parameters>
<Parameter caption="HARA Analysis Area" name="p" hintContextPath="I2AHA" >
<Values>
<ForEachPathReference path="I2AHA">
<AddValue/>
</ForEachPathReference>
</Values>
</Parameter>
</Parameters>
<CoverageMatrixParameter select="$p"/>
<MappingItem itemType="TSHA">
<UIName>HazardWithConstraintMapping</UIName>
<PartFromMainToMapping partType="DEHA" />
<ConstraintItems>26NH</ConstraintItems>
<Attributes>ABAN;XANO;APPV;AAAA;IDGO;DTNV;2AP2;ATDD;STD;XAFD</Attributes>
<DefaultMappingName>#{?$Row@SA0009}</DefaultMappingName>
</MappingItem>
<MappingItem itemType ="26NH" notApplicable="true" quickAddMapping="true">
<UIName>Custom N/A</UIName>
<PartFromMainToMapping partType="I2NHZDS" />
<ConstraintItems>TSHA;26NH</ConstraintItems>
<Attributes>ABAN;XABD</Attributes>
<DefaultMappingName>#{Column} of #{Row}</DefaultMappingName>
</MappingItem>
<ColumnItems>
<UIName>Guideword</UIName>
<PathFromMain>$p/I2GWCT/I2GL</PathFromMain>
<PartFromMappings>
<PartFromMapping partType="I2GW" defItemType="26GW" />
</PartFromMappings >
</ColumnItems>
<RowItems>
<UIName>Item detail</UIName>
<PathFromMain>/DEIT/I2SID union /DEIT/I2IRQ</PathFromMain>
<PartFromMappings>
<PartFromMapping partType ="I2HO" defItemType="2SE90" />
<PartFromMapping partType="I2HARQ" defItemType="CONTRACT" />
<PartFromMapping partType="I2HO" defItemType="2SE91" />
</PartFromMappings>
</RowItems>
</CoverageMatrixConfig>
<!--Hazardous events view: a view to elicit and overview hazardous events-->
<CoverageMatrixConfig id="22">
<MainItem itemType="CNDE"/>
<ViewSettings>
<Caption>Hazardous events</Caption>
<RibbonGroup>HARA</RibbonGroup>
<Description>A view to elicit and overview hazardous events</Description>
<Image typeImage="204"/>
</ViewSettings>
<Parameters>
<Parameter caption="HARA Analysis Area" name="p" hintContextPath="I2AHA" >
<Values>
<ForEachPathReference path="I2AHA">
<AddValue/>
</ForEachPathReference>
</Values>
</Parameter>
</Parameters>
<CoverageMatrixParameter select="$p"/>
<MappingItem itemType="TSHE">
<UIName>Hazardous event</UIName>
<PartFromMainToMapping partType="DEHE" />
<Attributes>HEID;2BSE;SEVARG;2BEC;EXPARG;2BCY;CONARG;26AR</Attributes>
<DefaultMappingName>#{Column} of #{Row}</DefaultMappingName>
</MappingItem>
<MappingItem itemType="TSHE">
<UIName>Hazardous event with Constraint</UIName>
<PartFromMainToMapping partType="DEHE" />
<ConstraintItems>NHZEV</ConstraintItems>
<Attributes>ABAN</Attributes>
<DefaultMappingName>#{?$Column/I2CSIT}</DefaultMappingName>
</MappingItem>
<MappingItem itemType ="NHZEV" notApplicable="true" quickAddMapping="true">
<UIName>Custom N/A</UIName>
<PartFromMainToMapping partType="I2NHZDS" />
<ConstraintItems>TSHE;NHZEV</ConstraintItems>
<Attributes>ABAN;XABD</Attributes>
<DefaultMappingName>#{Column} of #{Row}</DefaultMappingName>
</MappingItem>
<ColumnItems>
<UIName>Situation</UIName>
<PathFromMain>$p/I2STCN/I2CMPSIT</PathFromMain>
<PartFromMappings>
<PartFromMapping partType ="HEH" defItemType="TSHA" />
<PartFromMapping partType="I2CMPST" defItemType="I2COMSIT" />
<PartFromMapping partType="I2GH" defItemType="26GH" />
<PartFromMapping partType="TRASIT" defItemType="I2LA" />
</PartFromMappings >
</ColumnItems>
<RowItems>
<UIName>Hazard</UIName>
<PathFromMain>/DEHA</PathFromMain>
<PartFromMappings>
<PartFromMapping partType ="HEH" defItemType="TSHA" />
<PartFromMapping partType="I2CMPST" defItemType="I2COMSIT" />
<PartFromMapping partType="I2GH" defItemType="26GH" />
<PartFromMapping partType="TRASIT" defItemType="I2LA" />
</PartFromMappings>
</RowItems>
</CoverageMatrixConfig>
</CoverageMatrixConfigs>Explanation of the Configuration Elements
The <CoverageMatrixConfigs> and <CoverageMatrixConfig> elements build the structure of the configuration and the individual configurations.
- The id attribute in <CoverageMatrixConfig> is required, identifies the specific configuration, and should be a unique string value when multiple configurations exist in CoverageMatrixConfigs.
<MainItemType> identifies the item type for which the configuration is valid.
- The itemType attribute is required, and is the SID of the main item type.
<ViewSettings> enables you to set a custom view menu label, menu group, hover-tip, icon, for the view. See How to Configure Item View Menu Button Settings.
The optional <Parameters> offers parameterization, allowing the user to select which item to include in the view. The value of the parameters can be used further down in <PathFromMain> for both <CoulmnItems>, <RowItems> and in the <CoverageMatrixParameter>.
The optional <CoverageMatrixParameter> is required when working with custom attributes which requires contextual input.
The <MappingItem> defines the mapping item properties, which are SID, UIName, PartFromMainToMapping item, attributes, and default name.
- The attribute itemType is required and is the SID of the mapping item type.
Version R37 and later: The MappingItem can include two optional attributes notApplicable="true" and quickAddMapping="true".
- The notApplicable attribute will grey out the cell that has a mapping of this type.
- The quickAddMapping option will bypass the attribute editing window and create the mapping directly. Attributes can still be edited after creation.
- <UIName> specifies the user interface label for the mapping item.
- <PartFromMainToMapping> specifies the part type from the main item type to mapping item type.
- The attribute partType is the part SID from the main item type to mapping item type.
- The optional <ConstraintItems> tag specifies the mapping itemtypes which cannot co-exist with the current <MappingItem itemType>. When used, users will not be able to add additional mappings of the types found in <ConstraintItems> to any cell which contains the mapping item type defined in <MappingItem itemType>.
- <Attributes> is for the attribute SIDs for the mapping item type, which will result in including them in both the view and Create New window. The following Attribute types and occurrences are supported:
- Boolean: Single
- Date: Single
- Enumeration: Single
- Float: Single
- Integer: Single
- String: Single
- Text: Single
Versions R37 and later also supports the following types: - Computed: Single
- Identity: Single
- User: Single
- Custom Identity: Single
- Custom Computed: Single
- <DefaultMappingName> defines the default name for the mapping item, which can be a combination between ColumnValue, StringValue, and RowValue (in any order). With Versions R37 and later, a Path Language query can also be used.
The <NotApplicableItem>, similar to the <MappingItem>, defines the not-applicable Item properties, which are UIName, SID, PartFromMainToMapping item, attributes, and default name.
- The attribute itemType is the SID of the not-applicable mapping item type. Note: This tag was replaced in version R37 by the use of the notApplicable="true" attribute on <MappingItem>.
The <ColumnItems> includes options that control the appearance in the UI, collecting column items and defining part(s) from mapping to column item.
- <UIName> specifies the user interface label for the column item type.
- <PathFromMain> is a path expression (see SystemWeaver Path Query Language) to find all column items. This path can include parameter(s), allowing users to select which item to include in a column list.
- <PartFromMappings> is a grouping for PartFromMapping to ColumnItems. This tag can include one or more <PartFromMapping partType="" defItemType=""/>.
- <PartFromMapping>specifies the part type from the mapping item to the column item.
- The partType attribute is the SID of the PartFromMapping item to column item
- The defItem attribute is the SID of the defobj item (column item).
The <RowItems>, similar to<ColumnItems>, includes options that control the appearance in the UI, collecting row items and defining part(s) from mapping to row item.
- <UIName> specifies the user interface label for the row item type.
- <PathFromMain> is a path expression (see SystemWeaver Path Query Language) to find all row items. This path can include parameter(s), allowing users to select which item to include in a row list.
- <PartFromMappings> is a grouping for PartFromMapping to RowItems. This tag can include one or more <PartFromMapping partType="" defItemType=""/>.
- <PartFromMapping>specifies the part type from the mapping item to the row item.
- The partType attribute is the SID of the part from mapping item to row item.
- The defItem attribute is the SID of the defobj item (row item).
Example Result
Hazards
Hazardous Events
Safety Analysis
This view can be used to identify safety goals that will mitigate hazardous events that have been identified. It supports a single mapping item type.
Abstract Data Pattern
Optional Attribute Types
The view does not require any hard-coded attributes, however, the following example attributes might be of interest.
Safety Goal (EASG)
| Name | SID | Type | Dimension | Range |
| Safety Goal ID Identifier used for Safety Goals | REID | String | Single | |
ASIL (automatic) This attribute is computed automatically according to the Severity (2BSE), Exposure (2BEC), and Controllability (2BCY) attributes of the current item | EAA1 | Custom | Single |
Example Configuration
<SafetyAnalysisConfigs>
<SafetyAnalysisConfig id="33">
<MainItem itemType="CNDE"/>
<ViewSettings>
<Caption>Safety goals</Caption>
<RibbonGroup>HARA</RibbonGroup>
<Description>A view to elicit and overview safety goal</Description>
<Image typeImage="125"/>
</ViewSettings>
<MappingItem itemType="EASG">
<UIName>Safety goal</UIName>
<PartFromMainToMappingItem partType="DESG"/>
<Attributes>REID;EAA1</Attributes>
<DefaultMappingName> XYZ of #{Row}</DefaultMappingName>
</MappingItem>
<RowItems>
<UIName>Hazardous event</UIName>
<PathFromMain>/DEHE[@26CAS != 'QM']</PathFromMain>
<PartFromMappingItem partType="SGDF"/>
<Attributes>26SG;26AS</Attributes>
</RowItems>
</SafetyAnalysisConfig>
</SafetyAnalysisConfigs>Explanation of the Configuration Elements
The <SafetyAnalysisConfigs> and <SafetyAnalysisConfig> elements build the structure of the configuration and the individual configurations.
- The id attribute in <SafetyAnalysisConfig > identifies the specific configuration, and should be a unique string value when multiple configurations exist in SafetyAnalysisConfigs.
<MainItem> identifies the item type for which the configuration is valid.
- The itemType attribute is the SID of the main item type.
The <MappingItem> defines the mapping item properties, which are SID, UIName, PartFromMainToMappingItem , attributes, and default name. The attribute itemType is the SID of the mapping item type.
- <UIName> specifies the user interface label for the mapping item.
- <PartFromMainToMappingItem> specifies the part type from the main item type to mapping item type.
- The attribute partType is the part SID from the main item type to mapping item type.
- <Attributes> is for the attribute SIDs for the mapping item type, which will result in including them in both the view and Create New window. The following Attribute types and occurrences are supported:
- Boolean: Single
- Date: Single
- Enumeration: Single
- Float: Single
- Integer: Single
- String: Single
- Text: Single
- <DefaultMappingName> defines the default name for the mapping item, which can be a combination between StringValue and RowValue (in any order).
The <RowItems> includes options that control the appearance in the UI, collecting row items and defining part from mapping to row item.
- <UIName> specifies the user interface label for the row item type.
- <PathFromMain> is a path expression (see SystemWeaver Path Query Language) to find all row items.
- <PartFromMappingItem> specifies the part type from the mapping item to the row item.
- The partType attribute is the SID of the part from mapping item to row item.
- <Attributes> is for the attribute SIDs for the mapping item type, which will result in including them in the view. The following Attribute types and occurrences are supported:
- Boolean: Single
- Date: Single
- Enumeration: Single
- Float: Single
- Integer: Single
- String: Single
- Text: Single
Example Result
What's Next?
Check out examples of configured safety grids, graphs and charts.