The Coverage Matrix view is used for keeping track of and managing the relationships between two difference structures. In the case of hazardous events identification, it provides the tools needed to create and review occurrences of a hazard in various composite situations. This article describes how to work in the Coverage Matrix view to create and work with these events. A separate article covers its use in identifying hazards.
- SWExtension.HazardIdentification.dll extension is included in your SystemWeaver client installation
- The Hazardous Events extension view is configured (this is done by a system Architect)
- A Hazard identification item in the context of a Hazard analysis area. The view activates on Hazard identification items in this context
- A "master list" exists for the hazardous event. This includes:
- Hazard items(s)
Example Initial Hazardous/Non-Hazardous Events Master List
Situations can be defined as a combination of different factors such as weather, road type, friction level, traffic participants and so on. You can use And and Or operations to define situations. The Hazard identification model supports both local Situation containers, i.e., applicable to a specific HARA analysis area and Global Situation containers, i.e., those that can be applicable across multiple HARA analysis areas. Only situations within the current context in a Situation container can be added for hazardous event identification.
Getting Acquainted with the View
The view is accessible via either an Items ribbon menu option or the View drop-down.
The view itself is divided into two sections. The top section, called Mappings, is where you will typically start your review of hazards and situations to identify whether a hazardous event exists or not. Hazardous events and non-hazardous event (N/A) items are the two types of "mapping items" in this view.
The bottom section, called Details, is also a matrix where you can perform all of the same operations that can be done above, but it presents each hazard and its situations in list form.
It also displays all configured hazardous event default attributes such as:
- Hazardous Events ID
- Severity argumentation
- Exposure argumentation
- Controllability argumentation
- ASIL (automatic)
- ASIL rationale
Driver effect (Consequence) can be specified for a hazardous event. Severity attribute can be set for this effect. The highest effect Severity will be presented as Inherited Severity for the hazardous event.
The assumed mode of operation can also be specified for hazardous events.
Modes, effects and situations can only be referenced from Hazardous event. You cannot create new ones here.
By assigning Severity, Exposure and Controllability, ASIL is automatically calculated. You can also write an argument for the assigned Severity, Exposure and Controllability.
Creating an Hazardous Event
Once you have created hazards, you are ready to create hazardous and/or non-hazardous events with the support of the Hazardous Events view. When loaded, both matrices will display the current hazards/non-hazards and situations included in the analysis structure. To start, select the Hazard identification item in the structure. In either matrix, right-click in the cell for a specific combination of hazard and situation to create a hazardous event or non-hazardous event item. If no hazardous event is identified during analysis, select N/A mapping. If a new event is to be created, select New to create the mapping.
Creating an Event in Mappings Section
Creating an Event in Details Section
In the Edit dialog, a Name for the new event will be suggested for you, which you can change, and values can be entered for the configured attributes. These can also be entered at a later time as well. Click OK to create the new hazardous event.
Each time you create a new hazardous event, or new non-hazardous event, i.e., a N/A item, the new item will display both in the view and in the structure tree under the Hazard identification.
You can create more than one hazardous event item for a particular hazard and situation composite, if applicable. In the below example, there are two hazardous events mapped to the "High speed highway low sun" and "Deactivation not possible" combination.
Adding an Existing Event
If a hazardous/non-hazardous event is identified as being associated with multiple hazard/situation composites, it can be applied multiple times. To reuse an existing event, right-click in the cell in either matrix and select Add and choose the type to add.
A Select dialog will provide a list of all existing events of the selected type for the selected hazard, i.e., in the row. Find and select the one for reuse (a Search tool is available) and click OK.
You can also Copy and Paste hazardous events to reuse on the same row.
Editing a Hazardous Event
To edit the name or attributes of an existing hazardous event, right-click on the cell and select Edit and choose the mapping to edit.
Make your changes in the dialog and click OK to save.
Deleting an Event
To delete an event, right-click on it in either the Mappings or Details matrix and select Delete. Multi-select is supported as well.
The selected hazardous event is removed for the selected h combination,, but not removed from the server. To delete it from the server, see Deleting Items and Parts.
At the bottom of the Mappings section, there are filter options to make working in the view more efficient.
Checking Not mapped will display only those hazards where there are still mapping items missing. Any hazards that have all hazardous and non-hazardous events identified will be hidden from view when the option is enabled. In the below example, there is still event identification work to be done for four hazards.
Checking Version mismatch will display in yellow only those mapping items. i.e., hazardous/non-hazardous events, where there is a mismatch between the version of the hazard and/or situation in the mapping item and the version of it in the actual structure (master lists).
Fixing a Version Mismatch
To obtain more information about a mismatch, select one of the mismatched mapping items. Information will display in Error type.
In the above example, "Situation 2 of Deactivation not possible" hazardous event is linked to version 1 of the hazard "Deactivation not possible" while a newer version (2) is now in the analysis structure in use. To fix the mismatch by updating the version from 1 to 2 in the composite, right-click on the hazardous event, click Fix version and select the version update option there. Multi-select is not supported.
To clear either filter option, uncheck the box(es) or click Clear selection.
Mapping Item Status
The view offers very useful visual support in the form of background colors for the hazardous/non-hazardous events mapping items so you can easily see the status of each. The status colors are used in both matrices. All are informational and only one is considered an error requiring a need to take action.
- If the background is white, the corresponding items are mapped.
- If the cell is empty with a white background, the corresponding items are NOT mapped.
- If the background color is gray, the corresponding items are mapped to a not-applicable (N/A) mapping item.
- If the background color is dark gray, the mapping is incomplete, i.e., one or more of the needed item(s) to complete the mapping is missing.
- If the background is yellow, one or more of the corresponding item(s) has another version than that in the actual structure (master list).
- If the background is orange, the same combination of items has been mapped into a mapping item (applicable mapping) and not-applicable item, which is contradictory. This must be corrected.
- If the background is red, one or more of the corresponding items comes from outside the actual structure (master list).
Handling Faulty Mappings
At some point during safety work, analysis areas may change and, as a result of this, faulty mappings may appear. For example, a hazard may be removed from the analysis after mappings between hazards and situations have already been made. When you select a hazard identification structure, any problem mappings will display in the Faulty mappings section.
To find out more about a faulty mapping, select it in the mappings. Information will display in the Error type section.
In the above example, "Opposite direction of Cruise Control Controller" hazard has been removed from the analysis area, but a mapping to it still exists. If it is no longer part of the scope, then the hazardous event item can be removed to resolve the faulty mapping. To do this, right-click and select Delete Hazardous event.
Find out how the Safety Analysis view can be used to identify safety goals.