ISO 26262 is an international standard for automotive functional safety, providing guidelines to systematically ensure safety throughout the system development process. Within this standard, the “Hazard Analysis and Risk Assessment (HARA)” is a critical activity conducted early in system design to define safety goals and outline initial steps to mitigate risks. In this blog, we will explore the hazard analysis process and key aspects of ISO 26262 HARA.
1. Purpose of HARA
The primary objectives of HARA as defined by the ISO 26262 standard are:
Identification and classification of hazardous events caused by system (item) malfunctions.
Establishment of safety goals and allocation of Automotive Safety Integrity Levels (ASIL) to avoid unreasonable risks.
HARA is conducted during the early stages of system design, and the safety requirements derived from it form the foundation of the entire development process.
2. Key Stages of HARA
HARA is a process defined in ISO 26262 Part 3 (Concept Phase) and generally consists of the following stages:
(Further content will detail these stages as per the original document.)
(1) Situation Analysis and Hazard Identification
The first step in HARA involves analyzing and identifying potential hazardous situations. Key considerations during this process include:
Accounting for reasonable misuse scenarios as well as normal operating conditions.
Defining all hazards at the vehicle level.
Using systematic methods such as FMEA (Failure Mode and Effects Analysis) or HAZOP (Hazard and Operability Study) for hazard identification.
Considering the combined effects of multiple simultaneous functional losses.
(2) Classification of Hazardous Events
Identified hazardous events are classified based on the following three criteria:
Severity (S): The potential severity of harm caused by the hazard.
S0: No injury
S1: Minor or moderate injury
S2: Severe injury, life-threatening but survivable
S3: Fatal injury or injuries with uncertain survival
Exposure (E): The likelihood of the situation occurring.
E0: Improbable
E1: Very low probability
E2: Low probability
E3: Medium probability
E4: High probability
Controllability (C): The ability of the driver or system to control the situation.
C0: Generally controllable
C1: Easily controllable
C2: Moderately controllable
C3: Difficult or uncontrollable
(3) Risk Assessment
Each identified hazard is evaluated using the following three criteria to determine the Automotive Safety Integrity Level (ASIL):
Severity (S): The potential impact or harm severity if the hazard occurs.
Exposure (E): The probability of the hazardous situation arising.
Controllability (C): The ease with which the driver or system can mitigate the hazard.
These three factors are defined explicitly by the standard and are combined to assign an ASIL level (A to D or QM). ASIL D represents the highest level of required safety integrity.
(4) Establishing Safety Goals
Based on the results of the hazard analysis, safety goals are established. Key aspects of this step include:
Defining a safety goal for each hazardous event.
Consolidating similar safety goals where applicable and applying the highest ASIL level in such cases.
Expressing safety goals as functional objectives, not as technical solutions.
These steps form the foundation for creating a robust safety framework under ISO 26262.
3. Key Considerations When Conducting HARA
(1) Principle of Conservative Evaluation
When the classification of Severity (S), Exposure (E), or Controllability (C) is unclear, a more conservative approach is applied:
Assign the higher rating when there is ambiguity in classification.
In cases where multiple injuries might occur simultaneously, apply the highest severity among them.
(2) Verification Requirements
The results of HARA must be verified based on the following aspects:
Relevance of operational scenarios and hazard identification.
Alignment with item definition to ensure consistency.
Consistency with HARA conducted on other items within the same or related systems.
Completeness of coverage for all identified hazardous events.
Consistency between safety goals and their assigned ASIL levels.
4. Practical Application of HARA
In real-world projects, the following tools and methods are commonly employed to perform HARA effectively:
FMEA (Failure Mode and Effects Analysis): Analyzes potential failure modes and their effects on the system.
HAZOP (HAZard and OPerability Study): Examines risks and operability issues arising from deviations in system operations.
ISO 26262 specifically references HAZOP and FMEA as appropriate methods for hazard identification. HAZOP, for instance, uses guide words to systematically analyze deviations from normal operating conditions and the risks they might introduce.
Example: HARA for Battery Management Systems (BMS) in Electric Vehicles
In the case of a Battery Management System (BMS) for electric vehicles, conducting HARA might involve:
Identifying hazards such as battery overheating, overcharging, or deep discharge.
Evaluating the risks associated with these hazards using the HARA process.
Defining safety goals, such as limiting charging voltage to prevent overcharging or implementing thermal monitoring to detect overheating.
By systematically identifying and evaluating hazards, HARA ensures that appropriate safety goals and measures are established early in the development process.
5. Importance of HARA
HARA is a critical step in ISO 26262, conducted during the early stages of system design to identify potential hazards and initiate safety-oriented design. This process goes beyond mere compliance with the standard—it plays a pivotal role in developing systems that are genuinely safe and reliable. Furthermore, systematic hazard analysis helps prevent potential recalls or legal disputes in the future.
Conclusion
ISO 26262 procedures, such as HARA (Hazard Analysis and Risk Assessment), are essential components for ensuring functional safety and play a vital role in every stage of system design. By clearly defining safety goals from the outset and implementing appropriate safety mechanisms, organizations can achieve robust safety outcomes. Conducting thorough HARA not only enhances safety but also contributes to building customer trust and strengthening corporate competitiveness.
At Hermes Solution, we provide expert consulting and training on all processes related to ISO 26262. Whether you need assistance with HARA or any other functional safety processes, feel free to contact us for successful adoption and implementation.
