Hazard description lessons to learn

HARAConcept Phase
Written By Mark Cousen

To achieve good results from a HARA it is vital that the hazards identified in the hazard analysis are described adequately.

In this article we provide hazard descriptions seen in the public domain, and then give a critique of the hazard description for potential improvement.

A hazard description is required when performing the hazard analysis part of a HARA, ahead of combining with operating situations to determine hazardous events and perform the risk assessment. If the hazard description is inadequately formed, then the resulting HARA and safety goals could be undermined.

ISO 26262-3:2018 6.4.2.3 and 6.4.2.4 guides/requires the hazard description to be formulated at the vehicle level, to exclude the causes of the hazard, and recommends the FMEA or HAZOP approach.

All hazards description examples used are evaluated against this criteria.

We aim to assist the reader to improve how they write hazard descriptions, by providing the examples, and then pointing out potential weaknesses in the phrasing used.

Example 1. Automated lane centering system impedes actions by other vehicle systems.

What can be improved? This hazard is too broad, and doesn’t actually state a hazard. The hazard/s are the vehicle effects that result from the impeded actions.

Example 2. Excessive lateral adjustment resulting in lane / roadway departure with automated lane centering engaged

What can be improved? Most of the description is redundant information. The hazard is the effect on the vehicle trajectory. The cause and what system is engaged does not need to be in the hazard description.

Example 3. Excessive vehicle acceleration

What can be improved? Incomplete information. Excessive. Than what? There should be a threshold, and a value greater than. e.g. Vehicle acceleration >2 m/s2 above driver demand.

Example 4. Improper transition of control between the driver and automated lane centering system

What can be improved? This is not a hazard, it is a cause of a hazard. The hazard is the vehicle effect that is harmful that this can lead to. Similar to Example 1.

Example 5. Loss of acceleration

What can be improved? Too absolute. Would mean all levels of loss are hazardous. Are all levels of loss hazardous? e.g. if driver was only requesting a little acceleration at the time, is this hazardous? Perhaps a threshold is needed.

Example 6. Loss of longitudinal motion (blocking of axle)

What can be improved? Including the cause of the hazard in the hazard description is unnecessary.

Example 7. Unintended Loss of Vehicle ABS

What can be improved? Unintended can cover most malfunctions. As it can mean anything other than the intended result. Therefore it is too broad. The rest of the hazard description is the malfunction - not the hazard. The affect of ABS not working is that the vehicles stopping distance will increase if one or more of the vehicles wheels can lose traction. Which for four wheeled vehicles can also mean the vehicle can start to have an undemanded YAW motion.


We hope you found this article useful. We have other articles on functional safety that are freely available. More detailed information is available in our store, including a detailed guide for performing hazard analysis.

If you have feedback for us on what you have read, or you didn’t receive the help you were looking for, then please contact us. We intend to cover all functional topics over time, so your feedback can help us to improve what we offer, and set our priorities for the next topics to focus on.

Mark Cousen
Previous

Understanding the Scope of ISO 26262:2018 in Ensuring Vehicle Safety
Next

Clarification of HARA ratings