When do I need which safety analyses in a development project?

1. Introduction

Safety analyses are an essential part of every development project and are regulated in detail by legal and normative requirements. Their implementation is essential, especially for safety-critical products, in order to provide evidence of the functional safety of the product.

Safety analyses are performed to identify potential sources of product malfunctioning and safety hazards, and to derive corrective measures. This article describes which safety analyses should be carried out when, and how safety analyses can be integrated into the V-model of system development .

The subsequent figure is a variant of the system development V-model from the literature. The figure says that analyses at every product architecture level should be carried out, but not which ones. Section 2 will answer this. Section 3 summarizes the main ideas.

2. Safety analyses – which ones and when?

There are various safety analyses which are carried out at different product architecture levels of the V-model. These safety analyses include:

Hazard and Risk Analysis (HARA)

The HARA is the first product safety analysis. It is carried out on the top product architecture level It identifies hazards and assesses risks that may arise from a malfunctioning of the product. Functional safety requirements for the product are derived from the results of the HARA.

Fault Tree Analysis (FTA)

The FTA follows a deductive approach and identifies potential causes of safety-critical events. It offers:

• A systematic identification of all relevant single-point and multiple-point failures,
• Failure prioritization by quantifying the probability of failure occurrence.

Failure Mode and Effects Analysis (FMEA)

The FMEA looks at possible single-point faults and their effects. It answers questions such as:

• Which faults can occur and for what reasons?
• What impact can these faults have?

FMEA is performed at each product architecture level after the design specification has been created. It is the basis for defining failure prevention strategies or safety mechanisms that mitigate the effects of a failure.

Dependent Failure Analysis (DFA)

The DFA complements the FMEA by examining multiple-point failures. Important questions to be answered are:

• Which single-point faults may have a common cause?
• Which single-point faults may cause a cascading fault?

For a redundant system comprising two or more subsystems, a DFA is manadatory for proving that the subsystems are sufficiently independent.

Integration into the V-Model

On the left side of the V-model, safety analyses are performed in parallel with the development of the product architecture. Starting at the top product architecture level, a workflow with the following steps is carried out at every level:

• Creation of the design specification,
• Performing safety analyses: (i) a PHA or HARA at the highest product architecture level and (ii) a combination of FTA, FMEA and DFA at all other levels,
• Derivation of safety requirements from the analysis results, and
• Incorporation of these safety requirements into the requirement specifications.

Explanation: Product Architecture Levels and Security Analyses

The product architecture levels include:

• System level or system levels: The overall system, which can consist of subsystems.
• Hardware level or hardware levels: The electronic, electrical, mechanical and other hardware components, which may be composed of subcomponents.
• Software level or software levels: The levels of the hierarchical software architecture of the embedded software.

The HARA is performed at the top system level. Deductive, inductive and dependent failure analyses are carried out at all other product architecture levels by starting at the level underneath the top system level and extending the analyses sequentially from one level to the level below.

3. Summary

Performing safety analyses follows a clear pattern:

• At the highest product architecture level, a Hazard Analysis and Risk Assessment (HARA) is done.
• A combination of FTA, FMEA and DFA follows at every lower level.
• The safety requirements resulting from the safety analyses are incorporated into the requirement specifications.

Integrating the safety analyses into the left side of the V-model has the advantage that architecture and design decisions are checked immediately for their impact on product safety. These analyses can be carried out comprehensively and very efficiently with the help of the autoConform® Methodology and Software.