What is HARA (Hazard Analysis and Risk Assessment) in ISO 26262?

HARA is a systematic process defined in ISO 26262 Part 3, Clause 6 that identifies vehicle-level hazards caused by malfunctioning behavior of E/E systems and determines the Automotive Safety Integrity Level (ASIL) for each hazardous event. It is the cornerstone of functional safety development, transforming identified hazards into quantified safety requirements (safety goals) through structured assessment of Severity (S), Exposure (E), and Controllability (C) parameters.

How is ASIL determined in ISO 26262?

ASIL is determined using a three-parameter classification: Severity (S0-S3, measuring injury severity), Exposure (E0-E4, measuring probability of the operational situation), and Controllability (C0-C3, measuring driver ability to avoid the hazard). These parameters are combined using the ISO 26262-3 Table 4 lookup matrix to derive the ASIL, ranging from QM (no safety requirement) through ASIL A (lowest) to ASIL D (highest and most stringent safety integrity level).

What is the difference between a hazard and a hazardous event?

A hazard is a potential source of harm caused by malfunctioning behavior of the item (e.g., "unintended braking"). A hazardous event combines a specific hazard with an operational situation where it could cause harm (e.g., "unintended braking while driving on a highway at high speed"). The distinction is critical because the same hazard can result in different ASIL ratings depending on the operational situation due to varying Exposure and Controllability values.

What is a safety goal in ISO 26262?

A safety goal is a top-level safety requirement derived from HARA. It specifies what the system must prevent or ensure at the vehicle level to avoid a hazardous event. Safety goals must be technology-independent, verifiable, traceable to hazardous events, and attributed with an ASIL. They follow the standard pattern: [Action verb] + [undesired behavior] + [conditions/scope]. For example, "Prevent unintended acceleration of the vehicle during all driving conditions" (ASIL D).

What is FTTI (Fault Tolerant Time Interval)?

FTTI is the maximum time span from the occurrence of a fault to a possible hazardous event if the safety mechanisms do not respond. It defines the time budget within which faults must be detected and the system transitioned to a safe state. FTTI is determined during HARA based on physical factors (vehicle speed, time-to-collision, deceleration capability) and system factors (sensor sampling rates, processing latency, actuator response time). Typical FTTI values range from <100ms for ASIL D systems to 1-3 seconds for ASIL A systems.

How does HARA apply to ADAS?

ADAS functions (ACC, AEB, LKA, BSD, TSR) require specialized HARA considerations including: sensor degradation and false positive/negative scenarios, machine learning model confidence and edge cases, handover problem between automation and human driver, SOTIF (ISO 21448) boundary routing for intended functionality issues versus random hardware failures, and cybersecurity threat analysis per ISO/SAE 21434. Each ADAS function has unique hazard modes and FTTI requirements that must be analyzed individually.

What are the Severity, Exposure, and Controllability classifications?

Severity (S) classifies injury consequences: S0 (no injuries), S1 (light/moderate injuries), S2 (severe/life-threatening injuries), S3 (life-threatening/fatal injuries). Exposure (E) classifies the probability of the operational situation: E0 (incredible), E1 (very low probability), E2 (low probability), E3 (medium probability), E4 (high probability). Controllability (C) classifies the driver/occupant ability to control the situation: C0 (controllable in general), C1 (simply controllable), C2 (normally controllable), C3 (difficult to control or uncontrollable).

What is the conservative estimation principle in HARA?

The conservative estimation principle states that when there is uncertainty in the classification of Severity, Exposure, or Controllability parameters, the higher (more critical) rating should be chosen. This ensures that safety requirements are not under-specified. For example, if exposure for a scenario could reasonably be E2 or E3, E3 should be selected. Any deviation from conservative estimation must be documented with clear technical justification and supporting evidence such as field data, testing results, or simulation analysis.

Complete Learning Module

Hazard Analysis & Risk Assessment (HARA)

Master the systematic process of identifying vehicle-level hazards, classifying risk parameters, and deriving safety goals with ASIL assignments. This comprehensive module walks you through every step of HARA per ISO 26262-3 with a complete AEB worked example.

Chapters

Interactive Diagrams

AEB

Worked Example

Video

Synchronized

Start Learning View Curriculum

What You'll Learn

Build complete competency in HARA methodology with practical skills for identifying hazards, classifying risks, and deriving safety goals.

Identify Vehicle-Level Hazards

Systematically discover hazards using FMEA, FTA, STPA, and HAZOP techniques with proper operational situation analysis.

Classify S, E, and C Parameters

Accurately rate Severity (S0-S3), Exposure (E0-E4), and Controllability (C0-C3) with data-driven justification.

Determine ASIL

Apply the ISO 26262 Table 4 matrix to derive ASIL ratings from QM through ASIL D for each hazardous event.

Formulate Safety Goals

Write verifiable, technology-independent safety goals with proper ASIL attribution, safe states, and FTTI specification.

Analyze ADAS & Autonomous Systems

Apply specialized HARA techniques for sensor-dependent systems including ML/AI considerations and SOTIF boundary routing.

Validate HARA Completeness

Verify coverage, correctness, and traceability using ISO 26262-3 Clause 6.4.6.1 verification aims and KPI metrics.

14 Comprehensive Chapters

From foundational hazard identification to advanced ADAS analysis, each chapter builds your HARA expertise with interactive tools and real-world examples.

Overview & Foundation

Understand why HARA is the cornerstone of functional safety, its objectives, when it is performed, and who participates in this cross-functional team exercise per ISO 26262-3 Clause 6.

Safety Lifecycle StripConcept MapSOTIF routing

HARA Fundamentals & Scope

Master precise ISO 26262 definitions of Malfunction, Hazard, Hazardous Event, Safety Goal, and ASIL. Explore the ASIL determination formula and classification parameters.

ISO terminologyASIL formulaParameter scales

Methodology & Process

Follow the systematic 9-step HARA process from preparation through analysis to documentation, with input/output mapping and iteration guidance.

9-step process flowGood vs. bad examplesIteration guidance

ASIL Determination Matrix

Use the interactive ASIL calculator and filterable ISO 26262 Table 4 matrix. Deep-dive into Severity, Exposure, and Controllability with classification tables and real-world scenarios.

ASIL CalculatorInteractive matrixS/E/C deep dives

Safety Goal Definition

Learn to formulate proper safety goals with the standard pattern, see examples by system type (EPS, EBS, ACC), and understand combination and decomposition principles.

Formulation patternsSystem examplesTraceability flow

Hazard Identification Techniques

Compare and select from FMEA, FTA, STPA, and HAZOP for systematic hazard discovery. Includes the interactive technique selector and HAZOP guide words.

Technique selectorHAZOP guide wordsSelection guide

Advanced Exposure Analysis

Explore data-driven exposure assessment with mathematical models, ISO 26262 special rules for E0, fleet monitoring, naturalistic driving studies, and Monte Carlo simulation.

Mathematical modelsData collection methodsStatistical evidence

FTTI & Safe States

Understand the Fault Tolerant Time Interval from fault occurrence to safe state. See the animated FTTI timeline, deduction methodology, and ASIL-based timing guidelines.

FTTI TimelineTiming budgetsASIL guidelines

ADAS-Specific Analysis

Specialized hazard analysis for ACC, AEB, LKA, BSD, and TSR systems with bow-tie diagrams, ML/AI considerations, and SOTIF boundary routing.

Bow-tie diagramsML/AI considerationsSOTIF routing

Trucks, Buses & Trailers

Apply HARA to heavy commercial vehicles per ISO 26262-3 Clause 6.4.5. Compare ASIL assignments across vehicle types and explore articulated vehicle hazards like jackknife.

Vehicle type comparisonJackknife diagramAnnex B categories

Distributed Functions

Handle vehicle-level functions spanning multiple E/E items. Learn ASIL inheritance, safety goal referencing, and how architecture determines ASIL flow.

ASIL inheritanceArchitecture impactCross-item tracing

Validation & Evidence

Demonstrate HARA completeness with verification aims per Clause 6.4.6.1, KPIs, traceability visualization, and assessment-ready documentation packages.

Traceability visualKPI metricsEvidence requirements

AEB Worked Example

Walk through a complete end-to-end HARA for an Automatic Emergency Braking system: item definition, architecture, operational situations, S/E/C assessment, and safety goals.

Architecture diagramFull S/E/C assessmentSafety goals & FTTI

Advanced Industrial Topics

Explore Level 3 automated driving HARA, Delta-V severity thresholds, EPS FTTI case study, monitoring and limiting functions, energy-based HARA, and EV charging analysis.

L3 automationEPS case studyEV charging HARA

Interactive Learning

10 Interactive Diagrams & Tools

Explore ASIL determination, bow-tie analysis, and traceability chains with clickable, animated visualizations that make HARA concepts intuitive.

Interactive ASIL Calculator

Select Severity, Exposure, and Controllability from dropdowns and instantly see the resulting ASIL with color-coded classification and requirements summary.

ASIL Determination Matrix

Full ISO 26262 Table 4 with click-to-filter by ASIL, hover highlighting, and a live requirements panel showing metrics and verification targets.

Safety Lifecycle Strip

Visual diagram showing exactly where HARA sits within the ISO 26262 concept phase and how it feeds into subsequent safety development activities.

Concept Map

Animated relationship diagram mapping HARA inputs, process steps, and outputs with interactive connections between key concepts.

Bow-Tie Diagrams

Cause-event-consequence visualizations for each ADAS hazard, showing prevention barriers and mitigation strategies with safety goal linkage.

FTTI Timeline

Animated timeline showing fault detection, reaction, and safe state transition intervals with an AEB 300ms example.

Traceability Visualization

Six-column interactive grid tracing from Operational Situations through Hazards, Safety Goals, FSRs, TSRs to Test Cases with forward and backward trace modes.

AEB System Architecture

Detailed engineering-style SVG showing sensors, ECU software components, actuators, CAN bus connections, and system boundary for the worked example.

Hazard Technique Matrix

Interactive quadrant selector for comparing FMEA, FTA, STPA, and HAZOP techniques with pros, cons, and use-case guidance.

Jackknife Technical Illustration

SVG illustration of articulated vehicle dynamics showing normal operation vs. jackknife event with fifth-wheel coupling and danger zone visualization.

Real-World Application

Automatic Emergency Braking (AEB) Worked Example

Every HARA concept is applied to a complete AEB system analysis, demonstrating the full process from item definition through ASIL determination to safety goal derivation.

✓Item definition with functional behavior and ODD
✓Preliminary architecture with sensor/ECU/actuator mapping
✓4 operational situations with exposure ratings
✓Complete S/E/C assessment with justification
✓ASIL determination: ASIL D, D, C, and A results
✓3 safety goals with FTTI and safe state definitions

AEB System

Automatic Emergency Braking

SG-01: Ensure braking when neededASIL D

Unlock in course

Beyond the Basics

Specialized HARA Analysis

Go beyond standard HARA with dedicated chapters covering advanced topics and domain-specific challenges that arise in modern automotive safety engineering.

ADAS

ACC, AEB, LKA, BSD, TSR with ML/AI considerations

Commercial Vehicles

Trucks, buses, trailers with jackknife and articulated hazards

Distributed Functions

Multi-ECU ASIL inheritance and architecture-driven analysis

L3 & EV Charging

Automated driving HARA and high-voltage charging hazards

Reference Annex

Operational Situation & Hazard Catalog

A searchable, filterable reference catalog that accelerates your HARA by providing pre-organized operational situations, common automotive hazards, and hazardous event combinations with S/E/C ratings and cross-references.

6 Situation Categories

Vehicle Operating Modes
Road Types & Infrastructure
Environmental Conditions
Traffic Scenarios
Speed Ranges
Driver States & Conditions

8 Hazard Domains

Braking & Steering
Propulsion & Powertrain
Vehicle Dynamics & Stability
ADAS Functions
Lighting & Visibility
Electrical, Power & Thermal

Each hazard entry includes malfunction description, potential effects, typical severity, and example scenarios. Hazardous events show the full S/E/C/ASIL classification with cross-references to their source operational situations and hazards.

HARA Catalog

Searchable & Filterable

HE-BRK-01ASIL D

Loss of braking on highway

Unlock in course

Test Your Knowledge

Interactive Quizzes

Reinforce your understanding with built-in quizzes that challenge you to apply HARA concepts in realistic scenarios with immediate feedback.

ASIL Quiz

Classify hazardous events and determine the correct ASIL from given S/E/C parameters

Exposure Quiz

Assess exposure ratings for various operational situations with justification

Safety Goal Quiz

Evaluate and improve safety goal formulations for completeness and correctness

Ready to Master Hazard Analysis & Risk Assessment?

Start your journey through 14 comprehensive chapters with interactive ASIL tools, bow-tie diagrams, quizzes, and a complete AEB worked example.

Start Learning Now

14 Chapters10 Diagrams3 QuizzesAEB Example