Skip to main content
ISO 26262 ยท Safety case planning

Safety Case Plan Generator

Answer a questionnaire about your project and a deterministic engine builds a complete, ASIL-tailored safety case plan: work products by phase, tailored methods, confirmation measures, a project timeline, gap tracking, and a GSN argument skeleton. Same answers, same plan, every time.

Deterministic and reproducibleVersioned catalogsMarkdown and JSON export
Why this exists

Planning a safety case by hand

You cross-reference six parts of the standard to figure out which work products your ASIL actually requires.

Tailoring methods to ASIL means re-reading the recommendation tables for every technique.

You lose track of which artifacts you already have and which are still missing or blocked.

The plan, the timeline, and the safety argument live in separate documents and drift apart.

What the generator does instead

A rule engine selects the applicable work products for your exact product type, ASIL, and phase.

Methods arrive pre-tailored, with recommendation strength shown per ASIL level.

Your artifact inventory becomes a live gap status, so missing and blocked items surface immediately.

The plan and the GSN argument are generated together from one set of answers, so they stay in sync.

Step one

Answer the questionnaire

Ten categories describe your project. Pick a quick-start variant to scope it, and drafts auto-save so you can leave and resume. Some questions appear only when earlier answers make them relevant.

Basic

Fastest

The essentials: product, ASIL, phase, and safety requirements.

Automotive

Most complete

The full questionnaire across all ten categories.

Software

SW teams

Software-focused, with the software-specific technical questions.

01
Product classification
System, software, hardware, combined, COTS, or SEooC
02
ASIL classification
QM through ASIL D, confirmed or assumed
03
Development phase
Concept, system, hardware, software, integration, production
04
Safety requirements
Safety goals status and HARA progress
05
Technical scope
Architecture complexity and diagnostic coverage
06
Architecture
Hardware and software partitioning
07
Verification
Independence: developer, separate team, or external
08
Supporting processes
Tool qualification and supplier scope
09
Production and operation
OTA only, minor, major, or new platform
10
Artifact inventory
15 artifacts tracked across 6 readiness states
Step two ยท The engine

A deterministic pipeline, not a black box

Your answers run through ten ordered steps against versioned catalogs of 73 work products, 84 methods, and the selection rules that connect them. Nothing is sampled or guessed, so the same inputs always produce the same plan, and every recommendation carries a rule trace and an ISO reference.

01

Validate input

Check that the project context from your answers is complete and consistent.

02

Finalize context

Derive what the project needs, including confirmation measure obligations.

03

Resolve ASIL state

Determine the effective ASIL and mode (confirmed, assumed, TBD, or mixed).

04

Select work products

Run the rule engine to pick applicable work products from the catalog.

05

Select methods

Filter methods by ASIL, product type, and target artifacts.

06

Expand dependencies

Pull in prerequisite work products so nothing is left dangling.

07

Apply your inventory

Map the artifacts you already have to a gap status.

08

Compute priorities

Bucket every item as now, next, later, or blocked.

09

Attach guidance

Add engineer-facing explanations and learning links per item.

10

Build timeline

Lay out phases, quality gates, iterations, and change-request impact.

Re-runs are byte-for-byte reproducibleEach attempt stores its catalog versions
Step three ยท The output

Everything the plan gives you

Twelve generated sections, all tailored to your project parameters and traceable to the rules and ISO clauses behind them.

๐Ÿ“‹

Work products by phase

Every applicable work product across concept, system, hardware, software, integration, and production, each with priority, gap status, prerequisites, minimum contents, done-when criteria, and ISO reference.

๐Ÿงช

Methods tailored to your ASIL

Verification and validation methods filtered to your ASIL and product type, with recommendation strength per level (++ recommended, + optional, o consider) and the artifacts each one supports.

โœ…

Confirmation measures

The confirmation reviews, functional safety audit, and functional safety assessment your ASIL demands, with timing, who performs them, and the required independence level.

๐Ÿงฉ

ASIL decomposition analysis

Whether decomposition applies, common patterns such as ASIL D to C(D) plus A(D), a mixed-element mapping table, and the verification actions decomposition triggers.

๐Ÿ”ง

Hardware safety metrics

Single-point and latent fault metric targets and PMHF budget for your ASIL, with FMEDA guidance and the work products that produce the evidence.

๐Ÿ’ป

Software verification

Required structural coverage levels, coding guideline expectations, and unit and integration test methods with independence requirements.

๐Ÿ“ˆ

Gap analysis

A running count of applicable work products by status (completed, in progress, missing, blocked, not applicable) so you always know where you stand.

๐Ÿ“…

Project timeline

A Gantt timeline with a swim lane per phase, quality gates, draggable bars, iteration support, and change-request impact analysis.

๐ŸŽฏ

Top next actions

A priority-ordered list of what to do now, with prerequisite blocking made explicit so you tackle work in a buildable order.

๐Ÿ”—

Learning links

Each work product and phase links to the concept pages, guides, simulators, and exams that teach the underlying technique.

๐ŸŒณ

GSN safety case skeleton

A Goal Structuring Notation argument tree and document outline with claim status, wired to the work products that supply each piece of evidence.

๐Ÿ“ค

Export

Export the full plan as Markdown for distribution or JSON for programmatic use. Both carry the catalog versions used to generate them.

One questionnaire, two views

The plan and the argument, generated together

Switch between the implementation roadmap and the safety argument. Because both come from the same answers, the evidence the argument needs is exactly the work the plan tells you to do.

Plan view

Roadmap

What to produce, in what order, tailored to your ASIL.

  • Work products bucketed now / next / later / blocked
  • Methods with ++ / + / o strength per ASIL
  • Confirmation measures, decomposition, HW and SW requirements
  • Timeline, gap analysis, and prioritized next actions

Safety case view

GSN skeleton
Goal G1
Item is acceptably safe
Strategy S1
Argue over safety goals
Goal G2
SG1 met
Solution
WP evidence
Goal G3
SG2 met
Solution
WP evidence
GoalStrategySolution
Sample outputs

See what your plan produces

Interactive, adjustable outputs generated from your questionnaire answers.

Interactive project timeline

M1M3M5M7M9M11
Concept
4 WPs
System
8 WPs
Hardware
12 WPs
Software
15 WPs
Integration
6 WPs
Production
3 WPs
Gates
HARA
FSC
TSC
DV
SV
FSA

Gap analysis

48
Total
12
Done
18
In progress
18
Missing

25% complete, 37.5% in progress, 37.5% remaining

Methods tailored to your ASIL

MethodABCD
FMEAo+++++
FTA++++++
Code Review+++++++
MC/DC Coverageo++++
Back-to-back Testo++++
++ Recommended
+ Optional
o Consider

Confirmation measures

ASIL D
Confirmation reviews
Independent of the project
I3
Functional safety audit
Process implementation
I2
Functional safety assessment
Achievement of safety
I3

Independence level shown per measure. Lower ASILs relax these.

ASIL decomposition

From
ASIL D
C(D)
+
A(D)
  • โ€ขElements must be sufficiently independent
  • โ€ขDecomposition recorded against each element
  • โ€ขVerification of freedom from interference

Hardware safety metrics

FMEDA
SPFM Single-point fault metricโ‰ฅ 99%
LFM Latent fault metricโ‰ฅ 90%
PMHF< 10 FIT

Targets shown for ASIL D. The plan links the work products that produce the evidence.

Software verification

Structural coverageMC/DC required
Coding guidelinesMISRA C, enforced
Unit testBoundary + equivalence
Integration testInterface + resource

Illustrative examples. Actual outputs are generated dynamically from your project inputs.

After generation

Track it, compare it, reuse it

A plan is not a one-shot document. Update it as work lands, run what-if scenarios, and keep a history of every attempt.

โœ๏ธ

Live gap tracking

Set each work product to in progress, completed, missing, blocked, or not applicable, and attach notes, evidence, or action items.

๐Ÿ”€

Change ASIL on the fly

Switch the ASIL and regenerate to see how the work product list, methods, and confirmation measures shift.

โš–๏ธ

Compare two attempts

Side-by-side diff of ASIL changes, added and removed work products, method differences, and gap status changes.

๐Ÿ“Š

History and analytics

Every attempt is saved, with ASIL and product type distributions and completion trends across your projects.

๐Ÿ”’

Versioned and traceable

Each attempt records the catalog versions and full structured result, with rule trace IDs and ISO references on every item.

๐Ÿ“ค

Export anywhere

Markdown for a distributable document, JSON for your own tooling. The export carries the versions it was built from.

Frequently Asked Questions

Common questions about the Safety Case Plan Generator

You answer a questionnaire about your project: product type, ASIL, development phase, architecture, verification independence, and the artifacts you already have. A deterministic ten-step engine then selects the applicable work products, tailors the methods to your ASIL, maps your existing artifacts to a gap status, computes priorities, and builds a project timeline. The same answers always produce the same plan.
Work products grouped by phase with priority and gap status, methods tailored to your ASIL, confirmation measures (review, audit, assessment), ASIL decomposition analysis, hardware safety metric targets, software verification requirements, a gap analysis summary, a project timeline with quality gates and iterations, prioritized next actions, and learning links. You also get a GSN safety case skeleton: a document outline and argument tree wired to the work products that supply the evidence.
The Plan view is the implementation roadmap: what to produce, in what order, tailored to your ASIL. The Safety Case view is a Goal Structuring Notation skeleton: goals, strategies, and solutions with claim status and evidence traceability back to the work products. Both are generated from the same answers, so the argument and the plan stay in sync.
Yes. Every run is saved as an attempt. You can change the ASIL on the fly, regenerate, and compare two attempts side by side to see how the work product list, methods, and gap status shift. The history view tracks your attempts with ASIL and product type distributions.
Every attempt stores the catalog versions it was generated against (work products, methods, rules, explanations, questionnaire) plus the full structured result. Recommendations carry rule trace IDs and ISO references, so you can see exactly why each item was selected.
No. It is a planning and learning tool that gives you a structured, ASIL-tailored starting point and educational guidance. The actual safety case must be developed by qualified engineers using the ISO 26262 standard as the authoritative reference.
Expert plan

Ready to plan your safety case?

The Safety Case Plan Generator is available on the Expert plan. Start with a free account to explore the platform first.

The free plan includes a full concept guide, 3 work product templates, 1 guided process, the Markov simulator, and 5 practice exams per month. No credit card required.