HARA Explained – Hazard Analysis and Risk Assessment (ISO 26262)

Why HARA Matters in Functional Safety

Modern vehicles rely heavily on complex electrical and electronic systems. These systems directly influence vehicle behavior — including braking, steering, and acceleration.

But what happens if one of these systems fails?

A malfunction may lead to a hazardous situation, especially when safety-critical functions are involved. In such cases, engineers must ensure that risks are systematically identified, analyzed, and reduced.

This is exactly where HARA comes into play.

Hazard Analysis and Risk Assessment (HARA) is one of the most important activities in ISO 26262. It forms the foundation for all safety-related decisions in automotive development.

HARA in ISO 26262 - From Item Definition to ASIL Classification
Figure: HARA in ISO 26262 - From Item Definition to ASIL Classification

What Is HARA?

HARA stands for Hazard Analysis and Risk Assessment.

It is a structured process used to:

  • Identify hazards
  • Define hazardous events
  • Assess risks
  • Derive safety goals

The purpose of HARA is to understand what can go wrong in a system and how critical the consequences could be.

Instead of reacting to failures after they occur, engineers use HARA to anticipate potential problems early in the development process.

This proactive approach is essential for building safe and reliable automotive systems.

HARA process in ISO 26262 showing hazard identification risk assessment and safety goal definition
Figure: Hazard Analysis and Risk Assessment (HARA) process in ISO 26262 from hazard identification to safety goals

HARA in the ISO 26262 Process

HARA is performed during the concept phase of ISO 26262.

At this early stage, engineers define the system under consideration — referred to as the item — and analyze potential hazards associated with it.

The results of HARA directly influence:

  • Safety goals
  • Functional safety requirements
  • System architecture decisions

This makes HARA a central element in the ISO 26262 safety lifecycle.

Without a proper HARA, all downstream safety activities may be based on incomplete or incorrect assumptions.

From Item to Hazardous Event

The HARA process starts with defining the item.

An item is the system or function being analyzed, such as a braking system or steering system.

Once the item is defined, engineers identify possible hazards that may occur if the system malfunctions.

However, a hazard alone is not enough.

To properly assess risk, engineers define hazardous events.

A hazardous event combines:

  • A hazard
  • An operational situation

For example:

  • Hazard: unintended braking
  • Situation: driving on a highway

Together, this forms a hazardous event that can be evaluated.

Hazard vs. Hazardous Event

Understanding the difference between a hazard and a hazardous event is critical.

A hazard is a potential source of harm.

A hazardous event describes the situation in which that hazard leads to a dangerous scenario.

This distinction is important because risk cannot be assessed without context.

The same hazard may have very different consequences depending on the situation.

difference between hazard and hazardous event in ISO 26262 functional safety
Figure: Difference between a hazard and a hazardous event in functional safety context

Operational Situations and Operating Modes

To define hazardous events, engineers must consider operational situations and operating modes.

Operational situations describe external conditions, such as:

  • Highway driving
  • Urban traffic
  • Parking

Operating modes describe the state of the system, for example:

  • Normal operation
  • Degraded mode
  • Fault condition

By combining hazards with these contexts, engineers can systematically identify relevant hazardous events.

Risk Assessment in HARA

Once hazardous events are defined, the next step is risk assessment.

In ISO 26262, risk is evaluated using three parameters:

  • Severity (S)
  • Exposure (E)
  • Controllability (C)

These parameters describe:

  • How serious the potential harm is
  • How often the situation occurs
  • Whether the driver can avoid the hazard

This structured evaluation ensures that risk assessment is consistent and objective.

ASIL determination based on severity, exposure, and controllability parameters in ISO 26262
Figure: ASIL determination based on severity, exposure, and controllability parameters

From Risk Assessment to ASIL

The result of the risk assessment is the Automotive Safety Integrity Level (ASIL).

ASIL defines how much risk reduction is required.

Higher risk leads to higher ASIL levels, which require more rigorous development processes.

This creates a direct link between HARA and engineering effort.

HARA does not just identify problems — it defines how strictly they must be addressed.

From HARA to Safety Goals

Based on the risk assessment, engineers define safety goals.

Safety goals describe what the system must achieve to prevent or mitigate hazardous situations.

For example:

  • Prevent unintended braking
  • Ensure braking is available when required

These goals form the foundation for all safety requirements in later development phases.

If you want to learn how to perform HARA in real projects, including practical examples and engineering workflows, explore the full training:

Explore ISO 26262 Training

Example: Unintended Braking

Let’s consider a simple example.

Imagine a braking system that applies braking force without driver input.

This is a hazard.

Now consider the situation:

The vehicle is driving at high speed on a highway.

This creates a hazardous event.

During HARA, engineers assess:

  • Severity: high (risk of collision)
  • Exposure: medium to high (frequent driving conditions)
  • Controllability: low (driver cannot react quickly)

The result is a high ASIL classification.

Based on this, safety goals are defined to ensure that unintended braking is prevented or controlled.

unintended braking hazard example showing hazardous event in automotive functional safety
Figure: Example of unintended braking as a hazardous event in ISO 26262

Common Mistakes in HARA

There are several common mistakes when performing HARA.

  • Confusing hazards with hazardous events
  • Ignoring operational situations
  • Assigning ASIL based on intuition instead of structured evaluation
  • Defining incomplete or vague safety goals

Another frequent mistake is treating HARA as a one-time activity.

In reality, HARA must be refined as the system evolves.

Summary

HARA is a fundamental activity in ISO 26262.

It ensures that hazards are identified early and risks are systematically evaluated.

Key points:

  • HARA identifies hazards and hazardous events
  • Risk is assessed using severity, exposure, and controllability
  • The result is an ASIL classification
  • Safety goals are derived from the analysis

A well-executed HARA is essential for developing safe automotive systems.

If you prefer a visual explanation, this video walks you through HARA step by step, including hazardous events, risk assessment, and safety goals:

Explore Our Courses

View Automotive Courses
View Medical Device Courses
View Aerospace/Aircraft Courses

Leave a Comment

Your email address will not be published. Required fields are marked *

Cookie Consent with Real Cookie Banner