eclipse-score · masc2023 · Feb 25, 2026 · Feb 2, 2026 · Feb 25, 2026
@@ -49,53 +49,52 @@ Please note that the "passed" column must contain "yes" or "no" for each checkli
 
 .. list-table:: Safety Analysis Checklist
       :header-rows: 1
-      :widths: 10,30,30,15,8,8
-
-      * - Review ID
-        - Acceptance Criteria
-        - Guidance
-        - Passed
-        - Remarks
-        - Issue link
-      * - REQ_01_01
-        - Is / are the attribute sufficient set correctly?
-        - The mitigations shall have a direct influence on the violation by prevention, detection or mitigation to reduce the risk to an acceptable level.
-        - The mitigations are sufficient.
-        - <yes|no>
-        -
-      * - REQ_01_02
-        - Are the templates for DFA and/or FMEA used?
-        - See :ref:`dfa_templates` / :ref:`FMEA_templates` and also :ref:`process_requirements_safety_analysis`
-        - Templates are used to generate the DFA and/or FMEA.
-        - <yes|no>
-        -
-      * - REQ_01_03
-        - Were the failure initiators / fault models applied?
-        - See :need:`gd_guidl__dfa_failure_initiators` / :need:`gd_guidl__fault_models`
-        - The applicable items of the failure initiators / fault models are used to ensure a structured analysis. For all not applicable items an argument shall be given in the content of the document.
-        - <yes|no>
-        -
-      * - REQ_01_04
-        - Are the failure effects clearly and completely described?
-        - Use the generic failure effect descriptions and enlarge the description if it's applicable to the considered element.
-        - The effects of the failure are described completely. The effect can be recognized easily.
-        - <yes|no>
-        -
-      * - REQ_01_06
-        - Is the attribute "mitigated by" linked correct?
-        - Check if the correct failure effect is linked via "mitigated by".
-        - The "mitigated by" link is correct.
-        - <yes|no>
-        -
-      * - REQ_01_07
-        - Is the sufficiency of the "mitigated by" (prevention, detection or mitigation) clearly described or easily recognizable?
-        - The sufficiency of the "mitigated by" is described in the content of the document. It can be recognized easily.
-        - The "mitigated by" shows clearly that a fault / failure can be mitigated by the linked requirement by prevention, detection or mitigation. It shall be described in the content.
-        - <yes|no>
-        -
-      * - REQ_01_08
-        - Is the overall result of the Safety Analysis described in the report?
-        - It shall be shown in the report if the Safety Analyses are finished and if all artifacts are "valid" and "sufficient".
-        - The results of the Safety Analyses are described in the report. The report is available :need:`wp__verification_platform_ver_report`.
-        - <yes|no>
-        -
+      :widths: 10,10,30,30,20
+
+      * - ID
+        - Safety analysis activity
+        - Compliant to ISO 26262?
+        - Reference
+        - Comment
+
+      * - 1
+        - Is it plausible that each potential identified dependent failure that has been identified, will lead to a dependent failure which cause a violation of FFI?
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_742>`
+        - <Rationale for result>
+
+      * - 2
+        - Are the failure initiators :need:`[[title]] <gd_guidl__dfa_failure_initiators>` / fault models :need:`[[title]] <gd_guidl__fault_models>` applied?
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_744>`
+        - <Rationale for result>
+
+      * - 3
+        - Are measures defined to resolute the identified potential dependent failures?
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_746>`, :need:`[[title]] <std_req__iso26262__analysis_747>`
+        - <Rationale for result>
+
+      * - 4
+        - Is the result of the safety analysis indicate if the safety requirements are complied?
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_842>`
+        - <Rationale for result>
+
+      * - 5
+        - Are for all not complied safety requirements mitigations defined to resolute the non-compliance? The mitigations shall have a direct influence on the violation by prevention, detection or mitigation to reduce the risk to an acceptable level.
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_843>`
+        - <Rationale for result>
+
+      * - 6
+        - Are the mitigations effective and implemented?
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_844>`
+        - <Rationale for result>
+
+      * - 7
+        - Are the templates for DFA and/or FMEA used? See :ref:`dfa_templates` / :ref:`FMEA_templates` and also :ref:`process_requirements_safety_analysis`
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_748>`, :need:`[[title]] <std_req__iso26262__analysis_849>`, :need:`[[title]] <std_req__iso26262__analysis_8410>`
+        - <Rationale for result>
@@ -47,53 +47,52 @@ Please note that it is mandatory to fill in the "passed" column with "yes" or "n
 
 .. list-table:: Safety Analysis Checklist
       :header-rows: 1
-      :widths: 10,30,30,15,8,8
-
-      * - Review ID
-        - Acceptance Criteria
-        - Guidance
-        - Passed
-        - Remarks
-        - Issue link
-      * - REQ_01_01
-        - Is / are the attribute sufficient set correctly?
-        - The mitigations shall have a direct influence ont the violation by prevention, detection or mitigation to reduce the risk to an acceptable level.
-        - The mitigations are sufficient.
-        - <yes|no>
-        -
-      * - REQ_01_02
-        - Are the templates for DFA and/or FMEA used?
-        - See :ref:`dfa_templates` / :ref:`FMEA_templates` and also :ref:`process_requirements_safety_analysis`
-        - Templates are used to generate the DFA or / and FMEA.
-        - <yes|no>
-        -
-      * - REQ_01_03
-        - Were the failure initiators / fault models applied?
-        - See :need:`gd_guidl__dfa_failure_initiators` / :need:`gd_guidl__fault_models`
-        - The applicable items of the failure initiators / fault models are used to ensure a structured analysis. For all not applicable items an argument shall be given in the content of the document.
-        - <yes|no>
-        -
-      * - REQ_01_04
-        - Are the failure effects clearly and completely described?
-        - Use the generic failure effect descriptions and enlarge the description if it's applicable to the considered element.
-        - The effects of the failure is described completely. The effect can be recognized easily.
-        - <yes|no>
-        -
-      * - REQ_01_06
-        - Is the attribute "mitigated by" linked correct?
-        - Check if the correct failure effect is linked via "mitigated by".
-        - The "mitigated by" link is correct.
-        - <yes|no>
-        -
-      * - REQ_01_07
-        - Is the sufficiency of the "mitigated by" (prevention, detection or mitigation) described or can it be recognized easily?
-        - The sufficiency of the "mitigated by" is described in the content of the document. It can be recognized easily.
-        - The "mitigated by" shows clearly that a fault / failure can be mitigated by the linked requirement by prevention, detection or mitigation. It shall be described in the contend.
-        - <yes|no>
-        -
-      * - REQ_01_08
-        - Is the overall result of the Safety Analysis described in the report?
-        - It shall be shown in the report if the Safety Analysis are finished and if all artifacts are "valid" and "sufficient".
-        - The results of the Safety Analysis are described in the report. The report is available :need:`wp__verification_platform_ver_report`.
-        - <yes|no>
-        -
+      :widths: 10,10,30,30,20
+
+      * - ID
+        - Safety analysis activity
+        - Compliant to ISO 26262?
+        - Reference
+        - Comment
+
+      * - 1
+        - Is it plausible that each potential identified dependent failure that has been identified, will lead to a dependent failure which cause a violation of FFI?
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_742>`
+        - <Rationale for result>
+
+      * - 2
+        - Are the failure initiators :need:`[[title]] <gd_guidl__dfa_failure_initiators>` / fault models :need:`[[title]] <gd_guidl__fault_models>` applied?
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_744>`
+        - <Rationale for result>
+
+      * - 3
+        - Are measures defined to resolute the identified potential dependent failures?
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_746>`, :need:`[[title]] <std_req__iso26262__analysis_747>`
+        - <Rationale for result>
+
+      * - 4
+        - Is the result of the safety analysis indicate if the safety requirements are complied?
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_842>`
+        - <Rationale for result>
+
+      * - 5
+        - Are for all not complied safety requirements mitigations defined to resolute the non-compliance? The mitigations shall have a direct influence on the violation by prevention, detection or mitigation to reduce the risk to an acceptable level.
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_843>`
+        - <Rationale for result>
+
+      * - 6
+        - Are the mitigations effective and implemented?
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_844>`
+        - <Rationale for result>
+
+      * - 7
+        - Are the templates for DFA and/or FMEA used? See :ref:`dfa_templates` / :ref:`FMEA_templates` and also :ref:`process_requirements_safety_analysis`
+        - [YES | NO ]
+        - :need:`[[title]] <std_req__iso26262__analysis_748>`, :need:`[[title]] <std_req__iso26262__analysis_849>`, :need:`[[title]] <std_req__iso26262__analysis_8410>`
+        - <Rationale for result>
@@ -226,8 +226,8 @@ for the static architecture a UML component diagram is expected (and supported b
 Dynamic architecture
 --------------------
 The :need:`doc_concept__arch_process` shows the usage of UML sequence diagrams to describe dynamic
-behaviour. This is also the expected default diagram. Alternatively, state machine diagrams can be used
-to describe stateful behaviour. Other types like the activity diagram are not encouraged to use,
+behavior. This is also the expected default diagram. Alternatively, state machine diagrams can be used
+to describe stateful behavior. Other types like the activity diagram are not encouraged to use,
 if an activity diagram is used instead of a sequence diagram, this has to be argued as part of the
 architecture description.
 

@@ -75,7 +75,7 @@ Fault Models for sequence diagrams
       - High
     * - execution
       - EX_01_01
-      - Process calculates wrong result(s) (is a subset/more precise description of MF_01_05 or MF_01_04)
+      - Process calculates wrong result(s) (is a subset/more precise description of MF_01_05 or MF_01_04). This failure mode is related to the analysis if e.g. internal safety mechanisms are required (level 2 function, plausibility check of the output, …) because of the size / complexity of the feature.
       - High
     * - execution
       - EX_01_02

@@ -50,7 +50,7 @@ The attributes of the template are described in :ref:`process_requirements_safet
 #. Replace the placeholders in the "id" attribute with the name of the feature or component and a short description of the element so that it can be easily identified.
 #. Document the fault ID from the fault model :need:`gd_guidl__fault_models` that applies to the element in the "fault_id" attribute.
 #. Describe the failure effect of the fault model on the element in the "failure_effect" attribute. Use the failure mode description and enlarge the if it's applicable to the considered element.
-#. Document the safety mitigation. This can be a detection, prevention or mitigation of the fault.
+#. Document the safety mitigation. This can be a detection, prevention or mitigation of the fault. If only testability is defined as mitigation measure, complexity requirements shall be allocated to the feature/component.
 #. If there is no mitigation or existing mitigation is not sufficient a mitigation issue has to be created in the Issue Tracking system and linked in the "mitigation_issue" attribute.
 #. The analysis is finished, if for each identified fault a sufficient mitigation exists.
 #. Unless the attribute sufficient is yes, mitigation and argument attribute can be still empty.
@@ -79,7 +79,7 @@ The attributes of the template are described in :ref:`process_requirements_safet
 #. Replace the placeholders in the "id" attribute with the name of the feature or component and a short description of the element so that it can be easily identified.
 #. Document the failure ID from the failure initiator :need:`gd_guidl__dfa_failure_initiators` that applies to the element in the "failure_id" attribute.
 #. Describe the failure effect of the failure initiator on the element in the "failure_effect" attribute. Use the violation cause description and enlarge the if it's applicable to the considered element.
-#. Document the safety mitigation. This can be a detection, prevention or mitigation of the fault.
+#. Document the safety mitigation. This can be a detection, prevention or mitigation of the fault. If only testability is defined as mitigation measure, complexity requirements shall be allocated to the feature/component.
 #. If there is no mitigation or the mitigation is not sufficient a mitigation issue has to be created in the Issue Tracking system and linked in the "mitigation_issue" attribute.
 #. The analysis is finished, if for each identified fault a sufficient mitigation exists.
 #. Unless the attribute sufficient is yes, mitigation and argument attribute can be still empty.