Search for:

Who Is Ascent?

Corporate Profile

Why use Ascent?




Verification and Validation



Hazard Analysis


Software Development



Ascent Home Page


What is Hazard Analysis?



Hazard analysis is a process used to determine how a system can cause hazards to occur and then reducing the risks to an acceptable level. The process consists of: (1) the developer of the system determining what could go wrong with the system, (2) determining how the effects of the failure can be mitigated, and (3) implementing and testing mitigations.

System Level

The analysis must start with the system level and include the component, the user (if any), operator (if any), and environment hazards. Once the hazards are determined and the risk assessment (with predefined quantitative definitions) is assigned, the hazards can be assigned to hardware and/or software as appropriate.

Software Level

The software hazards are then further broken down into a Fault Tree, which is a top-down approach to determine the functions that cause and the ones that mitigate the associated hazards. At the end of the fault tree analysis, the safety engineer needs to show the risk is lower due to the mitigations in place. The mitigations must be testable in order for the developer to demonstrate to the FDA that they have installed the mitigation and it is effective.

Performing Hazard Analysis

There are several methods available for performing the hazard analysis. The most common types are Failure Modes and Effects Analysis (FMEA) and Fault Tree Analysis (FTA). Since the software does not have a meantime between failures (MTBF), Ascent has found the FTA method to be superior in the software safety analysis.

Levels of Risk

Ascent uses a three-range process for determining acceptable levels of risk. The three ranges are acceptable, ALARP, and unacceptable, which are defined below:

  1. ACCEPTABLE - The risk is low enough that no further mitigation is required. Generally, the acceptable range has a very low probability of occurrence and also does not have a severe hazard associated with it.
  2. ALARP (As Low As Reasonably Possible) - The risks associated with the ALARP range are of the type which the developer should lower the risk as far as reasonable with management input. The cost of lowering the risk needs to be weighed against the cost of leaving the risk as it is.
  3. UNACCEPTABLE - All risk factors in the unacceptable range must be mitigated into at least the ALARP region. If any hazards are still in this range at the end of the project, they must be listed as safety concerns in the final hazards report. The management of the company selling the module needs to include an explanation of why it is left in the "unacceptable" region to the FDA.

The determination of how faults can occur requires an individual or team of people with extensive experience in the development of similar types of systems such as real-time embedded systems, PC systems, workstations, or other like processes. Ascent Technologies uses a structured process for the development of software, which greatly enhances the ability of the safety engineers in the performance of hazard analysis.


Ascent Home Page


Send email to: with questions or comments about this web site.

Copyright 1999-2016 Ascent Technologies

Last modified: July 2016