Hazard & Risk Analysis (HRA) — ISO/IEC/IEEE 15289 — Report | IEC 61508 Phase 3
Generated 2026-03-27 — UHT Journal / universalhex.org
| Hazard | Severity | Frequency | SIL | Safe State |
|---|---|---|---|---|
| H-001: Smoke spread via HVAC ducts due to failure to shutdown on fire alarm | catastrophic | low | SIL 3 | all supply fans de-energised, smoke extraction fans running, fire dampers closed |
| H-002: Access control doors fail to release during fire evacuation | catastrophic | low | SIL 3 | all access-controlled doors on evacuation routes fail-safe open (electromagnetic locks de-energised) |
| H-003: HVAC overcooling/overheating from sensor failure | major | medium | SIL 1 | HVAC output clamped to safe range (15-28°C), alarm raised to facility manager |
| H-004: Cyber intrusion via BACnet/Modbus network compromises building systems | critical | low | SIL 2 | network isolation — OT network air-gapped from IT, all controllers revert to local standalone mode |
| H-005: Legionella proliferation from DHW temperature control failure | catastrophic | low | SIL 2 | DHW heater energised to maintain >60°C storage, pasteurisation cycle forced, alarm to facilities |
| H-006: Stairwell pressurisation failure during fire evacuation | catastrophic | low | SIL 3 | pressurisation fans running at maximum, stairwell doors held closed by differential pressure |
Goal Structuring Notation per GSN Community Standard v3. Top goal decomposes into hazard mitigation sub-goals, each supported by SIL-allocated requirements and verification evidence.
flowchart TD
G0["<b>G0: Top Goal</b><br/>Smart Building Management System is acceptably safe"]
S0{"<b>S0: Strategy</b><br/>Argument by hazard<br/>mitigation per IEC 61508"}
G0 --> S0
G1["<b>G1: H-001</b><br/>Smoke spread via HVAC ducts due to failure to shutdown on fi...<br/>SIL 3"]
S0 --> G1
G2["<b>G2: H-002</b><br/>Access control doors fail to release during fire evacuation<br/>SIL 3"]
S0 --> G2
G3["<b>G3: H-003</b><br/>HVAC overcooling/overheating from sensor failure<br/>SIL 1"]
S0 --> G3
G4["<b>G4: H-004</b><br/>Cyber intrusion via BACnet/Modbus network compromises buildi...<br/>SIL 2"]
S0 --> G4
G5["<b>G5: H-005</b><br/>Legionella proliferation from DHW temperature control failur...<br/>SIL 2"]
S0 --> G5
G6["<b>G6: H-006</b><br/>Stairwell pressurisation failure during fire evacuation<br/>SIL 3"]
S0 --> G6 Machine-readable safety case structure. Import into GSN tools (Astah GSN, ASCE, NOR-STA).
# GSN Safety Case — Smart Building Management System
# Generated 2026-03-27
# Goal Structuring Notation (GSN) per GSN Community Standard v3
goals:
G0:
text: "Smart Building Management System is acceptably safe"
type: top-goal
supported_by: [S0]
strategies:
S0:
text: "Argument by hazard mitigation per IEC 61508"
supported_by: [G1, G2, G3, G4, G5, G6]
G1:
text: "H-001: Smoke spread via HVAC ducts due to failure to shutdown on fire alarm"
sil: 3
safe_state: "all supply fans de-energised, smoke extraction fans running, fire dampers closed"
supported_by: []
evidence: []
G2:
text: "H-002: Access control doors fail to release during fire evacuation"
sil: 3
safe_state: "all access-controlled doors on evacuation routes fail-safe open (electromagnetic locks de-energised)"
supported_by: []
evidence: []
G3:
text: "H-003: HVAC overcooling/overheating from sensor failure"
sil: 1
safe_state: "HVAC output clamped to safe range (15-28°C), alarm raised to facility manager"
supported_by: []
evidence: []
G4:
text: "H-004: Cyber intrusion via BACnet/Modbus network compromises building systems"
sil: 2
safe_state: "network isolation — OT network air-gapped from IT, all controllers revert to local standalone mode"
supported_by: []
evidence: []
G5:
text: "H-005: Legionella proliferation from DHW temperature control failure"
sil: 2
safe_state: "DHW heater energised to maintain >60°C storage, pasteurisation cycle forced, alarm to facilities"
supported_by: []
evidence: []
G6:
text: "H-006: Stairwell pressurisation failure during fire evacuation"
sil: 3
safe_state: "pressurisation fans running at maximum, stairwell doors held closed by differential pressure"
supported_by: []
evidence: []
solutions: