Damage Scenarios
A damage scenario is an adverse consequence involving the TOE, a vehicle, or a vehicle function and affecting the road user. There are four impact categories concerning the road user, as given by ISO/SAE 21434:
- Safety
- Financial
- Operational
- Privacy
The impact describes the magnitude of damage or physical harm from a damage scenario. There are four impact ratings defined according to the impact category:
- Severe
- Major
- Moderate
- Negligible
The tables below show the definition of impact ratings:
|
Impact rating |
Criteria for safety impact rating |
|---|---|
| Severe | S3: Life-threatening injuries (survival uncertain), fatal injuries |
| Major | S2: Severe and l life-threatening injuries (survival probable) |
| Moderate | S1: Light and moderate injuries |
| Negligible | S0: No injuries |
Tab. 1: Example: Safety impact rating criteria
|
Impact rating |
Criteria for financial impact rating |
|---|---|
| Severe | Catastrophic consequences which the affected road user might not overcome |
| Major | Substantial consequences which the affected road user will be able to overcome |
| Moderate | Inconvenient consequences which the affected road user will be able to overcome with limited resources |
| Negligible | No effect, negligible consequences or is irrelevant to the road user |
Tab. 2: Example: Financial impact rating criteria
|
Impact rating |
Criteria for operational impact rating |
|---|---|
| Severe |
Loss or impairment of a core vehicle function. Example 1: Vehicle not working or showing unexpected behaviour of core functions such as enabling of limp home mode or autonomous driving to an unintended location. |
| Major |
Loss or impairment of an important vehicle function. Example 2: Significant annoyance of the driver. |
| Moderate |
Partial degradation of a vehicle function. Example 3: User satisfaction negatively affected. |
| Negligible | No impairment or non-perceivable impairment of a vehicle function. |
Tab. 3: Example: Operational impact rating criteria
|
Impact rating |
Criteria for privacy impact rating |
|---|---|
| Severe |
Significant or even irreversible impact to the road user. The information regarding the road user is highly sensitive and easy to link to a PII principal. |
| Major |
Serious impact to the road user. The information regarding the road user is:
|
| Moderate |
Inconvenient consequences to the road user. The information regarding the road user is:
|
| Negligible |
No effect or, negligible consequences or is irrelevant to the road user. The information regarding the road user is not sensitive and difficult to link to a PII principal. |
Tab. 4: Example: Privacy impact rating criteria
You must fill in the reasoning field. If you leave this field empty and do your project validation, it will eventually give you an error because you have not filled in your reasoning.
Each damage scenario must be assigned precisely with one impact category and impact. If a damage scenario has several relevant impact categories, you should specify damage scenarios further to make them specific enough so that only one impact category applies. If you can not do that, you must assign the impact category that leads to the worst impact.
