Since safety is the absence of unreasonable risk, it is logical that the risk must be determined in order to determine whether it is unreasonable. This may not necessarily be a numerical value, but it should be actionable in order to mitigate unacceptable risks and make them acceptable.

In ISO 26262, risk is considered the combination of the probability of occurrence of harm and the severity of that harm, where harm is damage to persons. Probability of occurrence and severity are not used to calculate a risk value in ISO 26262, but are estimated separately and combined with controllability to determine an automotive safety integrity level (ASIL). This ASIL is used to index requirements from the standard. In order to determine the occurrence of harm, it is necessary to know how, and under what circumstances, that harm can occur. For example, if a system can cause a random accident on a highway, and the harm is death, then statistics can be found for this probability, or it may be estimated. For an automotive system, this process leads to an evaluation of what the system can do when it fails – and when it is operated correctly, even if misused – to cause harm. This extreme operation may not be the system's expected functionality but could be if the system contains some automated functions.

The risk determined as a result of failure due to a fault in the system is evaluated using ISO 26262 and assigned an ASIL. Then, the probability ...