SafSec is a method of managing safety and security risks in a system development project.
By addressing the safety and security requirements in an integrated approach, early in the lifecycle, the likelihood of resolving
conflicts and gaining certification will be mitigated early
on in that lifecycle.
 Through the use of a unified risk assessment,
covering hazards, threats and the operational requirements, the subsequent design
will be risk directed, ensuring all requirements are designed in at the beginning
which results in the levels of risk and the residual risk being acceptable.
This will lead to reduced risks in gaining certification pre-inservice
and in minimised costs to attaining the same. Why are the costs
minimised... because re-use of the evidence and arguments, illustrating that
risks are acceptably mitigated, is maximised within safety and security certification
domains.
Modularity within system
architecture and certification eases future upgrades through lessening the impact
of changes within the system. The issue of obsolescence gets
larger with the passage of time therefore contracts, or interface definitions
, on a module1 level enable modular certification
to take place at that module level which in turn enables modules to be replaced/upgraded
by re-use of component cases. The use of COTS and legacy is also addressed with modularity as the identification of their interface definition
sets the expectation placed upon them and the level of risk that they pose,
and hence the required mitigation's, to ensure their acceptability.
Standards change to stay in line with current
best practice, e.g. DefStan 00-56 issue 3 and expected change in Common
Criteria. There fore compliance against the current safety
and security standards will cost more if the current program structure is not
as up-to-date as the standards. SafSec helps you to be more agile in following standards by giving you a goal based,
product centric approach, rather than a technology or process-centric approach.
The SafSec Methodology (SafSec Standard and Guidance
Document) will give you a solid plan to execute to gain
certification. It will reduce both your development risk and your ownership
risk.
1 Module = generic
term for physical component, subsystem, software package, or a combo of h/w
& s/w. Modules may include social elements as well as technical components. Proceed to...
Back to SafSec Resources | Back to top of page
|
