|
With any system there are certain types of failures that have more severe consequences than others. This applies equally to information systems as to process control systems / embedded equipment. The nature may be confidentiality or fraud as opposed to plant or personnel safety but the concept remains the same.
Given limited time and resources it is good practice to focus more assurance on these risk areas. However simply directing the team to do more work on these areas is not an effective approach. To be effective additional activities that focus on the risks are required. These activities are Hazard / Threat Analysis and Failure Analysis.
In this process the high risk area is targeted with:
- Hazard / Threat Analysis - Examines the operational role of the system together with the system definition and identifies potential high risk failures. It also examines the use & environment of the system to identify threats either intentional or accidental that could lead to failures. The analysis is a closed loop process in that having identified issues it recommends changes to the system definition that reduce the risk.
- Failure Analysis - An analysis of the design of the system is performed guided by the results of the Hazard / Threat Analysis. Failure analysis identifies chains of events that could lead to high risk failures. It recommends changes to the design to put in place mechanisms to recover from anomalies before a severe failure is triggered.
- Focused Implementation Assessment - Additional Assurance Requirements are developed from the Hazard / Threat Analysis and Failure Analysis output. These ensure that as part of the Assessment of the Implemented System:
- The system is subjected to threatening scenarios identified as part of the hazard analysis to assess their impact.
- Recovery mechanisms built into the system are tested by simulating the initiating anomalies within the system.
- Components of the system able to initiate high risk internal anomalies are targeted to eliminate potential causes of these anomalies.
This approach has developed over many years in the safety critical and high integrity systems industry. It is important to understand that they are not 'cookbook' techniques. Achieving effective results depends upon an understanding of the underlying principles and an ability to adapt the approach to suit the system and it's application domain. Experienced practitioners are required if these approaches are to be used.
|
