6 Part 6: V-Modell Reference Activities

6.3 Activities

6.3.7 Requirements and Analyses

6.3.7.8 Performing and Evaluating Safety and Security Analysis

Work Product:

Safety and Security Analysis

Method Reference:

Design Verification, Fault/Reliability Analysis

Tool reference:

Construction/Simulation

Purpose

The »Safety and Security Analysis will be made for those system elements that were identified to be safety-relevant in the related implementation, integration and evaluation concepts.

During the development the »System will be subdivided into subsystems ( »Segments, »Hardware Units, »Software Units, »Hardware Components, »Hardware Modules, »Software Components, »Software Modules ). Each of these subsystems, just like its parent system, will be associated with a risk. In each decomposition step this risk shall be determined and specified.

On the basis of the contractually specified safety requirements/risk acceptance a hazard and risk analysis shall be made to decide in the system development process which hazards will exist, what the resulting risk will be and how risk reduction measures can be used to reduce the risk to an acceptable level. In particular the following steps will be required for each system element:

In this context it will also have to be checked whether for risk reduction technical measures - such as design changes - or organizational measures - such as changes in the planning - shall be preferred. If design changes are necessary, the desire to make a change shall be reported via a problem report or a change request. If several alternatives for risk reduction are available, this will be stated in the desire for change and incorporated in the change proposal. If no solution is found, a solution to this topic has to be found together with the acquirer.

6.3.7.8.1 Identifying Hazards and Classifying Damage

Work Product:

Safety and Security Analysis

For each system element (architectural element or hardware/software component) the potential hazards that may lead to an occurrence of damage shall be determined. For each identified hazard the damage level shall be determined and the damage class - depending on the damage category concerned - shall be allocated.

6.3.7.8.2 Performing System Safety and Security Analysis

Work Product:

Safety and Security Analysis

For each system-critical system element a »Safety and Security Analysis shall be made. For each identified hazard possible causes and their related risks shall be estimated and evaluated with regard to occurrence, importance and detection. If the result of the evaluation is a value that exceeds a defined threshold value or is outside of the accepted range, risk reduction measures shall be defined for the system element considered. The results of the analysis - causes, occurrence probabilities, risks and risk acceptance - shall be documented.

6.3.7.8.3 Identifying and Determining Risk Reduction Measures

Subject:

Safety and Security Analysis: Safety and Security Measures

For all risks rated not acceptable in the »Safety and Security Analysis, risk reduction measures shall be determined. These measures will influence on the one hand - in the form of engineering measures such as redundancy, identification, authentication and access control - the realization and on the other hand, when analytical QA measures are concerned, the testing procedure. The risk reduction measures shall be selected from the safety and security specifications of the project manual.

The identified measures shall be analyzed and evaluated with regard to their impact during the execution. In this process for example the degree of risk reduction or the effort required for implementation shall be determined. Beyond that also the impact on activation, operation, deactivation and the operating personnel can be determined. The results of this analysis and evaluation shall be documented and used as a basis for determining appropriate measures for the implementation of a risk reduction effort. The decision making process in turn also shall be documented.

If no suitable »Safety and Security Measures are found or if additional promising risk reduction measures exist or are conceivable, then negotiations shall be conducted with the acquirer, and the solution found this way shall be requested and documented in a problem report or a change request.

Part 1: Fundamentals of the V-Modell
Part 2: A Tour through the V-Modell
Part 3: V-Modell Reference Tailoring
Part 4: V-Modell Reference Roles
Part 5: V-Modell Reference Work Products
Part 6: V-Modell Reference Activities
Introduction
Overview of the Activity Model of the V-Modell
Activities
Supply and Contracting
Planning and Control
Reporting
Configuration and Change Management
Evaluation
Acquisition and Contracting
Requirements and Analyses
Determining Requirements Overall Project
Preparing Overall Project Requirements Evaluation
Determining Requirements
Preparing Requirements Evaluation
Analyzing User Tasks
Preparing Data Protection Concept
Preparing Information Security Concept
Performing and Evaluating Safety and Security Analysis
Identifying Hazards and Classifying Damage
Performing System Safety and Security Analysis
Identifying and Determining Risk Reduction Measures
Analyzing Legacy System
Performing Market Survey for Off-the-Shelf Products
Performing Make-or-Buy Decision
System Elements
System Specifications
System Design
Logistic Elements
Logistic Conception
Process Improvement
Activity Index (According to Disciplines)
Activity Index (alphabetically)
List of Figures
Part 7: V-Modell Reference Mapping to Standards
Part 8: Annex
Part 9: Templates