An Assurance Framework for Independent Co-assurance of Safety and Security
This addresses the problem of mismatched processes and lack of adoption in co-assurance for safety and security practitioners, though it appears incremental as an alternative approach rather than a new paradigm.
The paper tackles the difficulty of integrated safety and security assurance for complex systems by proposing a Safety-Security Assurance Framework (SSAF) that enables independent co-assurance, shifting focus from simplified unification to integration through synchronized information exchange.
Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons such as mismatched processes, inadequate information, differing use of language and philosophies, etc.. Many co-assurance techniques rely on disregarding some of these challenges in order to present a unified methodology. Even with this simplification, no methodology has been widely adopted primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to unified co-assurance which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. With this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronisation activities.