Copyright DB Netz AG, licensed under CC-BY SA 3.0 DE (see full text in CC-BY-SA-3.0-DE)
ARCH.029 Allocate risk control responsibilities (op. activity to op. entity/actor)
SM-2765
-
Populate Confluence page for activity definition: ARCH.029 Define and allocate safety responsibilities (op. activity to op. entity/actor)
Finished
Goal | Identify the operational entities or actors responsible for risk control measures. |
---|---|
Requirements met by this process step | CSM-SMS guidance 1.1 c), 2.3.1, 2.3.4, 3.1.1.1 e) (for safety) RiL 114.0201 (for security) |
Inputs | Definitions of operational risk control measures (as produced by ARCH.028, ARCH.015 and ARCH.022) and modelled in the various views of ARCH.904) AMOD-022 Enterprise & environment definition AMOD-028 Operational activities and interaction definitions (single operational capability) |
Outputs | |
Methodology | This step should be done jointly by the system architect, security architect and RAMS architect. For each operational activity that is defined as a risk reduction measure allocate the operational activity to the appropriate operational entity or actor. This activity should be reasonably straightforward. The core objective is to distinguish risk control measures that are completely external to the wider system of interest (in which case, they are less likely to be supported by SysABB) from measures that the wider system of interest is responsible for - in which case, they could become wholly or partly requirements on SysABB. If the activity could be done by more than one operational entity, then it should be replicated and a replica allocated to each actor. If the activity is too big to be allocated to one operational entity then it should be split and the parts allocated to the appropriate operational entity (although it is acceptable to leave it as a duty of an operational entity even if they cannot do it all by themselves - because this kind of operational activity can be pushed down by ARCH.049 as a system capability and the internal functions distributed between actors and the system). In general, the preference should be to allocate responsibility to existing actors/entities rather than creating new ones. |
Tools and non-human resources | Team for Capella |
Cardinality | Once per operational capability |
Completion criteria | All the operational activities identified as risk control measures for this operational capability have been allocated to an operational actor or entity. |
Design review | |
Step done by (Responsible) | System architect RAMS architect Security architect |
Provides input to/assists (Contributes) | None identified |
Uses outputs (Informed) | None identified |