Legal information

Copyright DB Netz AG, licensed under CC-BY SA 3.0 DE (see full text in CC-BY-SA-3.0-DE)

ARCH.029 Allocate risk control responsibilities (op. activity to op. entity/actor)

SM-2765 - Populate Confluence page for activity definition: ARCH.029 Define and allocate safety responsibilities (op. activity to op. entity/actor) Finished

GoalIdentify the operational entities or actors responsible for risk control measures.
Requirements met by this process step

CSM-SMS guidance 1.1 c), 2.3.1, 2.3.4, 3.1.1.1 e) (for safety)

RiL 114.0201 (for security)

Inputs

Definitions of operational risk control measures (as produced by ARCH.028, ARCH.015 and ARCH.022) and modelled in the various views of ARCH.904)

AMOD-022 Enterprise & environment definition

AMOD-028 Operational activities and interaction definitions (single operational capability)

Outputs

AMOD-024 Operational activity definition and allocation

AMOD-032 Allocated risk control measures

Methodology

This step should be done jointly by the system architect, security architect and RAMS architect.

For each operational activity that is defined as a risk reduction measure allocate the operational activity to the appropriate operational entity or actor.

This activity should be reasonably straightforward. The core objective is to distinguish risk control measures that are completely external to the wider system of interest (in which case, they are less likely to be supported by SysABB) from measures that the wider system of interest is responsible for - in which case, they could become wholly or partly requirements on SysABB.

If the activity could be done by more than one operational entity, then it should be replicated and a replica allocated to each actor.

If the activity is too big to be allocated to one operational entity then it should be split and the parts allocated to the appropriate operational entity (although it is acceptable to leave it as a duty of an operational entity even if they cannot do it all by themselves - because this kind of operational activity can be pushed down by ARCH.049 as a system capability and the internal functions distributed between actors and the system).

In general, the preference should be to allocate responsibility to existing actors/entities rather than creating new ones.

Tools and non-human resourcesTeam for Capella
CardinalityOnce per operational capability
Completion criteriaAll the operational activities identified as risk control measures for this operational capability have been allocated to an operational actor or entity.
Design review

ARCH.R.1 Operational capability review

ARCH.R.2 Operational review - consolidated

Step done by (Responsible)

System architect

RAMS architect

Security architect

Provides input to/assists (Contributes)None identified
Uses outputs (Informed)None identified