Copyright DB Netz AG, licensed under CC-BY SA 3.0 DE (see full text in CC-BY-SA-3.0-DE)
ARCH.904 Incorporate risk control measures in the operational needs
RCAMT-616
-
Update of Input/Output for some ARCH process steps and improve understanding of incorporate risk control measures
Finished
Goal | Define how an operational capability will be fulfilled via implementation of identified risks to an acceptable level. |
---|---|
Requirements met by this process step | ISO 15288 6.3.4 d) 2 ISO 15288 6.4.1.3 b 2) CSM-SMS guidance 1.1a) EN 50126-1 7.2.2 a) |
Inputs | AMOD-028 Operational activities and interaction definitions (single operational capability) AMOD-027 Operational bare business scenario AMOD-137 Single operational capability context AMOD-021 Operational capabilities definition AMOD-023 Operational entity/actor states AMOD-022 Enterprise & environment definition AMOD-110 Operational exchange items [O.CDB] AMOD-105 Operational data objects [O.CDB] (reference only): |
Outputs | AMOD-033 Operational business scenario with risk control measures AMOD-035 Operational business process with risk control measures AMOD-028 Operational activities and interaction definitions (single operational capability) (updated) AMOD-110 Operational exchange items [O.CDB] (updated) AMOD-105 Operational data objects [O.CDB] (updated) AMOD-023 Operational entity/actor states (updated) |
Methodology | Content
1. Update operational activities and interactionsThis task updates AMOD-028 by implementing risk mitigations as follows:For every entry in the risk logs, where the risk mitigation specifies a new operational activity, create a new operational activity; create appropriate interactions between the new operational activity and existing activities; where the risk mitigation specifies a non-functional requirement against an operational activity on the current diagram create a new non-functional requirement with content matching the risk mitigation; link the non-functional requirement to the activity specified in the risk mitigation. 2. Create operational scenario with risk control measuresThis task creates AMOD-033 by implementing risk mitigations as follows: Begin by setting out the interactions of the scenario for the bare business scenario. Ensure that all the non-success paths identified in the deviation analysis are now represented on the scenario. See the chapter "Specific guidance for scenarios applicable at the operational analysis" in Method for definition of scenarios for more guidance. 3. Create operational process with risk control measuresThis task creates AMOD-035 by implementing risk mitigations as follows: Begin by setting out the activities and interactions of the bare business process, without linking them together with sequences. Then introduce any new activities and interactions identified through the risk assessment. Ensure that all non-success paths identified during the deviation analysis are now represented on the diagram. When all activities are placed sensibly in order, complete the sequence links. 4. Update operational dataFor every entry in the risk logs, where the risk mitigation specifies the need for additional operational data create new elements (exchange items, data object as necessary) allocate new elements to appropriate interactions between operational activities where the risk mitigation specifies a constraint on operational data update the exchange items, data objects as necessary review allocation of updated elements to ensure that elements allocating elements is still supported. examples are among others constraints on data separation, redundancy. 5. Update operational statesThis task updates AMOD-023 by implementing risk mitigations as follows: During risk assessment for an operational scenario, new states may be identified for operational entities or actors, that were not known before. Either update existing instances of view AMOD-023 or, where no statefulness was previously identified for an operational actor/entity, create a new one. This activity should be done in parallel with the initial analysis of an operational capability. 6. Update operational activity to state mappingThis task updates the activity to state mapping, if an activity is active in a specific state. 7. Update dependencies and pre/post conditionsThis task updates AMOD-137 and AMOD-021 by implementing risk mitigations as follows: After risk control measures have been elaborated there is a clear vision about the boundary of the operational capability of interest. The AMOD-137 can then be updated in terms of dependencies along with the pre and post condition. This time, it is necessary to align with the owner of the other operational capabilities connected to the operational capability of interest. E.g. with states of entities/actors AND/OR abstract concepts or exchange items to be evaluated. The end result should be that the operational capabilities start conditions correspond to the end conditions of other operational capabilities (and vice versa). Overlaps should be avoided. Gaps should be checked to ensure that nothing important has been missed. Depending of the number of dependencies, this process step can require a lot of time to align with the other operational capabilities. |
Tools and non-human resources | Team for Capella |
Cardinality | Once per operational capability |
Completion criteria |
|
Design review | |
Step done by (Responsible) | Operational concept architect |
Provides input to/assists (Contributes) | System architect Systems engineer Cross-cutting engineer |
Uses outputs (Informed) | RAMS manager (potentially) |