Legal information

Copyright DB Netz AG, licensed under CC-BY SA 3.0 DE (see full text in CC-BY-SA-3.0-DE)

ARCH.916 Incorporate risk control measures in the system needs

RCAMT-275 - Define modelling rules in ARCH for expressing maximum allowed wrong-side failure rates BACKLOG

RCAMT-616 - Update of Input/Output for some ARCH process steps and improve understanding of incorporate risk control measures Finished

Goal

Capture the definition set of functions, functional exchanges, information/data and states that are needed for risk control to achieve a system capability.

Requirements met by this process step

ISO 15288 6.4.3.3 b) 3

Inputs

AMOD-056 System functions and exchanges (single system capability)

AMOD-058 Initial system exchange scenario

AMOD-059 Initial system functional chain description

AMOD-112 System common data objects [S.CDB]

AMOD-113 System exchange items [S.CDB]

AMOD-114 System interface definition

AMOD-115 External interface behaviour [S.ES]

AMOD-055 System functions to state allocation map [Matrix]

AMOD-060 System/actor states

(to be confirmed) AMOD-032 Allocated risk control measures

Method for definition of scenarios

Outputs

AMOD-056 System functions and exchanges (single system capability) (updated)

AMOD-117 System exchange scenarios with risk control measures [S.ES]

AMOD-118 System functional chain descriptions with risk control measures [SFCD]

AMOD-112 System common data objects [S.CDB] (updated)

AMOD-113 System exchange items [S.CDB] (updated)

AMOD-114 System interface definition (updated)

AMOD-115 External interface behaviour [S.ES] (updated)

AMOD-055 System functions to state allocation map [Matrix] (updated)

AMOD-060 System/actor states (updated)

Methodology

Content

1. Update system functions with risk control measures

This task updates AMOD-056 by implementing risk mitigations as follows:

For every entry in the allocated risk control measures,

where the risk mitigation specifies a new function,

create a new function;

create appropriate functional exchanges between the new function and existing functions;

where the risk mitigation specifies a behavior contraint this should be documented in the description of the function

where the risk mitigation specifies a non-functional attribute against a function on the current diagram

capture the attribute(s) according to methods to be defined in RCAMT-160 - REQ: Define patterns, methodology and modelling rules for NFRs / ARCH Define the methodology for modelling non-functional attributes Paused

2. Create system exchange scenarios with risk control measures

This task creates AMOD-117 by implementing risk mitigations as follows: 

Taking the initial exchange scenario as a base, create a new exchange scenario, now incorporating any new functions required to mitigate risks.

See the chapter "Specific guidance for scenarios applicable at the system analysis" in Method for definition of scenarios for more guidance.

3. Create system functional chains with risk control measures

This task creates AMOD-118 by implementing risk mitigations as follows:

Taking the initial functional chain description as a base, create a new functional chain description, now incorporating any new functions required to mitigate risks.

4. Update system data with risk control measures

This task updates AMOD-112 and AMOD-113 by implementing risk mitigations as follows: 

For every entry in the risk logs,

where the risk mitigation specifies the need for additional system data items

create new elements (exchange items, data objects as necessary)

allocate new elements to appropriate exchanges between system functions

where the risk mitigation specifies a non-functional attribute on system data

capture the attribute(s) according to methods to be defined in RCAMT-160 - REQ: Define patterns, methodology and modelling rules for NFRs / ARCH Define the methodology for modelling non-functional attributes Paused

among others, examples are constraints on data separation, redundancy.

5. Update system interface model with risk control measures

This task updates AMOD-114 and AMOD-115 by implementing risk mitigations as follows:

For every entry in the allocated risk control measures,

where the risk mitigation specifies new interface layers and/or behaviours during the delivery of the current system capability,

these should be added to the relevant view (or, if necessary, new views should be created);

where the risk mitigation specifies a non-functional attribute against an interface layer and/or behaviour on the current diagram

capture the attribute(s) according to methods to be defined in RCAMT-160 - REQ: Define patterns, methodology and modelling rules for NFRs / ARCH Define the methodology for modelling non-functional attributes Paused

See the chapter "Specific guidance for scenarios applicable at the system analysis" in Method for definition of scenarios for more guidance.

6. Update system states

This task updates AMOD-055 and AMOD-060 by implementing risk mitigations as follows:

During risk assessment for a system exchange scenario, new states may be identified for the mitigation of a risk that arises during the delivery of the current system capability.

Either update existing instances of view AMOD-060 or, where no statefulness was previously identified for an operational actor/entity, create a new one.


Tools and non-human resourcesTeam for Capella
CardinalityOnce per system capability
Completion criteria
  • The output view conforms to its modelling rules.
  • The risk control measures included are appropriate and adequate for mitigating the risks associated with the system capability.
  • All new functional exchanges identified during risk assessment for this system capability are supported with an appropriate set of data items.
  • All new states identified during risk assessment for this system capability are captured on the appropriate view.
  • All new interface layers identified during risk assessment for this system capability are accurately modelled for their structure and behaviour.
Design reviewARCH.R.3 System capability review
Step done by (Responsible)Lead system architect
Provides input to/assists (Contributes)
  • System architect
  • Engineer
  • Cross-cutting engineer
  • RAMS manager
Uses outputs (Informed)RAMS manager