Copyright DB Netz AG, licensed under CC-BY SA 3.0 DE (see full text in CC-BY-SA-3.0-DE)
ARCH.018 Identify internal & external issues affecting successful security
SM-2754
-
Populate Confluence page for activity definition: ARCH.018 Identify internal & external issues affecting successful security
Created
Goal | Gain an understanding of the complete set of regulations that must be complied with i.e. all the sources of regulatory requirements. |
---|---|
Requirements met by this process step | ISO 27001 4.1 |
Inputs | Expert knowledge Standards DB regulatory framework |
Outputs | Consolidated list of security requirements including rationales. |
Methodology | There are multiple possible sources of definitions for security losses or threats that may results in unsafe situations. This task is to arbitrate between any conflicting regulatory requirement and arrive at a single decision for each type of requirement. For example, if security threats are defined differently in several places, this task includes the decision on a preferred source for the securty threat. |
Tools and non-human resources | Any preferred documentation tool (suggestion: document first in a Confluence page) |
Cardinality | One-off with revisions allowed |
Completion criteria | All relevant legislation and regulations have been identified In case of contradicting or overlapping security requirements consolidated requirements have been derived and rationalized. |
Design review | |
Step done by (Responsible) | System RAMS manager |
Completion criteria evaluated by (Accountable) | TBD. |
Provides input to/assists (Contributes) | None identified |
Reviews (Contributes) | TBD. |
Uses outputs (Informed) | None identified |