Legal information

Copyright DB Netz AG, licensed under CC-BY SA 3.0 DE (see full text in CC-BY-SA-3.0-DE)

ARCH.018 Identify internal & external issues affecting successful security

SM-2754 - Populate Confluence page for activity definition: ARCH.018 Identify internal & external issues affecting successful security Created

GoalGain an understanding of the complete set of regulations that must be complied with i.e. all the sources of regulatory requirements.
Requirements met by this process step

ISO 27001 4.1
RiL 114.0210 05 (5)

Inputs

Expert knowledge

Standards

DB regulatory framework

Outputs

Consolidated list of security requirements including rationales.

AMOD-145 Security compliance strategy

Methodology

There are multiple possible sources of definitions for security losses or threats that may results in unsafe situations.

This task is to arbitrate between any conflicting regulatory requirement and arrive at a single decision for each type of requirement.

For example, if security threats are defined differently in several places, this task includes the decision on a preferred source for the securty threat.

Tools and non-human resources

Any preferred documentation tool

(suggestion: document first in a Confluence page)

CardinalityOne-off with revisions allowed
Completion criteria

All relevant legislation and regulations have been identified

In case of contradicting or overlapping security requirements consolidated requirements have been derived and rationalized.

Design review
Step done by (Responsible)System RAMS manager
Completion criteria evaluated by (Accountable)TBD.
Provides input to/assists (Contributes)None identified
Reviews (Contributes)TBD.
Uses outputs (Informed)None identified