Strategic Workshop on
Enterprise Integration and Enterprise Computing
(Systems and Software Engineering Standards
in the Context of Enterprise Integration)
19-20 November 1998, Sanctuary Cove
POSITION STATEMENT
Jim Welsh
Software Verification Research Centre
University of Queensland
Australia, 4072
Email: jim@it.uq.edu.au
(Australian representative on ISO/IEC JTC1 SC7 WG9)
Abstract
Integration of the management of operational risks (and the consequent system integrity requirements) with the ‘normal’ systems and software engineering life cycles is an ongoing concern of Working Group 9 of ISO/IEC JTC1/SC7. This position paper postulates that
(a) effective integration of risk management is equally important at enterprise level, and
(b) ;useful parallels may exist between this integration of risk management and the integration/interaction problems arising from other enterprise integration concern.
Computer-based systems are increasingly used in applications that are critical in some senses, such as safety, security, mission, etc. Fly-by-wire aircraft, heart pacemakers, military or diplomatic communication networks, industrial process control are typical examples of such applications. Containment of the risks inherent in the application of these systems is a dominant consideration in their development.
One simple approach to development of such systems is to decide whether the overall system is critical or not, and if so to apply highly rigorous development techniques to all parts of the system. A system deemed to be non-critical may be developed using less rigorous techniques. This approach can be seen as ascribing to the system one of two integrity levels. A high-integrity system requires a high-integrity development process. A low-integrity system allows a low-integrity development process. Because of the disparity in techniques and processes involved, the two lifecycles can effectively be considered as disjoint.
A more sophisticated approach, increasingly used in critical systems development, is one which
This necessarily implies a more complex life cycle model which is capable of accommodating and reconciling the variation in integrity levels and techniques involved.
Development and application of appropriate standards is a key strategy in containing the risks associated with critical computer-based systems. A variety of standards already exist in various application sectors.
Within the overall activities of ISO/IEC JTC1/SC7, software integrity issues are the specific responsibility of Working Group 9 (Software Integrity). WG9 operates as a joint working group with IEC TC56 WG10 (Software aspects of dependability).
Todate, the joint working group has developed a standard for the determination of system and software integrity levels (ISO 15026). This is a generalisation of the multiple integrity levels process inherent in several existing or emerging sector standards, and is specifically designed for application in multiple risk dimensions (safety, security, mission, etc.).
The working group is now working on guides to the achievement of the requirements implied by integrity levels in the development of software components, but a key factor in the success of its efforts is achieving consistency between its own products and those of SC7 as a whole. With ISO 12207 (Software Life-Cycle Processes) currently under revision and ISO 15288 (System Life-Cycle Processes) under development, ensuring the consistency of these standards with the integrity management process inherent in ISO 15026 is a particular current concern.
In the context of the Strategic Workshop’s objectives, the preceding review of critical systems processes and standards provokes the following observations:
Review and discussion of these issues within the workshop can benefit both the enterprise integration and systems/software engineering communities.