Adopts ISO/IEC 15026-3:2011 to specify the concept of integrity levels with corresponding integrity level requirements that are required to be met in order to show the achievement of the integrity level. It places requirements on and recommends methods for defining and using integrity levels and their integrity level requirements. It covers systems, software products, and their elements, as well as relevant external dependences.
Table of contents
Header
About this publication
Preface
1 Scope
2 Normative references
3 Terms and definitions
4 Integrity level framework
4.1 Integrity level specification
4.2 Process for using integrity levels
5 Using this Part 3
5.1 Uses of this part of ISO/IEC 15026
5.2 Documentation
5.3 Personnel and organizations
5.4 Overview of this part of ISO/IEC 15026
6 Defining integrity levels
6.1 Purpose for using this part of ISO/IEC 15026
6.2 Outcomes of using this part of ISO/IEC 15026
6.3 Prerequisites for defining integrity levels
6.3.1 Establish appropriateness of area for use of integrity levels
6.3.1.1 General
6.3.1.2 Risks
6.3.1.3 Environment of the system or product
6.3.1.4 Relevant evidence
6.3.2 Establish purpose and preliminary scope
6.4 Consistency with use requirements
6.5 Analysis of scope of applicability
6.6 Three required work products
6.6.1 Specifying an integrity level claim
6.6.2 Specifying integrity level requirements
6.6.3 Justification of match between integrity level claim and its requirements
6.6.3.1 General
6.6.3.2 Using assurance case in justification
6.7 Maintaining integrity level specification
6.8 Information provided for users
6.8.1 Requirements
6.8.2 Guidance and recommendations
7 Using integrity levels
7.1 Purpose for using this part of ISO/IEC 15026
7.2 Outcomes of using this part of ISO/IEC 15026
7.3 Prerequisites for use of integrity levels
7.3.1 Determine scope of covered risks
7.3.2 Establish applicability of integrity levels to the scope of their use
7.3.3 Decide role of integrity levels in life cycle
7.3.4 Establish approach to risk analysis
8 System or product integrity level determination
8.1 Introduction
8.2 Risk
8.2.1 Introduction
8.2.2 Risk criterion
8.2.2.1 Specification of risk criterion
8.2.2.2 Methods for risk criterion calculations
8.2.3 Risk analyses
8.2.3.1 General
8.2.3.2 Required occurrences of risk analysis
8.2.3.3 Identification of possible adverse consequences
8.2.3.4 Identification of dangerous conditions
8.2.3.5 Consideration of system or product architecture
8.2.3.6 Consequence analysis
8.2.3.7 Occurrence and timing analyses
8.2.3.8 Using assurance cases in determining the integrity level of the system or product
8.2.4 Risk evaluation
8.3 Assignment of system or product integrity level
8.4 Independence from internal architecture
8.5 Maintaining system or product integrity level
8.5.1 Introduction
8.5.2 System changes
8.5.3 Risks becomes known
8.5.4 Requirements change
8.6 Traceability of system or product integrity level assignments
9 Assigning system element integrity levels
9.1 General
9.2 Architecture and design
9.2.1 General
9.2.2 Failure handling mechanisms
9.3 Assignment
9.4 Scope of assignments
9.5 Special considerations
9.5.1 Cycles and recursion
9.5.2 Special situations and requirements regarding integrity levels
9.5.3 Behaviours other than failure
9.6 Maintaining the assignment of integrity levels
9.6.1 General
9.6.2 Changing integrity level assignments
10 Meeting integrity level requirements
10.1 Requirements related to evidence
10.1.1 Related information
10.1.2 Organization of evidence
10.1.3 Interpretation of evidence
10.2 Alternatives
10.3 Achieving integrity level claim
10.4 Corrective actions
11 Agreements and approvals
11.1 Authorities
11.2 Specific approvals and agreements related to integrity level definition
11.3 Specific approvals and agreements related to integrity level use
11.4 Documentation
Annex A
A.1 Table for Clause 4 Integrity level framework
Annex B
B.1 Introduction
B.2 Overview
B.3 Defining integrity levels (Clause 6)
B.4 Using a framework of integrity levels (Clauses 7 and 8)
B.5 System element integrity levels (Clause 9)
B.6 Using integrity levels according to this part of ISO/IEC 15026
