International standards on system and software integrity

Abstract

m In recent years, the increased use of software in critical applications such as nuclear power plants, medical systems, transportation systems, financial systems, and environmental systems has necessitated the development of guidelines to ensure that this software meets certain criteria for prudent performance. Each of these applications carries some form of risk, with welldefined consequences. A standard developed jointly by IEC TC 56/WG10 and ISO/IEC JTC1/WG9 has the concept of integrity level as its unifying theme. The integrity level is a “negotiated” containment of risk based on an integrity target established by the parties concerned. Risk cannot be contained in the software alone, as software operates in a system as one of its functions. Risk must be addressed from a system perspective to determine its magnitude and the means to contain it. For the standard under discussion, TC 56/WG10 provides the system perspective, while ISO/IEC JTC1/WG9 provides the software perspective. This article describes the requirements for the standard, the concept of operations for integrity-level process, the key features of the standard, and the means to produce the systems and software integrity-level standard. The article also describes a proposed program of work, based on the integrity-level concept, being pursued jointly by the two working groups. he purpose of this article is to describe how integrity-level standards are used; describe the system and software-level program; describe how a set of integrity-level standards is being developed; and describe the key features of the basic standard in the joint system and software integrity-level program.