Devil's in the Detail: Through-Life Safety and Security Co-assurance Using SSAF

Regulatory bodies, industry and academia present a plethora of approaches for risk analysis and engineering for safety and security. However, few standards and approaches discuss the management of both safety and security risks. Fewer yet provide detail on how the two attributes interact within a given system. In this paper, the SafetySecurity Assurance Framework (SSAF) is presented as a candidate solution to many of the extant challenges of attribute co-assurance. It is a holistic approach, based on the concept of independent co-assurance, that considers both the technical risk impact and the socio-technical impact on assurance. The Framework's Technical Risk Model (TRM) is applied and evaluated against a case study of an insulin pump. It is argued that SSAF TRM is not only a plausible and practical approach, but also more effective for co-assurance than many existing approaches alone.