The integration of security measures into a well-founded safety assurance process is a growing demand in the domain of safety-critical systems. In many cases, the safety assurance procedures are well-established at companies. Even to tie in the most necessary security actions already present a major challenge. This paper deals with the first steps to setup a viable procedure to (co-)assure systems? safety and security at Frequentis AG, primarily in the sector of air traffic management.
A research on the state of the art of co-assurance approaches has been conducted: existing analysis and risk evaluation methods, proposed procedures of certain certification standards, as well as novel approaches like the Safety-Security Assurance Framework. Furthermore, Frequentis' internal procedures, needs and (pre)conditions have been evaluated. Based on this research, a concept for a suitable co-assurance process has been developed. Additionally, interfacing gates during system development and handovers in system operation between the safety and security specialists of Frequentis have been created and already practiced.
The results of this work can be used as an approach for a stepwise integration of security objectives into an existing safety assurance infrastructure to improve the safety management system.
