What is this PAS about?
These days trustworthy software is critical to the success of every organizations. This PAS describes a widely applicable approach to achieving trustworthy software.
Who is this PAS for?
It’s for any organization aiming to adopt system trustworthiness practices. It can be used by all three major segments of the IT industry, namely:
- Specifiers (procurement/acquisition)
- Realizers (developers and system integrators)
- Software end users
Why should you use this PAS?
It identifies five aspects of software trustworthiness: safety, reliability, availability, resilience and security, and describes a widely applicable approach to achieving software trustworthiness which is based on the following concepts:
- Governance. Before producing or using any software which has a trustworthiness requirement, an appropriate set of governance and management measures shall be set up
- Risk assessment. The risk assessment process involves considering the set of assets to be protected, the nature of the adversities that may be faced, and the way in which the software may be susceptible to such adversities
- Control application. Risk shall be managed through the treatment of risk by the application of appropriate personnel, physical, procedural and technical controls
- Compliance. A compliance regime shall be set up to ensure that creators and users of software ensure that governance, risk and control decisions have been implemented
PAS 754 can be deployed in conjunction with other relevant standards or on its own.
You might also be interested in: