Whole system integrity – Practical steps

When system properties are described, it tends to be through a prism, focusing onto one aspect.? It is tempting to describe a system as being very safe, very reliable or very secure.? It is less common though to look at the whole.

This viewpoint is part necessity, very few people have the breadth and depth of knowledge to? understand a whole system and all the differing aspects to it.? The second is historic.? In the not-too-distant past it was possible to separate the aspects of a system and largely isolate them.? Each discipline has? also grown from its own roots and taken a separate path to the other.? In this regard each has its own method and pace of working, difficult to integrate with the other.

When looking at system complexity it sounds a lot like? the “good ole’ days” to say systems were less complex and easier.? This is an exaggeration and not strictly true.? Systems were more operationally complex.? The human interaction was more intensive and the communication manual.? The linked systems of systems we are used to today with extensive automation replacing manual operations have grown up in the past ten years with a jump in the technology and speed at which medium and long-distance communications can be handled.

This change has shifted the nature of the system properties we would like to see away from a human focus to a machine focus.? Indeed, there is greater effort to exclude the human now than ever!? This shifts the emphasis away from direct safety, direct operability, and a physical and containment approach to integrity towards an emphasis on remote access, reliability, functional safety and hardening of key points.

Whilst the tools and techniques need to be the same, the approach for a few years ago may not be working.? Is it possible to resolve this or do we accept gaps and fill them as needed?

Understanding the scale

The first task is to appreciate scale of the system consequences.? It should be stated that the scale of the system is immaterial as a small system can cause major and complex consequences,? whilst a large and complex system could be largely benign.

Understand the consequence of the system.? What are the driving factors in the systems necessity?? From this look at what could the system be used for in the wrong hands and what could the system do if it malfunctions.? Often the good case will have a mirror case for bad.

Understand the stakeholders.? These will be people, businesses, the environment and possibly government.? Start with who benefits then work to who will be harmed.? They are often the same people.

This allows the scale of the issue to be seen.? It is tempting to say measures should be proportional, what is that?? Proportionality is a concept of relative risk to perception.? This therefore can be a dangerous measure.

Starting assumptions

When doing the initial assessment there will be a lot of unknowns.? To overcome these assumptions will be made.? When making these assumptions though there needs to be a realisation of the deliberate assumptions made and an appreciation of the inherent assumptions.? These need to be recorded and the effect of these understood.? One such assumption will be the scale of the risks involved.? Where the is a degree of novelty there will be an assumption on scale of consequences.? this will need to be recorded and validated as the system is realised and the assumptions tested.

A practical measure is to record assumptions an attempt to assign a test to each.? If an assumption cannot be tested it may need breaking down into testable elements.? Tests can be literal, or knowledge based.

Bringing the elements together

When we look at whole system integrity there may be a lot of pieces.? Safety, security, confidentiality, reliability, useability sustainability.? These are a lot of aspects to bring together.

Looking at a complex system as a whole at this stage is not practical and likely to miss elements.? The key is to break the system down initially into logical sections.

Logical breakdown means different things in different sectors, but broadly is the architecture grouped by function and/or access levels.? This is agnostic of actual location, and this is critical in the early stages.? By ignoring location, the initial focus is on system function and system use.?

Once the initial development of the logical and functional system model is completed the system implementation must then be considered.? This now includes physical measures and location.? A series of iteration will not take place to bring the whole system requirements to a point where development can begin.

Completeness of requirements at this stage need to be appropriate to allow the commencement of development.? The high-level architecture and principles need to be laid down but there may be detail deficiencies.? Resolving these issues can be done ad-hoc providing the high level is in place.

Ongoing change

It is important to appreciate that the understanding of the system is not completed after the initial assessment and requirements are drawn up.? It is only to a point that enables the next stage.? As the system evolves, ages and is modified the nature of the integrity argument will change.

The management of change is now crucial.? Overall, there needs to be a plan for managing change which identifies key stages and key stakeholders.? At each identified stage a plan is then drawn up to manage the integrity within this stage.? This follows the basic system described above but emphasis is shifted depending on the nature of the change and the stage at which it is happening.

Conclusion

The concept of whole system integrity is possible but not simple.? It requires a change is approach away from breaking down the functions into safety, security, reliability etc into a logical system-based breakdown with iteration to close the resulting gaps.

The scaling will remain a challenge but the principle of start at sensible minimum and build up the scale of the measures applies.