CPNI publishes new security-informed safety page containing a range of useful guidance dedicated to safety and security specialists.
UK Centre for the Protection of National Infrastructure (CPNI) published a series of guidance documents that cover extensive expert information on the approach to security-informed safety assurance and the Claims, Arguments and Evidence (CAE) methodology.
CPNI’s resources are divided into three categories: a detailed overall approach guidance on security-informed safety as a first layer, practical guidance based on real-world examples illustrating how the security-informed safety cases are developed as a second layer, and finally, a set of generic guides on assurance case concepts and their application as a third layer. The latter contains guides describing the CAE methodology and its different aspects – the individual concepts of Claims, Arguments, and Evidence and their formulation and application, CAE blocks and connection rules, and guidance for reviewing and challenging the safety case. It also contains guidance documents on the cyber-security risk assessment process for critical national infrastructures and security-informed HAZOP.
Additionally, the page hosts CPNI’s new Rail Code of Practice (CoP) for security-informed safety. The CoP is dedicated to all organisations in the rail ecosystem and is intended to help them ensure that security threats to their products, services or activities do not pose unacceptable risks to the safety of rail users and wider society.
To access guidance resources please visit CPNI’s website.