Security Risk Analysis & Validation Plan

What is Risk Analysis?
Risk analysis is a technique used to identify and assess factors that may jeopardize the success of a project or achieving a goal.(Wikipedia)

What is software risk analysis? A software risk assessment applies classic risk definitions to software design and produces mitigation requirements (Gary Mc Graw)

Risk Analysis method?

ALE = SLE × ARO

SLE = Single Loss Expectancy (AV * EF)
ARO = Annualized Rate of Occurrence
ALE = Annual Loss Expectancy



What is Validation Plan?
Validation Plans define the scope and goals of a validation project. The Validation Plan is written
at the start of the validation project (sometimes concurrently with the user requirement
specication) and is usually specic to a single validation project. (OfniSystem)

What is Safety Validation?
A plan is required for routine actions such as:
- proof testing
- maintenance override conditions
- documentation of system demand
- failure rates
This is to verify if they are consistent with the safety integrity level (SIL) verication
calculations, audit and test documentation, and diagnostic and repair procedures. (EMERSON)
International Standards such as ISO 13849, IEC 62061 and IEC 61508 demand validation of safety
systems independent of the design function. Validation is essential to prove that your machinery
is safe. (PILZ)