scope:

This International Standard introduces the concepts of software integrity levels and software integrity requirements. It defines the concepts associated with integrity levels, defines the processes for determining integrity levels and software integrity requirements, and places requirements on each process. This International Standard does not prescribe a specific set of integrity levels or software integrity requirements. These must be established either on a project by project basis, or for a specific sector and/or country. This International Standard is applicable to software only. The system integrity level and the integrity levels of the non-software components are only required in this International Standard to determine the integrity levels of the software components.

This International Standard is intended for use by developers, users, procurers, and assessors of software products or systems containing software for the administrative and technical support of those products and systems.

A software integrity level denotes a range of values of a software property necessary to maintain system risks within tolerable limits. For software that performs a mitigating function, the property is the reliability with which the software must perform the mitigating function. For software whose failure can lead to a system threat, the property is the limit on the frequency or probability of that failure.

Software integrity requirements are requirements that must be met by the software engineering process used to develop the software, requirements that must be met by the software engineering products, and/or requirements that must be true of the software's performance over time in order to provide a degree of confidence in the software that is commensurate with the software's integrity level.

This International Standard does not prescribe the way in which integrity level determination is integrated with the overall system engineering life cycle processes.