scope:

This International Standard provides a specification for software trustworthiness, that is intended to be a widely applicable approach that can be customised for any organization, and to software in its many guises from embedded equipment through consumer devices to industrial control systems.

The requirements of this Standard define the overall principles for effective software trustworthiness, and include technical, physical, cultural and behavioural measures alongside effective leadership and governance. This Standard identifies the necessary tools, techniques and processes and addresses safety, reliability, availability, resilience and security issues.

This Standard does not specify the detailed processes or actions that an organization follows in order to achieve these outcomes.

NOTE 1 These are defined in other standards, or can be defined by the organization.

NOTE 2 For organizations that already address software trustworthiness through the lens of one or more of the five main facets of trustworthiness that typically operate in isolation (safety, reliability, availability, resilience and security), this specification provides a companion and complement to other relevant standards, and reviewing the concepts, principles and techniques in this specification alongside practices and Management Systems derived from individual facets allows the identification of gaps and enhancements.

This Standard is applicable to any organization aiming to adopt software trustworthiness practices.