At the heart of this new standard is the concept of modeling dependencies, building assurance cases, achieving agreement on accountability in the event of actual or potential failure and doing so within the architecture process.
Complex systems, especially where the boundaries of operation or ownership are unclear are often subject to change: objectives change, new demands are made, regulations change, business partners are added, etc. So where the failure of the system can have a significant impact on lives, income or reputation, it is critical that a process is in place to identify these changes and to update the architecture, the assurance cases and the agreements on accountability.
It is also critical that a process is in place to detect anomalies or failures, to understand the causes and to prevent them from impacting the system in the future.
O-DA includes both a Change Accommodation Cycle and a Failure Response Cycle that together provide a framework for these critical processes.
“O-DA brings together and builds on so many of the concepts underlying The Open Group vision of Boundaryless Information Flow”, said Allen Brown. “The members of The Open Group Security Forum who brought us O-DM (Open Dependency Modeling) and the Risk Taxonomy and the members of The Open Group Architecture Forum (TOGAF) and the Open Group ArchiMate Forum have all supported The Open Group Real-time and Embedded Systems Forum to complete this important new standard.”
Mario Tokoro, Founder & Executive Advisor of Sony Computer Science Laboratories, Japanese Science & Technology Agency, DEOS Project Leader (contributor of O-DA) said: “Today’s systems are dynamic and change due to business objectives, technology improvements, regulation changes, etc. Because of the many moving parts, it’s very difficult to say who assumes accountability in the event of a system failure. The O-DA is a flexible standard for risk management among key stakeholders who will collaborate about how to run their open system.”
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.