3.2.2 Managing assurance deficits
Assurance objective: Manage assurance deficits to ensure they will not present an unacceptable risk.
Contextual description: Systematic failures may occur where there are gaps in the information or knowledge about the system and its behaviour (epistemic uncertainty). These gaps can be referred to as assurance deficits. Although there will always be assurance deficits (as it is not possible to have complete knowledge of the system and its environment), it is important that where there are known to be assurance deficits, they are sufficiently managed to ensure they do not present an unacceptable safety risk to the system.
Practical guidance: Guidance on generic strategies for managing assurance deficits such as:
- Provide mitigation through system design or requirements change
- Provide mitigation through operational constraints or restrictions
- Generate additional information to “fill the knowledge gap”
- Accept the risk associated with the assurance deficit
With reference to the second bullet point above, it may be that additional restrictions are put in place to ensure that the risk is acceptable given the known uncertainty. As more is learnt about the system through operation, it may then be possible to reduce or remove such restrictions, as the associated risk has reduced. This incremental approach enables assurance to be increased through operation, without exposure to intolerable risk. Guidance will be provided on incremental assurance.