PAS 754:2014


Background

TSI has, working alongside the British Standards Institution (the UK National Standards Body), produced a Publicly Available Specification (PAS 754) entitled “Software Trustworthiness – Governance and management – Specification” which:

  • defines the overall principles for effective software trustworthiness, including technical, physical, cultural and behavioural measures alongside effective leadership and governance.
  • identifies the necessary tools, techniques and processes required to ensure software trustworthiness and addresses issues of safety, reliability, availability, security and resilience.
  • is applicable to any organization aiming to adopt trustworthy software practices.

    PAS 754 does not specify the detailed processes or actions that an organization should follow in order to achieve these outcomes, as these have been defined in other standards or can be defined by the organization.

PAS 754 can be purchased by visiting the BSI website 

Launch of PAS 754

On 10th June 2014, PAS 754 ‘Software trustworthiness – Governance and management – Specification’ was launched before an invited audience from industry and academia. The document is the UK’s first successful attempt at codifying what constitutes good software engineering, and sets out the processes and procedures which organisations can apply to help them procure, supply or employ trustworthy software.

Minister of State for Universities and Science launched PAS 754, stating “Robust and reliable software is a vital tool for modern day businesses, enabling them to operate efficiently while protecting them from growing cyber security threats. This new publically available specification, developed with the Trustworthy Software Initiative (TSI), will help UK companies select the most secure, dependable and reliable software for their needs as well as providing them with the skills to use it effectively. Future UK companies will also benefit, with the education materials being made freely available to universities for the next generation of young professionals”.

Introducing the launch event, Sir Edmund Burton, TSI President said “It is unacceptable to customers, users, shareholders and taxpayers that major programmes have been delayed and, in many cases, have failed because of serious defects in software – in development, in acceptance trials and in-service. All are entitled to expect the same degree of reliability, availability, security and resilience from their software as they have come to expect from the mechanical components of their systems.  Hence, the Trustworthy Software Initiative – TSI.”

Howard Kerr, Chief Executive of BSI, added: “A document such as PAS 754 is important because it can help to close down the trapdoors in an organisation’s software platform that leave it vulnerable to cyber attack. Identifying how trustworthy software is, means addressing its safety, reliability, availability and security. It ensures that those in the organisation responsible for maintaining and strengthening IT systems have conducted due diligence in this area.”

The development of PAS 754 has taken place in conjunction with the Trustworthy Software Initiative (TSI), which is supported and funded through the UK Government’s National Cyber Security Programme (NCSP) and is one of the key elements helping to deliver the National Cyber Security Strategy. The document is the result of extensive collaboration amongst the public sector, industry and academia, and represents another important step forward for the UK’s NCSP in its aim of improving cyber security.

The Trustworthy Software Initiative (TSI) forms part of the UK Government’s £850 million National Cyber Security Programme to improve the UK’s ability to combat cyber risks, supported by CPNI and BIS. TSI was established as a Public Good activity to draw together strands from various predecessors and provide a one-stop shop for guidance and information about software trustworthiness.