The 81001-1 temple model integrates a life cycle model that we have used to indicate an "SES MDI Trust Gap" region that exists between an SDC/SDPi-enabled DECOUPLED product being put on the market and its implementation (deployment) in an end-user networked I.T. environment. Problem is that many SES (e.g., risks) cannot be fully understood until risk management (e.g., 80001-1 2nd edition) has been performed in that environment. The SDC/SDPi SFC can be specified but there will have to be place holders for Risk Control Measures (RCM's) that are determined at deployment, but how and when and "if" this will be provisioned into Plug-and-Trust decoupled products?
Topic Proposer: Todd Cooper