What does it cover
•
Approach to legacy systems the same as
for SIS legacy systems
•
Need to demonstrate risks are ALARP.
That can be done in a number of ways
which can include:
– Architecture so less susceptible
– Upgrades where practicable
– Procedural
– Replacements if risk still not ALARP