What is Continuous Compliance?

Journal article, 2024

Safety and security are increasingly important in critical and smart systems. Original Equipment Manufacturers (OEMs) and suppliers are moving toward Over-the-Air (OTA) updates, bringing new benefits and challenges. Updating the software after production permits fixing bugs and improving functionalities from a safety and security point of view, but given that OTA updates will be increasingly frequent, we need tools and procedures capable of guaranteeing compliance with standards continuously, so that each new version of the software has the same security as the previous one. Although the need to comply with standards has been identified, the concept of continuous compliance has never been defined and characterized. In this paper, we present how compliance with standards can be ensured continuously. We provide a precise definition of continuous compliance, together with an overview of the main stakeholders, components, and steps. To achieve this objective, we analyzed academic and industrial points of view.