High Assurance profile

Our recommended assurance profile for modern Computer Software Assurance (CSA), built on linked atomic artifacts, not monolithic documents that drift from code.

One profile among many

ValidKeep is profile-driven. High Assurance is the profile Yttrigen recommends for rigorous regulated delivery, but it is not the only option.

Industry-specific or bespoke assurance profiles can replace or extend this model. Landscape profiles (branch topology, CR/release rules) are also configurable per organization and application. You do not have to adopt every element described here to use ValidKeep.

Why we built it

Traditional validation binders often diverge from the software auditors actually inspect. High Assurance keeps obligations, interfaces, logic, and tests as small linked artifacts in Git. Monolithic RS/FS/DS documents become rendered views compiled from those sources, when auditors expect CSV format, you still get familiar deliverables without maintaining two truths.

The idea in plain language

  1. What you must satisfy: business rules and stakeholder requirements (obligations).
  2. What you promise: the public capability boundary of the module (black-box interface).
  3. How you build it: internal logic and delegated child modules (white-box design).
  4. How you prove it: OQ active drivers against the boundary; PQ telemetry from embedded probes under load.

What the symbols mean

These terms appear in High Assurance tooling and CSA deliverables. They describe one module's contract algebra, not ValidKeep as a whole.

Symbol Name Plain meaning
DxDirectiveObjectives delegated from a parent module, what this module is charged to accomplish.
RxRequirementStakeholder rules authored at this module's level.
OxObligationsThe full demand set: directives plus requirements. Drives OQ coverage.
CxCapabilityThe black-box interface the module promises, must balance obligations.
LxLogicWhite-box design and implementation plan, including where PQ probes belong.
BxBorrowed toolParent-authorized external services or infrastructure used by the module.

Balance law: for a well-formed module, obligations and capabilities match, demand equals supply. OQ verifies that balance at the boundary; PQ verifies that implementation survives under load.

How this supports modern CSA

  • Risk-tagged obligation fragments guide test depth, not one-size-fits-all scripting.
  • Live traceability graph replaces manually curated RTM spreadsheets.
  • Native OQ/PQ evidence and verification reports from executed tests and telemetry.
  • Rendered RS/FS/DS when your quality unit expects traditional CSV artifacts.

What you do not have to adopt

If another assurance profile fits your organization (GAMP5-focused, SaMD, SOC2-oriented, or fully bespoke), ValidKeep still provides governed SDLC via landscape profiles, npx validkeep verification, and ValidKeep Hub/MiniHub ledger evidence. High Assurance is our recommendation, not a gate.

Technical reference

Read the module architecture hub, assurance profiles, and fractal module model, or the architecture and verification reference for the complete technical specification (contract algebra, OQ/PQ loops, role isolation, rendered views).