Global Rail / Console docs
PlatformPricingSign in
Workflows

Choosing what to test

Scoping rules for a safe, useful assessment in a regulated, safety-critical environment.

Three scoping principles

  1. Read-only first. Start with passive checks. Add active probes only after the asset owner approves.
  2. One change at a time. Don't widen the scope and the depth of testing in the same week.
  3. Operational windows. Anything that touches operational tech runs inside agreed change windows only.

Good first targets

  • Corporate identity provider and SSO surface.
  • Externally-reachable depot management apps.
  • Cloud accounts that hold telemetry data.
  • Build/CI environments that publish to production.