We propose considering assurance as a model management enterprise: saying
that a system is safe amounts to specifying three workflows modelling how the
safety engineering process is defined and executed, and checking their
conformance. These workflows are based on precise data modelling as in
functional block diagrams, but their distinctive feature is the presence of
relationships between the output data of a process and its input data; hence,
the name ``WorkflowPlus'', WF+ .
A typical WP^+ model comprises three layers: (i) process and control flow,
(ii) dataflow (with input-output relationships), and (iii) argument flow or
constraint derivation. Precise dataflow modelling signifies a crucial
distinction of (WP+)-based and GSN-based assurance, in which the data layer is
mainly implicit. We provide a detailed comparative analysis of the two
formalisms and conclude that GSN does not fulfil its promises.