The trustworthiness of cyber-physical systems is a critical factor for establishing wide-spread adoption of these systems. Hence, especially the behavior of safety-critical software components needs to be monitored and managed during system operation. Runtime trustworthiness maintenance should be planned and prepared in early requirements and design phases. This involves the identification of threats that may occur and affect user's trust at runtime, as well as related controls that can be executed to mitigate the threats. Furthermore, observable and measureable system quality properties have to be identified as indicators of threats, and interfaces for reporting these properties as well as for executing controls have to be designed and implemented. This paper presents a process model for preparing and designing systems for runtime trustworthiness maintenance, which is supported by several tools that facilitate the tasks to be performed by requirements engineers and system designers.