More info
Description / Abstract:
This document:
⎯ specifies the required processes that are to be implemented for risk management for systems and software products (including services) throughout the life cycle,
⎯ gives guidelines for applying the risk management and risk management-related processes described in ISO/IEC/IEEE 15288:2015 and ISO/IEC/IEEE 12207:2017,
⎯ specifies the required information items that are to be produced through the implementation of risk management
⎯ specifies the required contents of the required information items, and
⎯ gives guidelines for the format of the required and related information items.
This document is applicable to:
⎯ those who use or plan to use ISO/IEC/IEEE 15288:2015 and ISO/IEC/IEEE 12207:2017 on projects dealing with man-made systems, software-intensive systems, software and hardware products, and services related to those systems and products, regardless of project scope, product(s), methodology, size or complexity,
⎯ anyone performing risk management activities to aid in ensuring that their application of risk management conforms to ISO/IEC/IEEE 15288:2015 and/or ISO/IEC/IEEE 12207:2017,
⎯ those who use or plan to use ISO/IEC/IEEE 15289 on projects dealing with human-made systems, software-intensive systems, software and hardware products, and services related to those systems and products, regardless of project scope, product(s), methodology, size or complexity, and
⎯ anyone performing risk management activities to aid in ensuring that the information items developed during the application of requirements engineering processes conforms to ISO/IEC 15289.
This document provides a universally applicable standard for practitioners responsible for managing risks associated with systems and software engineering projects over their life cycle. It is suitable for the management of all risks encountered in any type of systems or software engineering project regardless of context, type of industry, technologies utilized, or organizational structures involved.
This standard does not provide detailed information about risk management processes, practices, techniques, or tools which are widely available in other publications, but instead focuses on providing a comprehensive reference for integrating the large and wide variety of processes, practices, techniques, and tools encountered in complex systems and software engineering projects into a holistic system for risk management, with the purpose of providing effective and efficient risk management meeting the expectations and requirements of project stakeholders.
Purpose
The purpose of this standard is to provide information on how to design, develop, implement, and continually improve a system for integrating risk management into a systems or software engineering project throughout its life cycle. It defines a systems-based methodology for developing a risk management framework, risk management process architecture, and risk data management system, that is tailored for a specific systems or software engineering project. Risk management planning, commitment to risk management, principles for risk management, definition of context, and stakeholder needs and expectations analysis are supporting activities
An approach is provided that is intended to facilitate the application of overarching international risk management standard ISO 31000 within the context of systems and software engineering projects or programs planned and managed according to systems and software life cycle process standards ISO/IEC/IEEE 15288, ISO/IEC/IEEE 12207, and/or ISO/IEC/IEEE 16326. Application of industry and domain-specific risk management and risk management related (e.g., safety and security) standards are included as part of the methodology.