scope:

This document:

provides risk management elaborations for the processes described in ISO/IEC/IEEE 15288:2015 and ISO/IEC/IEEE 12207:2017,

specifies the required information items that are to be produced through the implementation of risk management process for claiming conformance, and

specifies the required contents of the information items.

This document provides a universally applicable standard for practitioners responsible for managing risks associated with systems and software over their life cycle. It is suitable for the management of all risks encountered in any organization or project appropriate to its systems or software projects regardless of context, type of industry, technologies utilized, or organizational structures involved.

This standard does not provide detailed information about risk management processes, practices, techniques, or tools which are widely available in other publications. Instead this standard focuses on providing a comprehensive reference for integrating the large and wide variety of processes, practices, techniques, and tools encountered in systems and software engineering projects into a holistic approach for risk management, with the purpose of providing effective and efficient risk management while meeting the expectations and requirements of organization and project stakeholders.

Purpose

This standard provides information on how to design, develop, implement, and continually improve risk management in a systems and software engineering project throughout its life cycle. It defines a methodology for developing a risk management framework, risk management process, and risk profile.