ISO IEC 16085-2006 Systems and software engineering - Life cycle processes - Risk management《系统和软件工程 生命周期过程 风险管理》.pdf

1、 Reference number ISO/IEC 16085:2006(E) IEEE Std 16085-2006INTERNATIONAL STANDARD ISO/IEC 16085 IEEE Std 16085-2006 Second edition 2006-12-15 Systems and software engineering Life cycle processes Risk management Ingnierie des systmes et du logiciel Processus du cycle de vie Gestion des risques ISO/I

2、EC 16085:2006(E) IEEE Std 16085-2006 PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing th

3、e editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file c

4、an be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretari

5、at at the address given below. ISO Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org ii ISO/IEC 16085:2006(E) (Revision of IEEE Std 1540-2001) Systems and software engineering Life cycle processes Risk management Sponsor Software +

6、1 978 750 8400. Permission to photocopy portions of any individual standard for educational classroom use can also be obtained through the Copyright Clearance Center. NOTE Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent

7、rights. By publication of this standard, no position is taken with respect to the existence or validity of any patent rights in connection therewith. The IEEE shall not be responsible for identifying patents for which a license may be required by an IEEE standard or for conducting inquiries into the

8、 legal validity or scope of those patents that are brought to its attention.iv Copyright 2006 IEEE. All rights reserved IEEE Introduction Risk management is a key discipline for making effective decisions and communicating the results within organizations. The purpose of risk management is to identi

9、fy potential managerial and technical problems before they occur so that actions can be taken that reduce or eliminate the probability and/or impact of these problems should they occur. It is a critical tool for continuously determining the feasibility of project plans, for improving the search for

10、and identification of potential problems that can affect life cycle activities and the quality and performance of products, and for improving the active management of projects. This standard can be applied equally to systems and software. Annex D is specific to software and the ISO/ IEC 12207 series

11、 of life cycle standards, in order to summarize where risk management is mentioned, in lieu of a specific risk management process. Notice to users Errata Errata, if any, for this and all other standards can be accessed at the following URL: http:/ standards.ieee.org/reading/ieee/updates/errata/index

12、html. Users are encouraged to check this URL for errata periodically. Interpretations Current interpretations can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/interp/ index.html. Patents Attention is called to the possibility that implementation of this standard may requi

13、re use of subject matter covered by patent rights. By publication of this standard, no position is taken with respect to the existence or validity of any patent rights in connection therewith. The IEEE shall not be responsible for identifying patents or patent applications for which a license may be

14、 required to implement an IEEE standard or for conducting inquiries into the legal validity or scope of those patents that are brought to its attention. This introduction is not part of ISO/IEC/IEEE 16085:2006, Systems and software engineering Life cycle processes Risk management.Copyright 2006 IEEE

15、 All rights reserved v Participants The following individuals participated in the development of this standard. Robert N. Charette, Chair Paul R. Croll Cheryl Jones Garry J. Roedler James W. Moore When the IEEE-SA Standards Board approved this standard, it had the following membership: Steve M. Mil

16、ls, Chair Richard H. Hulett, Vice Chair Don Wright, Past Chair Judith Gorman, Secretary *Member Emeritus Also included are the following nonvoting IEEE-SA Standards Board liaisons: Satish K. Aggarwal, NRC Representative Richard DeBlasio, DOE Representative Alan H. Cookson, NIST Representative Michae

17、l D. Fisher IEEE Standards Project Editor Mark D. Bowman Dennis B. Brophy Joseph Bruder Richard Cox Bob Davis Julian Forster* Joanna N. Guenin Mark S. Halpin Raymond Hapeman William B. Hopf Lowell G. Johnson Herman Koch Joseph L. Koepfinger* David J. Law Daleep C. Mohla Paul Nikolich T. W. Olsen Gle

18、nn Parsons Ronald C. Petersen Gary S. Robinson Frank Stone Malcolm V. Thaden Richard L. Townsend Joe D. Watson Howard L. Wolfmanvi Copyright 2006 IEEE. All rights reserved Contents 1. Overview 1 1.1 Scope 1 1.2 Purpose. 1 1.3 Field of application 2 1.4 Conformance 2 1.5 Disclaimer 3 2. Normative ref

19、erences. 3 3. Definitions . 3 4. Application of this standard. 6 5. Risk management in the life cycle. 6 5.1 Risk management process 6 5.2 Null Clause 15 Annex A (informative) Risk management plan. 16 Annex B (informative) Risk action request . 19 Annex C (informative) Risk treatment plan 21 Annex D

20、 (informative) Application of risk management in the software life cycle . 23 Annex E (informative) Annotated bibliography 30Copyright 2006 IEEE. All rights reserved 1 Systems and software engineering Life cycle processes Risk management 1. Overview This standard prescribes a continuous process for

21、risk management. Clause 1 provides an overview and describes the purpose, scope, and field of application, as well as prescribing the conformance criteria. Clause 2 lists the normative references; informative references are provided in Annex E. Clause 3 provides definitions. Clause 4 describes how r

22、isk management is applied to the life cycle. Clause 5 prescribes the requirements for a risk management process. There are several informative annexes. Annex A, Annex B, and Annex C recommend content of three docu- ments: Risk Management Plan, Risk Action Request, and Risk Treatment Plan. Annex D su

23、mmarizes where risk management is mentioned in the ISO/IEC 12207 series of software life cycle process standards. An equivalent annex is not included for ISO/IEC 15288, the system life cycle process standard, since it includes a risk management process. Annex E, as previously mentioned, is an annota

24、ted bibliography of standards and other documents related to the material covered in this standard. 1.1 Scope This standard describes a process for the management of risk during systems or software acquisition, supply, development, operations, and maintenance. 1.2 Purpose The purpose of this standar

25、d is to provide suppliers, acquirers, developers, and managers with a single set of process requirements suitable for the management of a broad variety of risks. This standard does not provide detailed risk management techniques, but instead focuses on defining a process for risk management in which

26、 any of several techniques may be applied. 1.3 Field of application This standard defines a process for the management of risk throughout the life cycle. This standard is suit- able for adoption by an organization for application to all appropriate projects. This standard is useful for managing the risks associated with organizations dealing with system or software issues. FINAL DRAFT / PROJET FINAL