iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC/IEEE 16085:2021

(Main)

Systems and software engineering — Life cycle processes — Risk management

Systems and software engineering — Life cycle processes — Risk management

This document: — provides risk management elaborations for the processes described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, — provides the users of ISO/IEC/IEEE 15288, ISO/IEC/IEEE 12207 and their associated elaboration standards with common terminology and specialized guidance for performing risk management within the context of systems and software engineering projects, — specifies the required information items that are to be produced through the implementation of risk management process for claiming conformance, and — specifies the required contents of the information items. This document provides a universally applicable standard for practitioners responsible for managing risks associated with systems and software over their life cycle. This document is suitable for the management of all risks encountered in any organization or project appropriate to the systems or software projects regardless of context, type of industry, technologies utilized, or organizational structures involved. This document does not provide detailed information about risk management practices, techniques, or tools which are widely available in other publications. Instead this document focuses on providing a comprehensive reference for integrating the large and wide variety of processes, practices, techniques, and tools encountered in systems and software engineering projects and other lifecycle activities into a unified approach for risk management, with the purpose of providing effective and efficient risk management while meeting the expectations and requirements of organization and project stakeholders.

Ingénierie des systèmes et du logiciel — Processus du cycle de vie — Gestion des risques

General Information

Status
Published
Publication Date
14-Jan-2021
ICS
35.080 - Software
Technical Committee
ISO/IEC JTC 1/SC 7 - Software and systems engineering
Drafting Committee
ISO/IEC JTC 1/SC 7/WG 7 - Life cycle management
Current Stage
6060 - International Standard published
Start Date
15-Jan-2021
Due Date
07-Feb-2021
Completion Date
15-Jan-2021
Ref Project

Relations

Revises
ISO/IEC 16085:2006 - Systems and software engineering — Life cycle processes — Risk management
Effective Date
19-Aug-2017
ISO/IEC/IEEE 16085:2021 - Systems and software engineering -- Life cycle processes -- Risk managementISO/IEC/IEEE 16085:2021 - Systems and software engineering -- Life cycle processes -- Risk management
PreviousNext
Standard
ISO/IEC/IEEE 16085:2021 - Systems and software engineering -- Life cycle processes -- Risk management
English language
47 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC/
STANDARD IEEE
First edition
2021-01
Systems and software engineering —
Life cycle processes — Risk
management
Ingénierie des systèmes et du logiciel — Processus du cycle de vie —
Gestion des risques
Reference number
©
ISO/IEC 2021
©
IEEE 2021
© ISO/IEC 2021
© IEEE 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO or IEEE at the
respective address below or ISO’s member body in the country of the requester.
ISO copyright office Institute of Electrical and Electronics Engineers, Inc
CP 401 • Ch. de Blandonnet 8 3 Park Avenue, New York
CH-1214 Vernier, Geneva NY 10016-5997, USA
Phone: +41 22 749 01 11
Email: copyright@iso.org Email: stds.ipr@ieee.org
Website: www.iso.org Website: www.ieee.org
Published in Switzerland
© ISO/IEC 2021 – All rights reserved
ii © IEEE 2021 – All rights reserved

Contents Page
Foreword .v
Introduction .vii
1 Scope . 1
1.1 Overview . 1
1.2 Purpose . 1
1.3 Field of application . 1
2 Normative references . 2
3 Terms and definitions . 2
4 Conformance . 5
4.1 Intended usage . 5
4.2 Conformance to information items . 5
4.3 Conformance to process . 5
4.4 Full conformance. 5
5 Key concepts and application . 5
5.1 Key concepts . 5
5.1.1 Risk and opportunity . 5
5.1.2 Project and organizational specific terminology . 5
5.1.3 Systems and software . 6
5.1.4 Uncertainty and its relationship to risk . 6
5.1.5 Complexity and its relationship to risk . 6
5.1.6 Risk management above the project level . 6
5.1.7 Purpose and principles for risk management . 6
5.2 Application . 7
5.2.1 General. 7
5.2.2 Application with ISO/IEC/IEEE 15288 or ISO/IEC/IEEE 12207 . 8
5.2.3 Application with ISO 31000 . 8
5.2.4 Application with ISO 9001 . 8
5.2.5 Application with other ISO, IEC, ISO/IEC, and ISO/IEC/IEEE standards . 9
6 Risk management process . 9
6.1 Purpose . 9
6.2 Process . 9
6.3 Outcomes .11
6.4 Activities and tasks .11
6.4.1 General.11
6.4.2 Plan risk management .11
6.4.3 Manage the risk profile.12
6.4.4 Analyze risks .13
6.4.5 Treat risks .16
6.4.6 Monitor risks .18
6.4.7 Evaluate the risk management process .18
7 Risk management in life cycle processes .19
7.1 Overview .19
7.2 Risk management in agreement processes .19
7.2.1 General.19
7.2.2 Acquisition process .19
7.2.3 Supply Process .20
7.3 Risk management in organizational project-enabling processes .21
7.3.1 General.21
7.3.2 Life cycle model management process .22
7.3.3 Infrastructure management process .22
7.3.4 Portfolio management process .23
7.3.5 Human resource management process .23
© ISO/IEC 2021 – All rights reserved
© IEEE 2021 – All rights reserved iii

7.3.6 Quality management process.24
7.3.7 Knowledge management process .24
7.4 Risk management in technical management processes .25
7.4.1 General.25
7.4.2 Project planning process .25
7.4.3 Project assessment and control process .26
7.4.4 Decision management process .27
7.4.5 Risk management process .27
7.4.6 Configuration management process .28
7.4.7 Information management process .29
7.4.8 Measurement process .30
7.4.9 Quality assurance process .30
7.5 Risk management in technical processes .31
7.5.1 General.31
7.5.2 Business or mission analysis process .31
7.5.3 Stakeholder needs and requirements definition process .32
7.5.4 System/Software requirements definition process .33
7.5.5 Architecture definition process .34
7.5.6 Design definition process .35
7.5.7 System analysis process.35
7.5.8 Implementation process .36
7.5.9 Integration process .37
7.5.10 Verification process .37
7.5.11 Transition process .38
7.5.12 Validatio
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 29110-3-2:2018/Amd 1:2025(Amendment)
Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 3-2: Conformity certification scheme — Amendment 1: Removal of requirement for 3-year recertification
  • Standard
    1 page
    English language
    sale 15% off
  • Draft
    1 page
    English language
    sale 15% off
  • Draft
    1 page
    English language
    sale 15% off
ISO
ISO/IEC TS 19770-10:2025(Main)
Information technology — IT asset management — Part 10: Guidance for implementing ITAM

This document covers the following information technology asset management (ITAM) system processes: a) management system processes for the overall system of IT asset management (not described in ISO/IEC 19770-1 in detail), which are specified in this document for comprehensive coverage and consistency of explanations; these include: — understanding the external context and shareholder needs (7.1, 7.2 and 10.2); — leadership, policy and organization (10.3); — establishing and maintaining the management system (10.4); — planning and risk management (10.5); — support (including resources, competence, awareness, and communication – 10.6); — executing functional and life cycle processes (10.7); — performance evaluation and improvement (10.8); b) functional management processes for IT assets (not described in ISO/IEC 19770-1 in detail), which are cross-cutting processes that integrate with life-cycle processes for IT assets and which are shared with most IT management system standards, though sometimes slightly differently grouped; these include: — change management (11.2; also required by ISO/IEC 19770-1); — data management; — license management; — security management; — relationship and contract management; — financial management; — service level management; — other risk management; c) life cycle management processes for IT assets as specified in ISO/IEC 19770-1, which are grouped and named slightly differently by different methodologies; these include: — specification; — development; — acquisition; — release; — deployment; — operation; — retirement. This document is applicable to all ITAM implementations. This document can be applied to all types of IT assets and by all types and sizes of organizations.

  • Technical specification
    144 pages
    English language
    sale 15% off
ISO
ISO/IEC 20582:2025(Main)
Software and systems engineering — Capabilities of build and deployment tools

This document defines the requirements for capabilities of build and deployment tools to support and automate building, packaging, and deploying work. This document is intended for use in evaluating and selecting build and deployment tools according to the procedures defined in ISO/IEC 20741. This document is applicable to different development methodologies and approaches (e.g. Waterfall, Agile, or DevOps).

  • Standard
    32 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 33060:2025(Main)
Information technology — Process assessment — Process assessment model for system life cycle processes

This document defines a process assessment model for system life cycle processes, conformant with the requirements of ISO/IEC 33004, for use in performing a conformant assessment in accordance with the requirements of ISO/IEC 33002.

  • Technical specification
    65 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 33062:2025(Main)
Information technology — Process assessment — Process assessment model for quantitative processes to support higher levels of process capability in ISO/IEC 33020

This document defines a process assessment model for quantitative processes, conforming to the requirements of ISO/IEC 33004, for use in performing a process assessment in accordance with the requirements of ISO/IEC 33002.

  • Technical specification
    18 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-5-6-4:2025(Main)
Systems and software engineering — Life cycle profiles for very small entities (VSEs) — Part 5-6-4: Systems engineering guidelines for the generic Advanced profile

This document describes processes targeted at VSEs that want to sustain and grow as an independent competitive system development organization. This document provides management and engineering guidelines for the systems engineering Advanced profile of the generic profile group. This document is applicable to VSEs that do not develop critical systems and have little or no experience with systems engineering (SE) process planning and implementation using the ISO/IEC/IEEE 15288. This document is also applicable to VSEs which are familiar with the management and engineering guidelines of the systems engineering Intermediate profile (ISO/IEC TR 29110 5-6-3) for their system development projects and are involved in the development of more than one project in parallel with more than one work team.

  • Standard
    83 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-5-1-1:2025(Main)
Systems and software engineering — Life cycle profiles for very small entities (VSEs) — Part 5-1-1: Software engineering guidelines for the generic Entry profile

This document provides the management and engineering guidelines to the software Entry profile specified in ISO/IEC 29110-4-1 through project management and software implementation processes. This document applies to VSEs that do not develop safety-critical software. This document applies for software development projects, which can fulfil an external or internal agreement. This document applies to start-up VSEs (e.g. VSEs that started their operation less than three years ago) and/or VSEs working on small projects (e.g. projects with a size of less than six person-months).

  • Standard
    36 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-5-1-2:2025(Main)
Systems and software engineering — Life cycle profiles for very small entities (VSEs) — Part 5-1-2: Software engineering guidelines for the generic Basic profile

This document provides management and engineering guidelines to the software Basic profile specified in ISO/IEC 29110-4-1 through project management and software implementation processes. This document applies to VSEs that do not develop safety-critical software. This document applies for software development projects, which can fulfil an external or internal agreement. This document is applicable to VSEs developing a single product by a single work team.

  • Standard
    93 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 32430:2025(Main)
Software engineering — Software non-functional size measurement

This document defines a method for measuring the non-functional size of the software. It complements ISO/IEC 20926:2009, which defines a method for measuring the functional size of the software. This document also describes the complementarity of functional and non-functional sizes, so that deriving the sizes from the functional and the non-functional requirements does not result in duplication in the distinct functional and non-functional sizes. In general, there are many types of non-functional requirements. Moreover, non-functional requirements and their classification evolve over time as the technology advances. This document does not intend to define the type of NFR for a given context. Users can choose ISO 25010 or any other standard for the definition of NFR. It is assumed that users size the NFR based on the definitions they use. This document covers a subset of non-functional requirements. It is expected that, with time, the state of the art can improve and that potential future versions of this document can define an extended coverage. The ultimate goal is a version that, together with ISO/IEC 20926:2009, covers every aspect that can be required of any prospective piece of software, including aspects such as process and project directives that are hard or impossible to trace to the software's algorithm or data. The combination of functional and non-functional sizes would then correspond to the total size necessary to bring the software into existence. Estimating the cost, effort and duration of the implementation of the NFR is outside the scope of this document.

  • Standard
    71 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 29119-5:2024(Main)
Software and systems engineering — Software testing — Part 5: Keyword-driven testing

This document defines an efficient and consistent solution for keyword-driven testing by: — giving an introduction to keyword-driven testing; — providing a reference approach to implement keyword-driven testing; — defining requirements on frameworks for keyword-driven testing to enable testers to share their work items, such as test cases, test data, keywords, or complete test specifications; — defining requirements for tools that support keyword-driven testing; these requirements are applicable to any tool that supports the keyword-driven approach (e.g. test automation, test design and test management tools); — defining interfaces and a common data exchange format to ensure that tools from different vendors can exchange their data (e.g. test cases, test data and test results); — defining levels of hierarchical keywords, and advising use of hierarchical keywords; this includes describing specific types of keywords (e.g. keywords for navigation or for checking a value) and when to use "flat" structured keywords; — providing an initial list of example generic technical (low-level) keywords, such as "inputData" or "checkValue"; these keywords can be used to specify test cases on a technical level and can be combined to create business-level keywords as required. This document is applicable to all those who want to create keyword-driven test specifications, create corresponding frameworks, or build test automation based on keywords.

  • Standard
    55 pages
    English language
    sale 15% off