IEEE P16085-2020 pdf download

IEEE P16085-2020 pdf download.Systems and software engineering – Life cycle processes一- Risk management.
5.1.3 Systems and software
5.1.4 Uncertainty and its relationship to risk
Risk and uncertainty are related. The higher levels of uncertainty inherent in large complex systems and software engineering projects require commensurate levels of risk management.
The systems and software engineering life cycle processes provide a structure that directly addresses uncertainty by defining, clarifying, communicating, and gaining consensus regarding not only the system-of-interest being realized, but also the processes, activities, resources, and individual roles and responsibilities utilized for its realization.
By integrating risk management with systems and software engineering life cycle processes, risks and uncertainties can be more efficiently and effectively identified, analyzed, and treated.
5.1.5 Complexity and its relationship to risk
Systems which are more complex typically have greater uncertainty. Catastrophic events often result not from a single cause but from interconnected risk factors and cascading failures. Each risk factor taken in isolation might not cause a disaster, but risk factors working in synergy can. Complex, interconnected systems generate many, sometimes unexpected or counterintuitive vulnerabilities. Where a small, localized, single event can trigger cascading failures, then a small, localized, single intervention can also provide a mitigation. In these situations, to adequately perform risk management requires a deep understanding of how the behavior of a complex system or system of systems emerges from its many constituent parts. Therefore, it is prudent to integrate risk management with the systems and software engineering life cycle processes to more efficiently and effectively manage system complexities and their associated risks.
5.1.6 Risk management above the project level
This document emphasizes risk management at the project level using the ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 processes. ISO 31000:2018 provides material for organizations which are implementing risk management at both the organizational and project level. Because external organizational risks can affect the project, it is recommended that both a project and organizational perspective are considered when performing risk management.
5.1.7 Purpose and principles for risk management
Integrating risk management with all organizational processes improves the performance of risk management while gaining efficiencies.
ISO 31000:2018 Risk management — Guidelines applies to all industries and sectors. Its purpose and basic principle are the creation and protection of value. It is applicable at all levels in any type of organization. In the field of systems and software engineering, the framework for the creation of value is set by ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, the core standards in their field. Within the 15288/12 207 framework, this document’s purpose and basic principle are the protection of systems and software engineering value.
The principles described in ISO 31000:2018 provide guidance on the characteristics of efficient and effective risk management, communicating risk management’s value, and explaining risk management’s intention and purpose. These principles are the foundation for managing risk and should be considered
It is a fundamental premise of this document that software always exists in the context of a system. Since software does not operate without hardware, the processor upon which the software is executed can be considered as part of the system. Alternatively, hardware or services hosting the software system and handling communications with other systems can also be viewed as enabling systems or external systems in the operating environment.
[ISO/IEC/IEEE 12207:2017]
— Integrated: Risk management is an integral part of all organizational activities.
— Structured and comprehensive: A structured and comprehensive approach to risk management that addresses all areas of the organization and project contributes to consistent and comparable results.
— Customized: The risk management framework and processes are customized and proportionate to the organization’s external and internal context, as well as being related to its objectives.
— Inclusive: Appropriate and timely involvement of stakeholders enables their knowledge, views and perceptions to be considered. This results in improved awareness and informed risk management.
— Dynamic: Risks can emerge, change, or disappear as an organization’s external and internal context changes. Risk management anticipates, detects, acknowledges, and responds to those changes and events in an appropriate and timely manner.