Anda di halaman 1dari 8

ISO/IEC 16085:2006

AS/NZS ISO/IEC 16085:2007

AS/NZS ISO/IEC 16085:2007


This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

Australian/New Zealand Standard


Information technologySystems and software engineeringLife cycle processesRisk management

AS/NZS ISO/IEC 16085:2007 This Joint Australian/New Zealand Standard was prepared by Joint Technical Committee IT-015, Software and Systems Engineering. It was approved on behalf of the Council of Standards Australia on 19 February 2007 and on behalf of the Council of Standards New Zealand on 16 March 2007. This Standard was published on 28 March 2007.

The following are represented on Committee IT-015: Australian Computer Society Australian Electrical and Electronic Manufacturers Association Australian Society or Technical Communications Australian Software Metrics Association Engineers Australia/ACTS Joint Board in Software Engineering Griffith University National Association of Testing Authorities Australia National ICT Australia New Zealand Organisation for Quality Software Quality Association, ACT Software Quality Association, NSW Systems Engineering Society of Australia The University of Queenslands University of Auckland, NZ University of South Australia University of Technology, Sydney Vendor Interests, NZ

This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

Keeping Standards up-to-date


Standards are living documents which reflect progress in science, technology and systems. To maintain their currency, all Standards are periodically reviewed, and new editions are published. Between editions, amendments may be issued. Standards may also be withdrawn. It is important that readers assure themselves they are using a current Standard, which should include any amendments which may have been published since the Standard was purchased. Detailed information about joint Australian/New Zealand Standards can be found by visiting the Standards Web Shop at www.standards.com.au or Standards New Zealand web site at www.standards.co.nz and looking up the relevant Standard in the on-line catalogue. Alternatively, both organizations publish an annual printed Catalogue with full details of all current Standards. For more frequent listings or notification of revisions, amendments and withdrawals, Standards Australia and Standards New Zealand offer a number of update options. For information about these services, users should contact their respective national Standards organization. We also welcome suggestions for improvement in our Standards, and especially encourage readers to notify us immediately of any apparent inaccuracies or ambiguities. Please address your comments to the Chief Executive of either Standards Australia or Standards New Zealand at the address shown on the back cover.

This Standard was issued in draft form for comment as DR 06667.

AS/NZS ISO/IEC 16085:2007

Australian/New Zealand Standard


This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

Information technologySystems and software engineeringLife cycle processesRisk management

First published as AS/NZS ISO/IEC 16085:2007.

COPYRIGHT Standards Australia/Standards New Zealand All rights are reserved. No part of this work may be reproduced or copied in any form or by any means, electronic or mechanical, including photocopying, without the written permission of the publisher. Jointly published by Standards Australia, GPO Box 476, Sydney, NSW 2001 and Standards New Zealand, Private Bag 2439, Wellington 6020 ISBN 0 7337 8143 8

ii

PREFACE
This Standard was prepared by the Joint Standards Australia/Standards New Zealand Committee IT-015, Software and Systems Engineering. The objective of this Standard is to provide software users (technical and managerial personnel) with a process for the management of risk during software acquisition, supply, development, operations, and maintenance. This Standard is identical with, and has been reproduced from ISO/IEC 16085:2006, Information technologySystems and software engineeringLife cycle processesRisk management. As this Standard is reproduced from an international standard, the following applies:
This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

(a) (b) (c)

Its number appears on the cover and title page while the international standard number appears only on the cover. In the source text this standard should read this Australian/New Zealand Standard. A full point substitutes for a comma when referring to a decimal marker.

References to International Standards should be replaced by references to Australian or Australian/New Zealand Standards, as follows: Reference to International Standard ISO/IEC 12207 Information technologySoftware life cycle processes 15026 15288 Information technologySystem and software integrity levels Systems engineeringSystem life cycle processes Australian/New Zealand Standard AS/NZS ISO/IEC 12207 Information technologySoftware life cycle processes 15026 Information technologySystem and software integrity levels 15288 Systems engineeringSystem life cycle processes

The term informative has been used in this Standard to define the application of the appendix to which it applies. An informative appendix is only for information and guidance.

iii

CONTENTS

Contents
1.

Page

Overview.............................................................................................................................................. 1 1.1 1.2 1.3 1.4 1.5 Scope............................................................................................................................................ 1 Purpose......................................................................................................................................... 1 Field of application ...................................................................................................................... 2 Conformance................................................................................................................................ 2 Disclaimer .................................................................................................................................... 3

2.
This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

Normative references ........................................................................................................................... 3 Definitions ........................................................................................................................................... 3 Application of this standard ................................................................................................................. 6 Risk management in the life cycle ....................................................................................................... 6 5.1 Risk management process............................................................................................................ 6 5.2 Null Clause ................................................................................................................................ 15

3. 4. 5.

Annex A (informative) Risk management plan ............................................................................................. 16 Annex B (informative) Risk action request ................................................................................................... 19 Annex C (informative) Risk treatment plan .................................................................................................. 21 Annex D (informative) Application of risk management in the software life cycle ..................................... 23 Annex E (informative) Annotated bibliography ............................................................................................ 30

vi

Copyright 2006 IEEE. All rights reserved

This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

iv

NOTES

1 AUSTRALIAN/NEW ZEALAND STANDARD Systems and software engineering Life cycletechnologySystems and software processes Information Risk management processesRisk engineeringLife cycle

management

1. Overview
This standard prescribes a continuous process for risk management. Clause 1 provides an overview and describes the purpose, scope, and field of application, as well as prescribing the conformance criteria. Clause 2 lists the normative references; informative references are provided in Annex E. Clause 3 provides definitions. Clause 4 describes how risk management is applied to the life cycle. Clause 5 prescribes the requirements for a risk management process. There are several informative annexes. Annex A, Annex B, and Annex C recommend content of three documents: Risk Management Plan, Risk Action Request, and Risk Treatment Plan. Annex D summarizes where risk management is mentioned in the ISO/IEC 12207 series of software life cycle process standards. An equivalent annex is not included for ISO/IEC 15288, the system life cycle process standard, since it includes a risk management process. Annex E, as previously mentioned, is an annotated bibliography of standards and other documents related to the material covered in this standard.

This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

1.1 Scope
This standard describes a process for the management of risk during systems or software acquisition, supply, development, operations, and maintenance.

1.2 Purpose
The purpose of this standard is to provide suppliers, acquirers, developers, and managers with a single set of process requirements suitable for the management of a broad variety of risks. This standard does not provide detailed risk management techniques, but instead focuses on defining a process for risk management in which any of several techniques may be applied.

1.3 Field of application


This standard defines a process for the management of risk throughout the life cycle. This standard is suitable for adoption by an organization for application to all appropriate projects. This standard is useful for managing the risks associated with organizations dealing with system or software issues.

Copyright 2006 IEEE. All rights reserved

COPYRIGHT

This is a free preview. Purchase the entire publication at the link below:

This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

AS/NZS ISO/IEC 16085:2007, Information technology - Systems and software engineering Life cycle processes - Risk management

Looking for additional Standards? Visit SAI Global Infostore Subscribe to our Free Newsletters about Australian Standards in Legislation; ISO, IEC, BSI and more Do you need to Manage Standards Collections Online? Learn about LexConnect, All Jurisdictions, Standards referenced in Australian legislation Do you want to know when a Standard has changed? Want to become an SAI Global Standards Sales Affiliate? Learn about other SAI Global Services: LOGICOM Military Parts and Supplier Database Metals Infobase Database of Metal Grades, Standards and Manufacturers Materials Infobase Database of Materials, Standards and Suppliers Database of European Law, CELEX and Court Decisions

Need to speak with a Customer Service Representative - Contact Us