PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 2
Risk Management (RM) in
the Life Cycle Context
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 3
IEEE/EIA 12207 Life Cycle
Process Tree
ACQUISITION
SUPPLY
DEVELOPMENT
OPERATION
MAINTENANCE
PRIMARY
LIFE CYCLE
SUPPORTING
DOCUMENTATION
CONFIGURATION MANAGEMENT
QUALITY ASSURANCE
VERIFICATION
VALIDATION
Source: Singh97 JOINT REVIEW
AUDIT
PROBLEM RESOLUTION
ORGANIZATIONAL
MANAGEMENT
INFRASTRUCTURE
IMPROVEMENT
Risk Management touched on in 12207 TRAINING
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 4
Risk Management Objectives
in IEEE/EIA 12207
l Sprinkled throughout the Acquisition, Supply,
Development, Operation, Verification, Joint Review,
Problem Resolution, and Tailoring Processes
l Focused on in Management Process objectives
u Determine scope of risk management to be performed
u Identify risks to the project as they develop
u Analyze risks
u Determine mitigation priority
u Define, implement and assess mitigation strategies
u Define, apply and assess risk metrics
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 5
IEEE/EIA 12207 Process
Interactions
ORGANIZATION
MANAGEMENT INFRASTRUCTURE IMPROVEMENT TRAINING
M F
PROJECT
OPERATION
F F F E: 3 F
ACQ - ACQUISITION.
SUB - SUBCONTRACTOR
T
E - EXECUTE
MAINTENANCE F - FEEDBACK
ACQUISITION SUPPLY
U: 4 T U: 4 E M - MANAGE
T E: 2,3
P - PARTICIPATE
P JOINT E E: ACQ E
REVIEW U T - TASK
E: 3 T: SUB
U - USE
U E P E QA
AUDIT DEVELOPMENT E:N - EXECUTE THE
E: 3 E: 3 PROCESS NUMBERED N
E: 1,2,3
(T)E (I)V&V E V&V
E: 3 E: 3
Source: Singh97
1 2 3 4
E PROBLEM
DOCUMENTATION CM RESOLUTION
TAILORING PDCA
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 6
IEEE/EIA 12207 Process
Roles
employ S
ACQUISITION ACQUIRER ACQUISITION PROCESS
ROLE U
P
contract P
O
SUPPLY employ R
SUPPLIER SUPPLY PROCESS
ROLE T
employ employ employ I
N
OPERATING • OPERATOR employ G
OPERATION PROCESS
ROLE • USER
use
P
R
ENGINEERING • DEVELOPER MAINTENANCE use DEVELOPMENT employ O
ROLE • MAINTAINER PROCESS PROCESS C
E
S
EMPLOYER • Documentation • Validation
SUPPORTING OF S
SUPPORTING • Configuration management • Joint review E
ROLE • Quality assurance • Audit
PROCESSES S
• Verification • Problem resolution
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 7
Risk Management Process
Overview
Œ Technical
Information Needs
and
Management Feedback
Management Decisions
Processes
Project Risk Profile
• Perform
and Risk Action Requests
Risk Treatment
• Perform Risk
Analysis
Ž
Manage
• Plan and the
Implement
Project
Risk
Risk Profile
Management
‘ Perform Risk
Monitoring
Source:
IEEE Standard
1540:2001
Improvement Actions
’ Evaluate the Risk Project Risk Profile © IEEE 2001.
Management All rights reserved.
Process
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 8
Risk Management Process
Overview
Œ Technical
Information Needs
and
Management Feedback
Management Decisions
Processes
Project Risk Profile
• Perform
and Risk Action Requests
Risk Treatment
Risk Treatment
l Establish responsibility for RM
l Assign RM resources
l Establish RM process • evaluation
Perform Risk
Analysis
Ž
Manage
• Plan and the
Implement
Project
Risk
Risk Profile
Management
‘ Perform Risk
Monitoring
Source:
IEEE Standard
measurement focus 1540:2001
Improvement Actions
’ Evaluate the Risk Project Risk Profile © IEEE 2001.
Management All rights reserved.
Process
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 10
Risk Management Process
Create a consistent current and historical view
l
of the risks present and their treatment
Overview Define the technical and managerial risk
l
management context
Œ Technical
– risks areas of concern
Information Needs
and
–
Management Decisions
stakeholder(s)
Management perspective(s)
Feedback
Processes assumptions and constraints
– objectives, Project Risk Profile
• Perform Risk
Analysis
Ž
Manage
• Plan and the
Implement
Project
Risk
Risk Profile
Management
‘ Perform Risk
Monitoring
Source:
IEEE Standard
measurement focus 1540:2001
Improvement Actions
’ Evaluate the Risk Project Risk Profile © IEEE 2001.
Management All rights reserved.
Process
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 11
l Risk Management Process
Identify risks defined by RM context
l Estimate risk likelihood and consequences
Overview
l Evaluate and prioritize the risks and their
interactions against thresholds
Œ Technical
l Recommend risk treatment
Information Needs where applicable
and
l Document in risk action request
Management Decisions Management Feedback
Processes
– measures of treatment effectiveness Project Risk Profile
• Perform and Risk Action Requests
– contingency plans Risk Treatment
• Perform Risk
Analysis
Ž
Manage
• Plan and the
Implement
Project
Risk
Risk Profile
Management
‘ Perform Risk
Monitoring
Source:
IEEE Standard
measurement focus 1540:2001
Improvement Actions
’ Evaluate the Risk Project Risk Profile © IEEE 2001.
Management All rights reserved.
Process
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 12
Risk Management Process
Overview
Œ Technical
Information Needs
and
Management Feedback
Management Decisions
Processes
Project Risk Profile
• Perform
and Risk Action Requests
Risk Treatment
‘ Perform Risk
Monitoring
Source:
IEEE Standard
1540:2001
Improvement Actions
’ Evaluate the Risk Project Risk Profile © IEEE 2001.
Management All rights reserved.
Process
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 13
Risk Management Process
Overview
Œ Technical
Information Needs
and
Management Feedback
Management Decisions
Processes
Project Risk Profile
• Perform
and Risk Action Requests
Risk Treatment
• Perform Risk
Analysis
l Once a risk treatment has been Ž
selected
– if •
a 12207
Plan and Life Cycle Process
Manageis employed,
the
Implement
+ risk
Risk treatment is managed using the problem
Project
Risk Profile
Management
management approach of the Management Process
– if a non-12207 Life Cycle Process is ‘ Perform Risk
employed,
Monitoring
Source:
+ a detailed Risk Treatment Plan must be developed IEEE Standard
and implemented ’ Project Risk Profile
1540:2001
Improvement Actions Evaluate the Risk © IEEE 2001.
Management All rights reserved.
Process
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 14
Risk Management Process
Overview
Œ Technical
Information Needs
and
Management Feedback
Management Decisions
Processes
Project Risk Profile
• Perform
and Risk Action Requests
Risk Treatment
‘ Perform Risk
Monitoring
Source:
IEEE Standard
measurement focus 1540:2001
Improvement Actions
’ Evaluate the Risk Project Risk Profile © IEEE 2001.
Management All rights reserved.
Process
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 15
Risk Management Process
Overview
Œ Technical
Information Needs
and
Management Feedback
Management Decisions
Processes
Project Risk Profile
l•Capture
Perform RM information
and Risk Action Requests
Risk Treatment
Assess and improve the RM process
l
– collect RM information
– assess the quality of the process
• Perform Risk
– identify opportunities for improvement
Analysis
Ž – provide feedback to management
Manage
• Plan and the – make improvements to the process
Implement
Project
Risk
Management l Generate lessons learned
Risk Profile
‘ Perform Risk
Monitoring
Source:
IEEE Standard
measurement focus 1540:2001
Improvement Actions
’ Evaluate the Risk Project Risk Profile © IEEE 2001.
Management All rights reserved.
Process
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 16
IEEE 1540 and
ISO/IEC 15026
l ISO/IEC 15026:1998, Information
Technology —System and Software Integrity
Levels
u Defines a process for establishing integrity levels
that are used to contain risk within acceptable
values
n the system integrity level reflects the worst case risk that
is associated with the as-designed system
n all appropriate risk dimensions are addressed
u Requires employment of a risk management
process
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 17
IEEE 1540 and
ISO/IEC 15939
l ISO/IEC 15939:FDIS, Information
Technology —Software Measurement Process
u Identifies the activities and tasks that are necessary
to successfully identify, define, implement, and
improve a software measurement process
n Two core activities
• Plan the Measurement Process
• Perform the Measurement Process
n Two supporting activities
• Establish and Sustain Measurement Commitment
• Evaluate Measurement
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 18
IEEE 1540 and
ISO/IEC 15939 - 2
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 19
IEEE 1540 and IEEE 1012
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 20
IEEE 1540 and IEEE 1228
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 21
IEEE 1540 and IEEE 1058
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 22
IEEE 1540 and
IEEE 982.1 and 982.2
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 23
For more information . . .
Paul R. Croll
Computer Sciences Corporation
5166 Potomac Drive
King George, VA 22485-5824
Phone: +1 540.663.9251
Fax: +1 540.663.0276
e-mail: pcroll@csc.com
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 24
Questions?
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 25
References
[IEEE 982.1] IEEE Std 982.1-1988, IEEE Standard Dictionary of
Measures to Produce Reliable Software, Institute of Electrical
and Electronics Engineers, Inc. New York, NY, 1988.
[IEEE 982.2] IEEE Std 982.2-1988, Guide for the Use of IEEE
Standard Dictionary of Measures to Produce Reliable Software,
Institute of Electrical and Electronics Engineers, Inc. New York,
NY, 1988.
[IEEE 1012] IEEE Std 1012-1998, IEEE Standard for Software
Verification and Validation, Institute of Electrical and
Electronics Engineers, Inc. New York, NY, 1998.
[IEEE 1228] IEEE Std 1228-1994, IEEE Standard for Software
Safety Plans, Institute of Electrical and Electronics Engineers,
Inc. New York, NY, 1994.
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 26
References - 2
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 27
References - 3
PSM 2001, Aspen, CO Tuesday, July 24, 2001, 1:15 PM - 1:55 PM Paul R. Croll - 28