《BS-ISO-IEC-16085-2004.pdf》由会员分享,可在线阅读,更多相关《BS-ISO-IEC-16085-2004.pdf(36页珍藏版)》请在三一文库上搜索。
1、BRITISH STANDARD BS ISO/IEC 16085:2004 Information technology Software life cycle processes Risk management ICS 35.080 ? Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:26:46 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO/IEC 16085:2004 This British Standard was published under the auth
2、ority of the Standards Policy and Strategy Committee on 8 October 2004 BSI 8 October 2004 ISBN 0 580 44566 6 National foreword This British Standard reproduces verbatim ISO/IEC 16085:2004 and implements it as the UK national standard. The UK participation in its preparation was entrusted to Technica
3、l Committee IST/15, Software engineering, which has the responsibility to: A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international publications referred to in this document may be found in
4、 the BSI Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Search” facility of the BSI Electronic Catalogue or of British Standards Online. This publication does not purport to include all the necessary provisions of a contract. Users are responsib
5、le for its correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. aid enquirers to understand the text; present to the responsible international/European committee any enquiries on the interpretation, or proposals for change, and keep the U
6、K interests informed; monitor related international and European developments and promulgate them in the UK. Summary of pages This document comprises a front cover, an inside front cover, the ISO/IEC title page, a blank page, the IEEE title page, pages ii to viii, pages 1 to 23 and a back cover. The
7、 BSI copyright notice displayed in this document indicates when the document was last issued. Amendments issued since publication Amd. No. DateComments Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:26:46 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Reference number ISO/IEC 16085:2004(E) IE
8、EE Std 1540-2001 INTERNATIONAL STANDARD ISO/IEC 16085 IEEE Std 1540-2001 First edition 2004-10-01 Information technology Software life cycle processes Risk management Technologies de linformation Processus du cycle de vie du logiciel Gestion des risques BS ISO/IEC 16085:2004 Licensed Copy: sheffield
9、un sheffieldun, na, Thu Nov 23 04:26:46 GMT+00:00 2006, Uncontrolled Copy, (c) BSI IS/OIE58061 C:(4002E) DPlcsid Fremia ihTs PDF file may ctnoian emdebt dedyfepcaes. In ccaocnadrw eith Aebods licensilop gnic,y this file mairp eb ynted iv roweb detu slahl ton ide ebtlnu deess the typefaces whice era
10、hml era deddebicsnede to i dnanstlaled t noeh computfrep reormign tide ehtin.g In wodlnidaot gnhis file, trapise atpecc tiereht nser ehnopsiiblity fo not infriigngn Aebods licensilop gnic.y ehT ISO tneClar Secrteiraat caceptl on siibality in this .aera Ai ebods a tredamafo kr Aebod SystemI sncotarop
11、r.de teDails fo teh softwacudorp erts sut deo crtaee this PDF file cna f ebi dnuon tlareneG eh Info leratit evo the file; tP ehDc-Frtaeion marapteres wetpo erimizf deoirp rnti.gn Evc yreasah er t neebakt neo snet erutah teh file is suitlbaf eosu rI yb eSO memdob rebeis. In tlnu ehikletneve y ttah lb
12、orp aem leratit gno it is f,dnuo plsaee inform ttneC ehlar Secrteiraat ta the serddaig sleb nevwo. OSI saCe tsopale 65 eneG 1121-HC02 av leT. 14 + 10 947 22 11 xaF 90 947 22 14 + 74 E-mail cirypothgiso.ogr Web www.is.ogro Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:26:46 GMT+00:00 2006
13、, Uncontrolled Copy, (c) BSI International Standard ISO/IEC 16085:2004(E) IEEE Std 1540-2001 Information technology Software life cycle processes Risk management Sponsor Software Engineering Standards Committee of the IEEE Computer Society Approved 17 March 2001 IEEE-SA Standards Board ? ? ? ? BS IS
14、O/IEC 16085:2004 Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:26:46 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ThI enstittuo ef Electrcila nad Electrnocis Enigenres, Inc. 3 Park Avneeu, New York, NY 0110-65997, USA Coypright 2004 by teh Institute of Elcetricla and Electronics Engineers,
15、 In.c All rights reserved. Published xx Mnoht 200x. Printed in the United Statse fo Americ.a irPn:t ISBN 0-7381-1402-X SH95262 DP:F ISBN 0-3718-014-38SS95262 No part of this uplbictaion yam be reprdocui den anf yorm, in na eltcernoic retreiavys ltso mer otherwise, withuot thrp eior writteep nrmiissn
16、o fo thup elbisehr. Abstract: A process for the management of risk in the life cycle of software is defined. It can be added to the existing set of software life cycle processes defined by the IEEE/EIA 12207 series of standards, or it can be used independently. Keywords: acceptability, integrity, ri
17、sk, risk analysis, risk management, risk treatment BS ISO/IEC 16085:2004 ii Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:26:46 GMT+00:00 2006, Uncontrolled Copy, (c) BSI IS/OIE58061 C:(4002E) International Organization for Standardization/International Electrotechnical Commission Case p
18、ostale 56 CH-1211 Genve 20 Switzerland Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of
19、 International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in l
20、iaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint t
21、echnical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75% of the national bodies casting a vote. Attention i
22、s drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 16085 was prepared by IEEE (as IEEE Std 1540-2001) and was adopted, under a special “fast-track
23、procedure”, by Joint Technical Committee ISO/IEC JTC 1, Information technology, in parallel with its approval by national bodies of ISO and IEC. BS ISO/IEC 16085:2004 iii Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:26:46 GMT+00:00 2006, Uncontrolled Copy, (c) BSI IEEE Standards documen
24、ts are developed within the IEEE Societies and the Standards Coordinating Committees of the IEEE Standards Association (IEEE-SA) Standards Board. The IEEE develops its standards through a consensus development process, approved by the American National Standards Institute, which brings together volu
25、nteers representing varied viewpoints and interests to achieve the final product. Volunteers are not necessarily members of the Institute and serve without compensation. While the IEEE administers the process and establishes rules to promote fairness in the consensus development process, the IEEE do
26、es not independently evaluate, test, or verify the accuracy of any of the information contained in its standards. Use of an IEEE Standard is wholly voluntary. The IEEE disclaims liability for any personal injury, property or other dam- age, of any nature whatsoever, whether special, indirect, conseq
27、uential, or compensatory, directly or indirectly resulting from the publication, use of, or reliance upon this, or any other IEEE Standard document. The IEEE does not warrant or represent the accuracy or content of the material contained herein, and expressly disclaims any express or implied warrant
28、y, including any implied warranty of merchantability or fitness for a specific purpose, or that the use of the material contained herein is free from patent infringement. IEEE Standards documents are supplied “AS IS.” The existence of an IEEE Standard does not imply that there are no other ways to p
29、roduce, test, measure, purchase, market, or provide other goods and services related to the scope of the IEEE Standard. Furthermore, the viewpoint expressed at the time a standard is approved and issued is subject to change brought about through developments in the state of the art and comments rece
30、ived from users of the standard. Every IEEE Standard is subjected to review at least every five years for revision or reaffirmation. When a document is more than five years old and has not been reaffirmed, it is reasonable to conclude that its contents, although still of some value, do not wholly re
31、flect the present state of the art. Users are cautioned to check to determine that they have the latest edition of any IEEE Standard. In publishing and making this document available, the IEEE is not suggesting or rendering professional or other services for, or on behalf of, any person or entity. N
32、or is the IEEE undertaking to perform any duty owed by any other person or entity to another. Any person utilizing this, and any other IEEE Standards document, should rely upon the advice of a competent professional in determining the exercise of reasonable care in any given circumstances. Interpret
33、ations: Occasionally questions may arise regarding the meaning of portions of standards as they relate to specific applications. When the need for interpretations is brought to the attention of IEEE, the Institute will initiate action to prepare appropriate responses. Since IEEE Standards represent
34、a consensus of concerned interests, it is important to ensure that any interpretation has also received the concurrence of a balance of interests. For this reason, IEEE and the members of its societies and Standards Coordinating Committees are not able to provide an instant response to interpretatio
35、n requests except in those cases where the matter has previously received formal consideration. Comments for revision of IEEE Standards are welcome from any interested party, regardless of membership affiliation with IEEE. Suggestions for changes in documents should be in the form of a proposed chan
36、ge of text, together with appropriate supporting comments. Comments on standards and requests for interpretations should be addressed to: Secretary, IEEE-SA Standards Board 445 Hoes Lane P.O. Box 1331 Piscataway, NJ 08855-1331 USA IEEE is the sole entity that may authorize the use of certification m
37、arks, trademarks, or other designations to indicate compliance with the materials set forth herein. Authorization to photocopy portions of any individual standard for internal or personal use is granted by the Institute of Electrical and Electronics Engineers, Inc., provided that the appropriate fee
38、 is paid to Copyright Clearance Center. To arrange for payment of licensing fee, please contact Copyright Clearance Center, Customer Service, 222 Rosewood Drive, Danvers, MA 01923 USA; (978) 750-8400. Permission to photocopy portions of any individual standard for educational classroom use can also
39、be obtained through the Copyright Clearance Center. Note: Attention is called to the possibility that implementation of this standard may require use of subject mat- ter covered by patent rights. By publication of this standard, no position is taken with respect to the existence or validity of any p
40、atent rights in connection therewith. The IEEE shall not be responsible for identifying patents for which a license may be required by an IEEE standard or for conducting inquiries into the legal validity or scope of those patents that are brought to its attention. BS ISO/IEC 16085:2004 iv Licensed C
41、opy: sheffieldun sheffieldun, na, Thu Nov 23 04:26:46 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Copyright 2004 IEEE. All rights reserved. v Introduction (This introduction is not part of IEEE Std 1540-2001, IEEE Standard for Software Life Cycle ProcessesRisk Management.) Software risk management is
42、 a key discipline for making effective decisions and communicating the results within software organizations. The purpose of risk management is to identify potential managerial and technical problems before they occur so that actions can be taken that reduce or eliminate the likelihood and/ or impac
43、t of these problems should they occur. It is a critical tool for continuously determining the feasibility of project plans, for improving the search for and identification of potential problems that can affect software life cycle activities and the quality and performance of software products, and f
44、or improving the active management of software projects. By successfully implementing this risk management standard Potential problems will be identified The likelihood and consequences of these risks will be understood The priority order in which risks should be addressed will be established Treatm
45、ent alternatives appropriate for each potential problem above its risk threshold will be recommended Appropriate treatments will be selected for risks above their thresholds The effectiveness of each treatment will be monitored Information will be captured to improve risk management policies The ris
46、k management process and procedures will be regularly evaluated and improved This software risk management standard supports the acquisition, supply, development, operation, and maintenance of software products and services. This standard is written for use in conjunction with existing organizationa
47、l risk management processes, which are assumed to be processes similar to those described within this standard. This standard is written for those parties who are responsible in their organization for defining, planning, implementing, or supporting software risk management. The domain of use, the st
48、age of the software life cycle a software project or product is in, and the specific characteristics of an organization will influence how the standard is applied in practice. This standard defines a continuous software risk management process applicable to all software-related engineering and manag
49、ement disciplines. The risk management process itself is made up of several activities and tasks that function in an iterative manner. The process defines the minimum activities of a risk management process, the risk management information required and captured, and its use in managing risk. The risk management process defined in this standard c