Standard No.:	GB/T 20918-2007
Chinese Name:	信息技术 软件生存周期过程 风险管理
English Name:	Information technology—Software life cycle processes—Risk management
Professional Classification:	L77 Software engineering
Professional Classification:	GB National Standard
ICS Classification:	35.080
Issued by:
Issued on:	2007-04-30
Implemented on:	2007-07-01
Status:	VALID
Language:	English
File Format:	PDF
Word Count:
Price(USD):	please email coc@codeofchina.com for quotation
Delivery:	via email in 1-3 business day

1 Scope

1.1 Purpose

This standard describes the risk management process in the process of software acquisition, supply, development, operation and maintenance. It is recommended that technical and managerial personnel throughout the organization use this standard.

The purpose of this standard is to provide software suppliers, demanders, developers and managers with a set of process requirements suitable for managing a wide variety of risks. This standard does not provide detailed and clear risk management technology, but is committed to defining a risk management process to which any technology can be applied.

1.2 Field of application

This standard defines a risk management process that runs through the software life cycle. It is suitable for adoption by organizations and is used for all appropriate projects or individual projects. Although this standard is written for risk management in software projects, it may also be used for system-level or organization-level risk management.

This standard may be used in conjunction with GB/T 8566 or used alone.

1.2.1 Use in conjunction with GB/T 8566

GB/T 8566 describes the standard process of software acquisition, supply, development, operation and maintenance. It takes into account that active risk management is a key factor for successful software project management. It mentions risks and risk management in many places, but it does not give the process of risk management. While this standard gives this process. In order to support the views of managers, participants and other stakeholders, this standard can be used to manage organization-level or project-level risks in any field or in any life cycle phase.

In the framework for life cycle processes given in GB/T 8566, risk management is an "organizational life cycle process". In an organizational life cycle process, the organization using the process is responsible for the activities and tasks in the process. Therefore, the organization shall ensure that the process exists and functions.

When used in conjunction with GB/T 8566, this standard assumes that other management and technical processes of GB/T 8566 perform risk treatment, and also describes the correct relationship with these processes.

1.2.2 Use of this standard alone

This standard may be used independently of any specific software life cycle process standard. When used in this way, the additional clauses for risk treatment in this standard will apply.

1.3 Conformance

An organization or project can claim conformance with this standard if it lists in its plan and implements all requirements in the activities and tasks described in Clause 5 of this standard (the requirements with the word “shall” are mandatory).

In those instances where this standard is used independently of GB/T 8566, additional requirements for risk management are given in 5.1.4.2.