ISO 16085 for Risk Management

ISO 16085:2006, Systems and Software Engineering – Life Cycle Processes – Risk Management, defines a process for managing risk in system and software life cycles.

ISO 16085 can be used with existing set of processes defined by ISO 15288, Systems Engineering – System Life Cycle Processes, and ISO 12207, Information Technology – Software Life Cycle Processes, or it can be used independently.

Risk management is a key discipline for making effective decisions and communicating the results within organizations. The purpose of risk management is to identify potential managerial and technical problems before they occur so that actions can be taken that reduce or eliminate the probability and/or impact of these problems should they occur.

Risk management is a critical tool for continuously determining the feasibility of project plans, for improving the search for and identification of potential problems that can affect life cycle activities and the quality and performance of products, and for improving the active management of projects.

ISO 16085 describes a process for the management of risk during systems or software acquisition, supply, development, operations, and maintenance. The purpose of this standard is to provide suppliers, acquirers, developers, and managers with a single set of process requirements suitable for the management of a broad variety of risks and it is suitable for adoption by an organization for application to all appropriate projects.

ISO 16085:2006 supersedes ISO 16085:2004 and can be ordered from ANSI for $107.00 It has also been issued as IEEE standard 16085-2006 and can be ordered from IEEE for a member price of $85.00