| Full title | Identify and manage risk factors that could negatively affect the product |
|---|
| Objective | Early identify risks, threats and vulnerabilities related to the product, and provide adequate avoidance or mitigation actions |
|---|
| Applicability | This practice mostly concerns the development and maintenance phases of the product. |
|---|
| Context | The practice applies to all projects. In particular, it is relevant in prototype projects that concern poorly explored areas or are constructed with new technologies/architectures/hardware. |
|---|
| Addressed elements in SMM | 3.1. Management of risks, threats and vulnerabilities |
|---|
| Actions | - Setup and manage the risk registry
- Establish a dedicated registry for managing the identified risk factors that could negatively affect the product.
- Periodically analyze the risk factors (together with the team), to identify them, assign priorities to them and evaluate their impact.
- Involve stakeholders in the analysis.
- Maintain a risk management plan
- A risk factor can be either mitigated, or avoided, or accepted. Provide adequate actions for each risk factor.
- Evaluate the likelihood (probability) and impact of risk factors on the project plan and take corrective actions if necessary.
- Assign the responsibility for managing the registry to an experienced team member (or project leader)
|
|---|
| Risks | - The risk registry is not maintained
- Some risk factors are not addressed.
- Some actions for handling the risk factors are not adequate for the actual needs.
- Actions are designed and implemented ad hoc.
- Stakeholders are not involved in the risk analysis
- Stakeholders are unaware of risk factors
|
|---|
| Related practices | BP-B.5: Manage product issues |
|---|
