Full titleIdentify and manage risk factors that could negatively affect the product
ObjectiveEarly identify risks, threats and vulnerabilities related to the product, and provide adequate avoidance or mitigation actions
Applicability

This practice mostly concerns the development and maintenance phases of the product.

Context

The practice applies to all projects. In particular, it is relevant in prototype projects that concern poorly explored areas or are constructed with new technologies/architectures/hardware.

Addressed elements in SMM

3.1. Management of risks, threats and vulnerabilities

Actions
  1. Setup and manage the risk registry
    1. Establish a dedicated registry for managing the identified risk factors that could negatively affect the product.
    2. Periodically analyze the risk factors (together with the team), to identify them, assign priorities to them and evaluate their impact.
    3. Involve stakeholders in the analysis.
  2. Maintain a risk management plan
    1. A risk factor can be either mitigated, or avoided, or accepted. Provide adequate actions for each risk factor.
    2. Evaluate the likelihood (probability) and impact of risk factors on the project plan and take corrective actions if necessary.
    3. Assign the responsibility for managing the registry to an experienced team member (or project leader)
Risks
  1. The risk registry is not maintained
    1. Some risk factors are not addressed.
    2. Some actions for handling the risk factors are not adequate for the actual needs.
    3. Actions are designed and implemented ad hoc.
  2. Stakeholders are not involved in the risk analysis
    1. Stakeholders are unaware of risk factors
Related practicesBP-B.5: Manage product issues
  • No labels