Detail of GB/T 20918-2007

Introduction of GB/T 20918-2007

1 Scope 1.1 Purpose This standard describes the risk management process in the process of software acquisition, supply, development, operation and maintenance. It is recommended that technical and managerial personnel throughout the organization use this standard. The purpose of this standard is to provide software suppliers, demanders, developers and managers with a set of process requirements suitable for managing a wide variety of risks. This standard does not provide detailed and clear risk management technology, but is committed to defining a risk management process to which any technology can be applied. 1.2 Field of application This standard defines a risk management process that runs through the software life cycle. It is suitable for adoption by organizations and is used for all appropriate projects or individual projects. Although this standard is written for risk management in software projects, it may also be used for system-level or organization-level risk management. This standard may be used in conjunction with GB/T 8566 or used alone. 1.2.1 Use in conjunction with GB/T 8566 GB/T 8566 describes the standard process of software acquisition, supply, development, operation and maintenance. It takes into account that active risk management is a key factor for successful software project management. It mentions risks and risk management in many places, but it does not give the process of risk management. While this standard gives this process. In order to support the views of managers, participants and other stakeholders, this standard can be used to manage organization-level or project-level risks in any field or in any life cycle phase. In the framework for life cycle processes given in GB/T 8566, risk management is an "organizational life cycle process". In an organizational life cycle process, the organization using the process is responsible for the activities and tasks in the process. Therefore, the organization shall ensure that the process exists and functions. When used in conjunction with GB/T 8566, this standard assumes that other management and technical processes of GB/T 8566 perform risk treatment, and also describes the correct relationship with these processes. 1.2.2 Use of this standard alone This standard may be used independently of any specific software life cycle process standard. When used in this way, the additional clauses for risk treatment in this standard will apply. 1.3 Conformance An organization or project can claim conformance with this standard if it lists in its plan and implements all requirements in the activities and tasks described in Clause 5 of this standard (the requirements with the word “shall” are mandatory). In those instances where this standard is used independently of GB/T 8566, additional requirements for risk management are given in 5.1.4.2.

Contents of GB/T 20918-2007

Foreword II Introduction III 1 Scope 2 Normative references 3 Terms and definitions 4 Application of this standard 5 Risk management in software life cycle Annex A (Informative) Risk management plan Annex B (Informative) Risk action request Annex C (Informative) Risk treatment plan Bibliography