CMMI Consultant Blog

CMMI Frequently Asked Questions and their responses from CMMI Consultant(s)

  • Home
  • CMMI FAQ
  • CMMI Services
  • About Rajendra Khare
  • « Go to Parent Site – DQSIndia.com

Search CMMI Consultant Blog




As CMMI Consultants, we may come across questions related to the definition of “Risk” and basic concepts on determination of Risk. During a meeting held on Process models like CMMI, we found some questions arising out of Risk Management in CMMI. We decided to clarify the definitions on this topic of “Risk” As CMMI Consultant you may take guidance from the details below:

CMMI FAQ 0


19th September, 2019

RISK:

As per various global standards available, “Risk” has many definitions and few extracts are provided below:

Risk as defined in ISO 31000:2018:

According to ISO 31000, “Risk” is the “effect of uncertainty on objectives” and “effect” is “positive or negative deviation from what is expected”. The following will explain what this means.

Risk as defined in ITIL V3:

ITIL V3 Definition of Risk is: “A possible Event that could cause harm or loss, or, affect the ability to achieve Objectives.”

Risk as defined in CMMI Version 1.3:

CMMI Version 1.3 definition of risk is: “A potential problems that occur during various activities across the life of the product or project that cause adverse impacts on achieving objectives.

 

Let us try to evolve our own definition of Risk:

Risk, as we see it in our day to day life, is the anticipation of an undesirable event/activity that can cause varying degree of harm/injury/damage impairing the capability to achieve the desired result. The calculation of Risk is intuitively programmed within us and our brain is adjusted to carry out this calculation in milli-seconds every moment. In order to determine or quantify the Risk, we have to develop an arbitrary cum mathematical model that is based on the probability of an unwanted event/activity to realise itself and the exposure that we may have to the harm/injury/damage due to the said event/activity. The exposure to harm/injury/damage is dependent on the vulnerability that we may have with respect to harm/injury/damage. The extent of harm/injury/damage is also dependent on the Potency or the Strength and Motivation of the Harming Agent which is also called the Threat. So, the key terms that are used in the determination or quantification of Risk are Probability, Threat and Vulnerability. There are other factors also that can be considered while determining the Risk that may be specific to the situation. To summarize, Risk is the possibility of an undesirable event happening that is a function of the threat available and our vulnerability to the threat.

Typical Artefacts that capture Evidence of Risk Management are Project Management plan, Risk Management Plan, Mitigation Plan and Risk Log.

 

RISK MANAGEMENT Cycle in CMMI Version 1.3:

Risk SPs in CMMI under Risk OF Process Area:

SP 1.1- Determine Risk Source and categories.

SP 1.2 – Define Risk Parameters.

SP 1.3 – Establish Risk Management Strategy.

SP 2.1 – Identify Risk.

SP 2.2 – Evaluate, Categories & Prioritize Risk.

SP 3.1- Develop Risk Mitigation Plans.

SP 3.2- Implement Risk Mitigation Plans.

Share this:

  • Click to email a link to a friend (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Reddit (Opens in new window)

Like this:

Like Loading...

Related


Published by CMMI Consultant


cmmi, cmmi consultant, cmmi consultants, ISO 31000, risk, risk management



Previous Post

As CMMI Consultant you may be asked what are the Data Privacy Acts available / applicable globally. As CMMI Consultant you can use the information given below to answer:

Next Post

What is CMMC? The New Cybersecurity Maturity Model Certification from DOD with Latest Updates

Leave a Reply Cancel reply


Sidebar


Author: Rajendra Khare


Rajendra's LinkedIn Profile
Rajendra is a qualified and certified Lead Appraiser and Instructor for the following :

  • SCAMPI High Maturity Lead Appraiser (Certified)
  • CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Acquisition (Certified)
  • CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Development (Certified)
  • CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Services (Certified)
  • CMMI Institute-Certified Introduction to CMMI-DEV v1.3 Instructor (Certified)
  • CMMI Institute-Certified Services Supplement for CMMI-DEV Instructor (Certified)
  • CMMI Institute-Certified CMMI-DEV Level 2 for Practitioners Instructor (Certified)
  • CMMI Institute-Certified CMMI-DEV Level 3 for Practitioners Instructor (Certified)
  • CMMI Institute-Certified SCAMPI B & C Team Leader for Acquisition (Certified)
  • CMMI Institute-Certified SCAMPI B & C Team Leader for Development (Certified)
  • CMMI Institute-Certified SCAMPI B & C Team Leader for Services (Certified)

Rajendra is Lead Assessor for ISO 9001 (QMS), ISO 14001 (EMS), OHSAS 18001 (OHSMS) since 1994

International Automotive Task Force (IATF) approved Lead Assessor for Automotive Standard TS 16949:2009

Lead Assessor for ISO 27001 (ISMS) and ISO 20000-1 (ITSM)

Rajendra has 25 years experience in the industry.


Tags

cmmi cmmi-acq cmmi-dev cmmi-svc cmmi appraisal CMMI Assessment cmmi benefits CMMI Certification cmmi consultant cmmi consultants cmmi consulting cmmi faq CMMI for Acquisition cmmi for development cmmi for services cmmi high maturity cmmi implementation cmmi institute cmmi maintenance cmmi maturity level cmmi maturity level 2 cmmi maturity level 3 cmmi model cmmi process cmmi process improvement cmmi services configuration management dqs india high maturity Information Security iso 9001 maturity level metrics opd organizational training pal PPQA process improvement qms requirements management risk risk management sam sepg supplier agreement management

© 2023 Copyright © 2017 CMMI Consultant Blog.
Back to top
%d bloggers like this: