| Summary | Risk management is a very important part of both Systems Engineering (SE) and Engineering Program Management (PM). Ideally, risk management is planned and performed in an integrated manner with all other SE and PM knowledge and process areas, as well as with necessary parts of the context organization and environment. In other words, applying a systems approach to risk management is very desirable, if not essential, to success. “ISO/IEC/IEEE 16085, Systems and software engineering – Life cycle processes – Risk management” became part of a “suite” of international systems and software standards with the publication of its first edition in 2006. At that time its writers envisioned a universally accepted risk management standard that would serve to compliment “ISO/IEC/IEEE 15288, Systems and software engineering — Systems life cycle processes” and thereby the “INCOSE Systems Engineering (SE) Handbook” as well. But much has changed since 2006, making the refreshing of ISO/IEC/IEEE 16085 critical to maintaining value to its users. Since 2006, ISO/IEC/IEEE 15288 has been updated twice, and the publication of new, overarching international risk management standard in 2009, “ISO 31000, Risk management — Principles and guidelines”, which calls for a risk management framework, continual risk management process improvement, and consideration of context, and cultural and human factors aspects of risk management, has in several respects changed the landscape for risk management. In addition, due to technological advancement and the increasing size and complexity of engineering projects and programs, it has become difficult for risk managers to deal with the variation between, and the increasing number of, safety, security, and risk related standards, regulations, engineering specifications, and contractual agreements that are encountered in a typical systems engineering program. Over the past decade, for example, the number and types of products, systems, and stakeholders vulnerable to cyber threats has increased dramatically. Correspondingly, the number of cybersecurity related standards, regulations, and practices have increased as well. Integrating the new cybersecurity related risks, along with the associated standards, regulations, and many other requirements, into the overall risk management program represents a new, or at least a much greater, challenge for many risk managers. The challenge is compounded for systems that involve other new risk categories that might come from other knowledge and industry domain area such as biological engineering, new human-machine interfaces, implants, robotic medical devices, micro-machines, artificial intelligence, and autonomous vehicles – to name just a few! Members of the INCOSE Risk Management Working Group (RMWG), together with risk management practitioners at the Institute of Electrical and Electronics Engineers (IEEE), the Project Management Institute (PMI), and a number of other associations and national standards bodies (NSBs) from around the world, have come together through ISO/IEC JTC1 SC7 WG7 to update ISO/IEC/IEEE 16085. The proposed update to ISO/IEC/IEEE 16085 includes significant revisions to the 2006 edition intended to (a) achieve compatibility with ISO 31000, (b) define a framework for an integrated systems approach to risk management, and (c) facilitate aspects of the performance of risk management for software and systems engineering programs, including, and in particular, those large in size and complexity. The target audience for this presentation (or “workshop” if preferably called so) includes Risk Managers, Risk Analysts, Systems Engineers (SEs), Software Engineers, Safety Engineers, Project/Program Managers (PMs), engineering managers, engineering professionals, executives: Attendees will benefit from a comprehensive overview of the first ISO/IEC/IEEE 16085 working draft (WD), submitted to ISO/IEC JTC 1 in August 2017. This will provide them with knowledge and understanding of the standard early on in the standards development process, giving them additional time to start preparing for implementation of the updated standard in their work environment, and to participate in its review prior to publication. Attendees will be invited to participate in an interactive Q&A session in which feedback on the standard will be encouraged. |