Gives a process for software risk management during software acquisition, development, supply, operations and maintenance. Both technical and managerial personnel throughout an organization should apply this standard. The use of this standard presumes the use of IEEE/EIA 12207.0. The risk management process is applied in addition to the processes defined in `12207.0.