A process for the management of risk in the life cycle [during systems acquisition, supply, development, operations, and maintenance] is defined. It can be added to the existing set of software life cycle processes defined by the ISO/IEC 12207 or ISO/IEC 15288 series fo standards, or it can be used independently.
ANSI/IEEE 16085:2006 history
2007ANSI/IEEE 16085:2006 Standard for Software Life Cycle Processes - Risk Management