An organized, analytic process used to identify what might cause harm or loss (identify risks); to assess and quantify the identified risks; and to develop and, if needed, implement an appropriate approach to prevent or handle causes of risk that could result in significant harm or loss.

Typically, risk management is performed for the activities of a project, a work group, an organization, or other organizational units that are developing or delivering products or services.

Is included in

The glossary defines the basic terms used in CMMI models.