Process Implementation

The purpose of this step is to understand the critical risks the organization faces when developing and maintaining software.  For example, a critical risk for an organization that develops software for tax returns might be the risk that the software will not be available for tax season.  A vendor of medical equipment will likely be more concerned with delivering a defect free system than with meeting an aggressive target date.  The critical risks should be those risks which can negatively impact the Critical Metrics Set.  If they are not, then the Critical Metrics Set, or the critical risks should be reexamined.

There are a wealth of techniques that can reduce risk.  Which ones can do the best job depends on what the risks are.  Moreover as the business changes and as technology changes, the risks will also change.  Some of the factors that will influence the risk profile include:

Regulated business vs. highly competitive

Development vs. maintenance

Many users vs. few users

Stable mature technology vs. new technology

Centralized system vs. distributed system

Technical platform

Large integrated system vs. small stand-alone system

Tight target dates

Limited budget

Rapidly changing business environment

Life critical product

The risk profile should heavily influence the priorities in the Defect Management Plan.