: Risk Assessment in Technical Standards Documentation In your experience, are sections on risk and risk management typically part of technical standards documentation? For example, in a document that

Vote Up Vote Down

You should give mention risks in your technical document but leave risk management to "Single Risk Document" if it exists. What I mean is :
RISK: If we fail to use NTP workstations and servers may be out of sync. Therefore some reports will use their computer's time instead of using common time.

RISK Management:
This is not a big problem. We publish our reports enterprise only and we can bear this cost. Maintaining NTP enterprise wide will more costly.

You may agree or disagree with Risk Management but it is prerogative of management to decide this issues.

Also I object to this line. "The documentation must be in Microsoft Word, so a wiki solution is not possible (at this time)."
MS Word has ability to link documents. Since I assume you can use network shared documents, you can link to this document.

(0)

Vote Up Vote Down

Risk management is often in a section just devoted to the topic. In large organization RM is the task of designated personnel. The tech folks don't care about RM they just want to implement and maintain. RM folks want to know what issues might mandate procedures.

(0)

Vote Up Vote Down

I haven't found it common for technical standards documentation to say much about risk and risk management. The folks who negotiate standards generally care about risk, and spend a lot of time discussing risk in their deliberations. Perhaps in the end they presume that their standards themselves mitigate the relevant risks (assuming, of course, that they are implemented correctly).

(0)