--- doc-id: SLM-EPB-RM-001 version: 1.0 status: Released date: 2026-05-12 --- # Risk Management Plan (RM Plan) | Field | Value | |---------------|----------------------------------------| | Project | demo-epb | | Document ID | SLM-EPB-RM-001 | | Version | 1.0 | | Status | Released | | Date | 2026-05-12 | | Standard | ASPICE MAN.5 | --- ## 1. Purpose Identifies, assesses, and treats **project risks** (organisational, technical, schedule, resource). Distinct from **functional safety risks** (hazards), which live in the HARA. ## 2. Methodology | Step | Activity | |-------------------|---------------------------------------------------| | 1. Identification | Workshops, lessons learned, stakeholder input | | 2. Classification | Probability (P) × Impact (I) | | 3. Assessment | Risk score = P × I (1-25) | | 4. Treatment | Avoid / Mitigate / Accept / Transfer | | 5. Monitoring | Quarterly review, status updates | ### 2.1 Classification scale | Probability | Meaning | |-------------|----------------------------| | 1 | Very unlikely | | 2 | Unlikely | | 3 | Possible | | 4 | Likely | | 5 | Very likely | | Impact | Meaning | |--------|------------------------------------------| | 1 | Negligible | | 2 | Minor delay / additional effort | | 3 | Noticeable impact on schedule/budget | | 4 | Significant impact, project at risk | | 5 | Project stop | | Score range | Action | |-------------|----------------------------------------| | 1-4 | Accept, monitor | | 5-9 | Mitigate (plan) | | 10-15 | Mitigate (immediate, with escalation) | | 16-25 | Escalate to Project Owner | ## 3. Risk register | ID | Description | P | I | Score | Treatment | Status | |-------|----------------------------------------------------------|---|---|-------|------------------------------------------|------------| | R-01 | Demo is mistaken for production-ready code | 3 | 3 | 9 | Disclaimer in README + Project Manual | Mitigated | | R-02 | MISRA tooling update breaks CI (false positives) | 2 | 3 | 6 | Pin tool versions, regression suite | Mitigated | | R-03 | Reviewer availability for ASIL-D | 3 | 4 | 12 | Self-review documented (demo only) | Accepted (demo) | | R-04 | Gitea server outage | 2 | 4 | 8 | Local clones, regular backups | Mitigated | | R-05 | Apple certificate expiry without warning | 3 | 3 | 9 | Renewal reminder + 30-day notice | Mitigated | | R-06 | Windows build VM unreliable (busybox-PATH conflicts) | 4 | 2 | 8 | MSYS2 documented, alt PATH ordering | Open | | R-07 | macOS act_runner host-mode cache bug | 3 | 2 | 6 | continue-on-error, documented | Open | | R-08 | Doorstop tool compatibility on upgrade | 2 | 3 | 6 | Own traceability.py, no doorstop dep | Mitigated | | R-09 | Knowledge loss with single-person setup | 4 | 4 | 16 | Maintain Project Manual + documentation | Open | ## 4. Risk reviews | Frequency | Participants | Outputs | |--------------|--------------------------|--------------------------------------| | Quarterly | Project Owner + TL | Updated register, action items | | On change | Affected roles | Risk score update | | At release | Project Owner + QA | Residual-risk assessment | ## 5. Escalation path ``` Risk owner (daily) │ Score > 9 ▼ Project Owner (weekly) │ Score > 15 ▼ Stakeholder / Client (immediately) ``` ## 6. Lessons learned Closed risks are summarised at project closure under `docs/lessons-learned/`, to better assess follow-up projects. ## 7. Related documents - `PM-Plan.docx` — Top-level risks (summary) - `HARA.docx` — Functional safety risks (hazards, separate from project risks) - `QA-Plan.docx` — Non-conformity management ## 8. Revision history | Version | Date | Change | Author | |---------|-------------|---------------------|------------| | 1.0 | 2026-05-12 | First release | S. Lohmaier|