Steps of Process
CMMI Risk Management Goals
PolicyAF Policy Directive 90-9: Operational Risk Management, 1 April 2000
AFI 90-901: Operational Risk Management, 1 April 2000
AFMC Instruction 90-902: Operational Risk Management, Dec 2007
Tools & TechniquesRiskNav
TrainingRisk Process Orientation
Detailed Risk Process
ExamplesSample Risk Management Plan
Process Lessons Learned
Commercial items that require no unique government modifications or maintenance to meet the needs of the procuring agency.
- Has market research been conducted?
- Does market research include new COTS products and technology?
- Have alternative methods of acquiring COTS products been evaluated?
- Do cost estimates consider on-going costs of acquiring a COTS-based system or product?
- Do schedule estimates consider on-going costs of acquiring a COTS-based system or product?
- Did the project know of the availability of COTS products that meet functional requirements before development?
- Is custom code required to:
- extend the functionality of the COTS product?
- integrate the COTS product with other products?
- Does upgrading the COTS product upgrade require more memory or file space?
- Are hardware upgrades or replacements compatible with current COTS software products?
- How committed is the vendor to:
- achieving promised delivery dates for COTS product?
- delivering advertised functionality and performance for COTS product?
- granting access to source code?
- to supporting the current version of the COTS product?
- to supporting the COTS product line - future versions or companion products?
- to supporting the COTS product interfaces?
- to supporting the COTS product technical, distribution and sales support?
- What is the financial stability of the COTS product supplier and developer?
- Does the COTS product:
- support multiple hardware and operating system platforms?
- limit hardware or operating system platform options?
- conform to DoD technical standards?
- conform to industry technical standards?
- fully support initial and evolving requirements?
- fully support fixed/unchangeable operational requirements and procedures?
- meet quality requirements (e.g., reliability, performance, usability)?
- Does the contractor:
- have the technical experience to deliver a COTS-based system?
- have tasks in the Statement of Work supportive of acquiring a COTS-based system?
- have a strong relationship with the COTS product vendor?
- have the business skills to negotate appropriate component costs and licensing?
Back to top