A.220.127.116.11 Residual mishap risk. The mishap risk that
remains after all planned mishap risk management measures have been
implemented is considered residual mishap risk. Residual mishap risk is
documented along with the reason(s) for incomplete mitigation.
A.18.104.22.168 Residual mishap risk management. The program manager must know what residual
mishap risk exists in the system being acquired. For significant mishap
risks, the program manager is required to elevate reporting of residual
mishap risk to higher levels of appropriate authority (such as the Program
Executive Officer or Component Acquisition Executive) for action or
acceptance. The program manager is encouraged to apply additional resources
or other remedies to help the developer satisfactorily resolve hazards
providing significant mishap risk. Table A-IV
includes an example of a mishap risk acceptance level matrix based on the
mishap risk assessment value and mishap risk category.
A.22.214.171.124 Residual mishap risk acceptance. The program
manager is responsible for formally documenting the acceptance of the
residual mishap risk of the system by the appropriate authority. The program
manager should update this residual mishap risk and the associated hazards
to reflect changes/modifications in the system or its use. The program
manager and using organization should jointly determine the updated residual
mishap risk prior to acceptance of the risk and system hazards by the risk
acceptance authority, and should document the agreement between the user and
the risk acceptance authority.