4.4.1 Archiving Risk Data
After completing an SRE, the risk statement data becomes input to the SEI risk knowledge base. To protect the confidentiality of the target contractor and any proprietary trade information, the data are rendered nonattributional by generalizing all references to project specific terms within the risk statements.
4.4.2 Incorporating Feedback
All process feedback collected during the SRE is reviewed for incorporation into the methodology. The SEI Risk Program's Independent Risk Assessment (IRA) project maintains the methodology and defines the SRE change control processes.