Process Area 2.2 – Test Planning – SG 1 – Perform a product risk assessment

A product risk assessment is performed to identify the critical areas for testing.


Test planning is defined as a key activity and there are five Specific Goals in this Process Area.

Testing is a risk mitigation process. It is therefore important that risk assessments are included as an integral part of test planning activities and used to derive all other elements of the test approach.

An example would be specific output from a risk-based-testing workshop which identifies and assesses the components or requirements that pose a high risk. Planning should show evidence of this being transferred into a set of planned and prioritised tests.

Specific Practices

SP 1.1 Define product risk categories and parameters

Ensure that there are defined product risk categories and that testing uses these categories when determining risk and priorities for testing

SP 1.2 Identify product risks

Product risks are identified as part of the planning process and fed into test planning, test design and execution

SP 1.3 Analyse product risks

That product risks have been analysed satisfactorily as part of the test planning process

Deployment notes

  • Is there a clearly defined framework that identifies product risk categories and evaluation criteria, based on likelihood and impact?
  • Are they defined together with thresholds?
  • Are there defined product risks?
  • Are all stakeholders involved in evaluating, categorising and prioritising product risks?
  • Are all identified product risks associated with relevant stakeholders (in other words those most interested or affected)?
  • Are product risks analysed, grouped, prioritised and agreed with all stakeholders?
  • Are product risks traceable back to business requirements?

Example Sub-practices and work products

Specific Practice 1.1 – Define product risk categories and parameters

Product risk categories and parameters are defined that will be used during the product risk assessment.

Typical work products

  • Product risk categories lists
  • Product risk evaluation and prioritisation criteria


  • Determine product risk categories
  • Define consistent criteria for evaluating and quantifying the product risk likelihood and impact levels
  • Define thresholds for each product risk level