ISO 17666:2003 extends the requirements of ISO 14300-1, the principles and requirements for integrated risk management on a space project. It explains what is needed to implement a project-integrated risk management policy by any project actor, at any level (i.e. customer, first-level supplier, or lower-level suppliers).

ISO 17666:2003 contains a summary of the general risk management process, which is subdivided into four (4) basic steps and nine (9) tasks. The implementation can be tailored to project-specific conditions.

The risk management process requires information exchange among all project domains and provides visibility over risks, with a ranking according to their criticality for the project. These risks are monitored and controlled according to the rules defined for the domains to which they belong.

ISO 17666:2003 is applicable to all space project phases, as defined in ISO 14300-1.

When viewed from the perspective of a specific programme or project context, the requirements defined in ISO 17666:2003 should be tailored to match the genuine requirements of a particular profile and circumstances of a programme or project.