ISO/IEC 25019:2023

INTERNATIONAL ISO/IEC
STANDARD 25019
First edition
2023-11
Systems and software engineering —
Systems and software Quality
Requirements and Evaluation
(SQuaRE) — Quality-in-use model
Ingénierie des systèmes et du logiciel — Exigences de qualité et
évaluation des systèmes et du logiciel (SQuaRE) — Modèle de qualité
de fonctionnement
Reference number
© ISO/IEC 2023
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2023 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Quality-in-use . 2
3.2 Quality-in-use characteristics and sub-characteristics . 7
3.3 Related SQuaRE concepts . 8
4 Quality-in-use model .11
4.1 General . 11
4.2 Stakeholder . 11
4.3 Quality-in-use in context .12
4.4 Quality-in-use model structure .12
4.5 Target of the quality-in-use model . 13
4.6 Using the quality-in-use model . 15
Annex A (informative) Comparison with the quality-in-use model in ISO/IEC 25010:2011 .16
Annex B (informative) The relationship between quality characteristics, quality sub-
characteristics, and their stakeholder’s needs .19
Annex C (informative) Example of quality-in-use characteristics and their effect and
influence .21
Annex D (informative) Example of applying the quality-in-use model to an application .26
Bibliography .30
iii
© ISO/IEC 2023 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of
any claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC
had not received notice of (a) patent(s) which may be required to implement this document. However,
implementers are cautioned that this may not represent the latest information, which may be obtained
from the patent database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall
not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
This first edition of ISO/IEC 25019, together with the first edition of ISO/IEC 25002 and the second
edition of ISO/IEC 25010, cancels and replaces ISO/IEC 25010:2011, which has been technically revised.
The main changes are as follows:
— stakeholders influenced by use of system or product are classified and explicated;
— aspects of interest for each stakeholder are integrated and shown as quality characteristics;
— context coverage which was shown as quality characteristics in the quality-in-use model of the
previous version is removed.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.
iv
© ISO/IEC 2023 – All rights reserved

Introduction
As information system (ICT products, software, data) and IT services are widely used, the target of
their effect and influence of using them can extend from their direct users to organizations and the
society. To control the effect and influence as much as possible is a social responsibility of enterprises
and public/society administrations.
A wide variety of organizational functions and personal activities are increasingly performed by
information systems and IT services. Therefore, high-quality information systems and IT services
are essential to providing value and avoiding potential negative consequences for th stakeholders.
Unfortunately, quality assurance has traditionally focused primarily on functional requirements, giving
far less attention to the non-functional attributes of a system/product. Comprehensive specification,
design, and evaluation of all quality attributes of information systems and IT services are critical to
optimizing the value of information systems to their stakeholders.
The purpose of the "quality-in-use” model is to represent the effects and influences that can be
experienced by using information system and IT service system; that is, to define, measure, evaluate
and improve the quality of systems and software products and IT services when using them. Quality-in-
use can be influenced by many factors including the quality of software, data and IT services.
If context of use changes, effect and influence on a stakeholder also changes.
Such context of use changes are monitored through quality evaluations of quality-in-use characteristics/
sub-characteristics so that changes/gaps from initially specified context of use are identified and fed
back to the next quality improvement cycle.
Full details of the changes to the quality-in-use model are in Annex A. The comprehensive specification
of quality characteristics associated with a specific type of information system is represented in
a quality model. A quality model can be used as an objective reference supporting requirements
definition, evaluation, and validation/verification. By establishing agreed quality characteristics and
their measurement, the SQuaRE family of standards provides a framework for reliable development
and delivery of information systems and IT services.
This document introduces the structure of SQuaRE quality models and provides requirements for
developing them. ISO/IEC 25002 describes how SQuaRE quality models in the quality model division
(2501n) can be used in conjunction with other SQuaRE standards to guide quality-related activities
across the information system lifecycle regardless of the development methodology. These quality
models can guide the development of measures for evaluating the quality of information systems and
IT services to meet the requirements of their stakeholders. These models provide a common language
for describing quality characteristics that can be understood by all stakeholders. They also provide a
basis for defining standard quantitative measures of quality characteristics for evaluating the quality
properties of a target entity.
The complexity of information systems has grown exponentially with the advent of modern digital
technologies. This complexity elevates the importance of non-functional requirements and qualities.
SQuaRE quality models can help guide the development of modern digital technologies that are
trustworthy and that delight their users.
Figure 1 (adapted from ISO/IEC 25000) illustrates the organization of the SQuaRE family of
International Standards. Similar standards are grouped into divisions. Each division provides guidance
and resources for performing a different function in ensuring system and software product quality.
v
© ISO/IEC 2023 – All rights reserved

Figure 1 — Organization of SQuaRE family of International Standards
The divisions within the SQuaRE family are:
— ISO/IEC 2500n - quality management division. The International Standards that form this division
define all common models, terms and definitions referred to by all other International Standards
from the SQuaRE family. The division also provides requirements and guidance for a supporting
function that is responsible for the management of the requirements, specification and evaluation
of software product quality. Practical guidance on the use of the quality models is also provided.
— ISO/IEC 25000: Guide to SQuaRE
— ISO/IEC 25001: Planning and management
— ISO/IEC 25002: Quality models overview and usage
— ISO/IEC 2501n - quality model division. The International Standards that form this division
present detailed quality models for computer systems and software products, data, IT services and
quality-in-use. This document belongs to the quality model division. This document is aligned with
ISO/IEC 25002 on quality models overview and usage.
— ISO/IEC 25010: Product quality model
— ISO/IEC 25011: IT service quality models
— ISO/IEC 25012: Data quality model
— ISO/IEC 25019: Quality-in-use model
— ISO/IEC 2502n - quality measurement division. The International Standards that form this division
include a quality measurement framework, mathematical definitions of quality measures, and
practical guidance for their application. Examples are given of quality measures for internal and
external property of product, data, IT services and quality-in-use. Quality measure elements (QME)
forming foundations for quality measures for internal and external property of product are defined
and presented.
— ISO/IEC 2503n - quality requirements division. The International Standards that form this division
help specify quality requirements based on quality models and quality measures. These quality
requirements can be used in the process of eliciting quality requirements for information systems
and IT services to be developed or as input for an evaluation process.
vi
© ISO/IEC 2023 – All rights reserved

— ISO/IEC 2504n - quality evaluation division. The International Standards that form this division
provide requirements, recommendations, and guidelines for software product evaluation, whether
performed by evaluators, acquirers, or developers. The guideline for documenting a measure as an
evaluation module is also provided.
— ISO/IEC 25050 to ISO/IEC 25099 - SQuaRE extension division. These International Standards
currently include requirements for quality of ready-to-use software product (RUSP), commercial
off-the-shelf software and common industry formats for usability reports, and quality models and
measures for new technologies such as cloud services and artificial intelligence.
The SQuaRE standards can be used in conjunction with ISO/IEC/IEEE 12207 and ISO/IEC/IEEE 15288,
particularly the processes for the specification and evaluation of quality requirements. ISO/IEC 25030
describes how quality models can be used for systems and software quality requirements; and
ISO/IEC 25040 describes how the quality models can be used for system and software quality
evaluation.
The SQuaRE standards can also be used in conjunction with the ISO/IEC 33000 family of International
(which are concerned with software process assessment) to provide. Standards which are concerned
with software process assessment to provide:
— a framework for quality requirements in the customer-supplier process;
— support for quality review, verification and validation, as well as a framework for establishing
quantitative quality characteristics;
— support for setting organizational quality goals in the management process.
The SQuaRE standards can be used in conjunction with ISO 9001 and ISO/IEC/IEEE 90003 (which are
concerned with quality assurance processes) to provide:
— support for setting quality goals (and certification where applicable);
— support for design review, verification, and validation.
vii
© ISO/IEC 2023 – All rights reserved

INTERNATIONAL STANDARD ISO/IEC 25019:2023(E)
Systems and software engineering — Systems and software
Quality Requirements and Evaluation (SQuaRE) — Quality-
in-use model
1 Scope
This document defines a quality-in-use model composed of three characteristics (which are further
subdivided into sub-characteristics) that can influence stakeholders when products or systems are
used in a specified context of use. This model is applicable to the entire spectrum of information system
and IT service system, including both computer systems in use and software products in use.
This document provides a set of quality characteristics for specifying, measuring, evaluating and
improving quality-in-use.
In this document, because context of use is specified as prerequisite of quality-in-use, context of use is
necessary to be re-specified to change prerequisite when a product or service intend to fulfil to context
of use changes.
The model can be applied, in particular, by those responsible for specifying and evaluating software
product quality, such as developers, acquirers, quality assurance and control staff, and independent
evaluators. Activities during product development that can benefit from the use of the quality model
can include, but are not limited to:
— identifying requirements for information system and IT service system in use;
— validating the comprehensiveness of a quality-in-use requirements specification;
— identifying information system and IT service system design objectives for quality-in-use;
— identifying quality-in-use control criteria as part of overall quality assurance;
— identifying acceptance criteria for information system and IT service system or information
systems;
— establishing measures to address the consequences of using products in specified context-of -use;
— presenting evaluation items for ethics considerations when using information system and IT service
system;
— supporting governance of digitalization activities.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
© ISO/IEC 2023 – All rights reserved

3.1 Quality-in-use
3.1.1
affect
change the attitude of a user (3.1.31) or other stakeholder (3.1.26) regarding a decision to acquire or use
a system (3.1.29)
3.1.2
attribute
inherent property or characteristic of an entity that can be distinguished quantitatively or qualitatively
by human or automated means
[SOURCE: ISO/IEC 25000:2014, 4.1, modified — Notes to entry have been removed.]
3.1.3
component
entity with discrete structure, such as an assembly or software module, within a system (3.1.29)
considered at a particular level of analysis
3.1.4
context of use
combination of users (3.1.31), goals and tasks, resources, and environment
Note 1 to entry: The “environment” in a context of use includes the technical, physical, social, cultural and
organizational environments.
[SOURCE: ISO 9241-11:2018, 3.1.15]
3.1.5
customer
organization (3.1.13) or person that receives a product (3.1.14) or service
Note 1 to entry: In interactive system (3.1.29), customers are sometimes the same as operators (3.1.12).
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.16, modified — The original note 1 to entry and EXAMPLE has
been removed; a new note to entry has been added.]
3.1.6
data quality
capability of the characteristics of data to satisfy stated and implied needs (3.3.3) when used under
specified conditions
[SOURCE: ISO/IEC 25000:2014, 4.5, modified — “degree to which the characteristics of data satisfy”
has been changed to “capability of the characteristics of data to satisfy”.]
3.1.7
developer
individual or organization (3.1.13) that performs development activities [including requirements (3.1.21)
analysis, design, testing through acceptance] during the system (3.1.29) or software life cycle process
[SOURCE: ISO/IEC 25000:2014, 4.6]
3.1.8
direct user
person who directly interacts with the product (3.1.14)
Note 1 to entry: This definition of the term “direct user” is originally for the term “user” that is defined in
ISO/IEC 9241-11:2018, 3.1.7. In this document, the term “direct user” is addressed to distinguish from “indirect
user" (3.3.4).
© ISO/IEC 2023 – All rights reserved

3.1.9
information system
system (3.1.29) that comprises ICT products (3.3.2), ICT environment, and the people who use them or
are impacted by them which become a combination of interacting elements organized to achieve one or
more stated purposes
Note 1 to entry: While information systems can be part of larger systems that include other electro-mechanical
products and their users (3.1.31), this document considers these components (3.1.3) as part of the context of use
(3.1.4) of the system only if they have a direct relevant relationship to the ICT products and users who are part of
the information system. However, many of the quality attributes (3.1.2) can be applied to these larger systems of
systems as well.
Note 2 to entry: Information system in this document can be recognized as a system of interest with the other
interacting systems comprising the operational environment. An individual system is the same as the system
defined in ISO/IEC/IEEE 15288, i.e. “a combination of interacting elements organized to achieve one or more
stated purposes”.
Note 3 to entry: An embedded software system is not an information system for the purpose of this document.
information system in this usage is intended to describe a scope for quality concerns that include the target
entities (3.1.30) effect on each other. The target entities included under the term information system include ICT
products (3.3.2), IT services and their operational environment comprised of one or more systems.
3.1.10
measure, noun
variable to which a value is assigned as the result of measurement (3.1.11)
Note 1 to entry: The plural form “measures” is used to refer collectively to base measures, derived measures, and
indicators.
[SOURCE: ISO/IEC/IEEE 15939:2017, 3.15]
3.1.11
measurement
set of operations having the object of determining a value of a measure (3.1.10)
Note 1 to entry: Measurement can include assigning a qualitative category such as the language of a source
program (C, C++, Ruby, etc.).
[SOURCE: ISO/IEC/IEEE 15939:2017, 3.17, modified — The original note 1 to entry has been replaced by
a new one.]
3.1.12
operator
individual or organization (3.1.13) that performs the operations of a system (3.1.29)
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.29, modified — Notes 1 to 3 to entry have been removed.]
3.1.13
organization
group of people and facilities with an arrangement of responsibilities, authorities and relationships
EXAMPLE company, corporation, firm, enterprise, institution, charity, sole trader, association, or parts or
combination thereof, whether incorporated or not, public or private.
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.30, modified — "whether incorporated or not, public or
private" has been added in the EXAMPLE; note 1 to entry has been removed.]
© ISO/IEC 2023 – All rights reserved

3.1.14
product
artefact that is produced, is quantifiable, and is deliverable to user (3.1.31) as either an end item in itself
or a component (3.1.3) item
Note 1 to entry: In this document, product refers to an ICT product (3.3.2) that is part of an information system
(3.1.9). ICT product components include subsystems, software, firmware, hardware, data, communication
infrastructure, and other elements that are part of the ICT product.
[SOURCE: ISO/IEC 25030:2019, 3.12, modified — The original notes 1 and 2 to entry have been replaced
by a new note to entry.]
3.1.15
quality-in-use
extent to which the system (3.1.29) or product (3.1.14), when it is used in a specified context of use (3.1.4),
satisfies or exceeds stakeholders’ (3.1.26) needs to achieve specified beneficial goals or outcomes.
Note 1 to entry: Beneficial goals can be stated as targets, in predefined conditions with managed economic,
environmental, organizational, and societal risks (3.1.22).
Note 2 to entry: The quality-in-use model can be used as a guide to represent the user’s (3.1.31) expectations
about the system's behaviour.
Note 3 to entry: Users of the quality-in-use includes direct and indirect users (3.3.4). When applied to direct users
(3.1.8), quality-in-use appears as “effect”, and to other stakeholders it appears as “influence”.
3.1.16
quality measure
derived measure (3.1.10) that is defined as a measurement (3.1.11) function of two or more values of
quality measure elements (3.1.17)
[SOURCE: ISO/IEC 25020:2019, 3.13, modified — The abbreviated term "QME" has been removed.]
3.1.17
quality measure element
measure (3.1.10) defined in terms of a property and the measurement (3.1.11) method for quantifying it,
including optionally the transformation by a mathematical function
[SOURCE: ISO/IEC 25020:2019, 3.14, modified — The abbreviated term "QM" and note 1 to entry have
been removed.]
3.1.18
quality property
property of a target entity that is related to a quality measure element (3.1.17), and which can be
quantified by a measurement (3.1.11) method
3.1.19
quality requirement
requirement (3.1.21) for quality properties (3.1.18) or attributes (3.1.2) of an information system (3.1.9)
and IT service system that satisfy needs which ensue from the purpose for which that information
system and IT service system is to be used
[SOURCE: ISO/IEC 25030:2019, 3.15, modified — "ICT product, data or service" has been replaced by
"information system and IT service system" twice.]
3.1.20
quality sub-characteristics
set of one or more quality properties (3.1.18) that represent a unique aspect of a quality characteristic
(3.3.12)
© ISO/IEC 2023 – All rights reserved

3.1.21
requirement
statement which translates or expresses a need and its associated constraints and conditions
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.36]
3.1.22
risk
effect of uncertainty on objectives
Note 1 to entry: An effect is a deviation from the expected — positive and/or negative. In this document the focus
is on negative deviations leading to adverse consequences.
Note 2 to entry: Risk is often characterized by reference to potential events and consequences, or a combination
of these.
Note 3 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including
changes in circumstances) and the associated likelihood of occurrence. In this document risk is characterized
as the combination of the severity of the adverse consequence and the likelihood of an adverse consequence
occurring.
Note 4 to entry: Objectives can have different aspects, such as financial, health and safety, and environmental
goals and can apply at different levels, such as strategic, organization-wide, project, product (3.1.14), and process.
Note 5 to entry: Uncertainty is the state, even partially, of deficiency of information related to, understanding or
knowledge of, an event, its consequence, or likelihood.
[SOURCE: ISO/IEC/IEEE 15026-1:2019, 3.4.2]
3.1.23
society
people in general, living together in communities or in geo-political defined areas
Note 1 to entry: Society means civil society used in Sustainable Development Goals (SDGs) and geo-political
society, i.e. society at large.
3.1.24
software product
set of computer programs, procedures, and possibly associated documentation and data
Note 1 to entry: Products (3.1.14) include intermediate products, and products intended for users (3.1.31) such as
developers (3.1.7) and maintainers (3.3.6).
Note 2 to entry: In SQuaRE standards, software quality (3.1.25) has the same meaning as software product quality
(3.3.9).
[SOURCE: ISO/IEC 25000:2014, 4.31]
3.1.25
software quality
capability of software product (3.1.24) to satisfy stated and implied needs (3.3.3) when used under
specified conditions
Note 1 to entry: This definition differs from the definition of quality in ISO 9000:2015 in that it refers to the
satisfaction of stated and implied needs, while the ISO 9000:2015, 3.6.2, quality definition refers to the fulfilment
of requirements (3.1.21); i.e. quality is defined as extent to which a set of inherent characteristics of an object
fulfils requirements.
[SOURCE: ISO/IEC 25000:2014, 4.33; modified — Note 1 to entry has been rephrased.]
© ISO/IEC 2023 – All rights reserved

3.1.26
stakeholder
individual or organization (3.1.13) having a right, share, claim, or interest in a system (3.1.29) or in its
possession of characteristics that meet their needs and expectations
EXAMPLE End users (3.1.31), end user organizations, supporters, developers (3.1.7), customers (3.1.5),
producers, trainers, maintainers (3.3.6), disposers, acquirers, suppliers, regulatory bodies, and people influenced
positively or negatively by a system.
Note 1 to entry: Some stakeholders can have interests that oppose each other or oppose the system.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.44]
3.1.27
stakeholder need
prerequisite identified as necessary for a stakeholder (3.1.26), or a set of stakeholders, to achieve an
intended outcome, implied or stated within a specific context of use (3.1.4)
3.1.28
sub-sub-characteristic
subdivision of a quality sub-characteristic (3.1.20) established by the user (3.1.31) of a quality model
(3.3.10) to provide more granular representation of the quality attributes (3.1.2) of a target entity
(3.1.30)
3.1.29
system
combination of interacting elements organized to achieve one or more stated purposes
Note 1 to entry: A system is sometimes considered as a product (3.1.14) or as the services it provides.
Note 2 to entry: In practice, the interpretation of its meaning is frequently clarified by the use of an associated
noun, e.g. aircraft system. Alternatively, the word “system” is substituted simply by a context-dependent synonym
(e.g. aircraft), though this potentially obscures a system principles perspective.
Note 3 to entry: A complete system includes all of the associated equipment, facilities, material, computer
programs, firmware, technical documentation, services and personnel required for operations and support to
the degree necessary for self-sufficient use in its intended environment.
3.1.30
target entity
fundamental thing of relevance to the user (3.1.31), about which information is kept, and which needs
to be measured (3.3.7)
Note 1 to entry: Target entities include ICT products (3.3.2) and their components (3.1.3) for ISO/IEC 25010, IT
services for ISO/IEC IS 25011, and data for ISO/IEC 25012.
[SOURCE: ISO/IEC 25021:2012, 4.17, modified — "need" has been changed to "which needs"; note 1 to
entry has been added.]
3.1.31
user
individual or group that interacts with a system (3.1.29) or benefits from a system during its utilization
Note 1 to entry: Primary users (3.3.8) and secondary users (3.3.11) interact with a system, and primary, secondary,
and indirect users (3.3.4) can benefit from a system.
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.70, modified — The original note to entry has been replaced by
a new one.]
© ISO/IEC 2023 – All rights reserved

3.2 Quality-in-use characteristics and sub-characteristics
3.2.1
beneficialness
extent of benefit resulting from the use of a product (3.1.14), system (3.1.29) or service
3.2.1.1
usability
extent to which a system (3.1.29), product (3.1.14) or service can be used by specified users (3.1.31) to
achieve specified goals with effectiveness, efficiency, and satisfaction in a specified context of use (3.1.4)
[SOURCE: ISO 9241-11:2018, 3.1.1, modified — Notes to entry have been removed.]
3.2.1.2
accessibility
extent to which products (3.1.14), systems (3.1.29), services, environments and facilities can be used by
people from a population with the widest range of user (3.1.31) needs, characteristics and capabilities
to achieve identified goals in identified contexts of use (3.1.4)
Note 1 to entry: Context of use includes direct use or use supported by assistive technologies.
[SOURCE: ISO 9241-112: 2017, 3.15]
3.2.1.3
suitability
extent to which behaviours or outcomes, or both, of a product (3.1.14) meet (satisfy) specified quality
requirements (3.1.19) when used
Note 1 to entry: When a product or system (3.1.29) is especially recognized as an information system (3.1.9) and
an IT service, suitability, which is a kind of sub-characteristic in quality-in-use (3.1.15), is important because it
affects (3.1.1) the gain or loss of opportunities for a more diverse and broader group of stakeholders (3.1.26) to
obtain valuable benefits of use.
3.2.2
freedom from risk
extent to which a product (3.1.14) or system (3.1.29) mitigates the potential risk (3.1.22) to economic
status, human life, health, society (3.1.23), financial values, enterprise activities, or the environment
Note 1 to entry: Risk includes economic risk, health risk, human life risk and environmental and societal risk.
3.2.2.1
freedom from economic risk
extent to which a product (3.1.14) or system (3.1.29) mitigates the potential risk (3.1.22) to financial
status, efficient operation, commercial property, reputation, or other aspects in the intended contexts
of use (3.1.4)
Note 1 to entry: When a product or system is especially recognized as an information system (3.1.9) and IT
service, there is concern that the economic risk has more impact to the economics in a more diverse and broader
group of stakeholders (3.1.26) so that the risk monitoring used is often considered to be more focused in addition
to risk mitigation.
3.2.2.2
freedom from environmental and societal risk
extent to which a product (3.1.14) or system (3.1.29) mitigates the potential risk (3.1.22) to the
environment and society (3.1.23) at large in the intended contexts of use (3.1.4)
Note 1 to entry: When a product or system is especially recognized as an information system (3.1.9) and IT
service, there is concern the environmental and societal risk impacts on public properties in societies, and on
environments including societal or natural ecology systems in a diverse and broad group of stakeholders (3.1.26)
so that the risk monitoring used is often considered to be more focused in addition to risk mitigation.
© ISO/IEC 2023 – All rights reserved

3.2.2.3
freedom from health risk
extent to which a product (3.1.14) or system (3.1.29) mitigates the potential risk (3.1.22) to people’s
health in the intended contexts of use (3.1.4)
3.2.2.4
freedom from human life risk
extent to which a product (3.1.14) or system (3.1.29) mitigates the potential risk (3.1.22) to people’s lives
in the intended contexts of use (3.1.4)
3.2.3
acceptability
extent to which a human response is favourable when accepting or installing a product (3.1.14), system
(3.1.29) or service software tool designed to perform some frequently used function
3.2.3.1
experience
extent to which users (3.1.31) or stakeholders (3.1.26) accumulate knowledge or skill acquired over
time, especially that gained in a particular profession
EXAMPLE Data analyses or replaying, simulating, or detecting similar/different patterns based on recorded
weather data can help weather monitoring users to improve their knowledges or skills for a weather forecasting.
3.2.3.2
trustworthiness
extent to which users (3.1.31) or stakeholders (3.1.26) have confidence that their expectations are met
in a verifiable way
Note 1 to entry: Aspects to ensure trustworthiness can include, for example, reliability, availability, resilience,
security, privacy, safety, accountability, transparency, integrity, authenticity, quality, and usability.
Note 2 to entry: Trustworthiness is an attribute (3.1.2) that can be applied to services, products (3.1.14),
technology, data and information as well as, in the context of governance, to organizations (3.1.13).
EXAMPLE When purchasing a product from a seller through an online shopping system (3.1.29), information
such as product specifications, previous transaction history, comments or rating by the purchasers, description
of return and refund procedures, and ratings or warnings by the online store operation service site, as well as
product photos, are used to determine the extent to which the product and seller will meet potential customer
(3.1.5) expectations for the purchase.
[SOURCE: ISO/IEC TR 24028:2020, 3.42, modified — "ability to meet stakeholders' expectations" has
been changed to "extent to which users or stakeholders have confidence that their expectations are
met"; the original notes 1 and 2 to entry has been removed; the original note 3 to entry has become
note 2 to entry; 2 new notes to entry have been added.]
3.2.3.3
compliance
extent to which a user (3.1.31) or other stakeholder (3.1.26) has confidence that a product (3.1.14),
system (3.1.29), software, or service in use meets requirements, as required by rules or laws
3.3 Related SQuaRE concepts
3.3.1
evaluator
individual or organization (3.1.13) that performs an evaluation
[SOURCE: ISO/IEC 25000:2014, 4.10]
© ISO/IEC 2023 – All rights reserved

3.3.2
ICT product
product (3.1.14) which uses information and communication technologies (ICTs) and can be a part of
information system (3.1.9)
Note 1 to entry: ICT product can constitute other ICT products (sub-products) and sometimes a component (3.1.3)
of an ICT product can also be considered as ICT products by themselves. Examples of ICT products includes
computer hardware, software products (3.1.24), software components, and data.
Note 2 to entry: ICT product refers to combination of one or more technology components (e.g. cloud, internet,
data, multimedia, communication, hardware, firmware, software, and middleware) that enables modern
computing and allows people and organizations (3.1.13) to interact and operate in the digital world.
Note 3 to entry: ICT product does not include people, machines, infrastructure, and other facilities which are
independent from communication and data. ICT product includes hardware with embedded computer, such as
firmware, sensors, and communicators, but not the users (3.1.31).
Note 4 to entry: While many artefacts like data sheets, user manuals, installation manuals, operations guides,
and configuration guides contribute to the quality of an ICT product and the information system that constitutes
it, they are not ICT products by themselves.
[SOURCE: ISO/IEC 25030:2019, 3.8, modified — The original note 1 to entry has been removed; 4 new
notes to entry have been added.]
3.3.3
implied needs
needs that may not have been stated but are actual needs
Note 1 to entry: Some implied needs only become evident when the software product (3.1.24) is used in particular
conditions (context of use).
EXAMPLE Implied needs include needs not stated but implied by other stated needs, and needs not stated
because they are considered to be evident or obvious.
[SOURCE: ISO/IEC 25000:2014, 4.12]
3.3.4
indirect user
person who receives output from a system (3.1.29), but does not interact with the system
EXAMPLE Business managers, acquirers, product managers
[SOURCE: ISO/IEC 25030:2019, 3.9, modified — EXAMPLE has been replaced.]
3.3.5
IT service quality
capability of an IT service to satisfy stated and implied quality needs when delivered under specified
conditions
Note 1 to entry: This definition differs from the ISO 9000:2015 quality definition mainly because the IT service
quality definition refers to the satisfaction of stated and implied needs (3.3.3), while the ISO 9000 quality
definition refers to the satisfaction of requirements (3.1.21).
[SOURCE: ISO/IEC TS 25011:2017, 3.3.10, modified — "degree to which an IT service satisfies" has been
changed to "capability of an IT service to satisfy"; "quality" has been added; "used" has been changed to
"delivered"; note 1 to entry has been added.]
3.3.6
maintainer
individual or organization that performs maintenance activities
[SOURCE: ISO/IEC 25000:2014, 4.17, modified — Note 1 to entry has been removed.]
© ISO/IEC 2023 – All rights reserved

3.3.7
measure, verb
make a measurement (3.1.11)
[SOURCE: ISO/IEC 25000:2014, 4.18, modified — Note 1 to entry has been removed.]
3.3.8
primary user
person or entity who interacts with the system (3.1.29) to achieve the primary goals
[SOURCE: ISO/IEC 25030:2019, 3.11, modified — "user" has been changed to "person or thing"; note 1 to
entry has been removed.]
3.3.9
product quality
capability of an ICT product (3.3.2) or its components (3.1.3) to satisfy stated and implied quality needs
when used under specific conditions
Note 1 to entry: This definition differs from the ISO 9000:2015 quality definition mainly because the software
quality (3.1.25) definition refers to the satisfaction of stated and implied needs (3.3.3), while the ISO 9000 quality
definition refers to the satisfaction of requirements (3.1.21).
Note 2 to entry: Typically, users (3.1.31) do not consider systems (3.1.29) that only satisfy requirements as high-
quality systems. Quality is related to satisfying and even surpassing expectations with associated constraints
and conditions.
3.3.10
quality model
defined set of characteristics, and the relationships between them, which provides a framework for
specifying quality requirements (3.1.19) and evaluating quality
3.3.11
secondary user
user (3.1.31) who interacts with the product (3.1.14) to support the primary users (3.3.8)
EXAMPLE:
a) content provider, system (3.1.29) manager, administrator, security manager;
b) maintainer (3.3.6), analyser, porter, installer.
[SOURCE: ISO/IEC 25030:2019, 3.17, modified — More examples have been added.]
3.3.12
quality characteristic
category of quality (3.1.25) attributes (3.1.2) that bears on the quality of the ICT product (3.3.2) or
information system
Note 1 to entry: Quality characteristics can be further divided into quality sub-characteristics (3.1.20). While
characteristics typically represent one aspect of quality that is of interest to stakeholders, quality sub-
characteristics can help subdivide quality characteristics into individual aspects that help in mapping them to
quality properties (3.1.18).
3.3.13
validation
confirmation, through the provision of objective evidence, that the requirements (3.1.21) for a specific
intended use or application have been fulfilled
Note 1 to entry: The objective evidence needed for a validation is the result of a test or other form of determination
such as performing alternative calculations or reviewing documents.
Note 2 to entry: The word “validated” is used to designate the corresponding status.
© ISO/IEC 2023 – All rights reserved

Note 3 to entry: The use conditions for validation can be real or simulated.
3.3.14
verification
confirmation, through the provision of objective evidence, that specified requirements (3.1.21) have
been fulfilled
Note 1 to entry: The objective evidence needed for a verification can be the result of an inspection or of other
forms of determination such as performing alternative calculations or reviewing documents.
Note 2 to entry: The act
...